diff options
Diffstat (limited to 'db/user.go')
-rw-r--r-- | db/user.go | 43 |
1 files changed, 10 insertions, 33 deletions
@@ -1,7 +1,7 @@ package db import ( - "golang.org/x/crypto/bcrypt" + "golang.org/x/crypto/argon2" "crypto/rand" "encoding/base64" "database/sql" @@ -23,21 +23,8 @@ func getNextUserId(db *sql.DB) (int, error) { } -func saltPassword(password string, salt []byte) []byte { - salted := []byte(password) - salted = append(salted, salt...) - return salted -} - - -func hashPassword(password string, salt []byte) ([]byte, error) { - salted := saltPassword(password, salt) - hash, err := bcrypt.GenerateFromPassword(salted, bcrypt.DefaultCost) - if err != nil { - return []byte{}, err - } - - return hash, nil +func hashPassword(password string, salt []byte) []byte { + return argon2.IDKey([]byte(password), salt, 1, 64*1024, 4, 32) } @@ -55,10 +42,7 @@ func (p *Phlox) CreateUser(username, password string) (User, error) { return user, err } - hash, err := hashPassword(password, salt) - if err != nil { - return user, err - } + hash := hashPassword(password, salt) hash64 := base64.StdEncoding.EncodeToString(hash) salt64 := base64.StdEncoding.EncodeToString(salt) @@ -86,13 +70,10 @@ func (p *Phlox) DeleteUser(user User) error { func (p *Phlox) SetPassword(user User, password string) error { - hash, err := hashPassword(password, user.Salt) - if err != nil { - return err - } + hash := hashPassword(password, user.Salt) hash64 := base64.StdEncoding.EncodeToString(hash) - _, err = p.db.Exec("update users set passwordhash=? where userid=?;", hash64, user.Id) + _, err := p.db.Exec("update users set passwordhash=? where userid=?;", hash64, user.Id) return err } @@ -135,15 +116,11 @@ func (p *Phlox) AuthenticateUser(username, password string) (bool, User, error) return false, User{}, err } - salted := saltPassword(password, user.Salt) - err = bcrypt.CompareHashAndPassword(user.PasswordHash, salted) - if err != nil { - // bad password - return false, User{}, nil - } else { - // success! - return true, user, nil + hash := hashPassword(password, user.Salt) + for i, v := range user.PasswordHash { + if v != hash[i] { return false, user, nil; } } + return true, user, nil } |