From 580459b679892928f27413334510f3cd1accd000 Mon Sep 17 00:00:00 2001
From: nixo <nicolo@nixo.xyz>
Date: Tue, 21 May 2019 11:16:20 +0200
Subject: [PATCH] fixup

---
 JlSonic/login.jl | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 JlSonic/login.jl

diff --git a/JlSonic/login.jl b/JlSonic/login.jl
new file mode 100644
index 0000000..408c1c3
--- /dev/null
+++ b/JlSonic/login.jl
@@ -0,0 +1,37 @@
+import MD5
+
+function isuser(n::AbstractString, users)::Union{Nothing,User}
+    m = findfirst(u -> u.name == n, users)
+    m === nothing ? nothing : users[m]
+end
+
+checksalt(u::User, s, t) = checksalt(u.password, s, t)
+checksalt(p, s, t) = bytes2hex(MD5.md5(string(p, s))) == t
+
+function passcomp(a, b)
+    ## FIXME: Use Nettle.jl to compare passwords and prevent time attacks
+    sleep(Random.rand())
+    a == b
+end
+
+checkpass(u::User, p::AbstractString) = checkpass(u.password, p)
+function checkpass(p1::AbstractString, p2::AbstractString)::Bool
+    startswith(p2, "enc:") && return passcomp(String(hex2bytes(split(p2, ":")[2])),p1)
+    passcomp(p1, p2)
+end
+
+function checkpass(name::AbstractString,
+                   salt::AbstractString, token::AbstractString,
+                   password::AbstractString)::Union{Nothing,User}
+    global users
+    isempty(name) && return nothing
+    user = isuser(name, users)
+    user == nothing && return nothing
+    
+    if !isempty(salt)
+        checksalt(user, salt, token) && return user
+    elseif !isempty(password)
+        checkpass(user, password) && return user
+    end
+    nothing
+end