1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-24 02:37:05 +00:00

Fix handling of bad input when enabling mfa

This commit is contained in:
Felix Spöttel 2020-09-28 21:04:44 +02:00
parent b80f225691
commit 4dced10a3f
2 changed files with 4 additions and 27 deletions

View File

@ -416,12 +416,12 @@ def totp_post_enable():
token = request.form.get('token')
label = request.form.get('label')
if type(token) != str:
return json_response({ "error": 'bad_input' }, 400)
return ("Bad Input", 400)
try:
validate_totp_secret(secret)
enable_mfa(request.user_email, "totp", secret, token, label, env)
except ValueError as e:
return str(e)
return (str(e), 400)
return "OK"
@app.route('/mfa/disable', methods=['POST'])

View File

@ -233,31 +233,8 @@ and ensure every administrator account for this control panel does the same.</st
secret: $(el.totpSetupSecret).val(),
label: $(el.totpSetupLabel).val()
},
function(res) {
do_logout();
},
function(res) {
var errorMessage = 'Something went wrong.';
var parsed;
try {
parsed = JSON.parse(res);
} catch (err) {
return render_error(errorMessage);
}
var error = parsed && parsed.error
? parsed.error
: null;
if (error === 'token_mismatch') {
errorMessage = 'Code does not match.';
} else if (error === 'bad_input') {
errorMessage = 'Received request with malformed data.';
}
render_error(errorMessage);
}
function(res) { do_logout(); },
function(res) { render_error(res); }
);
return false;