Exclude mru_token in user key hash
This commit is contained in:
parent
ada2167d08
commit
1f0e493b8c
|
@ -4,7 +4,7 @@ from flask import make_response
|
||||||
|
|
||||||
import utils
|
import utils
|
||||||
from mailconfig import get_mail_password, get_mail_user_privileges
|
from mailconfig import get_mail_password, get_mail_user_privileges
|
||||||
from mfa import get_mfa_state, validate_auth_mfa
|
from mfa import get_hash_mfa_state, validate_auth_mfa
|
||||||
|
|
||||||
DEFAULT_KEY_PATH = '/var/lib/mailinabox/api.key'
|
DEFAULT_KEY_PATH = '/var/lib/mailinabox/api.key'
|
||||||
DEFAULT_AUTH_REALM = 'Mail-in-a-Box Management Server'
|
DEFAULT_AUTH_REALM = 'Mail-in-a-Box Management Server'
|
||||||
|
@ -147,7 +147,7 @@ class KeyAuthService:
|
||||||
|
|
||||||
# Add to the message the current MFA state, which is a list of MFA information.
|
# Add to the message the current MFA state, which is a list of MFA information.
|
||||||
# Turn it into a string stably.
|
# Turn it into a string stably.
|
||||||
msg += b" " + json.dumps(get_mfa_state(email, env), sort_keys=True).encode("utf8")
|
msg += b" " + json.dumps(get_hash_mfa_state(email, env), sort_keys=True).encode("utf8")
|
||||||
|
|
||||||
# Make the HMAC.
|
# Make the HMAC.
|
||||||
hash_key = self.key.encode('ascii')
|
hash_key = self.key.encode('ascii')
|
||||||
|
|
|
@ -22,11 +22,17 @@ def get_mfa_state(email, env):
|
||||||
]
|
]
|
||||||
|
|
||||||
def get_public_mfa_state(email, env):
|
def get_public_mfa_state(email, env):
|
||||||
c = open_database(env)
|
mfa_state = get_mfa_state(email, env)
|
||||||
c.execute('SELECT id, type, label FROM mfa WHERE user_id=?', (get_user_id(email, c),))
|
|
||||||
return [
|
return [
|
||||||
{ "id": r[0], "type": r[1], "label": r[2] }
|
{ "id": s["id"], "type": s["type"], "label": s["label"] }
|
||||||
for r in c.fetchall()
|
for s in mfa_state
|
||||||
|
]
|
||||||
|
|
||||||
|
def get_hash_mfa_state(email, env):
|
||||||
|
mfa_state = get_mfa_state(email, env)
|
||||||
|
return [
|
||||||
|
{ "id": s["id"], "type": s["type"], "secret": s["secret"] }
|
||||||
|
for s in mfa_state
|
||||||
]
|
]
|
||||||
|
|
||||||
def enable_mfa(email, type, secret, token, label, env):
|
def enable_mfa(email, type, secret, token, label, env):
|
||||||
|
|
Loading…
Reference in New Issue