From b1acea9f1ca6fd66b15408a60d99792b1a7fd5e3 Mon Sep 17 00:00:00 2001 From: Thomas Miceli <27960254+thomiceli@users.noreply.github.com> Date: Fri, 13 Oct 2023 05:36:00 +0200 Subject: [PATCH] Better password hashes error handling (#132) --- internal/web/util.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/internal/web/util.go b/internal/web/util.go index dadc7dd..d558ab4 100644 --- a/internal/web/util.go +++ b/internal/web/util.go @@ -265,8 +265,16 @@ func (a Argon2ID) hash(plain string) (string, error) { } func (a Argon2ID) verify(plain, hash string) (bool, error) { + if hash == "" { + return false, nil + } + hashParts := strings.Split(hash, "$") + if len(hashParts) != 6 { + return false, errors.New("invalid hash") + } + _, err := fmt.Sscanf(hashParts[3], "m=%d,t=%d,p=%d", &a.memory, &a.time, &a.threads) if err != nil { return false, err