mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-11-08 03:29:32 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

use byteutil.S2B to avoid allocations when comparing + generating password hashes

Browse source
This commit is contained in:
tobi 2025-04-07 14:48:48 +02:00
commit 9d10fb59b5
8 changed files with 53 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

5
internal/processing/user/twofactor.go
View file

@ -31,6 +31,7 @@ import (
"strings"
"time"
"codeberg.org/gruf/go-byteutil"
"github.com/google/uuid"
"github.com/pquerna/otp"
"github.com/pquerna/otp/totp"
@ -251,8 +252,8 @@ func (p *Processor) TwoFactorDisable(
// Ensure provided password is correct.
if err := bcrypt.CompareHashAndPassword(
[]byte(user.EncryptedPassword),
[]byte(password),
byteutil.S2B(user.EncryptedPassword),
byteutil.S2B(password),
); err != nil {
const errText = "incorrect password"
return gtserror.NewErrorUnauthorized(errors.New(errText), errText)