aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/lib
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2022-10-10 11:12:23 +0200
committerChocobozzz <me@florianbigard.com>2022-10-10 11:12:23 +0200
commita3e5f804ad821f6979e8735b0569b1209986fedc (patch)
tree5b34a6bd6b3cb1c5e3eed32a72d02922100d53dc /server/lib
parenta0da6f90d16027b385a67da6a5691b163626a363 (diff)
downloadPeerTube-a3e5f804ad821f6979e8735b0569b1209986fedc.tar.gz
PeerTube-a3e5f804ad821f6979e8735b0569b1209986fedc.tar.zst
PeerTube-a3e5f804ad821f6979e8735b0569b1209986fedc.zip
Encrypt OTP secret
Diffstat (limited to 'server/lib')
-rw-r--r--server/lib/auth/oauth.ts4
1 files changed, 2 insertions, 2 deletions
diff --git a/server/lib/auth/oauth.ts b/server/lib/auth/oauth.ts
index b541142a5..35b05ec5a 100644
--- a/server/lib/auth/oauth.ts
+++ b/server/lib/auth/oauth.ts
@@ -9,12 +9,12 @@ import OAuth2Server, {
9 UnsupportedGrantTypeError 9 UnsupportedGrantTypeError
10} from '@node-oauth/oauth2-server' 10} from '@node-oauth/oauth2-server'
11import { randomBytesPromise } from '@server/helpers/core-utils' 11import { randomBytesPromise } from '@server/helpers/core-utils'
12import { isOTPValid } from '@server/helpers/otp'
12import { MOAuthClient } from '@server/types/models' 13import { MOAuthClient } from '@server/types/models'
13import { sha1 } from '@shared/extra-utils' 14import { sha1 } from '@shared/extra-utils'
14import { HttpStatusCode } from '@shared/models' 15import { HttpStatusCode } from '@shared/models'
15import { OAUTH_LIFETIME, OTP } from '../../initializers/constants' 16import { OAUTH_LIFETIME, OTP } from '../../initializers/constants'
16import { BypassLogin, getClient, getRefreshToken, getUser, revokeToken, saveToken } from './oauth-model' 17import { BypassLogin, getClient, getRefreshToken, getUser, revokeToken, saveToken } from './oauth-model'
17import { isOTPValid } from '@server/helpers/otp'
18 18
19class MissingTwoFactorError extends Error { 19class MissingTwoFactorError extends Error {
20 code = HttpStatusCode.UNAUTHORIZED_401 20 code = HttpStatusCode.UNAUTHORIZED_401
@@ -138,7 +138,7 @@ async function handlePasswordGrant (options: {
138 throw new MissingTwoFactorError('Missing two factor header') 138 throw new MissingTwoFactorError('Missing two factor header')
139 } 139 }
140 140
141 if (isOTPValid({ secret: user.otpSecret, token: request.headers[OTP.HEADER_NAME] }) !== true) { 141 if (await isOTPValid({ encryptedSecret: user.otpSecret, token: request.headers[OTP.HEADER_NAME] }) !== true) {
142 throw new InvalidTwoFactorError('Invalid two factor header') 142 throw new InvalidTwoFactorError('Invalid two factor header')
143 } 143 }
144 } 144 }