Check passwords in /login

TL;DR: - Since POST /login is more rigorous, our accounts.csv needs to contain validly hashed passwords; you can use tests/create-accounts.sh to create dummy accounts I still need to test the login flow and support: - Tracking failed attempts (three maximum) - Verifying accounts by sending emails to the users
author: William Carroll <wpcarro@gmail.com> 2020-07-28T17·48+0100
committer: William Carroll <wpcarro@gmail.com> 2020-07-28T17·48+0100
commit: f051b0be0bc360c949b3b1913f13c4856ae317ca (patch)
tree: 0c01f2c7d62625fc710d965fdc430777c9d52442 /src/Types.hs
parent: 90a521c78f036e024454df39c3e3cd1180c90a74 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/Types.hs b/src/Types.hs
index 96cfae2c28cf..25f7d8996a36 100644
--- a/src/Types.hs
+++ b/src/Types.hs
@@ -320,6 +320,11 @@ hashPassword (ClearTextPassword x) = do
   hashed <- BC.hashPassword 12 (x |> unpack |> B.pack)
   pure $ HashedPassword hashed
 
+-- | Return True if the cleartext password matches the hashed password.
+passwordsMatch :: ClearTextPassword -> HashedPassword -> Bool
+passwordsMatch (ClearTextPassword clear) (HashedPassword hashed) =
+  BC.validatePassword (clear |> unpack |> B.pack) hashed
+
 data CreateAccountRequest = CreateAccountRequest
   { createAccountRequestUsername :: Username
   , createAccountRequestPassword :: ClearTextPassword
author	William Carroll <wpcarro@gmail.com>	2020-07-28T17·48+0100
committer	William Carroll <wpcarro@gmail.com>	2020-07-28T17·48+0100
commit	f051b0be0bc360c949b3b1913f13c4856ae317ca (patch)
tree	0c01f2c7d62625fc710d965fdc430777c9d52442 /src/Types.hs
parent	90a521c78f036e024454df39c3e3cd1180c90a74 (diff)