Commit ce3f6a19 authored by ale's avatar ale

Fix TOTP length-based validation

Still poor validation, but at least not wrong.
parent ec82ed43
......@@ -285,8 +285,7 @@ func (r *EnableOTPRequest) Sanitize() {
func (r *EnableOTPRequest) Validate(_ *RequestContext) error {
var err *validationError
// Only check if the client-side secret is set, skip otherwise.
// TODO: the length here is bogus, replace with real value.
if r.TOTPSecret == "" && len(r.TOTPSecret) != 32 {
if r.TOTPSecret == "" && len(r.TOTPSecret) != 16 {
err = newValidationError(err, "totp_secret", "bad value")
}
return err
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment