Implement admin password hashing with bcrypt (#3754)
* Add bcrypt hashing helpers * SetAdminPassword now hashes the password before saving it * BasicAuth now compares the bcrypt hash for the password * Modify migration2 to avoid a double password hash when upgrading * Add migration for bcrypt hashed password * Do not show admin password hash as initial value * Update api tests to compare the bcrypt hash of the admin password instead * Remove old admin password api tests --------- Co-authored-by: Gabe Kangas <gabek@real-ity.com>
This commit is contained in:
mahmed2000
15
utils/hashing.go
Normal file
15
utils/hashing.go
Normal file
@@ -0,0 +1,15 @@
|
||||
package utils
|
||||
|
||||
import (
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
||||
func HashPassword(password string) (string, error) {
|
||||
// 0 will use the default cost of 10 instead
|
||||
hash, err := bcrypt.GenerateFromPassword([]byte(password), 0)
|
||||
return string(hash), err
|
||||
}
|
||||
|
||||
func ComparseHash(hash string, password string) error {
|
||||
return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
|
||||
}
|
||||
Reference in New Issue
Block a user