external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-03-13 17:17:23 +01:00
Code Issues Releases Wiki Activity

Don't expose mru_token and secret for enabled mfas over HTTP

Browse Source
This commit is contained in:
Felix Spöttel
2020-09-29 19:46:02 +02:00
parent 00b3a3b0a9
commit be5032ffbe
3 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
management/daemon.py
View File

@@ -9,7 +9,7 @@ import auth, utils, mfa
from mailconfig import get_mail_users, get_mail_users_ex, get_admins, add_mail_user, set_mail_password, remove_mail_user
from mailconfig import get_mail_user_privileges, add_remove_mail_user_privilege
from mailconfig import get_mail_aliases, get_mail_aliases_ex, get_mail_domains, add_mail_alias, remove_mail_alias
from mfa import get_mfa_state, provision_totp, validate_totp_secret, enable_mfa, disable_mfa
from mfa import get_public_mfa_state, provision_totp, validate_totp_secret, enable_mfa, disable_mfa
env = utils.load_environment()
@@ -403,7 +403,7 @@ def ssl_provision_certs():
@authorized_personnel_only
def mfa_get_status():
return json_response({
"enabled_mfa": get_mfa_state(request.user_email, env),
"enabled_mfa": get_public_mfa_state(request.user_email, env),
"new_mfa": {
"totp": provision_totp(request.user_email, env)
}