diff options
Diffstat (limited to 'routers/user')
-rw-r--r-- | routers/user/auth.go | 6 | ||||
-rw-r--r-- | routers/user/setting/security_twofa.go | 9 |
2 files changed, 10 insertions, 5 deletions
diff --git a/routers/user/auth.go b/routers/user/auth.go index b24c56745d..e99f9d5de1 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -306,7 +306,11 @@ func TwoFactorScratchPost(ctx *context.Context, form auth.TwoFactorScratchAuthFo // Validate the passcode with the stored TOTP secret. if twofa.VerifyScratchToken(form.Token) { // Invalidate the scratch token. - twofa.ScratchToken = "" + _, err = twofa.GenerateScratchToken() + if err != nil { + ctx.ServerError("UserSignIn", err) + return + } if err = models.UpdateTwoFactor(twofa); err != nil { ctx.ServerError("UserSignIn", err) return diff --git a/routers/user/setting/security_twofa.go b/routers/user/setting/security_twofa.go index cb61b9e270..3a590f0b08 100644 --- a/routers/user/setting/security_twofa.go +++ b/routers/user/setting/security_twofa.go @@ -32,7 +32,8 @@ func RegenerateScratchTwoFactor(ctx *context.Context) { return } - if err = t.GenerateScratchToken(); err != nil { + token, err := t.GenerateScratchToken() + if err != nil { ctx.ServerError("SettingsTwoFactor", err) return } @@ -42,7 +43,7 @@ func RegenerateScratchTwoFactor(ctx *context.Context) { return } - ctx.Flash.Success(ctx.Tr("settings.twofa_scratch_token_regenerated", t.ScratchToken)) + ctx.Flash.Success(ctx.Tr("settings.twofa_scratch_token_regenerated", token)) ctx.Redirect(setting.AppSubURL + "/user/settings/security") } @@ -170,7 +171,7 @@ func EnrollTwoFactorPost(ctx *context.Context, form auth.TwoFactorAuthForm) { ctx.ServerError("SettingsTwoFactor", err) return } - err = t.GenerateScratchToken() + token, err := t.GenerateScratchToken() if err != nil { ctx.ServerError("SettingsTwoFactor", err) return @@ -183,6 +184,6 @@ func EnrollTwoFactorPost(ctx *context.Context, form auth.TwoFactorAuthForm) { ctx.Session.Delete("twofaSecret") ctx.Session.Delete("twofaUri") - ctx.Flash.Success(ctx.Tr("settings.twofa_enrolled", t.ScratchToken)) + ctx.Flash.Success(ctx.Tr("settings.twofa_enrolled", token)) ctx.Redirect(setting.AppSubURL + "/user/settings/security") } |