Fix password being repeated for padding when too short

Signed-off-by: trivernis <trivernis@protonmail.com>
4 years ago · dde7949177
parent a32510e2ff
commit dde7949177
3 changed files with 6 additions and 2 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -445,6 +445,7 @@ dependencies = [
 "serde",
 "serde_json",
 "serde_postgres",
+ "sha2",
 "syntect",
 "zeroize",
 ]
--- a/Cargo.toml
+++ b/Cargo.toml
@ -36,4 +36,5 @@ parking_lot = "0.11.0"
 regex = "1.4.2"
 lazy_static = "1.4.0"
 schemars = "0.8.0"
-syntect = "4.4.0"
+syntect = "4.4.0"
+sha2 = "0.9.2"
--- a/src/utils/mod.rs
+++ b/src/utils/mod.rs
@ -7,6 +7,7 @@ use std::panic;
 use bcrypt::DEFAULT_COST;
 use byteorder::{BigEndian, ByteOrder};
 use rand::Rng;
+use sha2::Digest;

 pub mod error;

@ -47,7 +48,8 @@ pub fn get_user_id_from_token(token: &String) -> Option<i32> {
 pub fn hash_password(password: &[u8], salt: &[u8]) -> Result<[u8; 24], String> {
    panic::catch_unwind(|| {
        let mut pw_hash = [0u8; 24];
-        bcrypt::bcrypt(DEFAULT_COST, salt, password, &mut pw_hash);
+        let password = sha2::Sha256::digest(password);
+        bcrypt::bcrypt(DEFAULT_COST, salt, password.as_slice(), &mut pw_hash);
        Ok(pw_hash)
    })
    .map_err(|_| "Hashing failed".to_string())?