diff --git a/pkg/api/user.go b/pkg/api/user.go index 5964be0..40b0251 100644 --- a/pkg/api/user.go +++ b/pkg/api/user.go @@ -6,6 +6,7 @@ import ( "net/http" "github.com/Ennovar/gPanel/pkg/database" + "github.com/Ennovar/gPanel/pkg/encryption" ) // userRequestData struct is the structure of the JSON data to be @@ -49,14 +50,14 @@ func UserAuthentication(res http.ResponseWriter, req *http.Request) bool { return false } - if userRequestData.Pass != userDatabaseData.Pass { - http.Error(res, "Invalid password", http.StatusUnauthorized) + err = encryption.CheckPassword([]byte(userDatabaseData.Pass), []byte(userRequestData.Pass)) + if err != nil { + http.Error(res, err.Error(), http.StatusUnauthorized) return false } res.WriteHeader(http.StatusNoContent) return true - } // UserAuthentication function is accessed by an API call from the webhost root @@ -83,7 +84,12 @@ func UserRegistration(res http.ResponseWriter, req *http.Request) bool { } defer ds.Close() - userDatabaseData.Pass = userRequestData.Pass + userDatabaseData.Pass, err = encryption.HashPassword(userRequestData.Pass) + if err != nil { + http.Error(res, err.Error(), http.StatusBadRequest) + return false + } + err = ds.Put(database.BUCKET_USERS, []byte(userRequestData.User), userDatabaseData) if err != nil { http.Error(res, err.Error(), http.StatusBadRequest) @@ -92,5 +98,4 @@ func UserRegistration(res http.ResponseWriter, req *http.Request) bool { res.WriteHeader(http.StatusNoContent) return true - } diff --git a/pkg/encryption/password.go b/pkg/encryption/password.go index 0dcecb3..7ab0654 100644 --- a/pkg/encryption/password.go +++ b/pkg/encryption/password.go @@ -8,12 +8,6 @@ func HashPassword(password string) (string, error) { return string(hash), err } -func CheckPassword(hash, plainText []byte) (bool, error) { - err := bcrypt.CompareHashAndPassword(hash, plainText) - - if err != nil { - return false, err - } - - return true, nil +func CheckPassword(hash, plainText []byte) error { + return bcrypt.CompareHashAndPassword(hash, plainText) } diff --git a/pkg/encryption/password_test.go b/pkg/encryption/password_test.go index fce1de3..0f1bd5c 100644 --- a/pkg/encryption/password_test.go +++ b/pkg/encryption/password_test.go @@ -27,11 +27,11 @@ func TestPasswordHashing(t *testing.T) { t.Errorf("Error in password_test using HashPassword func: %s", err.Error()) } - ok, err := CheckPassword([]byte(password.hash), []byte(password.plainText)) + err = CheckPassword([]byte(password.hash), []byte(password.plainText)) if err != nil { - if ok != password.ok { - t.Errorf("In password_test expected %t, but got %t from CheckPassword func", password.ok, ok) + if password.ok { + t.Errorf("Error in password_test using CheckPassword func: %s", err.Error()) } } }