always hash a pass when authenticating
This commit is contained in:
parent
13f64fdb7d
commit
a664599d1a
|
@ -8,6 +8,7 @@ import (
|
|||
"git.maronato.dev/maronato/goshort/internal/errs"
|
||||
"git.maronato.dev/maronato/goshort/internal/storage"
|
||||
"git.maronato.dev/maronato/goshort/internal/storage/models"
|
||||
"git.maronato.dev/maronato/goshort/internal/util/passwords"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -77,6 +78,9 @@ func (s *UserService) AuthenticateUser(ctx context.Context, username string, pas
|
|||
// Get user from storage
|
||||
user, err = s.FindUser(ctx, username)
|
||||
if err != nil {
|
||||
// Even if the user does not exist, hash a password to waste time
|
||||
// and not give away wether or not the user exists.
|
||||
_, _ = passwords.HashPassword("r4nd0mpa55w0rd")
|
||||
return &models.User{}, fmt.Errorf("failed to find user: %w", err)
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user