chore: trim white spaces from passwords before hashing them

2023-08-10 21:12:56 +03:00 · 2020-05-28 23:29:55 +02:00 · 2020-05-28 23:29:55 +02:00 · 75dd070b3d
commit 75dd070b3d
parent 98d7d02935
2 changed files with 6 additions and 3 deletions
--- a/utils/auth.go
+++ b/utils/auth.go
@ -63,7 +63,9 @@ func IsMd5(hash string) bool {
 }

 func CheckPasswordBcrypt(user *models.User, password, salt string) bool {
-	err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password+salt))
+	hashedPassword := []byte(strings.TrimSpace(user.Password))
+	plainPassword := []byte(strings.TrimSpace(password) + salt)
+	err := bcrypt.CompareHashAndPassword(hashedPassword, plainPassword)
 	return err == nil
 }

@ -79,7 +81,8 @@ func CheckPasswordMd5(user *models.User, password string) bool {

 // inplace
 func HashPassword(u *models.User, salt string) error {
-	bytes, err := bcrypt.GenerateFromPassword([]byte(u.Password+salt), bcrypt.DefaultCost)
+	plainSaltedPassword := []byte(strings.TrimSpace(u.Password) + salt)
+	bytes, err := bcrypt.GenerateFromPassword(plainSaltedPassword, bcrypt.DefaultCost)
 	if err == nil {
 		u.Password = string(bytes)
 	}
--- a/version.txt
+++ b/version.txt
@ -1 +1 @@
-1.5.1
+1.5.2
 @ -1 +1 @@
 .5.1
 .5.2