From a8f16deb3d2db201595f2aeed703122e893cef88 Mon Sep 17 00:00:00 2001
From: Srinivas Baride <srini@exidio.co>
Date: Tue, 1 Dec 2020 01:22:45 +0530
Subject: [PATCH] Fix password comparison

---
 cli/rest/auth/handlers.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cli/rest/auth/handlers.go b/cli/rest/auth/handlers.go
index 01315d2e..e26e00e2 100644
--- a/cli/rest/auth/handlers.go
+++ b/cli/rest/auth/handlers.go
@@ -2,6 +2,7 @@ package auth
 
 import (
 	"crypto/rand"
+	"crypto/sha256"
 	"fmt"
 	"net/http"
 	"strings"
@@ -26,7 +27,8 @@ func HandlerLogin(ctx *context.Context) http.HandlerFunc {
 
 		auth := r.Header.Get("Authorization")
 		if auth == "" {
-			if body.Password != ctx.Config().Password {
+			password := fmt.Sprintf("%X", sha256.Sum256([]byte(body.Password)))
+			if password != ctx.Config().Password {
 				utils.WriteErrorToResponse(w, http.StatusUnauthorized, 3, "")
 				return
 			}