From 1695c9b9876524f58054cb70ecd68d8ef7a6cf04 Mon Sep 17 00:00:00 2001
From: Michael Eischer <michael.eischer@fau.de>
Date: Sat, 25 Jun 2022 11:28:52 +0200
Subject: [PATCH] cleanups

---
 goatherd.go | 29 ++++++++++-------------------
 1 file changed, 10 insertions(+), 19 deletions(-)

diff --git a/goatherd.go b/goatherd.go
index 9cf9d80..29117d7 100644
--- a/goatherd.go
+++ b/goatherd.go
@@ -300,16 +300,11 @@ type autoresyncEntry struct {
 	Num     uint64
 }
 
-type OTPer interface {
-	OTP() string
+func matchingOTP(expected string, offer string) bool {
+	return subtle.ConstantTimeCompare([]byte(offer), []byte(expected)) == 1
 }
 
-func checkOTP(provider OTPer, offer string) bool {
-	token := provider.OTP()
-	return subtle.ConstantTimeCompare([]byte(offer), []byte(token)) == 1
-}
-
-func checkHOTP(hotp *twofactor.HOTP, remote string, name string, offer string) (bool, error) {
+func checkHOTP(hotp *twofactor.HOTP, remote string, name string, offer string) bool {
 	// garbage collect old autoresync entries
 	autoresyncListLock.Lock()
 	if s, found := autoresyncList[name]; found && uint64(time.Now().Unix()-s.Time) > cfg.AutoresyncTime {
@@ -321,16 +316,16 @@ func checkHOTP(hotp *twofactor.HOTP, remote string, name string, offer string) (
 	var i uint64
 	for i = 0; i <= cfg.Lookahead; i++ {
 		debugf("[%v] checking for match (offset %v)", remote, i)
-		// checkOTP always increments counter
-		if checkOTP(hotp, offer) {
-			return true, nil
+		// OTP always increments counter
+		if matchingOTP(hotp.OTP(), offer) {
+			return true
 		}
 	}
 
 	// check failed, try extended range for autoresync
 	for ; i <= cfg.AutoresyncLookahead; i++ {
 		debugf("[%v] autoresync checking for match (offset %v counter %v)", remote, i, hotp.Counter())
-		if checkOTP(hotp, offer) {
+		if matchingOTP(hotp.OTP(), offer) {
 			autoresyncListLock.Lock()
 
 			debugf("[%v] autoresync repeat count increase hotp.Counter %v, %v", remote, hotp.Counter(), autoresyncList[name])
@@ -351,12 +346,12 @@ func checkHOTP(hotp *twofactor.HOTP, remote string, name string, offer string) (
 			if entry.Num >= cfg.AutoresyncRepeat {
 				// resync if the user had a sufficient number of consecutive tries that were not within
 				// standard lookahead range but within cfg.AutoresyncLookahead within cfg.AutoresyncTime seconds
-				return true, nil
+				return true
 			}
 			break
 		}
 	}
-	return false, nil
+	return false
 }
 
 // Retrieve secret and count for given username and try to find a match within
@@ -371,11 +366,7 @@ func checkOffer(remote string, name string, offer string) (bool, error) {
 				return false, err
 			}
 
-			ok, err := checkHOTP(hotp, remote, name, offer)
-			if err != nil {
-				return false, err
-			}
-
+			ok := checkHOTP(hotp, remote, name, offer)
 			if ok {
 				debugf("[%v] ok, set new count", remote)
 				err := setCount(tx, name, hotp.Counter())
-- 
GitLab