saret/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-09-11 11:15:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixed issue/request #705

Browse Source 
Added a config option to disable time drifted totp codes.
Default is false, since this is what the RFC recommends.
This commit is contained in:
BlackDex
2019-11-07 17:11:29 +01:00
parent 9ff577a7b4
commit 3f6809bcdf
3 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/api/core/two_factor/authenticator.rs
View File

@@ -11,6 +11,8 @@ use crate::db::{
DbConn,
};
pub use crate::config::CONFIG;
pub fn routes() -> Vec<Route> {
routes![
generate_authenticator,
@@ -118,9 +120,11 @@ pub fn validate_totp_code(user_uuid: &str, totp_code: u64, secret: &str, conn: &
.expect("Earlier than 1970-01-01 00:00:00 UTC").as_secs();
// The amount of steps back and forward in time
let steps = 1;
for step in -steps..=steps {
// Also check if we need to disable time drifted TOTP codes.
// If that is the case, we set the steps to 0 so only the current TOTP is valid.
let steps = if CONFIG.authenticator_disable_time_drift() { 0 } else { 1 };
for step in -steps..=steps {
let time_step = (current_time / 30) as i32 + step;
// We need to calculate the time offsite and cast it as an i128.
// Else we can't do math with it on a default u64 variable.