From 08a5afd311e918f89d0d6ef955a3b1dbbe38713a Mon Sep 17 00:00:00 2001
From: Thibaut Horel <thibaut.horel@gmail.com>
Date: Thu, 27 Dec 2018 20:31:01 -0500
Subject: Login: WIP

---
 main.go              |  8 +++++++-
 store.go             |  2 +-
 templates/login.tmpl | 36 ++++++++++++------------------------
 3 files changed, 20 insertions(+), 26 deletions(-)

diff --git a/main.go b/main.go
index 5317ffa..b459324 100644
--- a/main.go
+++ b/main.go
@@ -1,6 +1,9 @@
 package main
 
 import (
+	"crypto/md5"
+	"crypto/subtle"
+	"encoding/hex"
 	"html/template"
 	"log"
 	"net/http"
@@ -45,8 +48,11 @@ func (app *App) loginHandler(w http.ResponseWriter, r *http.Request) {
 		} else {
 			username := r.Form.Get("username")
 			password := r.Form.Get("password")
+			hash := md5.Sum([]byte(password))
+			dst := make([]byte, hex.EncodedLen(md5.Size))
+			hex.Encode(dst, hash[:])
 			u, ok := app.GetUser(username)
-			if ok && (u.Password == password) {
+			if ok && subtle.ConstantTimeCompare(u.Password, dst) == 1 {
 
 			} else {
 
diff --git a/store.go b/store.go
index 1db6411..c0ee33b 100644
--- a/store.go
+++ b/store.go
@@ -15,7 +15,7 @@ type Session struct {
 type User struct {
 	Id       int64
 	UserName string
-	Password string
+	Password []byte
 }
 
 type Store interface {
diff --git a/templates/login.tmpl b/templates/login.tmpl
index bb97d2e..28529a7 100644
--- a/templates/login.tmpl
+++ b/templates/login.tmpl
@@ -5,20 +5,15 @@
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
 <style>
-body{width:400px; margin: 0 auto; font-family: "Source Sans Pro"; font-size: 15px}
-form{margin-top: 10em}
-form hr{border: none; border-top: 1px solid #e6e6e6; margin: 1.5em 0}
-form h4{font-weight: 300; font-size: 19px}
-label {font-weight: bold}
-input {border: 1px solid #cccccc; border-radius: 0; height:1em; padding: 1em;
-	transition: border-color ease-in-out .15s,box-shadow ease-in-out .15s;
-	-webkit-transition: border-color ease-in-out .15s,-webkit-box-shadow ease-in-out .15s; }
-input:focus { border-color: #66afe9; outline: 0;
-	-webkit-box-shadow: inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(102,175,233,0.6);
-	box-shadow: inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(102,175,233,0.6);}
-button { height: 1em; padding: 1em; border: 1px solid #2780e3; border-radius:
-	0; vertical-align: middle; text-align: center; background-color: #2780e3;
-line-height: 1em; color: white; font-size: inherit; font-family: inherit;}
+body{margin: 0 auto; width: 400px; padding-top: 10em; font-family: "Source Sans Pro"; font-size: 15px;}
+form > hr{border: none; border-top: 1px solid #e6e6e6; margin: 1.3em 0;}
+form > h4{font-weight: 300; font-size: 19px; margin-bottom: 0} label {font-weight: bold; text-align: right;}
+form > div {display: grid; grid-template-columns: 2fr 5fr; grid-gap: 1em 1em; align-items: center;}
+input, button {font-size: inherit; font-family: inherit; line-height: inherit; padding: 0.8em 1em; border-radius: 0}
+input {border: 1px solid #cccccc; transition: border-color ease-in-out .15s,box-shadow ease-in-out .15s}
+input:focus {border-color: #66afe9; outline: 0; box-shadow: inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(102,175,233,0.6)}
+button {border: 1px solid #2780e3; background-color: #2780e3; color: white; cursor: pointer; grid-column: 2; justify-self: left}
+button:hover {background-color: #1967be; border-color: #1862b5}
 </style>
   </head>
   <body>
@@ -29,21 +24,14 @@ line-height: 1em; color: white; font-size: inherit; font-family: inherit;}
   <div>
 	<label for="name">Nom :</label>
 	<input type="text" id="name" name="username" placeholder="Prénom"/>
-  </div>
-  <div>
+
 	<label for="password">Mot de passe :</label>
 	<input type="password" id="password" name="password" placeholder="Mot de passe"/>
-  </div>
-  <div>
-	  <button type="submit" name="login">Se Connecter</button>
+
+	<button type="submit" name="login">Se Connecter</button>
   </div>
   <hr>
 </form>
 
-<div class="alert alert-danger" role="alert">
-	<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true">
-	</span>
-</div>
-
   </body>
 </html>
-- 
cgit v1.2.3-70-g09d2