Better password hashes error handling (#132)

This commit is contained in:
Thomas Miceli 2023-10-13 05:36:00 +02:00 committed by GitHub
parent 7059d5c834
commit b1acea9f1c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -265,8 +265,16 @@ func (a Argon2ID) hash(plain string) (string, error) {
} }
func (a Argon2ID) verify(plain, hash string) (bool, error) { func (a Argon2ID) verify(plain, hash string) (bool, error) {
if hash == "" {
return false, nil
}
hashParts := strings.Split(hash, "$") hashParts := strings.Split(hash, "$")
if len(hashParts) != 6 {
return false, errors.New("invalid hash")
}
_, err := fmt.Sscanf(hashParts[3], "m=%d,t=%d,p=%d", &a.memory, &a.time, &a.threads) _, err := fmt.Sscanf(hashParts[3], "m=%d,t=%d,p=%d", &a.memory, &a.time, &a.threads)
if err != nil { if err != nil {
return false, err return false, err