Remove salt from bcrypt password, because it's useless

2024-04-23 18:30:19 +02:00
parent baad757371
commit df3068728a
4 changed files with 8 additions and 15 deletions
--- a/database.go
+++ b/database.go
@ -7,7 +7,6 @@ import (
 	"golang.org/x/crypto/bcrypt"

 	"stevenlr.com/timer/model"
-	"stevenlr.com/timer/utils"
 )

 func initializeDatabaseV1(db *sql.DB) error {
@ -40,7 +39,6 @@ func initializeDatabaseV1(db *sql.DB) error {
 		CREATE TABLE User (
 			Id			BLOB	NOT NULL UNIQUE,
 			Name		TEXT	NOT NULL,
-			Salt		TEXT	NOT NULL,
 			Password	BLOB	NOT NULL,
 			PRIMARY KEY (id)
 		)`)
@ -50,17 +48,13 @@ func initializeDatabaseV1(db *sql.DB) error {

 	userName := "admin"
 	userPassword := "admin"
-	salt, err := utils.GenerateRandomString(33)
+
+	password, err := bcrypt.GenerateFromPassword([]byte(userPassword), bcrypt.MinCost)
 	if err != nil {
 		return err
 	}

-	password, err := bcrypt.GenerateFromPassword([]byte(salt+userPassword), bcrypt.MinCost)
-	if err != nil {
-		return err
-	}
-
-	_, err = tx.Exec(`INSERT INTO User VALUES ($1, $2, $3, $4)`, model.MakeUUID(), userName, salt, password)
+	_, err = tx.Exec(`INSERT INTO User VALUES ($1, $2, $3)`, model.MakeUUID(), userName, password)
 	if err != nil {
 		return err
 	}