summaryrefslogtreecommitdiff
path: root/modules/caddyhttp/caddyauth
diff options
context:
space:
mode:
Diffstat (limited to 'modules/caddyhttp/caddyauth')
-rw-r--r--modules/caddyhttp/caddyauth/basicauth.go26
-rw-r--r--modules/caddyhttp/caddyauth/hashes.go6
2 files changed, 6 insertions, 26 deletions
diff --git a/modules/caddyhttp/caddyauth/basicauth.go b/modules/caddyhttp/caddyauth/basicauth.go
index b7c002b..6412d36 100644
--- a/modules/caddyhttp/caddyauth/basicauth.go
+++ b/modules/caddyhttp/caddyauth/basicauth.go
@@ -15,8 +15,6 @@
package caddyauth
import (
- "crypto/sha256"
- "crypto/subtle"
"encoding/json"
"fmt"
"net/http"
@@ -126,30 +124,6 @@ type Comparer interface {
Compare(hashedPassword, plaintextPassword, salt []byte) (bool, error)
}
-type quickComparer struct{}
-
-func (quickComparer) Compare(theirHash, plaintext, _ []byte) (bool, error) {
- ourHash := quickHash(plaintext)
- return hashesMatch(ourHash, theirHash), nil
-}
-
-func hashesMatch(pwdHash1, pwdHash2 []byte) bool {
- return subtle.ConstantTimeCompare(pwdHash1, pwdHash2) == 1
-}
-
-// quickHash returns the SHA-256 of v. It
-// is not secure for password storage, but
-// it is useful for efficiently normalizing
-// the length of plaintext passwords for
-// constant-time comparisons.
-//
-// Errors are discarded.
-func quickHash(v []byte) []byte {
- h := sha256.New()
- h.Write([]byte(v))
- return h.Sum(nil)
-}
-
// Account contains a username, password, and salt (if applicable).
type Account struct {
Username string `json:"username"`
diff --git a/modules/caddyhttp/caddyauth/hashes.go b/modules/caddyhttp/caddyauth/hashes.go
index a515c09..13010db 100644
--- a/modules/caddyhttp/caddyauth/hashes.go
+++ b/modules/caddyhttp/caddyauth/hashes.go
@@ -15,6 +15,8 @@
package caddyauth
import (
+ "crypto/subtle"
+
"github.com/caddyserver/caddy/v2"
"golang.org/x/crypto/bcrypt"
"golang.org/x/crypto/scrypt"
@@ -103,6 +105,10 @@ func (s ScryptHash) Compare(hashed, plaintext, salt []byte) (bool, error) {
return false, nil
}
+func hashesMatch(pwdHash1, pwdHash2 []byte) bool {
+ return subtle.ConstantTimeCompare(pwdHash1, pwdHash2) == 1
+}
+
// Interface guards
var (
_ Comparer = (*BcryptHash)(nil)