diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2025-04-07 16:14:41 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2025-04-07 16:14:41 +0200 |
| commit | 365b5753419238bb96bc3f9b744d380ff20cbafc (patch) | |
| tree | 6b8e8b605c4cddeb6e3bc0f574ffbc856657e56c /internal/processing/account | |
| parent | [bugfix] Don't assume `"manuallyApprovesFollowers": true` if not set (#3978) (diff) | |
| download | gotosocial-365b5753419238bb96bc3f9b744d380ff20cbafc.tar.xz | |
[feature] add TOTP two-factor authentication (2FA) (#3960)
* [feature] add TOTP two-factor authentication (2FA)
* use byteutil.S2B to avoid allocations when comparing + generating password hashes
* don't bother with string conversion for consts
* use io.ReadFull
* use MustGenerateSecret for backup codes
* rename util functions
Diffstat (limited to 'internal/processing/account')
| -rw-r--r-- | internal/processing/account/move.go | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/internal/processing/account/move.go b/internal/processing/account/move.go index c8665cf04..734331503 100644 --- a/internal/processing/account/move.go +++ b/internal/processing/account/move.go @@ -25,6 +25,7 @@ import ( "slices" "time" + "codeberg.org/gruf/go-byteutil" "github.com/superseriousbusiness/gotosocial/internal/ap" apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" @@ -70,8 +71,8 @@ func (p *Processor) MoveSelf( } if err := bcrypt.CompareHashAndPassword( - []byte(authed.User.EncryptedPassword), - []byte(form.Password), + byteutil.S2B(authed.User.EncryptedPassword), + byteutil.S2B(form.Password), ); err != nil { const text = "invalid password provided in Move request" return gtserror.NewErrorBadRequest(errors.New(text), text) |