Fix again the OTP check

88f74ec3 · ale · d5f5e4c7 · 88f74ec3
Commit 88f74ec3 authored Dec 10, 2021 by ale
--- a/actions_user.go
+++ b/actions_user.go
@@ -348,7 +348,7 @@ func (r *EnableOTPRequest) Validate(_ *RequestContext) error {
 	// Only check if the client-side secret is set, skip otherwise. We
 	// don't really expect a bad value coming from the generator, so the
 	// length check is just for internal consistency.
-	if r.TOTPSecret != "" && (len(r.TOTPSecret) < 16 || len(r.TOTPSecret) > 48) {
+	if r.TOTPSecret != "" && len(r.TOTPSecret) < 10 {
 		err = newValidationError(err, "totp_secret", "bad value")
 	}
 	return err.orNil()