electricdusk
/
rushlink
3
3
Fork 3
Code Issues 21 Pull Requests 2 Releases Activity

user: use base64.URLEncoding for passwords

This commit is contained in:
Yorick van Pelt 2023-04-30 18:24:30 +02:00
parent e055d210ef
commit e8fdc75183
No known key found for this signature in database
GPG Key ID: A36E70F9DC014A15
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
internal/db/user.go
View File

@ -84,8 +84,8 @@ func HashPassword(password string) (string, error) {
hash := argon2.IDKey([]byte(password), salt, 2, 64*1024, 1, pwdHashSize) hash := argon2.IDKey([]byte(password), salt, 2, 64*1024, 1, pwdHashSize)
// Encode the salt and hash as a string in PHC format // Encode the salt and hash as a string in PHC format
encodedSalt := base64.RawStdEncoding.EncodeToString(salt) encodedSalt := base64.URLEncoding.EncodeToString(salt)
encodedHash := base64.RawStdEncoding.EncodeToString(hash) encodedHash := base64.URLEncoding.EncodeToString(hash)
return fmt.Sprintf("$%s$%s$%s$%s", pwdAlgo, pwdParams, encodedSalt, encodedHash), nil return fmt.Sprintf("$%s$%s$%s$%s", pwdAlgo, pwdParams, encodedSalt, encodedHash), nil
} }
@ -98,11 +98,11 @@ func comparePassword(hashedPassword string, password string) (bool, error) {
encodedSalt, encodedHash := fields[2], fields[3] encodedSalt, encodedHash := fields[2], fields[3]
// Decode the salt and hash from base64 // Decode the salt and hash from base64
salt, err := base64.RawStdEncoding.DecodeString(encodedSalt) salt, err := base64.URLEncoding.DecodeString(encodedSalt)
if err != nil { if err != nil {
return false, err return false, err
} }
hash, err := base64.RawStdEncoding.DecodeString(encodedHash) hash, err := base64.URLEncoding.DecodeString(encodedHash)
if err != nil { if err != nil {
return false, err return false, err
} }