From 766f760b3845c989fba6e6157b4b9d77eaa9598b Mon Sep 17 00:00:00 2001
From: Ryan Mehri <ryan.mehri1@gmail.com>
Date: Tue, 12 May 2020 22:50:05 -0600
Subject: Check password when paste is cached

---
 backend/cache/cache.go | 28 ++++++++++++++++++++++------
 1 file changed, 22 insertions(+), 6 deletions(-)

(limited to 'backend')

diff --git a/backend/cache/cache.go b/backend/cache/cache.go
index 56581b8..1bbec78 100644
--- a/backend/cache/cache.go
+++ b/backend/cache/cache.go
@@ -32,7 +32,13 @@ func (c *Cache) Get(hash, userPassword string) (db.Paste, error) {
 	c.lock.RUnlock()
 
 	if ok {
-		return v, nil
+		// validate password
+		passErr := checkPassword(v.Password, userPassword)
+		if passErr != nil {
+			return db.Paste{}, passErr
+		} else {
+			return v, nil
+		}
 	}
 
 	// if it doesnt, lookup from db
@@ -41,16 +47,26 @@ func (c *Cache) Get(hash, userPassword string) (db.Paste, error) {
 		return p, PasteNotFound
 	}
 
+	// validate password
+	passErr := checkPassword(p.Password, userPassword)
+	if passErr != nil {
+		return db.Paste{}, passErr
+	}
+
+	c.add(p)
+	return p, err
+}
+
+func checkPassword(dbPassword, parsedPassword string) error {
 	// if there is a password, check the provided one against it
-	if p.Password != "" {
+	if dbPassword != "" {
 		// if passwords do not match, the user is unauthorized
-		if !hashing.PasswordsEqual(p.Password, userPassword) {
-			return db.Paste{}, UserUnauthorized
+		if !hashing.PasswordsEqual(dbPassword, parsedPassword) {
+			return UserUnauthorized
 		}
 	}
 
-	c.add(p)
-	return p, err
+	return nil
 }
 
 func (c *Cache) add(p db.Paste) {
-- 
cgit v1.2.3