Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-07-27 18:12:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

hotfix(auth): fix TOTP validation bypass issue

Browse Source
This commit is contained in:
Nriver 2025-04-02 14:29:37 +08:00
parent 9a5793dfdd
commit 30fb754a5f
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/routes/login.ts
View File

@ -77,11 +77,6 @@ function login(req: Request, res: Response) {
const submittedPassword = req.body.password; const submittedPassword = req.body.password;
const submittedTotpToken = req.body.totpToken; const submittedTotpToken = req.body.totpToken;
if (!verifyPassword(submittedPassword)) {
sendLoginError(req, res, 'password');
return;
}
if (totp.isTotpEnabled()) { if (totp.isTotpEnabled()) {
if (!verifyTOTP(submittedTotpToken)) { if (!verifyTOTP(submittedTotpToken)) {
sendLoginError(req, res, 'totp'); sendLoginError(req, res, 'totp');
@ -89,6 +84,11 @@ function login(req: Request, res: Response) {
} }
} }
if (!verifyPassword(submittedPassword)) {
sendLoginError(req, res, 'password');
return;
}
const rememberMe = req.body.rememberMe; const rememberMe = req.body.rememberMe;
req.session.regenerate(() => { req.session.regenerate(() => {