diff options
author | wxiaoguang <wxiaoguang@gmail.com> | 2022-01-26 12:10:10 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-26 12:10:10 +0800 |
commit | 49dd9067535538771ef13623ed1dd9698a4a2151 (patch) | |
tree | 7a06ff053683e50d93ad50ce25585a13d54c41e5 /models/auth | |
parent | 4889ab52de0b390bb6e96ad6a64ee082585b3d79 (diff) | |
download | gitea-49dd9067535538771ef13623ed1dd9698a4a2151.tar.gz gitea-49dd9067535538771ef13623ed1dd9698a4a2151.zip |
Use base32 for 2FA scratch token (#18384)
* Use base32 for 2FA scratch token
* rename Secure* to Crypto*, add comments
Diffstat (limited to 'models/auth')
-rw-r--r-- | models/auth/twofactor.go | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/models/auth/twofactor.go b/models/auth/twofactor.go index 883e6ce01c..c5bd972f91 100644 --- a/models/auth/twofactor.go +++ b/models/auth/twofactor.go @@ -8,6 +8,7 @@ import ( "crypto/md5" "crypto/sha256" "crypto/subtle" + "encoding/base32" "encoding/base64" "fmt" @@ -58,11 +59,14 @@ func init() { // GenerateScratchToken recreates the scratch token the user is using. func (t *TwoFactor) GenerateScratchToken() (string, error) { - token, err := util.RandomString(8) + tokenBytes, err := util.CryptoRandomBytes(6) if err != nil { return "", err } - t.ScratchSalt, _ = util.RandomString(10) + // these chars are specially chosen, avoid ambiguous chars like `0`, `O`, `1`, `I`. + const base32Chars = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789" + token := base32.NewEncoding(base32Chars).WithPadding(base32.NoPadding).EncodeToString(tokenBytes) + t.ScratchSalt, _ = util.CryptoRandomString(10) t.ScratchHash = HashToken(token, t.ScratchSalt) return token, nil } |