From 0d7693918d53fd658231bc478654b32513feac7a Mon Sep 17 00:00:00 2001
From: Alexander Kavon <me+git@alexkavon.com>
Date: Mon, 22 Jan 2024 18:17:09 -0500
Subject: only return error for compareSecretToHash, update login form

---
 src/user/routes.go | 6 ++----
 src/user/secret.go | 8 ++++----
 2 files changed, 6 insertions(+), 8 deletions(-)

(limited to 'src')

diff --git a/src/user/routes.go b/src/user/routes.go
index 5399418..28e0ccb 100644
--- a/src/user/routes.go
+++ b/src/user/routes.go
@@ -101,11 +101,9 @@ func Login(s *server.Server) http.HandlerFunc {
 
 		// hash the form secret
 		// compare form hash to db hash
-		valid, err := compareSecretToHash(r.PostFormValue("secret"), user.Secret)
+		err = compareSecretToHash(r.PostFormValue("secret"), user.Secret)
 		if err != nil {
-			log.Fatal(err)
-		}
-		if !valid {
+			log.Println(err)
 			log.Fatal("Incorrect login credentials TODO resolve with compareSecretToHash err")
 		}
 
diff --git a/src/user/secret.go b/src/user/secret.go
index a777072..5efe658 100644
--- a/src/user/secret.go
+++ b/src/user/secret.go
@@ -55,11 +55,11 @@ func hashSecret(secret string) (string, error) {
 	return encodedHash, nil
 }
 
-func compareSecretToHash(secret, encoded string) (bool, error) {
+func compareSecretToHash(secret, encoded string) error {
 	// decode the encoded hash
 	hc, salt, comparehash, err := decodeHash(encoded)
 	if err != nil {
-		return false, err
+		return err
 	}
 
 	// encode the secret
@@ -68,10 +68,10 @@ func compareSecretToHash(secret, encoded string) (bool, error) {
 	// compare the hashes using constant time comparison
 	// to prevent timing attacks. if not equal, then return false
 	if subtle.ConstantTimeCompare(comparehash, verifyhash) != 1 {
-		return false, errHashesNotEqual
+		return errHashesNotEqual
 	}
 
-	return true, nil
+	return nil
 }
 
 func hashArgon2(secret string, salt []byte, hc *hashconf) []byte {
-- 
cgit v1.2.3