mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-11-07 10:59:31 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

use byteutil.S2B to avoid allocations when comparing + generating password hashes

Browse source
This commit is contained in:
tobi 2025-04-07 14:48:48 +02:00
commit 9d10fb59b5
8 changed files with 53 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

6
internal/processing/user/email.go
View file

@ -23,6 +23,7 @@ import (
"fmt"
"time"
"codeberg.org/gruf/go-byteutil"
"github.com/superseriousbusiness/gotosocial/internal/ap"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
"github.com/superseriousbusiness/gotosocial/internal/db"
@ -41,7 +42,10 @@ func (p *Processor) EmailChange(
newEmail string,
) (*apimodel.User, gtserror.WithCode) {
// Ensure provided password is correct.
if err := bcrypt.CompareHashAndPassword([]byte(user.EncryptedPassword), []byte(password)); err != nil {
if err := bcrypt.CompareHashAndPassword(
byteutil.S2B(user.EncryptedPassword),
byteutil.S2B(password),
); err != nil {
err := gtserror.Newf("%w", err)
return nil, gtserror.NewErrorUnauthorized(err, "password was incorrect")
}