domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Do not allow to reuse TOTP passcode (#3878)

Browse source
This commit is contained in:
Lauris BH 2018-05-02 18:02:02 +03:00 committed by GitHub
parent c58e1e437b
commit 1e1ece8f3d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 38 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
routers/user/auth.go
View file

@ -221,7 +221,7 @@ func TwoFactorPost(ctx *context.Context, form auth.TwoFactorAuthForm) {
return
}
if ok {
if ok && twofa.LastUsedPasscode != form.Passcode {
remember := ctx.Session.Get("twofaRemember").(bool)
u, err := models.GetUserByID(id)
if err != nil {
@ -243,6 +243,12 @@ func TwoFactorPost(ctx *context.Context, form auth.TwoFactorAuthForm) {
}
}
twofa.LastUsedPasscode = form.Passcode
if err = models.UpdateTwoFactor(twofa); err != nil {
ctx.ServerError("UserSignIn", err)
return
}
handleSignIn(ctx, u, remember)
return
}