aclindsa/moneygo
1
0
Fork 0
mirror of https://github.com/aclindsa/moneygo.git synced 2025-07-03 12:48:38 -04:00
Code Issues Releases Wiki Activity

Move users and securities to store

Browse Source
This commit is contained in:
Aaron Lindsay
2017-12-07 20:08:43 -05:00
parent c452984f23
commit bec5152e53
12 changed files with 255 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
internal/handlers/sessions.go
View File

@ -85,12 +85,15 @@ func SessionHandler(r *http.Request, context *Context) ResponseWriterWriter {
return NewError(3 /*Invalid Request*/)
}
dbuser, err := GetUserByUsername(context.Tx, user.Username)
// Hash password before checking username to help mitigate timing
// attacks
user.HashPassword()
dbuser, err := context.StoreTx.GetUserByUsername(user.Username)
if err != nil {
return NewError(2 /*Unauthorized Access*/)
}
user.HashPassword()
if user.PasswordHash != dbuser.PasswordHash {
return NewError(2 /*Unauthorized Access*/)
}