mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-11-07 05:09:32 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

use byteutil.S2B to avoid allocations when comparing + generating password hashes

Browse source
This commit is contained in:
tobi 2025-04-07 14:48:48 +02:00
commit 9d10fb59b5
8 changed files with 53 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

11
internal/api/client/user/passwordchange_test.go
View file

@ -23,6 +23,7 @@ import (
"net/http"
"testing"
"codeberg.org/gruf/go-byteutil"
"github.com/stretchr/testify/suite"
"github.com/superseriousbusiness/gotosocial/internal/api/client/user"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
@ -50,11 +51,17 @@ func (suite *PasswordChangeTestSuite) TestPasswordChangePOST() {
}
// new password should pass
err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("peepeepoopoopassword"))
err = bcrypt.CompareHashAndPassword(
byteutil.S2B(dbUser.EncryptedPassword),
byteutil.S2B("peepeepoopoopassword"),
)
suite.NoError(err)
// old password should fail
err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("password"))
err = bcrypt.CompareHashAndPassword(
byteutil.S2B(dbUser.EncryptedPassword),
byteutil.S2B("password"),
)
suite.EqualError(err, "crypto/bcrypt: hashedPassword is not the hash of the given password")
}