github_mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter.git synced 2025-02-02 23:28:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix OTP time window

Browse Source
This commit is contained in:
KernelDeimos 2024-05-06 15:02:14 -04:00
parent 918eb3bb67
commit a628358c9f
3 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
package-lock.json generated
View File

@ -13,7 +13,6 @@
"packages/*"
],
"dependencies": {
"otpauth": "9.2.4",
"uuid": "^9.0.1"
},
"devDependencies": {

1
package.json
View File

@ -43,7 +43,6 @@
]
},
"dependencies": {
"otpauth": "9.2.4",
"uuid": "^9.0.1"
}
}

8
packages/backend/src/services/auth/OTPService.js
View File

@ -48,8 +48,12 @@ class OTPService extends BaseService {
secret,
});
const ok = totp.validate({ token: code });
return ok;
const allowed = [-1, 0, 1];
const delta = totp.validate({ token: code });
if ( delta === null ) return false;
if ( ! allowed.includes(delta) ) return false;
return true;
}
gen_otp_secret_ () {