jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

totp: set window to 2

Browse Source 
see https://github.com/speakeasyjs/speakeasy#specifying-a-window-for-verifying-hotp-and-totp

A TOTP is incremented every step time-step seconds. By default, the time-step is
30 seconds. Window of 2 means, +- 2 steps.

Fixes #633
This commit is contained in:
Girish Ramakrishnan
2019-07-23 14:42:03 -07:00
parent 3553fbc7b6
commit 9a0d5b918f
4 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/users.js
View File

@@ -631,7 +631,7 @@ function enableTwoFactorAuthentication(userId, totpToken, callback) {
if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new UsersError(UsersError.NOT_FOUND));
if (error) return callback(new UsersError(UsersError.INTERNAL_ERROR, error));
var verified = speakeasy.totp.verify({ secret: result.twoFactorAuthenticationSecret, encoding: 'base32', token: totpToken });
var verified = speakeasy.totp.verify({ secret: result.twoFactorAuthenticationSecret, encoding: 'base32', token: totpToken, window: 2 });
if (!verified) return callback(new UsersError(UsersError.BAD_TOKEN));
if (result.twoFactorAuthenticationEnabled) return callback(new UsersError(UsersError.ALREADY_EXISTS));