Change 2FA to use hostname as issuer (fixes #4518)

This commit is contained in:
Felix Ableitner 2024-03-11 10:29:30 +01:00
parent 10bf7464b1
commit bb3017ecda
3 changed files with 10 additions and 12 deletions

View file

@ -135,11 +135,7 @@ pub(crate) fn generate_totp_2fa_secret() -> String {
Secret::generate_secret().to_string() Secret::generate_secret().to_string()
} }
pub(crate) fn build_totp_2fa( fn build_totp_2fa(hostname: &str, username: &str, secret: &str) -> Result<TOTP, LemmyError> {
site_name: &str,
username: &str,
secret: &str,
) -> Result<TOTP, LemmyError> {
let sec = Secret::Raw(secret.as_bytes().to_vec()); let sec = Secret::Raw(secret.as_bytes().to_vec());
let sec_bytes = sec let sec_bytes = sec
.to_bytes() .to_bytes()
@ -151,7 +147,7 @@ pub(crate) fn build_totp_2fa(
1, 1,
30, 30,
sec_bytes, sec_bytes,
Some(site_name.to_string()), Some(hostname.to_string()),
username.to_string(), username.to_string(),
) )
.with_lemmy_type(LemmyErrorType::CouldntGenerateTotp) .with_lemmy_type(LemmyErrorType::CouldntGenerateTotp)
@ -272,7 +268,7 @@ mod tests {
#[test] #[test]
fn test_build_totp() { fn test_build_totp() {
let generated_secret = generate_totp_2fa_secret(); let generated_secret = generate_totp_2fa_secret();
let totp = build_totp_2fa("lemmy", "my_name", &generated_secret); let totp = build_totp_2fa("lemmy.ml", "my_name", &generated_secret);
assert!(totp.is_ok()); assert!(totp.is_ok());
} }
} }

View file

@ -50,7 +50,11 @@ pub async fn login(
// Check the totp if enabled // Check the totp if enabled
if local_user_view.local_user.totp_2fa_enabled { if local_user_view.local_user.totp_2fa_enabled {
check_totp_2fa_valid(&local_user_view, &data.totp_2fa_token, &site_view.site.name)?; check_totp_2fa_valid(
&local_user_view,
&data.totp_2fa_token,
&context.settings().hostname,
)?;
} }
let jwt = Claims::generate(local_user_view.local_user.id, req, &context).await?; let jwt = Claims::generate(local_user_view.local_user.id, req, &context).await?;

View file

@ -8,7 +8,7 @@ use lemmy_db_schema::{
source::local_user::{LocalUser, LocalUserUpdateForm}, source::local_user::{LocalUser, LocalUserUpdateForm},
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::{LocalUserView, SiteView}; use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
/// Enable or disable two-factor-authentication. The current setting is determined from /// Enable or disable two-factor-authentication. The current setting is determined from
@ -25,12 +25,10 @@ pub async fn update_totp(
local_user_view: LocalUserView, local_user_view: LocalUserView,
context: Data<LemmyContext>, context: Data<LemmyContext>,
) -> Result<Json<UpdateTotpResponse>, LemmyError> { ) -> Result<Json<UpdateTotpResponse>, LemmyError> {
let site_view = SiteView::read_local(&mut context.pool()).await?;
check_totp_2fa_valid( check_totp_2fa_valid(
&local_user_view, &local_user_view,
&Some(data.totp_token.clone()), &Some(data.totp_token.clone()),
&site_view.site.name, &context.settings().hostname,
)?; )?;
// toggle the 2fa setting // toggle the 2fa setting