From df3068728abacfc98fa19f3dba62b35f65aea731 Mon Sep 17 00:00:00 2001
From: Steven Le Rouzic <steven.lerouzic@gmail.com>
Date: Tue, 23 Apr 2024 18:30:19 +0200
Subject: Remove salt from bcrypt password, because it's useless

---
 timer.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'timer.go')

diff --git a/timer.go b/timer.go
index 7d5f320..4b29726 100644
--- a/timer.go
+++ b/timer.go
@@ -269,7 +269,7 @@ func (server *TimerServer) handlePostLogin(w http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	err := bcrypt.CompareHashAndPassword(user.Password, []byte(user.Salt+userPass))
+	err := bcrypt.CompareHashAndPassword(user.Password, []byte(userPass))
 	if err != nil {
 		w.WriteHeader(http.StatusBadRequest)
 		view.LoginFormError(nil, "Incorrect credentials").Render(context.Background(), w)
-- 
cgit