-
Notifications
You must be signed in to change notification settings - Fork 54
Remove totpKey during successful login after TOTP grace period (fix #62) #63
Conversation
@@ -262,11 +262,26 @@ walletV2.clearTotpRemovalRequestIfPossible = function(wallet) { | |||
if(!wallet.totpDisabledAt) { | |||
return Promise.resolve(); | |||
} else { | |||
// set the totpDisabledAt to null | |||
var now = Math.floor((new Date()).getTime() / 1000); | |||
var disabledAt = Math.floor(wallet.totpDisabledAt.getTime() / 1000); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why aren't you just directly comparing dates?
if (wallet.totpDisabledAt > new Date())
...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I copied it from here. I was thinking about the same thing but I thought there's something important behind rounding it to seconds. Can change this.
@bartekn I've updated the tests. thoughts? |
|
||
it("resets the totpKey and totpDisabled after the grace period has elapsed", function() { | ||
var username = "mfa-disabled@stellar.org"; | ||
return this.submit({username:username, walletId:new Buffer(username).toString("base64")}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The only thing I'd change is adding:
.expect(200)
here and in the second test. The rest is OK! 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
word
Remove totpKey during successful login after TOTP grace period (fix #62)
We were cancelling TOTP grace period after successful login (by setting
totpDisabledAt
tonull
) but we haven't tested logging in after TOTP grace period. In this case we should removetotpKey
from a wallet.