From bb3017ecda855219b956bfd33485a9ddc6eef4aa Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Mon, 11 Mar 2024 10:29:30 +0100 Subject: [PATCH] Change 2FA to use hostname as issuer (fixes #4518) --- crates/api/src/lib.rs | 10 +++------- crates/api/src/local_user/login.rs | 6 +++++- crates/api/src/local_user/update_totp.rs | 6 ++---- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/crates/api/src/lib.rs b/crates/api/src/lib.rs index fda0bea6f..814dd67eb 100644 --- a/crates/api/src/lib.rs +++ b/crates/api/src/lib.rs @@ -135,11 +135,7 @@ pub(crate) fn generate_totp_2fa_secret() -> String { Secret::generate_secret().to_string() } -pub(crate) fn build_totp_2fa( - site_name: &str, - username: &str, - secret: &str, -) -> Result { +fn build_totp_2fa(hostname: &str, username: &str, secret: &str) -> Result { let sec = Secret::Raw(secret.as_bytes().to_vec()); let sec_bytes = sec .to_bytes() @@ -151,7 +147,7 @@ pub(crate) fn build_totp_2fa( 1, 30, sec_bytes, - Some(site_name.to_string()), + Some(hostname.to_string()), username.to_string(), ) .with_lemmy_type(LemmyErrorType::CouldntGenerateTotp) @@ -272,7 +268,7 @@ mod tests { #[test] fn test_build_totp() { let generated_secret = generate_totp_2fa_secret(); - let totp = build_totp_2fa("lemmy", "my_name", &generated_secret); + let totp = build_totp_2fa("lemmy.ml", "my_name", &generated_secret); assert!(totp.is_ok()); } } diff --git a/crates/api/src/local_user/login.rs b/crates/api/src/local_user/login.rs index 1fe337f3c..4eae762be 100644 --- a/crates/api/src/local_user/login.rs +++ b/crates/api/src/local_user/login.rs @@ -50,7 +50,11 @@ pub async fn login( // Check the totp if enabled if local_user_view.local_user.totp_2fa_enabled { - check_totp_2fa_valid(&local_user_view, &data.totp_2fa_token, &site_view.site.name)?; + check_totp_2fa_valid( + &local_user_view, + &data.totp_2fa_token, + &context.settings().hostname, + )?; } let jwt = Claims::generate(local_user_view.local_user.id, req, &context).await?; diff --git a/crates/api/src/local_user/update_totp.rs b/crates/api/src/local_user/update_totp.rs index 15833ae8a..8f37213e2 100644 --- a/crates/api/src/local_user/update_totp.rs +++ b/crates/api/src/local_user/update_totp.rs @@ -8,7 +8,7 @@ use lemmy_db_schema::{ source::local_user::{LocalUser, LocalUserUpdateForm}, traits::Crud, }; -use lemmy_db_views::structs::{LocalUserView, SiteView}; +use lemmy_db_views::structs::LocalUserView; use lemmy_utils::error::LemmyError; /// Enable or disable two-factor-authentication. The current setting is determined from @@ -25,12 +25,10 @@ pub async fn update_totp( local_user_view: LocalUserView, context: Data, ) -> Result, LemmyError> { - let site_view = SiteView::read_local(&mut context.pool()).await?; - check_totp_2fa_valid( &local_user_view, &Some(data.totp_token.clone()), - &site_view.site.name, + &context.settings().hostname, )?; // toggle the 2fa setting