diff options
| author | Guillaume Horel <guillaume.horel@gmail.com> | 2019-10-15 21:50:34 -0400 |
|---|---|---|
| committer | Guillaume Horel <guillaume.horel@gmail.com> | 2019-10-15 21:50:34 -0400 |
| commit | 2ab5b1aa4c0d01a5012a7f9599fd00241f8d33a7 (patch) | |
| tree | 8915f6e15a6bea3a8185be7367b871316f9246a6 /main.go | |
| parent | 848ba1309bffd560a4bcc93881d31b92ded4dbfa (diff) | |
| download | id-2ab5b1aa4c0d01a5012a7f9599fd00241f8d33a7.tar.gz | |
WIP to handle different hashing schemes
Diffstat (limited to 'main.go')
| -rw-r--r-- | main.go | 22 |
1 files changed, 7 insertions, 15 deletions
@@ -1,7 +1,6 @@ package main import ( - "crypto/subtle" "flag" "fmt" "html/template" @@ -61,10 +60,14 @@ func (app *App) loginHandler(w http.ResponseWriter, r *http.Request) { http.Redirect(w, r, "/", http.StatusSeeOther) } else if r.Method == http.MethodPost { username := r.FormValue("username") - hash := md5hex([]byte(r.FormValue("password"))) + password := r.FormValue("password") next := r.FormValue("next") - u, ok := app.GetUser(username) - if ok && subtle.ConstantTimeCompare(u.Password, hash) == 1 { + if u, err := app.ValidateUser(username, password); err != nil { + app.Template.ExecuteTemplate(w, "login.tmpl", struct { + Next string + Flash string + }{next, err.Error()}) + } else { s := app.NewSession(u.Id) c := http.Cookie{ Name: "id", @@ -73,17 +76,6 @@ func (app *App) loginHandler(w http.ResponseWriter, r *http.Request) { } http.SetCookie(w, &c) http.Redirect(w, r, next, http.StatusSeeOther) - } else { - var flash string - if !ok { - flash = "Utilisateur non enregistré" - } else if subtle.ConstantTimeCompare(u.Password, hash) != 1 { - flash = "Mot de passe incorrect" - } - app.Template.ExecuteTemplate(w, "login.tmpl", struct { - Next string - Flash string - }{next, flash}) } } else if r.Method == http.MethodGet { next := r.FormValue("next") |