-
Notifications
You must be signed in to change notification settings - Fork 13
/
bcrypt.go
37 lines (29 loc) · 993 Bytes
/
bcrypt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
package htpasswd
import (
"fmt"
"strings"
"golang.org/x/crypto/bcrypt"
)
type bcryptPassword struct {
hashed []byte
}
// AcceptBcrypt accepts any valid password encoded using bcrypt.
func AcceptBcrypt(src string) (EncodedPasswd, error) {
if !strings.HasPrefix(src, "$2y$") && !strings.HasPrefix(src, "$2a$") && !strings.HasPrefix(src, "$2b$") && !strings.HasPrefix(src, "$2x$") {
return nil, nil
}
return &bcryptPassword{hashed: []byte(src)}, nil
}
// RejectBcrypt rejects any password encoded using bcrypt.
func RejectBcrypt(src string) (EncodedPasswd, error) {
if strings.HasPrefix(src, "$2y$") || strings.HasPrefix(src, "$2a$") || strings.HasPrefix(src, "$2b$") || strings.HasPrefix(src, "$2x$") {
return nil, fmt.Errorf("bcrypt passwords are not accepted: %s", src)
}
return nil, nil
}
func (b *bcryptPassword) MatchesPassword(password string) bool {
if err := bcrypt.CompareHashAndPassword(b.hashed, []byte(password)); err != nil {
return false
}
return true
}