saltyming/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-06-18 17:30:09 +00:00
Code Activity

Implement constant time equal check for admin, 2fa recover and 2fa remember tokens

Browse source
This commit is contained in:
Daniel García 2019-02-11 23:45:55 +01:00
parent bbe2a1b264
commit 9636f33fdb
No known key found for this signature in database
GPG key ID: FC8A7D14C3CD543A
4 changed files with 13 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/db/models/user.rs
View file

@ -86,7 +86,7 @@ impl User {
pub fn check_valid_recovery_code(&self, recovery_code: &str) -> bool {
if let Some(ref totp_recover) = self.totp_recover {
recovery_code == totp_recover.to_lowercase()
crate::crypto::ct_eq(recovery_code, totp_recover.to_lowercase())
} else {
false
}