external
/
mailinabox
mirror of https://github.com/mail-in-a-box/mailinabox.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Address review feedback, thanks @hija

This commit is contained in:
Felix Spöttel 2020-09-04 20:28:15 +02:00
parent b0df35eba0
commit 481a333dc0
3 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
management/daemon.py
View File

@ -38,23 +38,21 @@ def authorized_personnel_only(viewfunc):
def newview(*args, **kwargs): def newview(*args, **kwargs):
# Authenticate the passed credentials, which is either the API key or a username:password pair. # Authenticate the passed credentials, which is either the API key or a username:password pair.
error = None error = None
privs = []
try: try:
email, privs = auth_service.authenticate(request, env) email, privs = auth_service.authenticate(request, env)
except totp.MissingTokenError as e: except totp.MissingTokenError as e:
privs = []
error = str(e) error = str(e)
except totp.BadTokenError as e: except totp.BadTokenError as e:
# Write a line in the log recording the failed login # Write a line in the log recording the failed login
log_failed_login(request) log_failed_login(request)
privs = []
error = str(e) error = str(e)
except ValueError as e: except ValueError as e:
# Write a line in the log recording the failed login # Write a line in the log recording the failed login
log_failed_login(request) log_failed_login(request)
# Authentication failed. # Authentication failed.
privs = []
error = "Incorrect username or password" error = "Incorrect username or password"
# Authorized to access an API view? # Authorized to access an API view?
@ -443,7 +441,7 @@ def totp_post_enable():
if type(secret) != str or type(token) != str or len(token) != 6 or len(secret) != 32: if type(secret) != str or type(token) != str or len(token) != 6 or len(secret) != 32:
return json_response({ "error": 'bad_input' }, 400) return json_response({ "error": 'bad_input' }, 400)
if (totp.validate(secret, token)): if totp.validate(secret, token):
create_totp_credential(email, secret, token, env) create_totp_credential(email, secret, token, env)
return json_response({}) return json_response({})

2
management/mailconfig.py
View File

@ -554,7 +554,7 @@ def get_mfa_state(email, env):
c.execute('SELECT secret, mru_token FROM totp_credentials WHERE user_email=?', (email,)) c.execute('SELECT secret, mru_token FROM totp_credentials WHERE user_email=?', (email,))
credential_row = c.fetchone() credential_row = c.fetchone()
if (credential_row == None): if credential_row is None:
return { 'type': None } return { 'type': None }
return { return {

2
management/totp.py
View File

@ -61,7 +61,7 @@ class TOTPStrategy():
# in that case, we need to raise and indicate to the client to supply a TOTP # in that case, we need to raise and indicate to the client to supply a TOTP
token_header = request.headers.get('x-auth-token') token_header = request.headers.get('x-auth-token')
if token_header == None or token_header == "": if not token_header:
raise MissingTokenError("Two factor code missing (no x-auth-token supplied)") raise MissingTokenError("Two factor code missing (no x-auth-token supplied)")
# TODO: Should a token replay be handled as its own error? # TODO: Should a token replay be handled as its own error?