From 365b5753419238bb96bc3f9b744d380ff20cbafc Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Mon, 7 Apr 2025 16:14:41 +0200
Subject: [feature] add TOTP two-factor authentication (2FA) (#3960)

* [feature] add TOTP two-factor authentication (2FA)

* use byteutil.S2B to avoid allocations when comparing + generating password hashes

* don't bother with string conversion  for consts

* use io.ReadFull

* use MustGenerateSecret for backup codes

* rename util functions
---
 internal/processing/user/email.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'internal/processing/user/email.go')

diff --git a/internal/processing/user/email.go b/internal/processing/user/email.go
index ea9dbb64c..417c7c341 100644
--- a/internal/processing/user/email.go
+++ b/internal/processing/user/email.go
@@ -23,6 +23,7 @@ import (
 	"fmt"
 	"time"
 
+	"codeberg.org/gruf/go-byteutil"
 	"github.com/superseriousbusiness/gotosocial/internal/ap"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
@@ -41,7 +42,10 @@ func (p *Processor) EmailChange(
 	newEmail string,
 ) (*apimodel.User, gtserror.WithCode) {
 	// Ensure provided password is correct.
-	if err := bcrypt.CompareHashAndPassword([]byte(user.EncryptedPassword), []byte(password)); err != nil {
+	if err := bcrypt.CompareHashAndPassword(
+		byteutil.S2B(user.EncryptedPassword),
+		byteutil.S2B(password),
+	); err != nil {
 		err := gtserror.Newf("%w", err)
 		return nil, gtserror.NewErrorUnauthorized(err, "password was incorrect")
 	}
-- 
cgit v1.2.3