feat(auth): salt doesn't need to be stored separately from hash

dmcclung · Apr 28, 2024 · 3df17cd · 3df17cd
1 parent 2fafd19
commit 3df17cd
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 6 deletions.
diff --git a/migrations/0009_remove_salt_from_users.sql b/migrations/0009_remove_salt_from_users.sql
@@ -0,0 +1,2 @@
+-- Add migration script here
+ALTER TABLE users DROP COLUMN salt;
diff --git a/src/routes/newsletter.rs b/src/routes/newsletter.rs
@@ -75,7 +75,7 @@ pub async fn publish_newsletter(
 
     let user = sqlx::query!(
         r#"
-        SELECT id, password_hash, salt FROM users WHERE username = $1
+        SELECT id, password_hash FROM users WHERE username = $1
         "#,
         credentials.username,
     )

diff --git a/tests/api/test_app.rs b/tests/api/test_app.rs
@@ -36,13 +36,12 @@ impl TestApp {
             .to_string();
 
         sqlx::query!(
-            "INSERT INTO users (id, username, password_hash, salt)
-            VALUES ($1, $2, $3, $4)
-            ON CONFLICT (username) DO UPDATE SET password_hash = EXCLUDED.password_hash, salt = EXCLUDED.salt;",
+            "INSERT INTO users (id, username, password_hash)
+            VALUES ($1, $2, $3)
+            ON CONFLICT (username) DO UPDATE SET password_hash = EXCLUDED.password_hash",
             Uuid::new_v4(),
             username,
-            password_hash,
-            salt.to_string()
+            password_hash
         )
         .execute(&self.pool)
         .await