Fix password being repeated for padding when too short

Signed-off-by: trivernis <trivernis@protonmail.com>
pull/18/head
trivernis 4 years ago
parent a32510e2ff
commit dde7949177
Signed by: Trivernis
GPG Key ID: DFFFCC2C7A02DB45

1
Cargo.lock generated

@ -445,6 +445,7 @@ dependencies = [
"serde", "serde",
"serde_json", "serde_json",
"serde_postgres", "serde_postgres",
"sha2",
"syntect", "syntect",
"zeroize", "zeroize",
] ]

@ -36,4 +36,5 @@ parking_lot = "0.11.0"
regex = "1.4.2" regex = "1.4.2"
lazy_static = "1.4.0" lazy_static = "1.4.0"
schemars = "0.8.0" schemars = "0.8.0"
syntect = "4.4.0" syntect = "4.4.0"
sha2 = "0.9.2"

@ -7,6 +7,7 @@ use std::panic;
use bcrypt::DEFAULT_COST; use bcrypt::DEFAULT_COST;
use byteorder::{BigEndian, ByteOrder}; use byteorder::{BigEndian, ByteOrder};
use rand::Rng; use rand::Rng;
use sha2::Digest;
pub mod error; pub mod error;
@ -47,7 +48,8 @@ pub fn get_user_id_from_token(token: &String) -> Option<i32> {
pub fn hash_password(password: &[u8], salt: &[u8]) -> Result<[u8; 24], String> { pub fn hash_password(password: &[u8], salt: &[u8]) -> Result<[u8; 24], String> {
panic::catch_unwind(|| { panic::catch_unwind(|| {
let mut pw_hash = [0u8; 24]; let mut pw_hash = [0u8; 24];
bcrypt::bcrypt(DEFAULT_COST, salt, password, &mut pw_hash); let password = sha2::Sha256::digest(password);
bcrypt::bcrypt(DEFAULT_COST, salt, password.as_slice(), &mut pw_hash);
Ok(pw_hash) Ok(pw_hash)
}) })
.map_err(|_| "Hashing failed".to_string())? .map_err(|_| "Hashing failed".to_string())?

Loading…
Cancel
Save