diff options
| -rw-r--r-- | src/user/routes.go | 6 | ||||
| -rw-r--r-- | src/user/secret.go | 8 | ||||
| -rw-r--r-- | ui/pages/user/create.tmpl.html | 4 | ||||
| -rw-r--r-- | ui/pages/user/login.tmpl.html | 4 |
4 files changed, 8 insertions, 14 deletions
diff --git a/src/user/routes.go b/src/user/routes.go index 5399418..28e0ccb 100644 --- a/src/user/routes.go +++ b/src/user/routes.go @@ -101,11 +101,9 @@ func Login(s *server.Server) http.HandlerFunc { // hash the form secret // compare form hash to db hash - valid, err := compareSecretToHash(r.PostFormValue("secret"), user.Secret) + err = compareSecretToHash(r.PostFormValue("secret"), user.Secret) if err != nil { - log.Fatal(err) - } - if !valid { + log.Println(err) log.Fatal("Incorrect login credentials TODO resolve with compareSecretToHash err") } diff --git a/src/user/secret.go b/src/user/secret.go index a777072..5efe658 100644 --- a/src/user/secret.go +++ b/src/user/secret.go @@ -55,11 +55,11 @@ func hashSecret(secret string) (string, error) { return encodedHash, nil } -func compareSecretToHash(secret, encoded string) (bool, error) { +func compareSecretToHash(secret, encoded string) error { // decode the encoded hash hc, salt, comparehash, err := decodeHash(encoded) if err != nil { - return false, err + return err } // encode the secret @@ -68,10 +68,10 @@ func compareSecretToHash(secret, encoded string) (bool, error) { // compare the hashes using constant time comparison // to prevent timing attacks. if not equal, then return false if subtle.ConstantTimeCompare(comparehash, verifyhash) != 1 { - return false, errHashesNotEqual + return errHashesNotEqual } - return true, nil + return nil } func hashArgon2(secret string, salt []byte, hc *hashconf) []byte { diff --git a/ui/pages/user/create.tmpl.html b/ui/pages/user/create.tmpl.html index 68a9e93..7d18436 100644 --- a/ui/pages/user/create.tmpl.html +++ b/ui/pages/user/create.tmpl.html @@ -4,10 +4,6 @@ <h1>Create User</h1> <form action="/u" method="POST"> <label> - Email - <input type="email" placeholder="email" name="email" /> - </label> - <label> Username <input type="text" placeholder="username" name="username" /> </label> diff --git a/ui/pages/user/login.tmpl.html b/ui/pages/user/login.tmpl.html index d56f61a..408dd64 100644 --- a/ui/pages/user/login.tmpl.html +++ b/ui/pages/user/login.tmpl.html @@ -8,8 +8,8 @@ <input type="text" placeholder="username" name="username" /> </label> <label> - Password - <input type="password" placeholder="password" name="password" /> + Secret + <input type="password" placeholder="secret" name="secret" /> </label> <button type="submit">Login</button> </form> |