Update password hash docs, add more validation on password hash

2025-08-09 07:34:19 -04:00
parent efe7c3fa70
commit 6eb25f68ac
4 changed files with 10 additions and 3 deletions
--- a/user/util.go
+++ b/user/util.go
@@ -45,6 +45,12 @@ func ValidPasswordHash(hash string) error {
 	if !strings.HasPrefix(hash, "$2a$") && !strings.HasPrefix(hash, "$2b$") && !strings.HasPrefix(hash, "$2y$") {
 		return ErrPasswordHashInvalid
 	}
+	cost, err := bcrypt.Cost([]byte(hash))
+	if err != nil {
+		return err
+	} else if cost < DefaultUserPasswordBcryptCost {
+		return ErrPasswordHashWeak
+	}
 	return nil
 }