LumeWeb
/
portal
1
0
Fork 0
Code Issues 5 Pull Requests Packages Projects Releases Wiki Activity

fix: PostPubkeyChallenge should not be checking email, but pubkey

This commit is contained in:
Derrick Hammer 2023-06-06 22:27:07 -04:00
parent c20dec0204
commit db3ba1f014
Signed by: pcfreak30
GPG Key ID: C997C339BE476FF2
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
controller/auth.go
View File

@ -202,14 +202,14 @@ func (a *AuthController) PostPubkeyChallenge() {
}
// Retrieve the account for the given email.
account := model.Account{}
if err := db.Get().Where("email = ?", r.Email).First(&account).Error; err != nil {
a.Ctx.StopWithError(iris.StatusBadRequest, errors.New("invalid email or password"))
account := model.Key{}
if err := db.Get().Where("pubkey = ?", r.Pubkey).First(&account).Error; err != nil {
a.Ctx.StopWithError(iris.StatusBadRequest, errors.New("invalid pubkey"))
return
}
// Generate a random challenge string.
challenge, err := generateAndSaveChallengeToken(account.ID, time.Minute)
challenge, err := generateAndSaveChallengeToken(account.AccountID, time.Minute)
if err != nil {
a.Ctx.StopWithError(iris.StatusInternalServerError, errors.New("failed to generate challenge"))
return