Save bcrypt hash of password (fixes #138)

Godeps/_workspace/src/github.com/codegangsta/martini-contrib/auth/README.md

@@ -1,25 +0,0 @@
-# auth
-Martini middleware/handler for http basic authentication.
-
-[API Reference](http://godoc.org/github.com/codegangsta/martini-contrib/auth)
-
-## Usage
-
-~~~ go
-import (
-  "github.com/codegangsta/martini"
-  "github.com/codegangsta/martini-contrib/auth"
-)
-
-func main() {
-  m := martini.Classic()
-  // authenticate every request
-  m.Use(auth.Basic("username", "secretpassword"))
-  m.Run()
-}
-
-~~~
-
-## Authors
-* [Jeremy Saenz](http://github.com/codegangsta)
-* [Brendon Murphy](http://github.com/bemurphy)

Godeps/_workspace/src/github.com/codegangsta/martini-contrib/auth/basic.go

@@ -1,19 +0,0 @@
-package auth
-
-import (
-	"encoding/base64"
-	"net/http"
-)
-
-// Basic returns a Handler that authenticates via Basic Auth. Writes a http.StatusUnauthorized
-// if authentication fails
-func Basic(username string, password string) http.HandlerFunc {
-	var siteAuth = base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
-	return func(res http.ResponseWriter, req *http.Request) {
-		auth := req.Header.Get("Authorization")
-		if !SecureCompare(auth, "Basic "+siteAuth) {
-			res.Header().Set("WWW-Authenticate", "Basic realm=\"Authorization Required\"")
-			http.Error(res, "Not Authorized", http.StatusUnauthorized)
-		}
-	}
-}

Godeps/_workspace/src/github.com/codegangsta/martini-contrib/auth/basic_test.go

@@ -1,45 +0,0 @@
-package auth
-
-import (
-	"encoding/base64"
-	"github.com/codegangsta/martini"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-)
-
-func Test_BasicAuth(t *testing.T) {
-	recorder := httptest.NewRecorder()
-
-	auth := "Basic " + base64.StdEncoding.EncodeToString([]byte("foo:bar"))
-
-	m := martini.New()
-	m.Use(Basic("foo", "bar"))
-	m.Use(func(res http.ResponseWriter, req *http.Request) {
-		res.Write([]byte("hello"))
-	})
-
-	r, _ := http.NewRequest("GET", "foo", nil)
-
-	m.ServeHTTP(recorder, r)
-
-	if recorder.Code != 401 {
-		t.Error("Response not 401")
-	}
-
-	if recorder.Body.String() == "hello" {
-		t.Error("Auth block failed")
-	}
-
-	recorder = httptest.NewRecorder()
-	r.Header.Set("Authorization", auth)
-	m.ServeHTTP(recorder, r)
-
-	if recorder.Code == 401 {
-		t.Error("Response is 401")
-	}
-
-	if recorder.Body.String() != "hello" {
-		t.Error("Auth failed, got: ", recorder.Body.String())
-	}
-}

Godeps/_workspace/src/github.com/codegangsta/martini-contrib/auth/util.go

@@ -1,15 +0,0 @@
-package auth
-
-import (
-	"crypto/subtle"
-)
-
-// SecureCompare performs a constant time compare of two strings to limit timing attacks.
-func SecureCompare(given string, actual string) bool {
-	if subtle.ConstantTimeEq(int32(len(given)), int32(len(actual))) == 1 {
-		return subtle.ConstantTimeCompare([]byte(given), []byte(actual)) == 1
-	} else {
-		/* Securely compare actual to itself to keep constant time, but always return false */
-		return subtle.ConstantTimeCompare([]byte(actual), []byte(actual)) == 1 && false
-	}
-}

Godeps/_workspace/src/github.com/codegangsta/martini-contrib/auth/util_test.go

@@ -1,26 +0,0 @@
-package auth
-
-import (
-	"testing"
-)
-
-var comparetests = []struct {
-	a   string
-	b   string
-	val bool
-}{
-	{"foo", "foo", true},
-	{"bar", "bar", true},
-	{"password", "password", true},
-	{"Foo", "foo", false},
-	{"foo", "foobar", false},
-	{"password", "pass", false},
-}
-
-func Test_SecureCompare(t *testing.T) {
-	for _, tt := range comparetests {
-		if SecureCompare(tt.a, tt.b) != tt.val {
-			t.Errorf("Expected SecureCompare(%v, %v) to return %v but did not", tt.a, tt.b, tt.val)
-		}
-	}
-}