From 2508dac595419575755cd22bb6f4004f2488a260 Mon Sep 17 00:00:00 2001
From: James Tombleson <luther38@gmail.com>
Date: Wed, 27 Mar 2024 17:24:23 -0700
Subject: [PATCH] woo! I can login and confirm my password with bcrypt!

---
 api/handlers/v1/auth.go     |  2 +-
 api/services/userService.go | 15 ++++++++-------
 rest.http                   |  4 ++--
 3 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/api/handlers/v1/auth.go b/api/handlers/v1/auth.go
index 86f6b6b..5d58a90 100644
--- a/api/handlers/v1/auth.go
+++ b/api/handlers/v1/auth.go
@@ -22,7 +22,7 @@ func generateJwt() (string, error) {
 	//TODO use env here
 	secret := []byte("ThisIsABadSecretDontReallyUseThis")
 
-	token := jwt.New(jwt.SigningMethodEdDSA)
+	token := jwt.New(jwt.SigningMethodHS256)
 	claims := token.Claims.(jwt.MapClaims)
 	claims["exp"] = time.Now().Add(10 * time.Minute)
 	claims["authorized"] = true
diff --git a/api/services/userService.go b/api/services/userService.go
index 2a7e83f..193c53d 100644
--- a/api/services/userService.go
+++ b/api/services/userService.go
@@ -36,18 +36,19 @@ func (us UserService) DoesUserExist(username string) error {
 }
 
 func (us UserService) DoesPasswordMatchHash(username, password string) error {
-	passwordBytes := []byte(password)
-	hash, err := bcrypt.GenerateFromPassword(passwordBytes, bcrypt.DefaultCost)
-	if err != nil {
-		return err
-	}
+	//passwordBytes := []byte(password)
+	//hash, err := bcrypt.GenerateFromPassword(passwordBytes, bcrypt.DefaultCost)
+	//if err != nil {
+	//	return err
+	//}
 
 	model, err := us.GetUser(username)
 	if err != nil {
 		return err
 	}
 
-	if model.Hash != string(hash) {
+	err = bcrypt.CompareHashAndPassword([]byte(model.Hash), []byte(password))
+	if err != nil {
 		return errors.New(ErrInvalidPassword)
 	}
 
@@ -83,7 +84,7 @@ func (us UserService) CheckPasswordForRequirements(password string) error {
 }
 
 func (us UserService) checkPasswordLength(password string) error {
-	if len(password) <= 8 {
+	if len(password) < 8 {
 		return errors.New(ErrPasswordNotLongEnough)
 	}
 	return nil
diff --git a/rest.http b/rest.http
index 75892c2..788121c 100644
--- a/rest.http
+++ b/rest.http
@@ -1,7 +1,7 @@
 ###
-POST http://localhost:1323/api/v1/register?username=test&password=test
+POST http://localhost:1323/api/v1/register?username=test&password=test1234!
 ###
-POST http://localhost:1323/api/v1/login?username=test&password=test
+POST http://localhost:1323/api/v1/login?username=test&password=test1234!
 ###
 GET http://localhost:1323/api/v1/demo/hello
 ###