zero-to-production icon indicating copy to clipboard operation
zero-to-production copied to clipboard
verified publisher icon LukeMathWalker

10.2.5 `unknown username` won't be returned

Open indirection42 opened this issue 1 year ago • 0 comments

Since we use a default PHC string to make the verifying time-constant, the actual Unknown Username case will be early returned as Invalid password.

    spawn_blocking_with_tracing(move || {
        verify_password_hash(expected_password_hash, credentials.password)
    })
    .await 
    // early return
    .context("Failed to spawn blocking task.")??;
    user_id
        // dead code
        .ok_or_else(|| anyhow::anyhow!("Unknown username."))
        .map_err(AuthError::InvalidCredentials)

indirection42 avatar Mar 06 '24 08:03 indirection42