From 7df29169ca89e0769e634fd43b4e392bed818459 Mon Sep 17 00:00:00 2001
From: ravenclaw900 <50060110+ravenclaw900@users.noreply.github.com>
Date: Sat, 12 Jun 2021 17:17:00 -0500
Subject: [PATCH] Allow to use $2y$ passwords as well

---
 pkg/util/net/http.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/util/net/http.go b/pkg/util/net/http.go
index c68b78ab..1ea0ed91 100644
--- a/pkg/util/net/http.go
+++ b/pkg/util/net/http.go
@@ -65,7 +65,7 @@ func (authMid *HTTPAuthMiddleware) Middleware(next http.Handler) http.Handler {
 		if (authMid.user == "" && authMid.passwd == "") ||
 			(hasAuth && reqUser == authMid.user && reqPasswd == authMid.passwd) {
 			next.ServeHTTP(w, r)
-		} else if authMid.user == reqUser && authMid.passwd[:4] == "$2a$" {
+		} else if authMid.user == reqUser && authMid.passwd[:4] == "$2a$" || authMid.passwd[:4] == "$2y$" {
 			correct := bcrypt.CompareHashAndPassword([]byte(authMid.passwd), []byte(reqPasswd))
 			if correct == nil {
 				next.ServeHTTP(w, r)
@@ -86,7 +86,7 @@ func HTTPBasicAuth(h http.HandlerFunc, user, passwd string) http.HandlerFunc {
 		if (user == "" && passwd == "") ||
 			(hasAuth && reqUser == user && reqPasswd == passwd) {
 			h.ServeHTTP(w, r)
-		} else if user == reqUser && passwd[:4] == "$2a$" {
+		} else if user == reqUser && passwd[:4] == "$2a$" || passwd[:4] == "$2y$" {
 			correct := bcrypt.CompareHashAndPassword([]byte(passwd), []byte(reqPasswd))
 			if correct == nil {
 				h.ServeHTTP(w, r)