From 0dca97d1477bca2060312e71f141b74e19fce1ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guillaume=20Mass=C3=A9?= <masgui@gmail.com>
Date: Mon, 7 Mar 2022 04:59:19 -0500
Subject: [PATCH] example: more secure string compare for login (#1120)

---
 example/src/main/scala/example/Authentication.scala | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/example/src/main/scala/example/Authentication.scala b/example/src/main/scala/example/Authentication.scala
index afd1b3619d..ccb38ac201 100644
--- a/example/src/main/scala/example/Authentication.scala
+++ b/example/src/main/scala/example/Authentication.scala
@@ -47,7 +47,7 @@ object Authentication extends App {
   // App that let's the user login
   // Login is successful only if the password is the reverse of the username
   def login: UHttpApp = Http.collect[Request] { case Method.GET -> !! / "login" / username / password =>
-    if (password.reverse == username) Response.text(jwtEncode(username))
+    if (password.reverse.hashCode == username.hashCode) Response.text(jwtEncode(username))
     else Response.fromHttpError(HttpError.Unauthorized("Invalid username of password\n"))
   }