UI to change your own password

api/auth.go

@@ -34,8 +34,7 @@ func (a *api) SignIn(w http.ResponseWriter, req *http.Request) {
 		return
 	}
 
-	hash := hashPass(c.Password, member.Salt)
-	if subtle.ConstantTimeCompare(hash, member.PassHash) == 0 {
+	if !passwordValid(c.Password, member) {
 		log.Printf("Invalid pass for %s", c.Login)
 		w.WriteHeader(http.StatusBadRequest)
 		return
@@ -234,6 +233,11 @@ func newHashPass(password string) (hash []byte, salt []byte, err error) {
 	return
 }
 
+func passwordValid(password string, member Member) bool {
+	hash := hashPass(password, member.Salt)
+	return subtle.ConstantTimeCompare(hash, member.PassHash) == 1
+}
+
 func hashPass(password string, salt []byte) []byte {
 	const (
 		time    = 1