summaryrefslogtreecommitdiff
path: root/db/user.go
diff options
context:
space:
mode:
Diffstat (limited to 'db/user.go')
-rw-r--r--db/user.go43
1 files changed, 10 insertions, 33 deletions
diff --git a/db/user.go b/db/user.go
index 27e6f89..1aff73f 100644
--- a/db/user.go
+++ b/db/user.go
@@ -1,7 +1,7 @@
package db
import (
- "golang.org/x/crypto/bcrypt"
+ "golang.org/x/crypto/argon2"
"crypto/rand"
"encoding/base64"
"database/sql"
@@ -23,21 +23,8 @@ func getNextUserId(db *sql.DB) (int, error) {
}
-func saltPassword(password string, salt []byte) []byte {
- salted := []byte(password)
- salted = append(salted, salt...)
- return salted
-}
-
-
-func hashPassword(password string, salt []byte) ([]byte, error) {
- salted := saltPassword(password, salt)
- hash, err := bcrypt.GenerateFromPassword(salted, bcrypt.DefaultCost)
- if err != nil {
- return []byte{}, err
- }
-
- return hash, nil
+func hashPassword(password string, salt []byte) []byte {
+ return argon2.IDKey([]byte(password), salt, 1, 64*1024, 4, 32)
}
@@ -55,10 +42,7 @@ func (p *Phlox) CreateUser(username, password string) (User, error) {
return user, err
}
- hash, err := hashPassword(password, salt)
- if err != nil {
- return user, err
- }
+ hash := hashPassword(password, salt)
hash64 := base64.StdEncoding.EncodeToString(hash)
salt64 := base64.StdEncoding.EncodeToString(salt)
@@ -86,13 +70,10 @@ func (p *Phlox) DeleteUser(user User) error {
func (p *Phlox) SetPassword(user User, password string) error {
- hash, err := hashPassword(password, user.Salt)
- if err != nil {
- return err
- }
+ hash := hashPassword(password, user.Salt)
hash64 := base64.StdEncoding.EncodeToString(hash)
- _, err = p.db.Exec("update users set passwordhash=? where userid=?;", hash64, user.Id)
+ _, err := p.db.Exec("update users set passwordhash=? where userid=?;", hash64, user.Id)
return err
}
@@ -135,15 +116,11 @@ func (p *Phlox) AuthenticateUser(username, password string) (bool, User, error)
return false, User{}, err
}
- salted := saltPassword(password, user.Salt)
- err = bcrypt.CompareHashAndPassword(user.PasswordHash, salted)
- if err != nil {
- // bad password
- return false, User{}, nil
- } else {
- // success!
- return true, user, nil
+ hash := hashPassword(password, user.Salt)
+ for i, v := range user.PasswordHash {
+ if v != hash[i] { return false, user, nil; }
}
+ return true, user, nil
}
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-09 08:43:57 +0000