external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-03-18 18:07:22 +01:00
Code Issues Releases Wiki Activity

Add TOTP secret to user_key hash

Browse Source 
thanks @downtownallday
* this invalidates all user_keys after TOTP status is changed for user
* after changing TOTP state, a login is required
* due to the forced login, we can't and don't need to store the code used for setup in `mru_code`
This commit is contained in:
Felix Spöttel
2020-09-12 16:34:06 +02:00
parent 2ea97f0643
commit dcb93d071c
6 changed files with 43 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
management/mailconfig.py
View File

@@ -565,11 +565,11 @@ def get_mfa_state(email, env):
'mru_token': '' if mru_token is None else mru_token
}
def create_totp_credential(email, secret, token, env):
def create_totp_credential(email, secret, env):
validate_totp_secret(secret)
conn, c = open_database(env, with_connection=True)
c.execute('INSERT INTO totp_credentials (user_email, secret, mru_token) VALUES (?, ?, ?)', (email, secret, token))
c.execute('INSERT INTO totp_credentials (user_email, secret) VALUES (?, ?)', (email, secret))
conn.commit()
return "OK"