From f254f3370df1da79552401e54e50987aa59890ca Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Thu, 19 May 2022 15:17:58 +0200
Subject: cleanup

---
 src/login/static_provider.rs | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'src/login')

diff --git a/src/login/static_provider.rs b/src/login/static_provider.rs
index 3ef8d89..cc0c8cb 100644
--- a/src/login/static_provider.rs
+++ b/src/login/static_provider.rs
@@ -32,8 +32,7 @@ impl LoginProvider for StaticLoginProvider {
         match self.users.get(username) {
             None => bail!("User {} does not exist", username),
             Some(u) => {
-                if u.password != password {
-                    // TODO cryptographic password compare
+                if !verify_password(password, &u.password) {
                     bail!("Wrong password");
                 }
                 let bucket = u
@@ -56,7 +55,7 @@ impl LoginProvider for StaticLoginProvider {
                     (Some(m), Some(s)) => {
                         let master_key = Key::from_slice(&base64::decode(m)?)
                             .ok_or(anyhow!("Invalid master key"))?;
-                        let secret_key = SecretKey::from_slice(&base64::decode(m)?)
+                        let secret_key = SecretKey::from_slice(&base64::decode(s)?)
                             .ok_or(anyhow!("Invalid secret key"))?;
                         CryptoKeys::open_without_password(&storage, &master_key, &secret_key).await?
                     }
-- 
cgit v1.2.3