Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change 2FA to use hostname as issuer (fixes #4518) #4525

Merged
merged 1 commit into from Mar 11, 2024
Merged

Change 2FA to use hostname as issuer (fixes #4518) #4525

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
10 changes: 3 additions & 7 deletions crates/api/src/lib.rs
View file
Open in desktop
Expand Up @@ -135,11 +135,7 @@ pub(crate) fn generate_totp_2fa_secret() -> String {
Secret::generate_secret().to_string()
}

pub(crate) fn build_totp_2fa(
site_name: &str,
username: &str,
secret: &str,
) -> Result<TOTP, LemmyError> {
fn build_totp_2fa(hostname: &str, username: &str, secret: &str) -> Result<TOTP, LemmyError> {
let sec = Secret::Raw(secret.as_bytes().to_vec());
let sec_bytes = sec
.to_bytes()
Expand All @@ -151,7 +147,7 @@ pub(crate) fn build_totp_2fa(
1,
30,
sec_bytes,
Some(site_name.to_string()),
Some(hostname.to_string()),
username.to_string(),
)
.with_lemmy_type(LemmyErrorType::CouldntGenerateTotp)
Expand Down Expand Up @@ -272,7 +268,7 @@ mod tests {
#[test]
fn test_build_totp() {
let generated_secret = generate_totp_2fa_secret();
let totp = build_totp_2fa("lemmy", "my_name", &generated_secret);
let totp = build_totp_2fa("lemmy.ml", "my_name", &generated_secret);
assert!(totp.is_ok());
}
}
6 changes: 5 additions & 1 deletion crates/api/src/local_user/login.rs
View file
Open in desktop
Expand Up @@ -50,7 +50,11 @@ pub async fn login(

// Check the totp if enabled
if local_user_view.local_user.totp_2fa_enabled {
check_totp_2fa_valid(&local_user_view, &data.totp_2fa_token, &site_view.site.name)?;
check_totp_2fa_valid(
&local_user_view,
&data.totp_2fa_token,
&context.settings().hostname,
)?;
}

let jwt = Claims::generate(local_user_view.local_user.id, req, &context).await?;
Expand Down
6 changes: 2 additions & 4 deletions crates/api/src/local_user/update_totp.rs
View file
Open in desktop
Expand Up @@ -8,7 +8,7 @@ use lemmy_db_schema::{
source::local_user::{LocalUser, LocalUserUpdateForm},
traits::Crud,
};
use lemmy_db_views::structs::{LocalUserView, SiteView};
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::LemmyError;

/// Enable or disable two-factor-authentication. The current setting is determined from
Expand All @@ -25,12 +25,10 @@ pub async fn update_totp(
local_user_view: LocalUserView,
context: Data<LemmyContext>,
) -> Result<Json<UpdateTotpResponse>, LemmyError> {
let site_view = SiteView::read_local(&mut context.pool()).await?;

check_totp_2fa_valid(
&local_user_view,
&Some(data.totp_token.clone()),
&site_view.site.name,
&context.settings().hostname,
)?;

// toggle the 2fa setting
Expand Down