mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-22 07:17:05 +00:00
Address review feedback, thanks @hija
This commit is contained in:
parent
b0df35eba0
commit
481a333dc0
@ -38,23 +38,21 @@ def authorized_personnel_only(viewfunc):
|
||||
def newview(*args, **kwargs):
|
||||
# Authenticate the passed credentials, which is either the API key or a username:password pair.
|
||||
error = None
|
||||
privs = []
|
||||
|
||||
try:
|
||||
email, privs = auth_service.authenticate(request, env)
|
||||
|
||||
except totp.MissingTokenError as e:
|
||||
privs = []
|
||||
error = str(e)
|
||||
except totp.BadTokenError as e:
|
||||
# Write a line in the log recording the failed login
|
||||
log_failed_login(request)
|
||||
|
||||
privs = []
|
||||
error = str(e)
|
||||
except ValueError as e:
|
||||
# Write a line in the log recording the failed login
|
||||
log_failed_login(request)
|
||||
|
||||
# Authentication failed.
|
||||
privs = []
|
||||
error = "Incorrect username or password"
|
||||
|
||||
# Authorized to access an API view?
|
||||
@ -443,7 +441,7 @@ def totp_post_enable():
|
||||
if type(secret) != str or type(token) != str or len(token) != 6 or len(secret) != 32:
|
||||
return json_response({ "error": 'bad_input' }, 400)
|
||||
|
||||
if (totp.validate(secret, token)):
|
||||
if totp.validate(secret, token):
|
||||
create_totp_credential(email, secret, token, env)
|
||||
return json_response({})
|
||||
|
||||
|
@ -554,7 +554,7 @@ def get_mfa_state(email, env):
|
||||
c.execute('SELECT secret, mru_token FROM totp_credentials WHERE user_email=?', (email,))
|
||||
|
||||
credential_row = c.fetchone()
|
||||
if (credential_row == None):
|
||||
if credential_row is None:
|
||||
return { 'type': None }
|
||||
|
||||
return {
|
||||
|
@ -61,7 +61,7 @@ class TOTPStrategy():
|
||||
# in that case, we need to raise and indicate to the client to supply a TOTP
|
||||
token_header = request.headers.get('x-auth-token')
|
||||
|
||||
if token_header == None or token_header == "":
|
||||
if not token_header:
|
||||
raise MissingTokenError("Two factor code missing (no x-auth-token supplied)")
|
||||
|
||||
# TODO: Should a token replay be handled as its own error?
|
||||
|
Loading…
Reference in New Issue
Block a user