From 365b5753419238bb96bc3f9b744d380ff20cbafc Mon Sep 17 00:00:00 2001 From: tobi <31960611+tsmethurst@users.noreply.github.com> Date: Mon, 7 Apr 2025 16:14:41 +0200 Subject: [feature] add TOTP two-factor authentication (2FA) (#3960) * [feature] add TOTP two-factor authentication (2FA) * use byteutil.S2B to avoid allocations when comparing + generating password hashes * don't bother with string conversion for consts * use io.ReadFull * use MustGenerateSecret for backup codes * rename util functions --- internal/processing/user/password_test.go | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) (limited to 'internal/processing/user/password_test.go') diff --git a/internal/processing/user/password_test.go b/internal/processing/user/password_test.go index ee30558c6..7d45341c0 100644 --- a/internal/processing/user/password_test.go +++ b/internal/processing/user/password_test.go @@ -22,6 +22,7 @@ import ( "net/http" "testing" + "codeberg.org/gruf/go-byteutil" "github.com/stretchr/testify/suite" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" "golang.org/x/crypto/bcrypt" @@ -37,7 +38,10 @@ func (suite *ChangePasswordTestSuite) TestChangePasswordOK() { errWithCode := suite.user.PasswordChange(context.Background(), user, "password", "verygoodnewpassword") suite.NoError(errWithCode) - err := bcrypt.CompareHashAndPassword([]byte(user.EncryptedPassword), []byte("verygoodnewpassword")) + err := bcrypt.CompareHashAndPassword( + byteutil.S2B(user.EncryptedPassword), + byteutil.S2B("verygoodnewpassword"), + ) suite.NoError(err) // get user from the db again @@ -46,7 +50,10 @@ func (suite *ChangePasswordTestSuite) TestChangePasswordOK() { suite.NoError(err) // check the password has changed - err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("verygoodnewpassword")) + err = bcrypt.CompareHashAndPassword( + byteutil.S2B(dbUser.EncryptedPassword), + byteutil.S2B("verygoodnewpassword"), + ) suite.NoError(err) } @@ -64,7 +71,10 @@ func (suite *ChangePasswordTestSuite) TestChangePasswordIncorrectOld() { suite.NoError(err) // check the password has not changed - err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("password")) + err = bcrypt.CompareHashAndPassword( + byteutil.S2B(dbUser.EncryptedPassword), + byteutil.S2B("password"), + ) suite.NoError(err) } @@ -82,7 +92,10 @@ func (suite *ChangePasswordTestSuite) TestChangePasswordWeakNew() { suite.NoError(err) // check the password has not changed - err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("password")) + err = bcrypt.CompareHashAndPassword( + byteutil.S2B(dbUser.EncryptedPassword), + byteutil.S2B("password"), + ) suite.NoError(err) } -- cgit v1.2.3