Sessions do not match after `constant_time_compare`

purton-tech / barricade

Quickly add user registration and logon to any application

https://hub.docker.com/r/purtontech/barricade

MIT License

180 stars 7 forks source link

Sessions do not match after `constant_time_compare` #102

Open afidegnum opened 1 year ago

afidegnum commented 1 year ago

After running the registration endpoint, I tried passing the return session to email_otp_which would call get_user_by_id function,

upon query from the database, I noticed the session_verified saved in the database is different from the one being generated returning constant_time_compare function to always be false hence returning errors.

What am I doing wrong? Can you please assist with the correct workflow?

afidegnum commented 1 year ago

Also, I'm a bit confused. why was the hex encoded 2 times? at line: 70 and 86 I obtained differents session id from those lines.