Merge branch 'develop' into 'remove-twitter-api'

[akkoma] / lib / pleroma / web / auth / totp_authenticator.ex

diff --git a/lib/pleroma/web/auth/totp_authenticator.ex b/lib/pleroma/web/auth/totp_authenticator.ex
index 04e489c8398fe14ec33aae4e64772b169c1a41d9..ce8a76219f3d48e940ba83474abcd48baa7894f0 100644 (file)
--- a/lib/pleroma/web/auth/totp_authenticator.ex
+++ b/lib/pleroma/web/auth/totp_authenticator.ex
@@ -5,6 +5,7 @@
 defmodule Pleroma.Web.Auth.TOTPAuthenticator do
   alias Pleroma.MFA
   alias Pleroma.MFA.TOTP
+  alias Pleroma.Plugs.AuthenticationPlug
   alias Pleroma.User
 
   @doc "Verify code or check backup code."
@@ -30,7 +31,7 @@ defmodule Pleroma.Web.Auth.TOTPAuthenticator do
         code
       )
       when is_list(codes) and is_binary(code) do
-    hash_code = Enum.find(codes, fn hash -> Pbkdf2.verify_pass(code, hash) end)
+    hash_code = Enum.find(codes, fn hash -> AuthenticationPlug.checkpw(code, hash) end)
 
     if hash_code do
       MFA.invalidate_backup_code(user, hash_code)