jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

unify totp check

Browse Source 
the totp check is done in several places causing errors like 3552232e99

* ldap (addon)
* accesscontrol (dashboard)
* proxyauth
* directoryserver (exposed ldap)
* externalldap (the connector)

The code also makes externalldap auto-create work now across all the cases where there is a username
This commit is contained in:
Girish Ramakrishnan
2023-03-12 15:09:20 +01:00
parent 8e0d1b61af
commit 53e9eccf72
11 changed files with 103 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/profile.js
+1 -1
View File
@@ -75,7 +75,7 @@ async function update(req, res, next) {
if (data.fallbackEmail) {
if (!req.body.password || typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be non empty string'));
const [verifyError] = await safe(users.verify(req.user.id, req.body.password, users.AP_WEBADMIN));
const [verifyError] = await safe(users.verify(req.user.id, req.body.password, users.AP_WEBADMIN, { relaxedTotpCheck: true }));
if (verifyError) return next(BoxError.toHttpError(verifyError));
req.body.password = '<redacted>'; // this will prevent logs from displaying plain text password