amuse.git

commit c816fa4aedf7e78c66ba6115612d333438aa44b3

Author: Adam <git@apiote.tk>

fix verifying totp code


 accounts/login.go | 3 +--
 accounts/signup.go | 3 +--
 libamuse/signup.go | 1 +


diff --git a/accounts/login.go b/accounts/login.go
index 0d31568283e32610ad7b0383fbc314a5bd766036..2961e7574d97838870ac0b1a11319a508b91b454 100644
--- a/accounts/login.go
+++ b/accounts/login.go
@@ -1,7 +1,5 @@
 package accounts
 
-// https://golangcode.com/argon2-password-hashing/
-
 import (
 	"notabug.org/apiote/amuse/db"
 
@@ -134,6 +132,7 @@ 			return gott.Tuple(args), nil
 		}
 	}
 
+	authData.sfa = strings.ReplaceAll(authData.sfa, " ", "")
 	if totp.Validate(authData.sfa, authResult.sfaSecret) {
 		return gott.Tuple(args), nil
 	}




diff --git a/accounts/signup.go b/accounts/signup.go
index df71f3cdd9d91f0fdab2b0fedabb505ea670725e..1a6f937b8017152b10364085d59fa2202b380353 100644
--- a/accounts/signup.go
+++ b/accounts/signup.go
@@ -7,7 +7,6 @@ 	"encoding/base64"
 	"errors"
 	"fmt"
 	"math/rand"
-	"strconv"
 	"strings"
 
 	"golang.org/x/crypto/argon2"
@@ -59,7 +58,7 @@ 		result := args[1].(*AuthResult)
 		codes := []string{}
 		for i := 0; i < 12; i++ {
 			code := rand.Int63n(999999999999)
-			codeStr := strconv.FormatInt(code, 10)
+			codeStr := fmt.Sprintf("%012d", code)
 			codes = append(codes, codeStr)
 		}
 		result.recoveryCodesRaw = strings.Join(codes, ",")




diff --git a/libamuse/signup.go b/libamuse/signup.go
index 46179267413dd217fdeb36f171c749f0b59769e7..de8aa6cbdfdb0b6da9f2996068ac579e8b487dba 100644
--- a/libamuse/signup.go
+++ b/libamuse/signup.go
@@ -61,6 +61,7 @@ 			return "", accounts.AuthError{
 				Err: errors.New("Second factor authentication not confirmed"),
 			}
 		}
+		sfa = strings.ReplaceAll(sfa, " ", "")
 		if !totp.Validate(sfa, sfaSecret) {
 			return "", accounts.AuthError{
 				Err: errors.New("Second factor code not correct"),