bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2026-01-07 02:53:38 +00:00
Code Issues Releases Wiki Activity

CSA-29: Time safe comparison for access code (#2431)

Browse Source 
* time safe comparison for access code

* remove whitespace
This commit is contained in:
Kyle Spearrin
2022-11-22 15:32:21 -05:00
committed by GitHub
parent d8834793b5
commit 41ee3d4c69
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Core/LoginFeatures/PasswordlessLogin/VerifyAuthRequest.cs
View File

@@ -1,5 +1,6 @@
using Bit.Core.LoginFeatures.PasswordlessLogin.Interfaces;
using Bit.Core.Repositories;
using Bit.Core.Utilities;
namespace Bit.Core.LoginFeatures.PasswordlessLogin;
@@ -15,7 +16,7 @@ public class VerifyAuthRequestCommand : IVerifyAuthRequestCommand
public async Task<bool> VerifyAuthRequestAsync(Guid authRequestId, string accessCode)
{
var authRequest = await _authRequestRepository.GetByIdAsync(authRequestId);
if (authRequest == null || authRequest.AccessCode != accessCode)
if (authRequest == null || !CoreHelpers.FixedTimeEquals(authRequest.AccessCode, accessCode))
{
return false;
}