From 2ab5b1aa4c0d01a5012a7f9599fd00241f8d33a7 Mon Sep 17 00:00:00 2001
From: Guillaume Horel <guillaume.horel@gmail.com>
Date: Tue, 15 Oct 2019 21:50:34 -0400
Subject: WIP to handle different hashing schemes

---
 main.go | 22 +++++++---------------
 1 file changed, 7 insertions(+), 15 deletions(-)

(limited to 'main.go')

diff --git a/main.go b/main.go
index 05ca229..d1ec9b1 100644
--- a/main.go
+++ b/main.go
@@ -1,7 +1,6 @@
 package main
 
 import (
-	"crypto/subtle"
 	"flag"
 	"fmt"
 	"html/template"
@@ -61,10 +60,14 @@ func (app *App) loginHandler(w http.ResponseWriter, r *http.Request) {
 		http.Redirect(w, r, "/", http.StatusSeeOther)
 	} else if r.Method == http.MethodPost {
 		username := r.FormValue("username")
-		hash := md5hex([]byte(r.FormValue("password")))
+		password := r.FormValue("password")
 		next := r.FormValue("next")
-		u, ok := app.GetUser(username)
-		if ok && subtle.ConstantTimeCompare(u.Password, hash) == 1 {
+		if u, err := app.ValidateUser(username, password); err != nil {
+			app.Template.ExecuteTemplate(w, "login.tmpl", struct {
+				Next  string
+				Flash string
+			}{next, err.Error()})
+		} else {
 			s := app.NewSession(u.Id)
 			c := http.Cookie{
 				Name:   "id",
@@ -73,17 +76,6 @@ func (app *App) loginHandler(w http.ResponseWriter, r *http.Request) {
 			}
 			http.SetCookie(w, &c)
 			http.Redirect(w, r, next, http.StatusSeeOther)
-		} else {
-			var flash string
-			if !ok {
-				flash = "Utilisateur non enregistré"
-			} else if subtle.ConstantTimeCompare(u.Password, hash) != 1 {
-				flash = "Mot de passe incorrect"
-			}
-			app.Template.ExecuteTemplate(w, "login.tmpl", struct {
-				Next  string
-				Flash string
-			}{next, flash})
 		}
 	} else if r.Method == http.MethodGet {
 		next := r.FormValue("next")
-- 
cgit v1.2.3-70-g09d2