From 81ffd176ac25c698578e53fc459a3dc953f1c38c Mon Sep 17 00:00:00 2001
From: Aaron L <aaron@bettercoder.net>
Date: Fri, 15 Mar 2019 13:43:57 -0700
Subject: [PATCH] Add VerifyPassword method

---
 CHANGELOG.md | 2 ++
 authboss.go  | 7 +++++++
 2 files changed, 9 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c58a5f4..b7ab5c8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ### Added
 
+- Add VerifyPassword method to hide the bcrypt implementation details when
+  authboss consumer code wants to verify the password out of band.
 - ClientStateResponseWriter now supports the http.Hijacker interface if the
   underlying ResponseWriter does (thanks @tobias-kuendig)
 - DelAllSession is a new method called both by Expire and Logout (in addition
diff --git a/authboss.go b/authboss.go
index 6b7e37a..6ff11f2 100644
--- a/authboss.go
+++ b/authboss.go
@@ -82,6 +82,13 @@ func (a *Authboss) UpdatePassword(ctx context.Context, user AuthableUser, newPas
 	return rmStorer.DelRememberTokens(ctx, user.GetPID())
 }
 
+// VerifyPassword uses authboss mechanisms to check that a password is correct.
+// Returns nil on success otherwise there will be an error. Simply a helper
+// to do the bcrypt comparison.
+func VerifyPassword(user AuthableUser, password string) error {
+	return bcrypt.CompareHashAndPassword([]byte(user.GetPassword()), []byte(password))
+}
+
 // MWRequirements are user requirements for authboss.Middleware
 // in order to access the routes in protects. Requirements is a bit-set integer
 // to be able to easily combine requirements like so: