fix: security flaw on auth tokens, error handling

2021-04-06 19:12:36 +01:00 · 2021-04-06 19:12:36 +01:00 · c00249586d
commit c00249586d
parent 40974dd501
12 changed files with 185 additions and 144 deletions
--- a/new-lamassu-admin/src/pages/Authentication/Reset2FA.js
+++ b/new-lamassu-admin/src/pages/Authentication/Reset2FA.js
@ -28,8 +28,13 @@ const VALIDATE_RESET_2FA_LINK = gql`
 `

 const RESET_2FA = gql`
-  mutation reset2FA($userID: ID!, $secret: String!, $code: String!) {
-    reset2FA(userID: $userID, secret: $secret, code: $code)
+  mutation reset2FA(
+    $token: String!
+    $userID: ID!
+    $secret: String!
+    $code: String!
+  ) {
+    reset2FA(token: $token, userID: $userID, secret: $secret, code: $code)
  }
 `

@ -154,6 +159,7 @@ const Reset2FA = () => {
                        }
                        reset2FA({
                          variables: {
+                            token: token,
                            userID: userID,
                            secret: secret,
                            code: twoFAConfirmation