diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2025-04-07 16:14:41 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2025-04-07 16:14:41 +0200 |
| commit | 365b5753419238bb96bc3f9b744d380ff20cbafc (patch) | |
| tree | 6b8e8b605c4cddeb6e3bc0f574ffbc856657e56c /internal/api/client/accounts | |
| parent | [bugfix] Don't assume `"manuallyApprovesFollowers": true` if not set (#3978) (diff) | |
| download | gotosocial-365b5753419238bb96bc3f9b744d380ff20cbafc.tar.xz | |
[feature] add TOTP two-factor authentication (2FA) (#3960)
* [feature] add TOTP two-factor authentication (2FA)
* use byteutil.S2B to avoid allocations when comparing + generating password hashes
* don't bother with string conversion for consts
* use io.ReadFull
* use MustGenerateSecret for backup codes
* rename util functions
Diffstat (limited to 'internal/api/client/accounts')
| -rw-r--r-- | internal/api/client/accounts/accountdelete.go | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/internal/api/client/accounts/accountdelete.go b/internal/api/client/accounts/accountdelete.go index 6438462c6..90fcd6eef 100644 --- a/internal/api/client/accounts/accountdelete.go +++ b/internal/api/client/accounts/accountdelete.go @@ -21,6 +21,7 @@ import ( "errors" "net/http" + "codeberg.org/gruf/go-byteutil" "github.com/gin-gonic/gin" apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" @@ -87,7 +88,10 @@ func (m *Module) AccountDeletePOSTHandler(c *gin.Context) { return } - if err := bcrypt.CompareHashAndPassword([]byte(authed.User.EncryptedPassword), []byte(form.Password)); err != nil { + if err := bcrypt.CompareHashAndPassword( + byteutil.S2B(authed.User.EncryptedPassword), + byteutil.S2B(form.Password), + ); err != nil { err = errors.New("invalid password provided in account delete request") apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1) return |