Saner TOTP provisioning
A user's e-mail address may be fluid, and the site "instance name" may be strange or change regularly. There's no reason to use these over the user's stable ID and the site's stable hostname for TOTP parameters. Even if the system is built to TOLERATE changes (as it is -- I tested it), it seems much more elegant to have these para- meters as stable identifiers.
This commit is contained in:
parent
0b2119d4a7
commit
21fe97fa16
@ -34,7 +34,7 @@ defmodule Pleroma.MFA.TOTP do
|
|||||||
defp default_digits, do: Config.get(@config_ns ++ [:digits])
|
defp default_digits, do: Config.get(@config_ns ++ [:digits])
|
||||||
|
|
||||||
defp default_issuer,
|
defp default_issuer,
|
||||||
do: Config.get(@config_ns ++ [:issuer], Config.get([:instance, :name]))
|
do: Config.get(@config_ns ++ [:issuer], Config.get([:instance, :host]))
|
||||||
|
|
||||||
@doc "Creates a random Base 32 encoded string"
|
@doc "Creates a random Base 32 encoded string"
|
||||||
def generate_secret do
|
def generate_secret do
|
||||||
|
@ -41,7 +41,7 @@ defmodule Pleroma.Web.PleromaAPI.TwoFactorAuthenticationController do
|
|||||||
def setup(%{assigns: %{user: user}} = conn, %{"method" => "totp"} = _params) do
|
def setup(%{assigns: %{user: user}} = conn, %{"method" => "totp"} = _params) do
|
||||||
with {:ok, user} <- MFA.setup_totp(user),
|
with {:ok, user} <- MFA.setup_totp(user),
|
||||||
%{secret: secret} = _ <- user.multi_factor_authentication_settings.totp do
|
%{secret: secret} = _ <- user.multi_factor_authentication_settings.totp do
|
||||||
provisioning_uri = TOTP.provisioning_uri(secret, "#{user.email}")
|
provisioning_uri = TOTP.provisioning_uri(secret, "#{user.ap_id}")
|
||||||
|
|
||||||
json(conn, %{provisioning_uri: provisioning_uri, key: secret})
|
json(conn, %{provisioning_uri: provisioning_uri, key: secret})
|
||||||
else
|
else
|
||||||
|
Loading…
Reference in New Issue
Block a user