jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

unify totp check

Browse Source 
the totp check is done in several places causing errors like 3552232e99

* ldap (addon)
* accesscontrol (dashboard)
* proxyauth
* directoryserver (exposed ldap)
* externalldap (the connector)

The code also makes externalldap auto-create work now across all the cases where there is a username
This commit is contained in:
Girish Ramakrishnan
2023-03-12 15:09:20 +01:00
parent 8e0d1b61af
commit 53e9eccf72
11 changed files with 103 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/routes/users.js
View File

@@ -142,7 +142,7 @@ async function verifyPassword(req, res, next) {
if (typeof req.body.password !== 'string') return next(new HttpError(400, 'API call requires user password'));
const [error] = await safe(users.verify(req.user.id, req.body.password, users.AP_WEBADMIN));
const [error] = await safe(users.verify(req.user.id, req.body.password, users.AP_WEBADMIN, { relaxedTotpCheck: true }));
if (error) return next(BoxError.toHttpError(error));
req.body.password = '<redacted>'; // this will prevent logs from displaying plain text password