diff options
| -rw-r--r-- | database.go | 10 | ||||
| -rw-r--r-- | model/user.go | 9 | ||||
| -rw-r--r-- | timer.db | bin | 28672 -> 28672 bytes | |||
| -rw-r--r-- | timer.go | 2 |
4 files changed, 7 insertions, 14 deletions
diff --git a/database.go b/database.go index 583974f..c53b828 100644 --- a/database.go +++ b/database.go @@ -7,7 +7,6 @@ import ( "golang.org/x/crypto/bcrypt" "stevenlr.com/timer/model" - "stevenlr.com/timer/utils" ) func initializeDatabaseV1(db *sql.DB) error { @@ -40,7 +39,6 @@ func initializeDatabaseV1(db *sql.DB) error { CREATE TABLE User ( Id BLOB NOT NULL UNIQUE, Name TEXT NOT NULL, - Salt TEXT NOT NULL, Password BLOB NOT NULL, PRIMARY KEY (id) )`) @@ -50,17 +48,13 @@ func initializeDatabaseV1(db *sql.DB) error { userName := "admin" userPassword := "admin" - salt, err := utils.GenerateRandomString(33) - if err != nil { - return err - } - password, err := bcrypt.GenerateFromPassword([]byte(salt+userPassword), bcrypt.MinCost) + password, err := bcrypt.GenerateFromPassword([]byte(userPassword), bcrypt.MinCost) if err != nil { return err } - _, err = tx.Exec(`INSERT INTO User VALUES ($1, $2, $3, $4)`, model.MakeUUID(), userName, salt, password) + _, err = tx.Exec(`INSERT INTO User VALUES ($1, $2, $3)`, model.MakeUUID(), userName, password) if err != nil { return err } diff --git a/model/user.go b/model/user.go index 09562bd..25a2360 100644 --- a/model/user.go +++ b/model/user.go @@ -7,30 +7,29 @@ import ( type User struct { Id UUID Name string - Salt string Password []byte } func GetUserByName(db *sql.DB, name string) *User { - row := db.QueryRow("SELECT Id, Name, Salt, Password FROM User WHERE Name=$1", name) + row := db.QueryRow("SELECT Id, Name, Password FROM User WHERE Name=$1", name) if row == nil { return nil } var user User - row.Scan(&user.Id, &user.Name, &user.Salt, &user.Password) + row.Scan(&user.Id, &user.Name, &user.Password) return &user } func GetUserById(db *sql.DB, id UUID) *User { - row := db.QueryRow("SELECT Id, Name, Salt, Password FROM User WHERE Id=$1", id) + row := db.QueryRow("SELECT Id, Name, Password FROM User WHERE Id=$1", id) if row == nil { return nil } var user User - row.Scan(&user.Id, &user.Name, &user.Salt, &user.Password) + row.Scan(&user.Id, &user.Name, &user.Password) return &user } Binary files differ@@ -269,7 +269,7 @@ func (server *TimerServer) handlePostLogin(w http.ResponseWriter, r *http.Reques return } - err := bcrypt.CompareHashAndPassword(user.Password, []byte(user.Salt+userPass)) + err := bcrypt.CompareHashAndPassword(user.Password, []byte(userPass)) if err != nil { w.WriteHeader(http.StatusBadRequest) view.LoginFormError(nil, "Incorrect credentials").Render(context.Background(), w) |