From 6fae0d4ceece99621219f1ed1fd6cacaf9c99a8b Mon Sep 17 00:00:00 2001
From: Philip O'Toole <philip.otoole@yahoo.com>
Date: Sat, 17 Mar 2018 10:38:03 -0400
Subject: [PATCH] Tweak hashed password implementation

---
 auth/credential_store.go      | 22 ++++++----------------
 auth/credential_store_test.go |  7 ++++---
 2 files changed, 10 insertions(+), 19 deletions(-)

diff --git a/auth/credential_store.go b/auth/credential_store.go
index 76a30656..ec653883 100644
--- a/auth/credential_store.go
+++ b/auth/credential_store.go
@@ -18,23 +18,20 @@ type BasicAuther interface {
 type Credential struct {
 	Username string   `json:"username,omitempty"`
 	Password string   `json:"password,omitempty"`
-	Hashed   *bool    `json:"hashed,omitempty"`
 	Perms    []string `json:"perms,omitempty"`
 }
 
 // CredentialsStore stores authentication and authorization information for all users.
 type CredentialsStore struct {
-	store      map[string]string
-	perms      map[string]map[string]bool
-	isbcrypted map[string]bool
+	store map[string]string
+	perms map[string]map[string]bool
 }
 
 // NewCredentialsStore returns a new instance of a CredentialStore.
 func NewCredentialsStore() *CredentialsStore {
 	return &CredentialsStore{
-		store:      make(map[string]string),
-		perms:      make(map[string]map[string]bool),
-		isbcrypted: make(map[string]bool),
+		store: make(map[string]string),
+		perms: make(map[string]map[string]bool),
 	}
 }
 
@@ -58,9 +55,6 @@ func (c *CredentialsStore) Load(r io.Reader) error {
 		for _, p := range cred.Perms {
 			c.perms[cred.Username][p] = true
 		}
-		if cred.Hashed != nil && *cred.Hashed {
-			c.isbcrypted[cred.Username] = true
-		}
 	}
 
 	// Read closing bracket.
@@ -78,12 +72,8 @@ func (c *CredentialsStore) Check(username, password string) bool {
 	if !ok {
 		return false
 	}
-	if _, ok = c.isbcrypted[username]; ok {
-		err := bcrypt.CompareHashAndPassword([]byte(pw), []byte(password))
-		return err == nil
-	} else {
-		return password == pw
-	}
+	return password == pw ||
+		bcrypt.CompareHashAndPassword([]byte(pw), []byte(password)) == nil
 }
 
 // CheckRequest returns true if b contains a valid username and password.
diff --git a/auth/credential_store_test.go b/auth/credential_store_test.go
index 84231597..30bc8274 100644
--- a/auth/credential_store_test.go
+++ b/auth/credential_store_test.go
@@ -167,10 +167,11 @@ func Test_AuthLoadHashedSingleRequest(t *testing.T) {
 		[
 			{
 				"username": "username1",
-				"password": "$2a$10$fKRHxrEuyDTP6tXIiDycr.nyC8Q7UMIfc31YMyXHDLgRDyhLK3VFS",
-				"hashed": true
+				"password": "$2a$10$fKRHxrEuyDTP6tXIiDycr.nyC8Q7UMIfc31YMyXHDLgRDyhLK3VFS"
 			},
-			{"username": "username2", "password": "password2", "hashed":false}
+			{	"username": "username2",
+				"password": "password2"
+			}
 		]
 	`