diff --git a/pkg/server/database.go b/pkg/server/database.go index d0ddc1a..b65bbe5 100644 --- a/pkg/server/database.go +++ b/pkg/server/database.go @@ -244,7 +244,7 @@ func resetAccount(mailServer string, resetSalt string, email []byte) error { return nil } -func confirmResetAccount(resetSalt string, id int, key string) (string, error) { +func confirmResetAccount(resetSalt string, passwordSalt string, id int, key string) (string, error) { if db == nil { return "", nil } else if id == 0 { @@ -282,7 +282,7 @@ func confirmResetAccount(resetSalt string, id int, key string) (string, error) { newPassword := randomAlphanumeric(7) - passwordHash, err := argon2id.CreateHash(newPassword, passwordArgon2id) + passwordHash, err := argon2id.CreateHash(newPassword+passwordSalt, passwordArgon2id) if err != nil { return "", err } diff --git a/pkg/server/database_disabled.go b/pkg/server/database_disabled.go index 5404ef0..2e5a748 100644 --- a/pkg/server/database_disabled.go +++ b/pkg/server/database_disabled.go @@ -27,7 +27,7 @@ func resetAccount(mailServer string, resetSalt string, email []byte) error { return nil } -func confirmResetAccount(resetSalt string, id int, key string) (string, error) { +func confirmResetAccount(resetSalt string, passwordSalt string, id int, key string) (string, error) { return "", nil } diff --git a/pkg/server/server.go b/pkg/server/server.go index 4d0d2a2..7860563 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -148,7 +148,7 @@ func (s *server) handleResetPassword(w http.ResponseWriter, r *http.Request) { } key := vars["key"] - newPassword, err := confirmResetAccount(s.resetSalt, id, key) + newPassword, err := confirmResetAccount(s.resetSalt, s.passwordSalt, id, key) if err != nil { log.Printf("failed to reset password: %s", err) }