lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: temporary store of two factor secret to check against

Browse source
This commit is contained in:
Sérgio Salgado 2021-04-19 16:15:44 +01:00 committed by Josh Harvey
parent 91fa16254c
commit 928caaf167
2 changed files with 23 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/users.js
View file

@ -64,9 +64,14 @@ function verifyAndUpdateUser (id, ua, ip) {
.then(user => user)
}
function saveTemp2FASecret (id, secret) {
const sql = 'UPDATE users SET temp_twofa_code=$1 WHERE id=$2'
return db.none(sql, [secret, id])
}
function save2FASecret (id, secret) {
return db.tx(t => {
const q1 = t.none('UPDATE users SET twofa_code=$1 WHERE id=$2', [secret, id])
const q1 = t.none('UPDATE users SET twofa_code=$1, temp_twofa_code=NULL WHERE id=$2', [secret, id])
const q2 = t.none(`DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1`, [id])
return t.batch([q1, q2])
})
@ -167,6 +172,7 @@ module.exports = {
getUserByUsername,
verifyAndUpdateUser,
updatePassword,
saveTemp2FASecret,
save2FASecret,
reset2FASecret,
validateAuthToken,