Fix handling of bad input when enabling mfa
This commit is contained in:
parent
b80f225691
commit
4dced10a3f
2 changed files with 4 additions and 27 deletions
|
@ -416,12 +416,12 @@ def totp_post_enable():
|
||||||
token = request.form.get('token')
|
token = request.form.get('token')
|
||||||
label = request.form.get('label')
|
label = request.form.get('label')
|
||||||
if type(token) != str:
|
if type(token) != str:
|
||||||
return json_response({ "error": 'bad_input' }, 400)
|
return ("Bad Input", 400)
|
||||||
try:
|
try:
|
||||||
validate_totp_secret(secret)
|
validate_totp_secret(secret)
|
||||||
enable_mfa(request.user_email, "totp", secret, token, label, env)
|
enable_mfa(request.user_email, "totp", secret, token, label, env)
|
||||||
except ValueError as e:
|
except ValueError as e:
|
||||||
return str(e)
|
return (str(e), 400)
|
||||||
return "OK"
|
return "OK"
|
||||||
|
|
||||||
@app.route('/mfa/disable', methods=['POST'])
|
@app.route('/mfa/disable', methods=['POST'])
|
||||||
|
|
|
@ -233,31 +233,8 @@ and ensure every administrator account for this control panel does the same.</st
|
||||||
secret: $(el.totpSetupSecret).val(),
|
secret: $(el.totpSetupSecret).val(),
|
||||||
label: $(el.totpSetupLabel).val()
|
label: $(el.totpSetupLabel).val()
|
||||||
},
|
},
|
||||||
function(res) {
|
function(res) { do_logout(); },
|
||||||
do_logout();
|
function(res) { render_error(res); }
|
||||||
},
|
|
||||||
function(res) {
|
|
||||||
var errorMessage = 'Something went wrong.';
|
|
||||||
var parsed;
|
|
||||||
|
|
||||||
try {
|
|
||||||
parsed = JSON.parse(res);
|
|
||||||
} catch (err) {
|
|
||||||
return render_error(errorMessage);
|
|
||||||
}
|
|
||||||
|
|
||||||
var error = parsed && parsed.error
|
|
||||||
? parsed.error
|
|
||||||
: null;
|
|
||||||
|
|
||||||
if (error === 'token_mismatch') {
|
|
||||||
errorMessage = 'Code does not match.';
|
|
||||||
} else if (error === 'bad_input') {
|
|
||||||
errorMessage = 'Received request with malformed data.';
|
|
||||||
}
|
|
||||||
|
|
||||||
render_error(errorMessage);
|
|
||||||
}
|
|
||||||
);
|
);
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
|
|
Loading…
Reference in a new issue