From df3068728abacfc98fa19f3dba62b35f65aea731 Mon Sep 17 00:00:00 2001
From: Steven Le Rouzic <steven.lerouzic@gmail.com>
Date: Tue, 23 Apr 2024 18:30:19 +0200
Subject: Remove salt from bcrypt password, because it's useless

---
 database.go | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

(limited to 'database.go')

diff --git a/database.go b/database.go
index 583974f..c53b828 100644
--- a/database.go
+++ b/database.go
@@ -7,7 +7,6 @@ import (
 	"golang.org/x/crypto/bcrypt"
 
 	"stevenlr.com/timer/model"
-	"stevenlr.com/timer/utils"
 )
 
 func initializeDatabaseV1(db *sql.DB) error {
@@ -40,7 +39,6 @@ func initializeDatabaseV1(db *sql.DB) error {
 		CREATE TABLE User (
 			Id			BLOB	NOT NULL UNIQUE,
 			Name		TEXT	NOT NULL,
-			Salt		TEXT	NOT NULL,
 			Password	BLOB	NOT NULL,
 			PRIMARY KEY (id)
 		)`)
@@ -50,17 +48,13 @@ func initializeDatabaseV1(db *sql.DB) error {
 
 	userName := "admin"
 	userPassword := "admin"
-	salt, err := utils.GenerateRandomString(33)
-	if err != nil {
-		return err
-	}
 
-	password, err := bcrypt.GenerateFromPassword([]byte(salt+userPassword), bcrypt.MinCost)
+	password, err := bcrypt.GenerateFromPassword([]byte(userPassword), bcrypt.MinCost)
 	if err != nil {
 		return err
 	}
 
-	_, err = tx.Exec(`INSERT INTO User VALUES ($1, $2, $3, $4)`, model.MakeUUID(), userName, salt, password)
+	_, err = tx.Exec(`INSERT INTO User VALUES ($1, $2, $3)`, model.MakeUUID(), userName, password)
 	if err != nil {
 		return err
 	}
-- 
cgit