diff options
| author | Chocobozzz <me@florianbigard.com> | 2022-10-10 11:12:23 +0200 |
|---|---|---|
| committer | Chocobozzz <me@florianbigard.com> | 2022-10-10 11:12:23 +0200 |
| commit | a3e5f804ad821f6979e8735b0569b1209986fedc (patch) | |
| tree | 5b34a6bd6b3cb1c5e3eed32a72d02922100d53dc /server/lib/auth | |
| parent | a0da6f90d16027b385a67da6a5691b163626a363 (diff) | |
| download | PeerTube-a3e5f804ad821f6979e8735b0569b1209986fedc.tar.gz PeerTube-a3e5f804ad821f6979e8735b0569b1209986fedc.tar.zst PeerTube-a3e5f804ad821f6979e8735b0569b1209986fedc.zip | |
Encrypt OTP secret
Diffstat (limited to 'server/lib/auth')
| -rw-r--r-- | server/lib/auth/oauth.ts | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/server/lib/auth/oauth.ts b/server/lib/auth/oauth.ts index b541142a5..35b05ec5a 100644 --- a/server/lib/auth/oauth.ts +++ b/server/lib/auth/oauth.ts | |||
| @@ -9,12 +9,12 @@ import OAuth2Server, { | |||
| 9 | UnsupportedGrantTypeError | 9 | UnsupportedGrantTypeError |
| 10 | } from '@node-oauth/oauth2-server' | 10 | } from '@node-oauth/oauth2-server' |
| 11 | import { randomBytesPromise } from '@server/helpers/core-utils' | 11 | import { randomBytesPromise } from '@server/helpers/core-utils' |
| 12 | import { isOTPValid } from '@server/helpers/otp' | ||
| 12 | import { MOAuthClient } from '@server/types/models' | 13 | import { MOAuthClient } from '@server/types/models' |
| 13 | import { sha1 } from '@shared/extra-utils' | 14 | import { sha1 } from '@shared/extra-utils' |
| 14 | import { HttpStatusCode } from '@shared/models' | 15 | import { HttpStatusCode } from '@shared/models' |
| 15 | import { OAUTH_LIFETIME, OTP } from '../../initializers/constants' | 16 | import { OAUTH_LIFETIME, OTP } from '../../initializers/constants' |
| 16 | import { BypassLogin, getClient, getRefreshToken, getUser, revokeToken, saveToken } from './oauth-model' | 17 | import { BypassLogin, getClient, getRefreshToken, getUser, revokeToken, saveToken } from './oauth-model' |
| 17 | import { isOTPValid } from '@server/helpers/otp' | ||
| 18 | 18 | ||
| 19 | class MissingTwoFactorError extends Error { | 19 | class MissingTwoFactorError extends Error { |
| 20 | code = HttpStatusCode.UNAUTHORIZED_401 | 20 | code = HttpStatusCode.UNAUTHORIZED_401 |
| @@ -138,7 +138,7 @@ async function handlePasswordGrant (options: { | |||
| 138 | throw new MissingTwoFactorError('Missing two factor header') | 138 | throw new MissingTwoFactorError('Missing two factor header') |
| 139 | } | 139 | } |
| 140 | 140 | ||
| 141 | if (isOTPValid({ secret: user.otpSecret, token: request.headers[OTP.HEADER_NAME] }) !== true) { | 141 | if (await isOTPValid({ encryptedSecret: user.otpSecret, token: request.headers[OTP.HEADER_NAME] }) !== true) { |
| 142 | throw new InvalidTwoFactorError('Invalid two factor header') | 142 | throw new InvalidTwoFactorError('Invalid two factor header') |
| 143 | } | 143 | } |
| 144 | } | 144 | } |