steven/timer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove salt from bcrypt password, because it's useless

Browse Source
This commit is contained in:
Steven Le Rouzic
2024-04-23 18:30:19 +02:00
parent baad757371
commit df3068728a
4 changed files with 8 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
timer.go
View File

@ -269,7 +269,7 @@ func (server *TimerServer) handlePostLogin(w http.ResponseWriter, r *http.Reques
return
}
err := bcrypt.CompareHashAndPassword(user.Password, []byte(user.Salt+userPass))
err := bcrypt.CompareHashAndPassword(user.Password, []byte(userPass))
if err != nil {
w.WriteHeader(http.StatusBadRequest)
view.LoginFormError(nil, "Incorrect credentials").Render(context.Background(), w)