Make sure that the SHA512 hash is lowercase

This commit is contained in:
TwinProduction 2020-10-14 21:45:45 -04:00
parent 402525d572
commit 8fd6eddc16

View File

@ -2,12 +2,13 @@ package security
import ( import (
"net/http" "net/http"
"strings"
) )
func Handler(handler http.HandlerFunc, security *Config) http.HandlerFunc { func Handler(handler http.HandlerFunc, security *Config) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
usernameEntered, passwordEntered, ok := r.BasicAuth() usernameEntered, passwordEntered, ok := r.BasicAuth()
if !ok || usernameEntered != security.Basic.Username || Sha512(passwordEntered) != security.Basic.PasswordSha512Hash { if !ok || usernameEntered != security.Basic.Username || Sha512(passwordEntered) != strings.ToLower(security.Basic.PasswordSha512Hash) {
w.Header().Set("WWW-Authenticate", "Basic") w.Header().Set("WWW-Authenticate", "Basic")
w.WriteHeader(http.StatusUnauthorized) w.WriteHeader(http.StatusUnauthorized)
_, _ = w.Write([]byte("Unauthorized")) _, _ = w.Write([]byte("Unauthorized"))