Denis Denisov
7 years ago
1 changed files with 2 additions and 1 deletions
+ 2
- 1
models/user.go
View File
| @@ -8,6 +8,7 @@ import ( | |||
| "bytes" | |||
| "container/list" | |||
| "crypto/sha256" | |||
| "crypto/subtle" | |||
| "encoding/hex" | |||
| "errors" | |||
| "fmt" | |||
| @@ -368,7 +369,7 @@ func (u *User) EncodePasswd() { | |||
| func (u *User) ValidatePassword(passwd string) bool { | |||
| newUser := &User{Passwd: passwd, Salt: u.Salt} | |||
| newUser.EncodePasswd() | |||
| return u.Passwd == newUser.Passwd | |||
| return subtle.ConstantTimeCompare([]byte(u.Passwd), []byte(newUser.Passwd)) == 1 | |||
| } | |||
| // UploadAvatar saves custom avatar for user. | |||
Loading…