jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

proxyauth: add 2fa

Browse Source 
Fixes #748
This commit is contained in:
Girish Ramakrishnan
2020-12-20 13:13:36 -08:00
parent 64a4b712cc
commit 56707ac86a
3 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/routes/accesscontrol.js
View File

@@ -21,17 +21,17 @@ function passwordAuth(req, res, next) {
if (!req.body.username || typeof req.body.username !== 'string') return next(new HttpError(400, 'A username must be non-empty string'));
if (!req.body.password || typeof req.body.password !== 'string') return next(new HttpError(400, 'A password must be non-empty string'));
if ('totpToken' in req.body && typeof req.body.password !== 'string') return next(new HttpError(400, 'totpToken must be a string' ));
const username = req.body.username;
const password = req.body.password;
const { username, password, totpToken } = req.body.username;
function check2FA(user) {
assert.strictEqual(typeof user, 'object');
if (!user.ghost && !user.appPassword && user.twoFactorAuthenticationEnabled) {
if (!req.body.totpToken) return next(new HttpError(401, 'A totpToken must be provided'));
if (!totpToken) return next(new HttpError(401, 'A totpToken must be provided'));
let verified = speakeasy.totp.verify({ secret: user.twoFactorAuthenticationSecret, encoding: 'base32', token: req.body.totpToken, window: 2 });
let verified = speakeasy.totp.verify({ secret: user.twoFactorAuthenticationSecret, encoding: 'base32', token: totpToken, window: 2 });
if (!verified) return next(new HttpError(401, 'Invalid totpToken'));
}