VOneTimePassword: Use g.gencache to check for code reuse

reddit-archive · Jun 20, 2016 · 6f78328 · 6f78328
1 parent cf73f43
commit 6f78328
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/r2/r2/lib/validator/validator.py b/r2/r2/lib/validator/validator.py
@@ -2819,14 +2819,14 @@ def __init__(self, param, required):
     def validate_otp(cls, secret, password):
         # is the password a valid format and has it been used?
         try:
-            key = "otp-%s-%d" % (c.user._id36, int(password))
+            key = "otp:used_%s_%d" % (c.user._id36, int(password))
         except (TypeError, ValueError):
             valid_and_unused = False
         else:
             # leave this key around for one more time period than the maximum
             # number of time periods we'll check for valid passwords
             key_ttl = totp.PERIOD * (len(cls.allowed_skew) + 1)
-            valid_and_unused = g.cache.add(key, True, time=key_ttl)
+            valid_and_unused = g.gencache.add(key, True, time=key_ttl)
 
         # check the password (allowing for some clock-skew as 2FA-users
         # frequently travel at relativistic velocities)