mirror of
https://github.com/louislam/uptime-kuma.git
synced 2024-11-27 12:00:35 +03:00
Merge pull request #642 from andreasbrett/patch-2
Harden 2FA/TOTP implementation according to rfc6238 (part 3)
This commit is contained in:
commit
6ff3cb275e
1 changed files with 8 additions and 2 deletions
|
@ -75,6 +75,12 @@ const port = parseInt(process.env.UPTIME_KUMA_PORT || process.env.PORT || args.p
|
||||||
const sslKey = process.env.UPTIME_KUMA_SSL_KEY || process.env.SSL_KEY || args["ssl-key"] || undefined;
|
const sslKey = process.env.UPTIME_KUMA_SSL_KEY || process.env.SSL_KEY || args["ssl-key"] || undefined;
|
||||||
const sslCert = process.env.UPTIME_KUMA_SSL_CERT || process.env.SSL_CERT || args["ssl-cert"] || undefined;
|
const sslCert = process.env.UPTIME_KUMA_SSL_CERT || process.env.SSL_CERT || args["ssl-cert"] || undefined;
|
||||||
|
|
||||||
|
// 2FA / notp verification defaults
|
||||||
|
const twofa_verification_opts = {
|
||||||
|
"window": 1,
|
||||||
|
"time": 30
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Run unit test after the server is ready
|
* Run unit test after the server is ready
|
||||||
* @type {boolean}
|
* @type {boolean}
|
||||||
|
@ -272,7 +278,7 @@ exports.entryPage = "dashboard";
|
||||||
}
|
}
|
||||||
|
|
||||||
if (data.token) {
|
if (data.token) {
|
||||||
let verify = notp.totp.verify(data.token, user.twofa_secret);
|
let verify = notp.totp.verify(data.token, user.twofa_secret, twofa_verification_opts);
|
||||||
|
|
||||||
if (verify && verify.delta == 0) {
|
if (verify && verify.delta == 0) {
|
||||||
callback({
|
callback({
|
||||||
|
@ -390,7 +396,7 @@ exports.entryPage = "dashboard";
|
||||||
socket.userID,
|
socket.userID,
|
||||||
]);
|
]);
|
||||||
|
|
||||||
let verify = notp.totp.verify(token, user.twofa_secret);
|
let verify = notp.totp.verify(token, user.twofa_secret, twofa_verification_opts);
|
||||||
|
|
||||||
if (verify && verify.delta == 0) {
|
if (verify && verify.delta == 0) {
|
||||||
callback({
|
callback({
|
||||||
|
|
Loading…
Reference in a new issue