From 7b6b735b87dc4a86325cfc4ee8e7615e8b82cdae Mon Sep 17 00:00:00 2001
From: Romain Mallard <romaimallard@gmail.com>
Date: Tue, 23 Sep 2025 11:53:44 +0200
Subject: [PATCH] login using encrypted data

---
 src/utils/auth.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/utils/auth.rs b/src/utils/auth.rs
index 884df5f..62c349d 100644
--- a/src/utils/auth.rs
+++ b/src/utils/auth.rs
@@ -254,13 +254,13 @@ pub async fn clean_auth_loging(
         Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, "DB query error").into_response(),
     };
 
-    let (user_id, stored_password, hotel_id, displayname) = match user_row {
+    let (user_id, stored_hash, hotel_id, displayname) = match user_row {
             Some(u) => u,
             None => return (StatusCode::UNAUTHORIZED, "Invalid credentials").into_response(),
-        };
+    };
 
-    if payload.password != stored_password {
-            return (StatusCode::UNAUTHORIZED, "Invalid credentials").into_response();
+    if !verify_password(&payload.password, &stored_hash) {
+        return (StatusCode::UNAUTHORIZED, "Invelid credentials").into_response();
     }
 
     let expiration = chrono::Utc::now()