Affected by GO-2024-3228 and 2 other vulnerabilities

GO-2024-3228: Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') in github.com/coder/coder

GO-2025-3921: Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder

GO-2025-3938: Coder vulnerable to privilege escalation could lead to a cross workspace compromise in github.com/coder/coder

The highest tagged major version is v2.

userpassword

package

v0.8.2 Latest Latest Go to latest Published: Aug 1, 2022 License: AGPL-3.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/coder/coder

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Compare ¶

func Compare(hashed string, password string) (bool, error)

Compare checks the equality of passwords from a hashed pbkdf2 string. This uses pbkdf2 to ensure FIPS 140-2 compliance. See: https://csrc.nist.gov/csrc/media/templates/cryptographic-module-validation-program/documents/security-policies/140sp2261.pdf

func Hash ¶

func Hash(password string) (string, error)

Hash generates a hash using pbkdf2. See the Compare() comment for rationale.

func Validate ¶ added in v0.6.1

func Validate(password string) error

Validate checks that the plain text password meets the minimum password requirements. It returns properly formatted errors for detailed form validation on the client.

Types ¶

This section is empty.

Source Files ¶

View all Source files

userpassword.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL