mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-07-15 06:21:15 +00:00
fix: use constant time in user checks (#1004)
This commit is contained in:
@@ -2,6 +2,7 @@ package middleware
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
@@ -244,6 +245,9 @@ func (m *ContextMiddleware) basicAuth(username string, password string) (*model.
|
||||
search, err := m.auth.SearchUser(username)
|
||||
|
||||
if err != nil {
|
||||
if errors.Is(err, service.ErrUserNotFound) {
|
||||
m.auth.DummyPasswordCheck(password)
|
||||
}
|
||||
return nil, nil, fmt.Errorf("error searching for user: %w", err)
|
||||
}
|
||||
|
||||
|
||||
@@ -264,7 +264,8 @@ func TestContextMiddleware(t *testing.T) {
|
||||
Runtime: &runtime,
|
||||
Ctx: ctx,
|
||||
})
|
||||
authService := service.NewAuthService(service.AuthServiceInput{
|
||||
|
||||
authService, err := service.NewAuthService(service.AuthServiceInput{
|
||||
Log: log,
|
||||
Config: &cfg,
|
||||
Runtime: &runtime,
|
||||
@@ -277,6 +278,8 @@ func TestContextMiddleware(t *testing.T) {
|
||||
PolicyEngine: policyEngine,
|
||||
})
|
||||
|
||||
require.NoError(t, err)
|
||||
|
||||
contextMiddleware := NewContextMiddleware(ContextMiddlewareInput{
|
||||
Log: log,
|
||||
RuntimeConfig: &runtime,
|
||||
|
||||
Reference in New Issue
Block a user