diff options
| author | techknowlogick <techknowlogick@users.noreply.github.com> | 2018-07-27 08:54:50 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-07-27 08:54:50 -0400 |
| commit | adf3f004b65135e9375ae60dfd0d9ecba340342e (patch) | |
| tree | 7878b7c6cd11a6f0911f36d71b358e73ea5bfbce /routers/user | |
| parent | ac968c3c6fab89043e11d44b656f2feea01b5931 (diff) | |
| download | gitea-adf3f004b65135e9375ae60dfd0d9ecba340342e.tar.gz gitea-adf3f004b65135e9375ae60dfd0d9ecba340342e.zip | |
Switch plaintext scratch tokens to use hash instead (#4331)
Diffstat (limited to 'routers/user')
| -rw-r--r-- | routers/user/auth.go | 6 | ||||
| -rw-r--r-- | routers/user/setting/security_twofa.go | 9 |
2 files changed, 10 insertions, 5 deletions
diff --git a/routers/user/auth.go b/routers/user/auth.go index b24c56745d..e99f9d5de1 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -306,7 +306,11 @@ func TwoFactorScratchPost(ctx *context.Context, form auth.TwoFactorScratchAuthFo // Validate the passcode with the stored TOTP secret. if twofa.VerifyScratchToken(form.Token) { // Invalidate the scratch token. - twofa.ScratchToken = "" + _, err = twofa.GenerateScratchToken() + if err != nil { + ctx.ServerError("UserSignIn", err) + return + } if err = models.UpdateTwoFactor(twofa); err != nil { ctx.ServerError("UserSignIn", err) return diff --git a/routers/user/setting/security_twofa.go b/routers/user/setting/security_twofa.go index cb61b9e270..3a590f0b08 100644 --- a/routers/user/setting/security_twofa.go +++ b/routers/user/setting/security_twofa.go @@ -32,7 +32,8 @@ func RegenerateScratchTwoFactor(ctx *context.Context) { return } - if err = t.GenerateScratchToken(); err != nil { + token, err := t.GenerateScratchToken() + if err != nil { ctx.ServerError("SettingsTwoFactor", err) return } @@ -42,7 +43,7 @@ func RegenerateScratchTwoFactor(ctx *context.Context) { return } - ctx.Flash.Success(ctx.Tr("settings.twofa_scratch_token_regenerated", t.ScratchToken)) + ctx.Flash.Success(ctx.Tr("settings.twofa_scratch_token_regenerated", token)) ctx.Redirect(setting.AppSubURL + "/user/settings/security") } @@ -170,7 +171,7 @@ func EnrollTwoFactorPost(ctx *context.Context, form auth.TwoFactorAuthForm) { ctx.ServerError("SettingsTwoFactor", err) return } - err = t.GenerateScratchToken() + token, err := t.GenerateScratchToken() if err != nil { ctx.ServerError("SettingsTwoFactor", err) return @@ -183,6 +184,6 @@ func EnrollTwoFactorPost(ctx *context.Context, form auth.TwoFactorAuthForm) { ctx.Session.Delete("twofaSecret") ctx.Session.Delete("twofaUri") - ctx.Flash.Success(ctx.Tr("settings.twofa_enrolled", t.ScratchToken)) + ctx.Flash.Success(ctx.Tr("settings.twofa_enrolled", token)) ctx.Redirect(setting.AppSubURL + "/user/settings/security") } |