auth icon indicating copy to clipboard operation
auth copied to clipboard

Published 20 hours ago verified publisher icon linux08

crypto/bcrypt: hashedSecret too short to be a bcrypted password

Open iliaik opened this issue 5 years ago • 1 comments

user.go -> FindOne actually not working properly.

It drops the error:

crypto/bcrypt: hashedSecret too short to be a bcrypted password

in function errf := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))

It's because of current User model doesn't save Password with correct size. And actually when you check only bcrypt.ErrMismatchedHashAndPassword type of error, it allow to go through authentication using any password.

If do edit for User model in Password field - CompareHashAndPassword works correct.

//User struct declaration
type User struct {
	gorm.Model

	Name     string
	Email    string `gorm:"type:varchar(100);unique_index"`
	Password string `gorm:"size:100" json:"Password"`
	Role     string `json:"Role"`
	Rovers   string `json:"Rovers"`
}

iliaik avatar Oct 23 '19 12:10 iliaik

Hmm, can you submit a PR with this fixes ?

linux08 avatar Oct 23 '19 12:10 linux08