From a595932283a3f3bf002eff5bf044762b78cab5f0 Mon Sep 17 00:00:00 2001
From: Roland Reichwein <mail@reichwein.it>
Date: Sun, 26 Apr 2020 19:52:44 +0200
Subject: crypt(3) http auth pws

---
 response.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'response.cpp')

diff --git a/response.cpp b/response.cpp
index 696b859..9eda5ff 100644
--- a/response.cpp
+++ b/response.cpp
@@ -1,5 +1,6 @@
 #include "response.h"
 
+#include "auth.h"
 #include "base64.h"
 #include "file.h"
 
@@ -292,7 +293,9 @@ response_type generate_response(request_type& req, Server& server)
    std::string password{authorization.substr(pos + 1)};
 
    auto it {auth.find(login)};
-   if (it == auth.end() || it->second != password)
+   // it.second contains crypted/hash
+   // password is plain text to validate against the hash
+   if (it == auth.end() || !Auth::validate(it->second, password))
     return HttpStatusAndStats("401", "Bad Authorization", req_ctx, res);
   }
 
-- 
cgit v1.2.3