Reset a user password using CLI (#226)

2025-07-12 10:51:49 +02:00 · 2024-02-24 18:45:36 +01:00
parent fc9a75ce8f
commit 1c1e3a8919
8 changed files with 140 additions and 76 deletions
--- a/internal/utils/argon2id.go
+++ b/internal/utils/argon2id.go
@ -0,0 +1,76 @@
+package utils
+
+import (
+	"crypto/rand"
+	"crypto/subtle"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"golang.org/x/crypto/argon2"
+	"strings"
+)
+
+type Argon2ID struct {
+	format  string
+	version int
+	time    uint32
+	memory  uint32
+	keyLen  uint32
+	saltLen uint32
+	threads uint8
+}
+
+var Argon2id = Argon2ID{
+	format:  "$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s",
+	version: argon2.Version,
+	time:    1,
+	memory:  64 * 1024,
+	keyLen:  32,
+	saltLen: 16,
+	threads: 4,
+}
+
+func (a Argon2ID) Hash(plain string) (string, error) {
+	salt := make([]byte, a.saltLen)
+	if _, err := rand.Read(salt); err != nil {
+		return "", err
+	}
+
+	hash := argon2.IDKey([]byte(plain), salt, a.time, a.memory, a.threads, a.keyLen)
+
+	return fmt.Sprintf(a.format, a.version, a.memory, a.time, a.threads,
+		base64.RawStdEncoding.EncodeToString(salt),
+		base64.RawStdEncoding.EncodeToString(hash),
+	), nil
+}
+
+func (a Argon2ID) Verify(plain, hash string) (bool, error) {
+	if hash == "" {
+		return false, nil
+	}
+
+	hashParts := strings.Split(hash, "$")
+
+	if len(hashParts) != 6 {
+		return false, errors.New("invalid hash")
+	}
+
+	_, err := fmt.Sscanf(hashParts[3], "m=%d,t=%d,p=%d", &a.memory, &a.time, &a.threads)
+	if err != nil {
+		return false, err
+	}
+
+	salt, err := base64.RawStdEncoding.DecodeString(hashParts[4])
+	if err != nil {
+		return false, err
+	}
+
+	decodedHash, err := base64.RawStdEncoding.DecodeString(hashParts[5])
+	if err != nil {
+		return false, err
+	}
+
+	hashToCompare := argon2.IDKey([]byte(plain), salt, a.time, a.memory, a.threads, uint32(len(decodedHash)))
+
+	return subtle.ConstantTimeCompare(decodedHash, hashToCompare) == 1, nil
+}