gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-11-03 21:19:01 +01:00
Code Issues Actions 20 Packages Projects Releases Wiki Activity

Merge pull request #1597 from TriliumNext/hotfix/totp-validation-bypass

Browse Source 
hotfix(auth): fix TOTP validation bypass issue
This commit is contained in:
JYC333 2025-04-02 11:42:38 +02:00 committed by GitHub
commit 9f3076755c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/routes/login.ts
View File

@ -77,11 +77,6 @@ function login(req: Request, res: Response) {
const submittedPassword = req.body.password; const submittedPassword = req.body.password;
const submittedTotpToken = req.body.totpToken; const submittedTotpToken = req.body.totpToken;
if (!verifyPassword(submittedPassword)) {
sendLoginError(req, res, 'password');
return;
}
if (totp.isTotpEnabled()) { if (totp.isTotpEnabled()) {
if (!verifyTOTP(submittedTotpToken)) { if (!verifyTOTP(submittedTotpToken)) {
sendLoginError(req, res, 'totp'); sendLoginError(req, res, 'totp');
@ -89,6 +84,11 @@ function login(req: Request, res: Response) {
} }
} }
if (!verifyPassword(submittedPassword)) {
sendLoginError(req, res, 'password');
return;
}
const rememberMe = req.body.rememberMe; const rememberMe = req.body.rememberMe;
req.session.regenerate(() => { req.session.regenerate(() => {