summaryrefslogtreecommitdiffstats
path: root/modules/auth/password/hash/bcrypt.go
blob: 4607c169cd85432d5d52b13082f81c6fa6396865 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
// Copyright 2023 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package hash

import (
	"golang.org/x/crypto/bcrypt"
)

func init() {
	MustRegister("bcrypt", NewBcryptHasher)
}

// BcryptHasher implements PasswordHasher
// and uses the bcrypt password hash function.
type BcryptHasher struct {
	cost int
}

// HashWithSaltBytes a provided password and salt
func (hasher *BcryptHasher) HashWithSaltBytes(password string, salt []byte) string {
	if hasher == nil {
		return ""
	}
	hashedPassword, _ := bcrypt.GenerateFromPassword([]byte(password), hasher.cost)
	return string(hashedPassword)
}

func (hasher *BcryptHasher) VerifyPassword(password, hashedPassword, salt string) bool {
	return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password)) == nil
}

// NewBcryptHasher is a factory method to create an BcryptHasher
// The provided config should be either empty or the string representation of the "<cost>"
// as an integer
func NewBcryptHasher(config string) *BcryptHasher {
	// This matches the original configuration for `bcrypt` prior to storing hash parameters
	// in the database.
	// THESE VALUES MUST NOT BE CHANGED OR BACKWARDS COMPATIBILITY WILL BREAK
	hasher := &BcryptHasher{
		cost: 10, // cost=10. i.e. 2^10 rounds of key expansion.
	}

	if config == "" {
		return hasher
	}
	var err error
	hasher.cost, err = parseIntParam(config, "cost", "bcrypt", config, nil)
	if err != nil {
		return nil
	}

	return hasher
}