From b5b391c73b1757b3cc6580b679196921328835ea Mon Sep 17 00:00:00 2001 From: Andreas Brett Date: Sun, 10 Oct 2021 22:13:18 +0200 Subject: [PATCH 1/3] avoid default values for token verification override default values: window=1, window size=30 (see https://github.com/louislam/uptime-kuma/issues/640) --- server/server.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/server.js b/server/server.js index 67095ff5..e5f3335f 100644 --- a/server/server.js +++ b/server/server.js @@ -265,7 +265,7 @@ exports.entryPage = "dashboard"; } if (data.token) { - let verify = notp.totp.verify(data.token, user.twofa_secret); + let verify = notp.totp.verify(data.token, user.twofa_secret, {"window": 1, "time": 30}); if (verify && verify.delta == 0) { callback({ @@ -383,7 +383,7 @@ exports.entryPage = "dashboard"; socket.userID, ]); - let verify = notp.totp.verify(token, user.twofa_secret); + let verify = notp.totp.verify(token, user.twofa_secret, {"window": 1, "time": 30}); if (verify && verify.delta == 0) { callback({ From e223e826a376b6601dd8ec8e93b71b3a8752f50f Mon Sep 17 00:00:00 2001 From: Andreas Brett Date: Mon, 11 Oct 2021 01:02:54 +0200 Subject: [PATCH 2/3] linting --- server/server.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/server/server.js b/server/server.js index e5f3335f..10ec8700 100644 --- a/server/server.js +++ b/server/server.js @@ -265,7 +265,8 @@ exports.entryPage = "dashboard"; } if (data.token) { - let verify = notp.totp.verify(data.token, user.twofa_secret, {"window": 1, "time": 30}); + let verify = notp.totp.verify(data.token, user.twofa_secret, { "window": 1, + "time": 30 }); if (verify && verify.delta == 0) { callback({ @@ -383,7 +384,8 @@ exports.entryPage = "dashboard"; socket.userID, ]); - let verify = notp.totp.verify(token, user.twofa_secret, {"window": 1, "time": 30}); + let verify = notp.totp.verify(token, user.twofa_secret, { "window": 1, + "time": 30 }); if (verify && verify.delta == 0) { callback({ From 2538bd04ce41361481b0252bb00b94aeea1a50f3 Mon Sep 17 00:00:00 2001 From: Andreas Brett Date: Mon, 11 Oct 2021 20:18:40 +0200 Subject: [PATCH 3/3] notp verification defaults --- server/server.js | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/server/server.js b/server/server.js index 10ec8700..416cfe1f 100644 --- a/server/server.js +++ b/server/server.js @@ -68,6 +68,12 @@ const port = parseInt(process.env.PORT || args.port || 3001); const sslKey = process.env.SSL_KEY || args["ssl-key"] || undefined; const sslCert = process.env.SSL_CERT || args["ssl-cert"] || undefined; +// 2FA / notp verification defaults +const twofa_verification_opts = { + "window": 1, + "time": 30 +} + /** * Run unit test after the server is ready * @type {boolean} @@ -265,8 +271,7 @@ exports.entryPage = "dashboard"; } if (data.token) { - let verify = notp.totp.verify(data.token, user.twofa_secret, { "window": 1, - "time": 30 }); + let verify = notp.totp.verify(data.token, user.twofa_secret, twofa_verification_opts); if (verify && verify.delta == 0) { callback({ @@ -384,8 +389,7 @@ exports.entryPage = "dashboard"; socket.userID, ]); - let verify = notp.totp.verify(token, user.twofa_secret, { "window": 1, - "time": 30 }); + let verify = notp.totp.verify(token, user.twofa_secret, twofa_verification_opts); if (verify && verify.delta == 0) { callback({