Add password check function

2026-06-27 17:23:02 -04:00
parent 46ce08e02f
commit f7f4fd2813
1 changed files with 26 additions and 1 deletions
--- a/src/models/user.rs
+++ b/src/models/user.rs
@@ -28,7 +28,12 @@ use diesel::{
    serialize::ToSql,
    sql_types,
 };
-use pbkdf2::{PasswordHasher, Pbkdf2};
+use pbkdf2::{
+    PasswordHasher, PasswordVerifier, Pbkdf2, password_hash::Error::PasswordInvalid,
+    phc::PasswordHash,
+};
+
+use crate::util::error::{Error, Result};

 /// Newtype for a `String`-represented hashed password
 #[derive(Clone, Debug, AsExpression, FromSqlRow)]
@@ -36,6 +41,26 @@ use pbkdf2::{PasswordHasher, Pbkdf2};
 pub struct HashedPassword(String);

 impl HashedPassword {
+    /// Check a password attempt against this hashed password
+    ///
+    /// # Returns
+    ///
+    /// `Ok(true)` for a correct password
+    /// `Ok(false)` for an incorrect password
+    /// `Err` for a hashing error
+    pub fn check(&self, password_attempt: String) -> Result<bool> {
+        let pw_hash = PasswordHash::new(&self.0)
+            .map_err(|e| Error::message_here(format!("Error parsing `HashedPassword`: {e}")))?;
+
+        match Pbkdf2::default().verify_password(password_attempt.as_bytes(), &pw_hash) {
+            Ok(()) => Ok(true),
+            Err(PasswordInvalid) => Ok(false),
+            Err(e) => Err(Error::message_here(format!(
+                "Error comparing password attempt against hash: {e}"
+            ))),
+        }
+    }
+
    /// Returns the "session auth hash" for `axum-login`, just the hashed password as bytes
    pub fn auth_hash(&self) -> &[u8] {
        self.0.as_bytes()