From 76c22c7b388d659530a4f6d0ae9f242827f7ed82 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Wed, 30 Oct 2019 13:56:27 -0600
Subject: auth: Clean up basicauth

---
 modules/caddyhttp/caddyauth/basicauth.go | 26 --------------------------
 modules/caddyhttp/caddyauth/hashes.go    |  6 ++++++
 2 files changed, 6 insertions(+), 26 deletions(-)

(limited to 'modules/caddyhttp/caddyauth')

diff --git a/modules/caddyhttp/caddyauth/basicauth.go b/modules/caddyhttp/caddyauth/basicauth.go
index b7c002b..6412d36 100644
--- a/modules/caddyhttp/caddyauth/basicauth.go
+++ b/modules/caddyhttp/caddyauth/basicauth.go
@@ -15,8 +15,6 @@
 package caddyauth
 
 import (
-	"crypto/sha256"
-	"crypto/subtle"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -126,30 +124,6 @@ type Comparer interface {
 	Compare(hashedPassword, plaintextPassword, salt []byte) (bool, error)
 }
 
-type quickComparer struct{}
-
-func (quickComparer) Compare(theirHash, plaintext, _ []byte) (bool, error) {
-	ourHash := quickHash(plaintext)
-	return hashesMatch(ourHash, theirHash), nil
-}
-
-func hashesMatch(pwdHash1, pwdHash2 []byte) bool {
-	return subtle.ConstantTimeCompare(pwdHash1, pwdHash2) == 1
-}
-
-// quickHash returns the SHA-256 of v. It
-// is not secure for password storage, but
-// it is useful for efficiently normalizing
-// the length of plaintext passwords for
-// constant-time comparisons.
-//
-// Errors are discarded.
-func quickHash(v []byte) []byte {
-	h := sha256.New()
-	h.Write([]byte(v))
-	return h.Sum(nil)
-}
-
 // Account contains a username, password, and salt (if applicable).
 type Account struct {
 	Username string `json:"username"`
diff --git a/modules/caddyhttp/caddyauth/hashes.go b/modules/caddyhttp/caddyauth/hashes.go
index a515c09..13010db 100644
--- a/modules/caddyhttp/caddyauth/hashes.go
+++ b/modules/caddyhttp/caddyauth/hashes.go
@@ -15,6 +15,8 @@
 package caddyauth
 
 import (
+	"crypto/subtle"
+
 	"github.com/caddyserver/caddy/v2"
 	"golang.org/x/crypto/bcrypt"
 	"golang.org/x/crypto/scrypt"
@@ -103,6 +105,10 @@ func (s ScryptHash) Compare(hashed, plaintext, salt []byte) (bool, error) {
 	return false, nil
 }
 
+func hashesMatch(pwdHash1, pwdHash2 []byte) bool {
+	return subtle.ConstantTimeCompare(pwdHash1, pwdHash2) == 1
+}
+
 // Interface guards
 var (
 	_ Comparer          = (*BcryptHash)(nil)
-- 
cgit v1.2.3