diff --git a/modules/caddyhttp/caddyauth/command.go b/modules/caddyhttp/caddyauth/command.go index 07489397a..ba06043dc 100644 --- a/modules/caddyhttp/caddyauth/command.go +++ b/modules/caddyhttp/caddyauth/command.go @@ -116,7 +116,7 @@ func cmdHashPassword(fs caddycmd.Flags) (int, error) { var hashString string switch algorithm { case "bcrypt": - hash, err = BcryptHash{cost: bcryptCost}.Hash(plaintext) + hash, err = BcryptHash{Cost: bcryptCost}.Hash(plaintext) hashString = string(hash) default: return caddy.ExitCodeFailedStartup, fmt.Errorf("unrecognized hash algorithm: %s", algorithm) diff --git a/modules/caddyhttp/caddyauth/hashes.go b/modules/caddyhttp/caddyauth/hashes.go index beb074044..33fe63177 100644 --- a/modules/caddyhttp/caddyauth/hashes.go +++ b/modules/caddyhttp/caddyauth/hashes.go @@ -30,9 +30,9 @@ const defaultBcryptCost = 14 // BcryptHash implements the bcrypt hash. type BcryptHash struct { - // cost is the bcrypt hashing difficulty factor (work factor). + // Cost is the bcrypt hashing difficulty factor (work factor). // Higher values increase computation time and security. - cost int + Cost int } // CaddyModule returns the Caddy module information. @@ -43,6 +43,15 @@ func (BcryptHash) CaddyModule() caddy.ModuleInfo { } } +// Provision sets up default values. +func (b *BcryptHash) Provision(ctx caddy.Context) error { + if b.Cost < bcrypt.MinCost || b.Cost > bcrypt.MaxCost { + b.Cost = defaultBcryptCost + } + + return nil +} + // Compare compares passwords. func (BcryptHash) Compare(hashed, plaintext []byte) (bool, error) { err := bcrypt.CompareHashAndPassword(hashed, plaintext) @@ -57,12 +66,7 @@ func (BcryptHash) Compare(hashed, plaintext []byte) (bool, error) { // Hash hashes plaintext using a random salt. func (b BcryptHash) Hash(plaintext []byte) ([]byte, error) { - cost := b.cost - if cost < bcrypt.MinCost || cost > bcrypt.MaxCost { - cost = defaultBcryptCost - } - - return bcrypt.GenerateFromPassword(plaintext, cost) + return bcrypt.GenerateFromPassword(plaintext, b.Cost) } // FakeHash returns a fake hash. @@ -74,6 +78,7 @@ func (BcryptHash) FakeHash() []byte { // Interface guards var ( - _ Comparer = (*BcryptHash)(nil) - _ Hasher = (*BcryptHash)(nil) + _ Comparer = (*BcryptHash)(nil) + _ Hasher = (*BcryptHash)(nil) + _ caddy.Provisioner = (*BcryptHash)(nil) )