Check passwords in /login
TL;DR: - Since POST /login is more rigorous, our accounts.csv needs to contain validly hashed passwords; you can use tests/create-accounts.sh to create dummy accounts I still need to test the login flow and support: - Tracking failed attempts (three maximum) - Verifying accounts by sending emails to the users
This commit is contained in:
William Carroll
parent
90a521c78f
commit
f051b0be0b
5 changed files with 45 additions and 18 deletions
|
|
@ -320,6 +320,11 @@ hashPassword (ClearTextPassword x) = do
|
|||
hashed <- BC.hashPassword 12 (x |> unpack |> B.pack)
|
||||
pure $ HashedPassword hashed
|
||||
|
||||
-- | Return True if the cleartext password matches the hashed password.
|
||||
passwordsMatch :: ClearTextPassword -> HashedPassword -> Bool
|
||||
passwordsMatch (ClearTextPassword clear) (HashedPassword hashed) =
|
||||
BC.validatePassword (clear |> unpack |> B.pack) hashed
|
||||
|
||||
data CreateAccountRequest = CreateAccountRequest
|
||||
{ createAccountRequestUsername :: Username
|
||||
, createAccountRequestPassword :: ClearTextPassword
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue