diff options
Diffstat (limited to 'internal/userutil/userutil.go')
| -rw-r--r-- | internal/userutil/userutil.go | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/internal/userutil/userutil.go b/internal/userutil/userutil.go index d5c74325..8063aef0 100644 --- a/internal/userutil/userutil.go +++ b/internal/userutil/userutil.go @@ -5,6 +5,8 @@ package userutil import ( + "crypto/sha256" + "crypto/subtle" "encoding/hex" "fmt" "image/png" @@ -14,6 +16,7 @@ import ( "strings" "github.com/pkg/errors" + "golang.org/x/crypto/pbkdf2" "gogs.io/gogs/internal/avatar" "gogs.io/gogs/internal/conf" @@ -77,3 +80,16 @@ func GenerateRandomAvatar(userID int64, name, email string) error { } return nil } + +// EncodePassword encodes password using PBKDF2 SHA256 with given salt. +func EncodePassword(password, salt string) string { + newPasswd := pbkdf2.Key([]byte(password), []byte(salt), 10000, 50, sha256.New) + return fmt.Sprintf("%x", newPasswd) +} + +// ValidatePassword returns true if the given password matches the encoded +// version with given salt. +func ValidatePassword(encoded, salt, password string) bool { + got := EncodePassword(password, salt) + return subtle.ConstantTimeCompare([]byte(encoded), []byte(got)) == 1 +} |