refactor password check into separate function

2025-10-19 07:33:21 +00:00 · 2021-03-27 18:05:45 +01:00 · 2021-03-27 18:05:45 +01:00 · 274f29fee8
commit 274f29fee8
parent 98f0aaca1c
1 changed files with 19 additions and 16 deletions
--- a/htpasswd.go
+++ b/htpasswd.go
@ -228,7 +228,7 @@ func (h *HtpasswdFile) Validate(user string, password string) bool {
 	h.mutex.Lock()
 	// avoid race conditions with cache replacements
 	cache := h.cache
-	realPassword, exists := h.users[user]
+	hashedPassword, exists := h.users[user]
 	entry, cacheExists := h.cache[user]
 	h.mutex.Unlock()

@ -248,21 +248,7 @@ func (h *HtpasswdFile) Validate(user string, password string) bool {
 		return true
 	}

-	isValid := false
-
-	switch {
-	case shaRe.MatchString(realPassword):
-		d := sha1.New()
-		_, _ = d.Write([]byte(password))
-		if subtle.ConstantTimeCompare([]byte(realPassword[5:]), []byte(base64.StdEncoding.EncodeToString(d.Sum(nil)))) == 1 {
-			isValid = true
-		}
-	case bcrRe.MatchString(realPassword):
-		err := bcrypt.CompareHashAndPassword([]byte(realPassword), []byte(password))
-		if err == nil {
-			isValid = true
-		}
-	}
+	isValid := isMatchingHashAndPassword(hashedPassword, password)

 	if !isValid {
 		log.Printf("Invalid htpasswd entry for %s.", user)
@ -279,3 +265,20 @@ func (h *HtpasswdFile) Validate(user string, password string) bool {

 	return true
 }
+
+func isMatchingHashAndPassword(hashedPassword string, password string) bool {
+	switch {
+	case shaRe.MatchString(hashedPassword):
+		d := sha1.New()
+		_, _ = d.Write([]byte(password))
+		if subtle.ConstantTimeCompare([]byte(hashedPassword[5:]), []byte(base64.StdEncoding.EncodeToString(d.Sum(nil)))) == 1 {
+			return true
+		}
+	case bcrRe.MatchString(hashedPassword):
+		err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
+		if err == nil {
+			return true
+		}
+	}
+	return false
+}