mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-24 07:37:04 +00:00
Fix handling of bad input when enabling mfa
This commit is contained in:
parent
b80f225691
commit
4dced10a3f
@ -416,12 +416,12 @@ def totp_post_enable():
|
||||
token = request.form.get('token')
|
||||
label = request.form.get('label')
|
||||
if type(token) != str:
|
||||
return json_response({ "error": 'bad_input' }, 400)
|
||||
return ("Bad Input", 400)
|
||||
try:
|
||||
validate_totp_secret(secret)
|
||||
enable_mfa(request.user_email, "totp", secret, token, label, env)
|
||||
except ValueError as e:
|
||||
return str(e)
|
||||
return (str(e), 400)
|
||||
return "OK"
|
||||
|
||||
@app.route('/mfa/disable', methods=['POST'])
|
||||
|
@ -233,31 +233,8 @@ and ensure every administrator account for this control panel does the same.</st
|
||||
secret: $(el.totpSetupSecret).val(),
|
||||
label: $(el.totpSetupLabel).val()
|
||||
},
|
||||
function(res) {
|
||||
do_logout();
|
||||
},
|
||||
function(res) {
|
||||
var errorMessage = 'Something went wrong.';
|
||||
var parsed;
|
||||
|
||||
try {
|
||||
parsed = JSON.parse(res);
|
||||
} catch (err) {
|
||||
return render_error(errorMessage);
|
||||
}
|
||||
|
||||
var error = parsed && parsed.error
|
||||
? parsed.error
|
||||
: null;
|
||||
|
||||
if (error === 'token_mismatch') {
|
||||
errorMessage = 'Code does not match.';
|
||||
} else if (error === 'bad_input') {
|
||||
errorMessage = 'Received request with malformed data.';
|
||||
}
|
||||
|
||||
render_error(errorMessage);
|
||||
}
|
||||
function(res) { do_logout(); },
|
||||
function(res) { render_error(res); }
|
||||
);
|
||||
|
||||
return false;
|
||||
|
Loading…
Reference in New Issue
Block a user