api/handlers/v1/auth.go

@@ -22,7 +22,7 @@ func generateJwt() (string, error) {
 	//TODO use env here
 	secret := []byte("ThisIsABadSecretDontReallyUseThis")
 
-	token := jwt.New(jwt.SigningMethodEdDSA)
+	token := jwt.New(jwt.SigningMethodHS256)
 	claims := token.Claims.(jwt.MapClaims)
 	claims["exp"] = time.Now().Add(10 * time.Minute)
 	claims["authorized"] = true

api/services/userService.go

@@ -36,18 +36,19 @@ func (us UserService) DoesUserExist(username string) error {
 }
 
 func (us UserService) DoesPasswordMatchHash(username, password string) error {
-	passwordBytes := []byte(password)
-	hash, err := bcrypt.GenerateFromPassword(passwordBytes, bcrypt.DefaultCost)
-	if err != nil {
-		return err
-	}
+	//passwordBytes := []byte(password)
+	//hash, err := bcrypt.GenerateFromPassword(passwordBytes, bcrypt.DefaultCost)
+	//if err != nil {
+	//	return err
+	//}
 
 	model, err := us.GetUser(username)
 	if err != nil {
 		return err
 	}
 
-	if model.Hash != string(hash) {
+	err = bcrypt.CompareHashAndPassword([]byte(model.Hash), []byte(password))
+	if err != nil {
 		return errors.New(ErrInvalidPassword)
 	}
 
@@ -83,7 +84,7 @@ func (us UserService) CheckPasswordForRequirements(password string) error {
 }
 
 func (us UserService) checkPasswordLength(password string) error {
-	if len(password) <= 8 {
+	if len(password) < 8 {
 		return errors.New(ErrPasswordNotLongEnough)
 	}
 	return nil

rest.http

@@ -1,7 +1,7 @@
 ###
-POST http://localhost:1323/api/v1/register?username=test&password=test
+POST http://localhost:1323/api/v1/register?username=test&password=test1234!
 ###
-POST http://localhost:1323/api/v1/login?username=test&password=test
+POST http://localhost:1323/api/v1/login?username=test&password=test1234!
 ###
 GET http://localhost:1323/api/v1/demo/hello
 ###