From d892cad72c1eb4ae20c1b7f1c5b9451650454c28 Mon Sep 17 00:00:00 2001 From: Ryan Mehri Date: Mon, 11 May 2020 20:41:16 -0600 Subject: Add password check on post hash --- backend/cache/cache.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'backend/cache') diff --git a/backend/cache/cache.go b/backend/cache/cache.go index 1a8a7a1..918873e 100644 --- a/backend/cache/cache.go +++ b/backend/cache/cache.go @@ -2,6 +2,7 @@ package cache import ( "errors" + "github.com/jackyzha0/ctrl-v/hashing" "sync" "github.com/jackyzha0/ctrl-v/db" @@ -23,7 +24,7 @@ func init() { } } -func (c *Cache) Get(hash string) (db.Paste, error) { +func (c *Cache) Get(hash, userPassword string) (db.Paste, error) { c.lock.RLock() // check if hash in cache @@ -40,9 +41,12 @@ func (c *Cache) Get(hash string) (db.Paste, error) { return p, PasteNotFound } - // if there is a password + // if there is a password, check the provided one against it if p.Password != "" { - return db.Paste{}, UserUnauthorized + // if passwords do not match, the user is unauthorized + if !hashing.ComparePasswords(p.Password, userPassword) { + return db.Paste{}, UserUnauthorized + } } c.add(p) -- cgit v1.2.3 From 53f55ab8b0eceea32e58880c09785dd35943af0b Mon Sep 17 00:00:00 2001 From: Ryan Mehri Date: Mon, 11 May 2020 21:07:23 -0600 Subject: Simplify hashing comparison --- backend/cache/cache.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'backend/cache') diff --git a/backend/cache/cache.go b/backend/cache/cache.go index 918873e..56581b8 100644 --- a/backend/cache/cache.go +++ b/backend/cache/cache.go @@ -44,7 +44,7 @@ func (c *Cache) Get(hash, userPassword string) (db.Paste, error) { // if there is a password, check the provided one against it if p.Password != "" { // if passwords do not match, the user is unauthorized - if !hashing.ComparePasswords(p.Password, userPassword) { + if !hashing.PasswordsEqual(p.Password, userPassword) { return db.Paste{}, UserUnauthorized } } -- cgit v1.2.3