jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

directoryserver: totp check must be enforced

Browse Source
This commit is contained in:
Girish Ramakrishnan
2024-01-03 14:30:32 +01:00
parent af42f150f2
commit 70c8a5a6be
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/directoryserver.js
View File

@@ -314,7 +314,7 @@ async function userAuth(req, res, next) {
verifyFunc = users.verifyWithUsername;
}
const [error, user] = await safe(verifyFunc(commonName, req.credentials || '', '', { relaxedTotpCheck: true, totpToken }));
const [error, user] = await safe(verifyFunc(commonName, req.credentials || '', '', { totpToken }));
if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
if (error) return next(new ldap.OperationsError(error.message));