diff options
author | Chocobozzz <me@florianbigard.com> | 2022-10-10 11:12:23 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2022-10-10 11:12:23 +0200 |
commit | a3e5f804ad821f6979e8735b0569b1209986fedc (patch) | |
tree | 5b34a6bd6b3cb1c5e3eed32a72d02922100d53dc /server/lib | |
parent | a0da6f90d16027b385a67da6a5691b163626a363 (diff) | |
download | PeerTube-a3e5f804ad821f6979e8735b0569b1209986fedc.tar.gz PeerTube-a3e5f804ad821f6979e8735b0569b1209986fedc.tar.zst PeerTube-a3e5f804ad821f6979e8735b0569b1209986fedc.zip |
Encrypt OTP secret
Diffstat (limited to 'server/lib')
-rw-r--r-- | server/lib/auth/oauth.ts | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/server/lib/auth/oauth.ts b/server/lib/auth/oauth.ts index b541142a5..35b05ec5a 100644 --- a/server/lib/auth/oauth.ts +++ b/server/lib/auth/oauth.ts | |||
@@ -9,12 +9,12 @@ import OAuth2Server, { | |||
9 | UnsupportedGrantTypeError | 9 | UnsupportedGrantTypeError |
10 | } from '@node-oauth/oauth2-server' | 10 | } from '@node-oauth/oauth2-server' |
11 | import { randomBytesPromise } from '@server/helpers/core-utils' | 11 | import { randomBytesPromise } from '@server/helpers/core-utils' |
12 | import { isOTPValid } from '@server/helpers/otp' | ||
12 | import { MOAuthClient } from '@server/types/models' | 13 | import { MOAuthClient } from '@server/types/models' |
13 | import { sha1 } from '@shared/extra-utils' | 14 | import { sha1 } from '@shared/extra-utils' |
14 | import { HttpStatusCode } from '@shared/models' | 15 | import { HttpStatusCode } from '@shared/models' |
15 | import { OAUTH_LIFETIME, OTP } from '../../initializers/constants' | 16 | import { OAUTH_LIFETIME, OTP } from '../../initializers/constants' |
16 | import { BypassLogin, getClient, getRefreshToken, getUser, revokeToken, saveToken } from './oauth-model' | 17 | import { BypassLogin, getClient, getRefreshToken, getUser, revokeToken, saveToken } from './oauth-model' |
17 | import { isOTPValid } from '@server/helpers/otp' | ||
18 | 18 | ||
19 | class MissingTwoFactorError extends Error { | 19 | class MissingTwoFactorError extends Error { |
20 | code = HttpStatusCode.UNAUTHORIZED_401 | 20 | code = HttpStatusCode.UNAUTHORIZED_401 |
@@ -138,7 +138,7 @@ async function handlePasswordGrant (options: { | |||
138 | throw new MissingTwoFactorError('Missing two factor header') | 138 | throw new MissingTwoFactorError('Missing two factor header') |
139 | } | 139 | } |
140 | 140 | ||
141 | if (isOTPValid({ secret: user.otpSecret, token: request.headers[OTP.HEADER_NAME] }) !== true) { | 141 | if (await isOTPValid({ encryptedSecret: user.otpSecret, token: request.headers[OTP.HEADER_NAME] }) !== true) { |
142 | throw new InvalidTwoFactorError('Invalid two factor header') | 142 | throw new InvalidTwoFactorError('Invalid two factor header') |
143 | } | 143 | } |
144 | } | 144 | } |