From 365b5753419238bb96bc3f9b744d380ff20cbafc Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Mon, 7 Apr 2025 16:14:41 +0200
Subject: [feature] add TOTP two-factor authentication (2FA) (#3960)

* [feature] add TOTP two-factor authentication (2FA)

* use byteutil.S2B to avoid allocations when comparing + generating password hashes

* don't bother with string conversion  for consts

* use io.ReadFull

* use MustGenerateSecret for backup codes

* rename util functions
---
 internal/api/client/user/passwordchange_test.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'internal/api/client/user/passwordchange_test.go')

diff --git a/internal/api/client/user/passwordchange_test.go b/internal/api/client/user/passwordchange_test.go
index 8a741f96c..baf6f6b8d 100644
--- a/internal/api/client/user/passwordchange_test.go
+++ b/internal/api/client/user/passwordchange_test.go
@@ -23,6 +23,7 @@ import (
 	"net/http"
 	"testing"
 
+	"codeberg.org/gruf/go-byteutil"
 	"github.com/stretchr/testify/suite"
 	"github.com/superseriousbusiness/gotosocial/internal/api/client/user"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
@@ -50,11 +51,17 @@ func (suite *PasswordChangeTestSuite) TestPasswordChangePOST() {
 	}
 
 	// new password should pass
-	err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("peepeepoopoopassword"))
+	err = bcrypt.CompareHashAndPassword(
+		byteutil.S2B(dbUser.EncryptedPassword),
+		byteutil.S2B("peepeepoopoopassword"),
+	)
 	suite.NoError(err)
 
 	// old password should fail
-	err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("password"))
+	err = bcrypt.CompareHashAndPassword(
+		byteutil.S2B(dbUser.EncryptedPassword),
+		byteutil.S2B("password"),
+	)
 	suite.EqualError(err, "crypto/bcrypt: hashedPassword is not the hash of the given password")
 }
 
-- 
cgit v1.2.3