GODT-1609: apply change from MR

internal/bridge/smtp_backend.go

@@ -1,6 +1,7 @@
 package bridge
 
 import (
+	"crypto/subtle"
 	"sync"
 
 	"github.com/ProtonMail/proton-bridge/v2/internal/user"
@@ -23,7 +24,7 @@ func (backend *smtpBackend) Login(state *smtp.ConnectionState, username string,
 	defer backend.usersLock.RUnlock()
 
 	for _, user := range backend.users {
-		if slices.Contains(user.Emails(), username) && string(user.BridgePass()) == password {
+		if slices.Contains(user.Emails(), username) && subtle.ConstantTimeCompare(user.BridgePass(), []byte(password)) != 1 {
 			return user.NewSMTPSession(username), nil
 		}
 	}

internal/user/user.go

@@ -206,7 +206,7 @@ func (user *User) GluonKey() []byte {
 
 // BridgePass returns the user's bridge password, used for authentication over SMTP and IMAP.
 func (user *User) BridgePass() []byte {
-	return []byte(user.vault.BridgePass())
+	return user.vault.BridgePass()
 }
 
 // UsedSpace returns the total space used by the user on the API.

pkg/mobileconfig/config.go

@@ -57,7 +57,7 @@ type SMTP struct {
 	// Leave Username blank to do not use SMTP authentication.
 	Username string
 	// Leave Password blank to use IMAP credentials.
-	Password string
+	Password []byte
 }
 
 func (c *Config) WriteOut(w io.Writer) error {