WEBVTT

00:02.590 --> 00:07.510
So at this point, we've received the user input, we've retrieved the user and sent back an error if

00:07.510 --> 00:12.610
we can't, and now we want to validate the user's password and of course, that's going to be culled

00:12.610 --> 00:15.080
from create auth token right about here.

00:15.310 --> 00:20.380
So let's go over to Helper's Dargo and let's create another method or another function.

00:21.220 --> 00:26.890
So again, it'll be a function with the receiver of the application and we're going to call this one

00:26.890 --> 00:28.990
simply password matches.

00:29.560 --> 00:31.990
And it's going to take two arguments.

00:32.620 --> 00:37.150
The hash which we pulled out of the database, that will be the hash of the user's password that we

00:37.150 --> 00:38.650
have stored in the user's table.

00:39.400 --> 00:43.210
And then it will actually take the password that the user entered on the form.

00:43.540 --> 00:47.860
Both of those will be in the form of strings and we're going to return a bool.

00:47.950 --> 00:48.430
True.

00:48.430 --> 00:54.640
If we are able to log the user in and false if we're not able to log the user in and potentially will

00:54.640 --> 00:55.910
return an error as well.

00:57.490 --> 01:04.870
So this is a pretty straightforward process and it uses the decrypt package, which sometimes for reasons

01:04.870 --> 01:09.800
I've never understood, Visual Studio Code has difficulty importing, but we'll give it a try.

01:09.820 --> 01:10.900
So we'll check for an error.

01:11.590 --> 01:20.080
And we're going to call Decrypt right there, dot compare hash and password and it takes two parameters.

01:20.080 --> 01:23.860
And both of those have to be in the form of bytes of a slice of bytes.

01:24.370 --> 01:27.310
So we'll simply cast to a slice of bytes.

01:27.760 --> 01:32.200
The first argument is the hash, what we looked up at in the database.

01:33.130 --> 01:39.880
And the second argument is also a slice of byte, and it is the password that the user entered on the

01:39.880 --> 01:40.210
form.

01:41.770 --> 01:48.910
And then we need to close this and check for an error if error is not equal to nil.

01:50.980 --> 01:54.670
Now, in this case, there's a bunch of different errors we could possibly have, and I'm only going

01:54.670 --> 01:56.520
to bother looking for two of them.

01:56.550 --> 02:00.290
OK, and there are the two that really matter in the vast majority of cases.

02:01.150 --> 02:11.980
So the first one, we're going to use a switch statement to check these will switch on case errors.

02:12.100 --> 02:13.230
DOT is.

02:14.590 --> 02:19.370
So if the error is and we're passing it, the errors we look at and then we'll use a constant from the

02:19.380 --> 02:21.220
beaker package B creped.

02:24.060 --> 02:33.000
Error mismatch password, and there's a tier error, mismatched hash and password, that's the constant

02:33.000 --> 02:33.720
we're looking for.

02:33.750 --> 02:41.400
OK, so if that's the case, will return false and No.

02:43.320 --> 02:54.330
Otherwise, the next case will just make that the default and in this case will return false.

02:56.730 --> 02:58.420
And the air, something went wrong.

02:58.440 --> 03:04.890
Whatever it may be, but if we get past all of that, if we get past this if statement, then we return.

03:04.890 --> 03:05.280
True.

03:06.330 --> 03:08.190
Which means the passwords match.

03:09.480 --> 03:16.080
So what this method compare hash and password does is simply look at the hash that we know is a valid

03:16.080 --> 03:16.610
hash.

03:16.950 --> 03:20.980
Then it takes the password and creates tries to create a hash from that.

03:21.000 --> 03:26.150
And if those two actually match, then we have a valid password.

03:26.160 --> 03:27.270
So that's all this does.

03:27.270 --> 03:28.050
Very straightforward.

03:28.140 --> 03:33.360
So let's go back to Handler API and it looks like there is an error and the error is once again, it

03:33.360 --> 03:34.190
can't be imported.

03:34.200 --> 03:36.450
I really don't know why it has difficulty doing that.

03:37.080 --> 03:41.520
So let's go to our go mode and let it do a quick fix for us.

03:45.490 --> 03:51.520
And it says here, Goaland Krypto is not, so we'll just choose quick fix it doesn't import it in there

03:51.520 --> 03:53.190
for reasons I've never understood.

03:53.230 --> 03:55.540
Hopefully they'll fix that by the time you take this course.

03:55.900 --> 04:02.250
But I can fix it simply by rolling over a quick fix and clicking quick fix and choosing the menu item.

04:02.260 --> 04:03.640
And that does the import for me.

04:03.760 --> 04:06.920
Now, when I go back to Helper's, that error goes away.

04:07.630 --> 04:10.690
So I think that's a bug in visual studio code, but that's how you fix it.

04:11.320 --> 04:12.070
Pretty straightforward.

04:12.130 --> 04:16.630
So now we can go back to Handler's API and we can validate the password.

04:17.350 --> 04:23.650
So valid password, which I'm going to get back from the call to the function we just wrote, and potentially

04:23.650 --> 04:31.990
an error or assign the value of AFG password matches and requires the hash which we got from the database

04:31.990 --> 04:37.390
so that the user got password and requires whatever the user entered as a password, which is just user

04:37.390 --> 04:37.870
input

04:40.900 --> 04:43.830
password and we check for an error.

04:45.700 --> 04:47.470
So if error is not equal to nil,

04:52.060 --> 04:56.470
then we'll just send back the invalid credentials and just copy this.

05:02.120 --> 05:10.520
Now, at this point, we might have a valid user, but we need to check to see if valid password is

05:10.520 --> 05:10.860
true.

05:10.880 --> 05:20.040
So we just say, if not valid password, then I'll just return those errors once again, invalid credentials.

05:20.090 --> 05:26.570
So what that might mean is that the user entered the correct email address but didn't enter the right

05:26.570 --> 05:27.140
password.

05:27.170 --> 05:29.090
So we just sent back invalid credentials.

05:29.090 --> 05:30.570
And that's all we have to worry about.

05:31.160 --> 05:37.280
So the next step is to actually generate the token and send it back as part of this response.

05:38.060 --> 05:42.110
Now, there's a couple of other things I wanted to draw to your attention back in Helper's Dargo.

05:44.380 --> 05:53.410
In invalid credentials, I actually had left the quotation mark out of the Dreesen message, which was

05:53.410 --> 05:54.490
a typo on my part.

05:54.490 --> 05:59.920
And the other thing I left out, I was really sloppy for the last day or so is I hadn't actually added

05:59.920 --> 06:03.940
the header HDB status bed request to the bed request function.

06:03.950 --> 06:08.130
So I've added both of those in there and that was just an oversight on my part and I apologize for it.

06:09.010 --> 06:14.650
So in the next lecture we'll get started on generating the token we need to send back as part of our

06:14.650 --> 06:17.470
payload when all of these checks pass.