diff options
Diffstat (limited to 'store.go')
| -rw-r--r-- | store.go | 30 |
1 files changed, 30 insertions, 0 deletions
@@ -1,7 +1,10 @@ package main import ( + "bytes" + "crypto/subtle" "database/sql" + "errors" "log" "time" @@ -24,6 +27,7 @@ type Store interface { GetSession(id string) (*Session, bool) NewSession(userId int64) *Session GetUser(name string) (*User, bool) + ValidateUser(name string, password string) (*User, error) DeleteSession(id string) ChangePassword(userId int64, hash []byte) } @@ -88,3 +92,29 @@ func (store *PgStore) GetUser(name string) (*User, bool) { } return u, true } + +func (store *PgStore) ValidateUser(name string, password string) (*User, error) { + u := &User{Name: name} + row := store.QueryRow( + "SELECT id, password FROM users WHERE name = $1", + name, + ) + if err := row.Scan(&u.Id, &u.Password); err != nil { + return nil, errors.New("Utilisateur non enregistré") + } + z := bytes.SplitN(u.Password, []byte("}"), 2) + scheme := string(z[0][:len(z[0])]) + true_hash := z[1] + var hash []byte + switch scheme { + case "PLAIN-MD5": + hash = md5hex([]byte(password)) + default: + return nil, errors.New("Unknown password hashing scheme.") + } + if subtle.ConstantTimeCompare(true_hash, hash) != 1 { + return nil, errors.New("Mot de passe incorrect.") + } else { + return u, nil + } +} |