external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-05-27 06:28:58 +02:00
Code Issues Releases Wiki Activity

Exclude mru_token in user key hash

Browse Source
This commit is contained in:
Felix Spöttel
2020-09-30 12:34:26 +02:00
parent ada2167d08
commit 1f0e493b8c
2 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
management/auth.py
View File

@@ -4,7 +4,7 @@ from flask import make_response
import utils
from mailconfig import get_mail_password, get_mail_user_privileges
from mfa import get_mfa_state, validate_auth_mfa
from mfa import get_hash_mfa_state, validate_auth_mfa
DEFAULT_KEY_PATH = '/var/lib/mailinabox/api.key'
DEFAULT_AUTH_REALM = 'Mail-in-a-Box Management Server'
@@ -147,7 +147,7 @@ class KeyAuthService:
# Add to the message the current MFA state, which is a list of MFA information.
# Turn it into a string stably.
msg += b" " + json.dumps(get_mfa_state(email, env), sort_keys=True).encode("utf8")
msg += b" " + json.dumps(get_hash_mfa_state(email, env), sort_keys=True).encode("utf8")
# Make the HMAC.
hash_key = self.key.encode('ascii')