external
/
mailinabox
mirror of https://github.com/mail-in-a-box/mailinabox.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Safeguard against empty mru_token column 

* hmac.compare_digest() expects arguments of type string, make sure we don't pass None
 * Currently, this cannot happen but we might not want to store `mru_token` during setup
This commit is contained in:
Felix Spöttel 2020-09-06 13:03:54 +02:00
parent 49c333221a
commit 4791c2fc62
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
management/mailconfig.py
View File

@ -557,10 +557,12 @@ def get_mfa_state(email, env):
if credential_row is None: if credential_row is None:
return { 'type': None } return { 'type': None }
secret, mru_token = credential_row
return { return {
'type': 'totp', 'type': 'totp',
'secret': credential_row[0], 'secret': secret,
'mru_token': credential_row[1] 'mru_token': '' if mru_token is None else mru_token
} }
def create_totp_credential(email, secret, token, env): def create_totp_credential(email, secret, token, env):