eightequal/AstralRinth
1
0
Fork 0
forked from didirus/AstralRinth
Code Pull Requests Activity

feat(labrinth): totp skew (#2887)

Browse Source
This commit is contained in:
Erb3
2024-11-19 01:31:48 +01:00
committed by GitHub
parent 8cd77ad1d8
commit 4685330eaf
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
apps/labrinth/src/routes/internal/flows.rs
View File

@@ -1678,26 +1678,26 @@ async fn validate_2fa_code(
.map_err(|_| AuthenticationError::InvalidCredentials)?, .map_err(|_| AuthenticationError::InvalidCredentials)?,
) )
.map_err(|_| AuthenticationError::InvalidCredentials)?; .map_err(|_| AuthenticationError::InvalidCredentials)?;
let token = totp
.generate_current()
.map_err(|_| AuthenticationError::InvalidCredentials)?;
const TOTP_NAMESPACE: &str = "used_totp"; const TOTP_NAMESPACE: &str = "used_totp";
let mut conn = redis.connect().await?; let mut conn = redis.connect().await?;
// Check if TOTP has already been used // Check if TOTP has already been used
if conn if conn
.get(TOTP_NAMESPACE, &format!("{}-{}", token, user_id.0)) .get(TOTP_NAMESPACE, &format!("{}-{}", input, user_id.0))
.await? .await?
.is_some() .is_some()
{ {
return Err(AuthenticationError::InvalidCredentials); return Err(AuthenticationError::InvalidCredentials);
} }
if input == token { if totp
.check_current(input.as_str())
.map_err(|_| AuthenticationError::InvalidCredentials)?
{
conn.set( conn.set(
TOTP_NAMESPACE, TOTP_NAMESPACE,
&format!("{}-{}", token, user_id.0), &format!("{}-{}", input, user_id.0),
"", "",
Some(60), Some(60),
) )