maronato/goshort
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 21 Wiki Activity

always hash a pass when authenticating

This commit is contained in:
Gustavo Maronato 2023-08-17 19:34:33 -03:00
parent 13f64fdb7d
commit a664599d1a
Signed by: maronato
SSH Key Fingerprint: SHA256:2Gw7kwMz/As+2UkR1qQ/qYYhn+WNh3FGv6ozhoRrLcs
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
internal/service/user/userservice.go
View File

@ -8,6 +8,7 @@ import (
"git.maronato.dev/maronato/goshort/internal/errs"
"git.maronato.dev/maronato/goshort/internal/storage"
"git.maronato.dev/maronato/goshort/internal/storage/models"
"git.maronato.dev/maronato/goshort/internal/util/passwords"
)
const (
@ -77,6 +78,9 @@ func (s *UserService) AuthenticateUser(ctx context.Context, username string, pas
// Get user from storage
user, err = s.FindUser(ctx, username)
if err != nil {
// Even if the user does not exist, hash a password to waste time
// and not give away wether or not the user exists.
_, _ = passwords.HashPassword("r4nd0mpa55w0rd")
return &models.User{}, fmt.Errorf("failed to find user: %w", err)
}