No need to use an additional variable just to compose the salted pass.

Just use the classic POST form.
JSON doesn't make any sense in this case.
2024-07-27 12:38:30 +02:00 · 2024-07-27 12:36:14 +02:00
1 changed files with 5 additions and 9 deletions
--- a/dudeswave/src/dudeswave_user_handler.erl
+++ b/dudeswave/src/dudeswave_user_handler.erl
@ -13,7 +13,7 @@
 % ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 % OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 %
-module(dudeswave_register_handler).
+-module(dudeswave_user_handler).
 -moduledoc """
 Register a new user.
 """.
@ -53,17 +53,14 @@ known_methods(Req, State) ->
 resource_exists(Req, State) ->
 	{ok, Bucket} = maps:find(bucket, State),

-	case cowboy:read_body(Req, #{period => 5000, length => 8192}) of
-		{ok, Body, NewReq} ->
-			#{<<"name">> := Name, <<"password">> := Pass,
-			    <<"user">> := User} = json:decode(Body),
-
+	case cowboy:read_urlencoded_body(Req) of
+		{ok, [{name, Name}, {username, User}, {password, Password}], NewReq} ->
 			case storage:read(Bucket, User) of
 				{ok, [_R]} ->
 					{true, NewReq, user_exists};
 				{ok, []} ->
 					{false, NewReq, {Bucket, [{name, Name},
-					    {username, User},{password, Pass}]}}
+					    {username, User},{password, Password}]}}
 			end
 	end.

@ -73,8 +70,7 @@ is_conflict(Req, State) -> {false, Req, State}.

 create_user(Req, {Bucket, [{name, Name}, {username, User}, {password, Pass}]}) ->
 	Salt = rand:bytes(32),
-	SaltedPW = <<Pass/binary, Salt/binary>>,
-	Hash = crypto:hash(sha256, SaltedPW),
+	Hash = crypto:hash(sha256, <<Pass/binary, Salt/binary>>),

 	case storage:write(Bucket, User, Hash, [{salt, Salt}, {name, Name}]) of
 		ok ->
Author	SHA1	Message	Date
absc	ab3ca1ec64	No need to use an additional variable just to compose the salted pass.	2024-07-27 12:38:30 +02:00
absc	80af46c6be	Just use the classic POST form. JSON doesn't make any sense in this case.	2024-07-27 12:36:14 +02:00