From db46fcd774ccbebda444792f881a6be7aa57cc17 Mon Sep 17 00:00:00 2001
From: Derrick Hammer <derrick@derrickhammer.com>
Date: Tue, 16 Jan 2024 14:45:07 -0500
Subject: [PATCH] fix: check the challenge substring

---
 api/s5/http.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/s5/http.go b/api/s5/http.go
index 94d9add..c902fb7 100644
--- a/api/s5/http.go
+++ b/api/s5/http.go
@@ -280,7 +280,7 @@ func (h *HttpHandler) AccountRegister(jc jape.Context) {
 		return
 	}
 
-	if !bytes.Equal(decodedResponse, decodedChallenge) {
+	if !bytes.Equal(decodedResponse[1:33], decodedChallenge) {
 		errored(errInvalidChallengeErr)
 		return
 	}
@@ -451,7 +451,7 @@ func (h *HttpHandler) AccountLogin(jc jape.Context) {
 		return
 	}
 
-	if !bytes.Equal(decodedResponse, decodedChallenge) {
+	if !bytes.Equal(decodedResponse[1:33], decodedChallenge) {
 		errored(errInvalidChallengeErr)
 		return
 	}