fix(tfstated): hash passwords instead of relying on the database encryption key

author: Julien Dessaux 2024-11-16 00:36:17 +0100
committer: Julien Dessaux 2024-11-16 00:36:17 +0100
commit: 5b6da560896970c610c691dff6ed052a57ed5a1d (patch)
tree: 7ec12f39943513230659d3068d59e8687770f053 /pkg/basic_auth
parent: fix(tfstated): return 403 Forbidden on non existent account (diff)
download: tfstated-5b6da560896970c610c691dff6ed052a57ed5a1d.tar.gz
tfstated-5b6da560896970c610c691dff6ed052a57ed5a1d.tar.bz2
tfstated-5b6da560896970c610c691dff6ed052a57ed5a1d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/basic_auth/middleware.go b/pkg/basic_auth/middleware.go
index 1b51c8a..7f8fb4a 100644
--- a/pkg/basic_auth/middleware.go
+++ b/pkg/basic_auth/middleware.go
@@ -27,7 +27,7 @@ func Middleware(db *database.DB) func(http.Handler) http.Handler {
 				http.Error(w, "Forbidden", http.StatusForbidden)
 				return
 			}
-			if password != account.Password {
+			if !account.CheckPassword(password) {
 				http.Error(w, "Forbidden", http.StatusForbidden)
 				return
 			}
author	Julien Dessaux	2024-11-16 00:36:17 +0100
committer	Julien Dessaux	2024-11-16 00:36:17 +0100
commit	5b6da560896970c610c691dff6ed052a57ed5a1d (patch)
tree	7ec12f39943513230659d3068d59e8687770f053 /pkg/basic_auth
parent	fix(tfstated): return 403 Forbidden on non existent account (diff)
download	tfstated-5b6da560896970c610c691dff6ed052a57ed5a1d.tar.gz tfstated-5b6da560896970c610c691dff6ed052a57ed5a1d.tar.bz2 tfstated-5b6da560896970c610c691dff6ed052a57ed5a1d.zip