Kirisame/dzura
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects 1 Releases Wiki Activity

Fail login on password reset.

Browse Source
This commit is contained in:
yukirij 2024-10-01 12:40:30 -07:00
parent 53a16a7c2e
commit f153498bf4
1 changed files with 38 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
server/src/manager/data.rs
View File

@ -225,6 +225,7 @@ pub async fn thread_system(mut app:App, bus:Bus<protocol::QRPacket>)
// [TEMPORARY] WORKAROUND FOR PASSWORD RESET // [TEMPORARY] WORKAROUND FOR PASSWORD RESET
if user.secret.is_empty() { if user.secret.is_empty() {
println!("Password reset: {}", user.handle);
if let Ok(secret) = argon2::hash_raw(&request.secret.as_bytes(), &salt, &argon_config) { if let Ok(secret) = argon2::hash_raw(&request.secret.as_bytes(), &salt, &argon_config) {
user.secret = secret; user.secret = secret;
if if let Some(app_user) = app.users.get_mut(tuid) { if if let Some(app_user) = app.users.get_mut(tuid) {
@ -234,8 +235,7 @@ pub async fn thread_system(mut app:App, bus:Bus<protocol::QRPacket>)
app.filesystem.user_update(uid, &user).ok(); app.filesystem.user_update(uid, &user).ok();
} }
} }
} } else {
// Verify salted secret against user data // Verify salted secret against user data
if argon2::verify_raw(&request.secret.as_bytes(), &salt, &user.secret, &argon_config).unwrap_or(false) { if argon2::verify_raw(&request.secret.as_bytes(), &salt, &user.secret, &argon_config).unwrap_or(false) {
println!("Authenticated user '{}' id {}", user.handle, uid); println!("Authenticated user '{}' id {}", user.handle, uid);
@ -282,6 +282,7 @@ pub async fn thread_system(mut app:App, bus:Bus<protocol::QRPacket>)
} else { } else {
println!("notice: password verification failed."); println!("notice: password verification failed.");
} }
}
} else { } else {
println!("error: user salt id '{}' not found.", user.na_key); println!("error: user salt id '{}' not found.", user.na_key);
} }