Audit changes.

hub/api/api.go

@@ -127,7 +127,7 @@ func (a *API) Session_SignIn(pwd string) (Session, error) {
 		return Session{}, errs.ErrUnexpected
 	}
 	if err := bcrypt.CompareHashAndPassword(conf.Password, []byte(pwd)); err != nil {
-		return Session{}, errs.NotAuthorized.WithMsg("Not authorized.")
+		return Session{}, errs.ErrNotAuthorized
 	}
 
 	a.sessionsMu.Lock()

hub/errs/types.go

@@ -15,6 +15,9 @@ func (e *Error) Error() string {
 }
 
 var (
+	ErrNotAuthorized    = NotAuthorized.WithMsg("Not authorized.")
+	ErrInvalidPassword  = BadRequest.WithMsg("Invalid password.")
+	ErrPasswordMismatch = BadRequest.WithMsg("Passwords don't match.")
 	ErrUnexpected       = Internal.WithMsg("Unexpected internal error.")
 	ErrNotFound         = NotFound.WithMsg("Not found.")
 	ErrAlreadyExists    = Conflict.WithMsg("Already exists.")

hub/handlers.go

@@ -2,9 +2,10 @@ package hub
 
 import (
 	"encoding/json"
-	"errors"
+	"log"
 	"net/http"
 	"vppn/hub/api"
+	"vppn/hub/errs"
 	"vppn/m"
 
 	"git.crumpington.com/lib/go/webutil"
@@ -234,21 +235,22 @@ func (a *App) _adminPasswordSubmit(s *api.Session, w http.ResponseWriter, r *htt
 	}
 
 	if len(newPwd) < 8 {
-		return errors.New("password is too short")
+		return errs.ErrInvalidPassword
 	}
 
 	if newPwd != newPwd2 {
-		return errors.New("passwords don't match")
+		return errs.ErrPasswordMismatch
 	}
 
 	err = bcrypt.CompareHashAndPassword(conf.Password, []byte(curPwd))
 	if err != nil {
-		return err
+		return errs.ErrNotAuthorized
 	}
 
 	hash, err := bcrypt.GenerateFromPassword([]byte(newPwd), bcrypt.DefaultCost)
 	if err != nil {
-		return err
+		log.Printf("Failed to hash password with bcrypt: %v", err)
+		return errs.ErrUnexpected
 	}
 
 	conf.Password = hash