TheCloud/PronounsPage
1
0
Fork 0
mirror of https://gitlab.com/PronounsPage/PronounsPage.git synced 2025-09-24 21:46:22 -04:00
Code Issues Packages Projects Releases Wiki Activity

[mfa] allow faking MFA in development

Browse Source
This commit is contained in:
Andrea Vos 2022-01-15 21:50:52 +01:00
parent 19fe488b5d
commit ce5afe1b23
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/routes/mfa.js
View File

@ -98,13 +98,17 @@ router.post('/mfa/validate', handleErrorAsync(async (req, res) => {
const authenticator = (await findAuthenticatorsByUser(req.db, req.rawUser, 'mfa_secret'))[0];
const tokenValidates = speakeasy.totp.verify({
let tokenValidates = speakeasy.totp.verify({
secret: authenticator.payload,
encoding: 'base32',
token: normalise(req.body.code),
window: 6
});
if (process.env.NODE_ENV === 'development' && normalise(req.body.code) === '999999') {
tokenValidates = true;
}
if (!tokenValidates) {
return res.json({error: 'user.code.invalid'});
}