From a3e5f804ad821f6979e8735b0569b1209986fedc Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Mon, 10 Oct 2022 11:12:23 +0200 Subject: Encrypt OTP secret --- server/lib/auth/oauth.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'server/lib') diff --git a/server/lib/auth/oauth.ts b/server/lib/auth/oauth.ts index b541142a5..35b05ec5a 100644 --- a/server/lib/auth/oauth.ts +++ b/server/lib/auth/oauth.ts @@ -9,12 +9,12 @@ import OAuth2Server, { UnsupportedGrantTypeError } from '@node-oauth/oauth2-server' import { randomBytesPromise } from '@server/helpers/core-utils' +import { isOTPValid } from '@server/helpers/otp' import { MOAuthClient } from '@server/types/models' import { sha1 } from '@shared/extra-utils' import { HttpStatusCode } from '@shared/models' import { OAUTH_LIFETIME, OTP } from '../../initializers/constants' import { BypassLogin, getClient, getRefreshToken, getUser, revokeToken, saveToken } from './oauth-model' -import { isOTPValid } from '@server/helpers/otp' class MissingTwoFactorError extends Error { code = HttpStatusCode.UNAUTHORIZED_401 @@ -138,7 +138,7 @@ async function handlePasswordGrant (options: { throw new MissingTwoFactorError('Missing two factor header') } - if (isOTPValid({ secret: user.otpSecret, token: request.headers[OTP.HEADER_NAME] }) !== true) { + if (await isOTPValid({ encryptedSecret: user.otpSecret, token: request.headers[OTP.HEADER_NAME] }) !== true) { throw new InvalidTwoFactorError('Invalid two factor header') } } -- cgit v1.2.3