From 1e1ece8f3dce8ed9958f3bd5823c135d1c19eb49 Mon Sep 17 00:00:00 2001
From: Lauris BH <lauris@nix.lv>
Date: Wed, 2 May 2018 18:02:02 +0300
Subject: Do not allow to reuse TOTP passcode (#3878)

---
 models/twofactor.go | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'models/twofactor.go')

diff --git a/models/twofactor.go b/models/twofactor.go
index 789315021e..5f3c6efc21 100644
--- a/models/twofactor.go
+++ b/models/twofactor.go
@@ -23,12 +23,13 @@ import (
 
 // TwoFactor represents a two-factor authentication token.
 type TwoFactor struct {
-	ID           int64 `xorm:"pk autoincr"`
-	UID          int64 `xorm:"UNIQUE"`
-	Secret       string
-	ScratchToken string
-	CreatedUnix  util.TimeStamp `xorm:"INDEX created"`
-	UpdatedUnix  util.TimeStamp `xorm:"INDEX updated"`
+	ID               int64 `xorm:"pk autoincr"`
+	UID              int64 `xorm:"UNIQUE"`
+	Secret           string
+	ScratchToken     string
+	LastUsedPasscode string         `xorm:"VARCHAR(10)"`
+	CreatedUnix      util.TimeStamp `xorm:"INDEX created"`
+	UpdatedUnix      util.TimeStamp `xorm:"INDEX updated"`
 }
 
 // GenerateScratchToken recreates the scratch token the user is using.
-- 
cgit v1.2.3