1 files changed, 15 insertions, 13 deletions

diff --git a/store.go b/store.go
index 1744ada..3bfff1b 100644
--- a/store.go
+++ b/store.go
@@ -1,8 +1,6 @@
 package main
 
 import (
-	"bytes"
-	"crypto/subtle"
 	"database/sql"
 	"errors"
 	"log"
@@ -20,7 +18,7 @@ type Session struct {
 type User struct {
 	Id       int64
 	Name     string
-	Password []byte
+	Password string
 }
 
 type Store interface {
@@ -96,24 +94,28 @@ func (store *PgStore) GetUser(name string) (*User, bool) {
 func (store *PgStore) ValidateUser(name string, password string) (*User, error) {
 	u := &User{Name: name}
 	row := store.QueryRow(
-		"SELECT id, password FROM users WHERE name = $1",
+		"SELECT id, password, hash_type FROM users WHERE name = $1",
 		name,
 	)
-	if err := row.Scan(&u.Id, &u.Password); err != nil {
+	var hash_scheme string
+	if err := row.Scan(&u.Id, &u.Password, &hash_scheme); err != nil {
 		return nil, errors.New("Utilisateur non enregistré")
 	}
-	z := bytes.SplitN(u.Password, []byte("}"), 2)
-	scheme := string(z[0][:len(z[0])])
-	true_hash := z[1]
-	var hash []byte
-	switch scheme {
+	var concrete_hash PasswordHash
+	switch hash_scheme {
 	case "PLAIN-MD5":
-		hash = md5hex([]byte(password))
+		concrete_hash = Md5{}
+	case "ARGON2ID":
+		concrete_hash = Argon2{}
 	default:
 		return nil, errors.New("Unknown password hashing scheme.")
 	}
-	if subtle.ConstantTimeCompare(true_hash, hash) != 1 {
-		return nil, errors.New("Mot de passe incorrect.")
+	if ok, err := concrete_hash.verify(password, u.Password); !ok {
+		if err != nil {
+			return nil, err
+		} else {
+			return nil, errors.New("Mot de passe incorrect.")
+		}
 	} else {
 		return u, nil
 	}