SuperSeriousBusiness/GoToSocial
1
1
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial synced 2025-06-05 21:59:39 +02:00
Code Issues Projects Releases Wiki Activity

[feature] add TOTP two-factor authentication (2FA) (#3960)

Browse Source 
* [feature] add TOTP two-factor authentication (2FA)

* use byteutil.S2B to avoid allocations when comparing + generating password hashes

* don't bother with string conversion  for consts

* use io.ReadFull

* use MustGenerateSecret for backup codes

* rename util functions
This commit is contained in:
tobi
2025-04-07 16:14:41 +02:00
committed by GitHub
parent 6f24205a26
commit 365b575341
78 changed files with 5593 additions and 825 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
internal/processing/user/password_test.go
View File

@ -22,6 +22,7 @@ import (
"net/http"
"testing"
"codeberg.org/gruf/go-byteutil"
"github.com/stretchr/testify/suite"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"golang.org/x/crypto/bcrypt"
@ -37,7 +38,10 @@ func (suite *ChangePasswordTestSuite) TestChangePasswordOK() {
errWithCode := suite.user.PasswordChange(context.Background(), user, "password", "verygoodnewpassword")
suite.NoError(errWithCode)
err := bcrypt.CompareHashAndPassword([]byte(user.EncryptedPassword), []byte("verygoodnewpassword"))
err := bcrypt.CompareHashAndPassword(
byteutil.S2B(user.EncryptedPassword),
byteutil.S2B("verygoodnewpassword"),
)
suite.NoError(err)
// get user from the db again
@ -46,7 +50,10 @@ func (suite *ChangePasswordTestSuite) TestChangePasswordOK() {
suite.NoError(err)
// check the password has changed
err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("verygoodnewpassword"))
err = bcrypt.CompareHashAndPassword(
byteutil.S2B(dbUser.EncryptedPassword),
byteutil.S2B("verygoodnewpassword"),
)
suite.NoError(err)
}
@ -64,7 +71,10 @@ func (suite *ChangePasswordTestSuite) TestChangePasswordIncorrectOld() {
suite.NoError(err)
// check the password has not changed
err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("password"))
err = bcrypt.CompareHashAndPassword(
byteutil.S2B(dbUser.EncryptedPassword),
byteutil.S2B("password"),
)
suite.NoError(err)
}
@ -82,7 +92,10 @@ func (suite *ChangePasswordTestSuite) TestChangePasswordWeakNew() {
suite.NoError(err)
// check the password has not changed
err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("password"))
err = bcrypt.CompareHashAndPassword(
byteutil.S2B(dbUser.EncryptedPassword),
byteutil.S2B("password"),
)
suite.NoError(err)
}