WIP to handle different hashing schemes

1 files changed, 30 insertions, 0 deletions

diff --git a/store.go b/store.go
index d830150..1744ada 100644
--- a/store.go
+++ b/store.go
@@ -1,7 +1,10 @@
 package main
 
 import (
+	"bytes"
+	"crypto/subtle"
 	"database/sql"
+	"errors"
 	"log"
 	"time"
 
@@ -24,6 +27,7 @@ type Store interface {
 	GetSession(id string) (*Session, bool)
 	NewSession(userId int64) *Session
 	GetUser(name string) (*User, bool)
+	ValidateUser(name string, password string) (*User, error)
 	DeleteSession(id string)
 	ChangePassword(userId int64, hash []byte)
 }
@@ -88,3 +92,29 @@ func (store *PgStore) GetUser(name string) (*User, bool) {
 	}
 	return u, true
 }
+
+func (store *PgStore) ValidateUser(name string, password string) (*User, error) {
+	u := &User{Name: name}
+	row := store.QueryRow(
+		"SELECT id, password FROM users WHERE name = $1",
+		name,
+	)
+	if err := row.Scan(&u.Id, &u.Password); err != nil {
+		return nil, errors.New("Utilisateur non enregistré")
+	}
+	z := bytes.SplitN(u.Password, []byte("}"), 2)
+	scheme := string(z[0][:len(z[0])])
+	true_hash := z[1]
+	var hash []byte
+	switch scheme {
+	case "PLAIN-MD5":
+		hash = md5hex([]byte(password))
+	default:
+		return nil, errors.New("Unknown password hashing scheme.")
+	}
+	if subtle.ConstantTimeCompare(true_hash, hash) != 1 {
+		return nil, errors.New("Mot de passe incorrect.")
+	} else {
+		return u, nil
+	}
+}