From 4dced10a3f22e7ce201fdc3bd29681e1899f1e1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Sp=C3=B6ttel?= <1682504+fspoettel@users.noreply.github.com> Date: Mon, 28 Sep 2020 21:04:44 +0200 Subject: [PATCH] Fix handling of bad input when enabling mfa --- management/daemon.py | 4 ++-- management/templates/mfa.html | 27 ++------------------------- 2 files changed, 4 insertions(+), 27 deletions(-) diff --git a/management/daemon.py b/management/daemon.py index f4f972d..bc51978 100755 --- a/management/daemon.py +++ b/management/daemon.py @@ -416,12 +416,12 @@ def totp_post_enable(): token = request.form.get('token') label = request.form.get('label') if type(token) != str: - return json_response({ "error": 'bad_input' }, 400) + return ("Bad Input", 400) try: validate_totp_secret(secret) enable_mfa(request.user_email, "totp", secret, token, label, env) except ValueError as e: - return str(e) + return (str(e), 400) return "OK" @app.route('/mfa/disable', methods=['POST']) diff --git a/management/templates/mfa.html b/management/templates/mfa.html index 32b7f6c..8e2737c 100644 --- a/management/templates/mfa.html +++ b/management/templates/mfa.html @@ -233,31 +233,8 @@ and ensure every administrator account for this control panel does the same.