mirrors/bookwyrm
1
0
Fork 1
mirror of https://github.com/bookwyrm-social/bookwyrm.git synced 2024-06-16 20:20:44 +00:00
Code Issues Projects Releases Wiki Activity

return Bad Request if 2fa user does not exist

Browse source
This commit is contained in:
Hugh Rundle 2022-10-15 07:11:28 +11:00
parent 905aa66f38
commit cf1fae6af8
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
bookwyrm/views/preferences/two_factor_auth.py
View file

@ -6,6 +6,7 @@ import qrcode.image.svg
from django.contrib.auth import login
from django.contrib.auth.decorators import login_required
from django.http import HttpResponseBadRequest
from django.template.response import TemplateResponse
from django.shortcuts import redirect
from django.utils.decorators import method_decorator
@ -107,10 +108,12 @@ class LoginWith2FA(View):
def post(self, request):
"""Check 2FA code and allow/disallow login"""
if "2fa_user" not in request.session:
try:
user = models.User.objects.get(username=request.session["2fa_user"])
except:
request.session["2fa_auth_time"] = 0
return redirect("/")
user = models.User.objects.get(username=request.session["2fa_user"])
return HttpResponseBadRequest("Invalid user")
session_time = (
int(request.session["2fa_auth_time"])
if request.session["2fa_auth_time"]