From 138fc507c81f68dea1092743577145078552d102 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Thu, 14 Jul 2022 13:55:28 -0700 Subject: [PATCH] Fixed using timed OTP when backup codes are not allowed (#4268) --- meshuser.js | 6 ------ views/default.handlebars | 18 ++++++------------ 2 files changed, 6 insertions(+), 18 deletions(-) diff --git a/meshuser.js b/meshuser.js index 36e8b575..6bc4c661 100644 --- a/meshuser.js +++ b/meshuser.js @@ -3330,9 +3330,6 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use // Do not allow this command if 2FA's are locked if ((domain.passwordrequirements) && (domain.passwordrequirements.lock2factor == true)) { ws.send(JSON.stringify({ action: 'otpauth-request', err: 1 })); return; } - // Do not allow this command if backup codes are not allowed - if ((domain.passwordrequirements) && (domain.passwordrequirements.backupcode2factor == false)) { ws.send(JSON.stringify({ action: 'otpauth-request', err: 2 })); return; } - // Do not allow this command when logged in using a login token if (req.session.loginToken != null) { ws.send(JSON.stringify({ action: 'otpauth-request', err: 3 })); return; } @@ -3361,9 +3358,6 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use // Do not allow this command if 2FA's are locked if ((domain.passwordrequirements) && (domain.passwordrequirements.lock2factor == true)) return; - // Do not allow this command if backup codes are not allowed - if ((domain.passwordrequirements) && (domain.passwordrequirements.backupcode2factor == false)) return; - // Do not allow this command when logged in using a login token if (req.session.loginToken != null) break; diff --git a/views/default.handlebars b/views/default.handlebars index 623a1350..4522344f 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -2931,11 +2931,9 @@ QS('dialog').bottom = '80px'; QS('dialog').top = QS('dialog').left = QS('dialog').right = '100px'; if (d4EditEncodingVal == 1) { - // UTF8 Encoding - Q('d4editorarea').value = decode_utf8(atob(message.data)); + Q('d4editorarea').value = decode_utf8(atob(message.data)); // UTF8 Encoding } else { - // RAW Encoding - Q('d4editorarea').value = atob(message.data); + Q('d4editorarea').value = atob(message.data); // RAW Encoding } break; } @@ -10717,11 +10715,9 @@ QS('dialog').bottom = '80px'; QS('dialog').top = QS('dialog').left = QS('dialog').right = '100px'; if (d4EditEncodingVal == 1) { - // UTF8 Encoding - Q('d4editorarea').value = decode_utf8(gdownloadFile.data); + Q('d4editorarea').value = decode_utf8(gdownloadFile.data); // UTF8 Encoding } else { - // RAW Encoding - Q('d4editorarea').value = gdownloadFile.data; + Q('d4editorarea').value = gdownloadFile.data; // RAW Encoding } gdownloadFile = null; } else { @@ -10767,11 +10763,9 @@ function p13editSaveBack(b, tag) { var data; if (d4EditEncodingVal == 1) { - // UTF8 encoding - data = new TextEncoder().encode(Q('d4editorarea').value); + data = new TextEncoder().encode(Q('d4editorarea').value); // UTF8 encoding } else { - // RAW encoding - data = new TextEncoder().encode(decode_utf8(Q('d4editorarea').value)); + data = new TextEncoder().encode(decode_utf8(Q('d4editorarea').value)); // RAW encoding } p13uploadFileContinue(1, [{ name: tag, size: data.byteLength, type: 'text/plain', xdata: data }]); }