Author: Adam <git@apiote.tk>
fix verifying totp code
accounts/login.go | 3 +-- accounts/signup.go | 3 +-- libamuse/signup.go | 1 +
diff --git a/accounts/login.go b/accounts/login.go index 0d31568283e32610ad7b0383fbc314a5bd766036..2961e7574d97838870ac0b1a11319a508b91b454 100644 --- a/accounts/login.go +++ b/accounts/login.go @@ -1,7 +1,5 @@ package accounts -// https://golangcode.com/argon2-password-hashing/ - import ( "notabug.org/apiote/amuse/db" @@ -134,6 +132,7 @@ return gott.Tuple(args), nil } } + authData.sfa = strings.ReplaceAll(authData.sfa, " ", "") if totp.Validate(authData.sfa, authResult.sfaSecret) { return gott.Tuple(args), nil } diff --git a/accounts/signup.go b/accounts/signup.go index df71f3cdd9d91f0fdab2b0fedabb505ea670725e..1a6f937b8017152b10364085d59fa2202b380353 100644 --- a/accounts/signup.go +++ b/accounts/signup.go @@ -7,7 +7,6 @@ "encoding/base64" "errors" "fmt" "math/rand" - "strconv" "strings" "golang.org/x/crypto/argon2" @@ -59,7 +58,7 @@ result := args[1].(*AuthResult) codes := []string{} for i := 0; i < 12; i++ { code := rand.Int63n(999999999999) - codeStr := strconv.FormatInt(code, 10) + codeStr := fmt.Sprintf("%012d", code) codes = append(codes, codeStr) } result.recoveryCodesRaw = strings.Join(codes, ",") diff --git a/libamuse/signup.go b/libamuse/signup.go index 46179267413dd217fdeb36f171c749f0b59769e7..de8aa6cbdfdb0b6da9f2996068ac579e8b487dba 100644 --- a/libamuse/signup.go +++ b/libamuse/signup.go @@ -61,6 +61,7 @@ return "", accounts.AuthError{ Err: errors.New("Second factor authentication not confirmed"), } } + sfa = strings.ReplaceAll(sfa, " ", "") if !totp.Validate(sfa, sfaSecret) { return "", accounts.AuthError{ Err: errors.New("Second factor code not correct"),