vividboarder/bitwarden_rs
1
0
Fork 0
mirror of https://github.com/ViViDboarder/bitwarden_rs.git synced 2024-11-22 13:16:39 +00:00
Code Issues Releases Wiki Activity

Compare token using crypto::ct_eq

Browse Source
This commit is contained in:
vpl 2019-08-26 20:22:04 +02:00
parent 591ae10144
commit c99df1c310
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/api/core/two_factor/email.rs
View File

@ -181,7 +181,7 @@ fn email(data: JsonUpcase<EmailData>, headers: Headers, conn: DbConn) -> JsonRes
_ => err!("No token available"),
};
if issued_token != &data.Token {
if !crypto::ct_eq(issued_token, data.Token) {
err!("Token is invalid")
}
@ -206,7 +206,7 @@ pub fn validate_email_code_str(user_uuid: &str, token: &str, data: &str, conn: &
_ => err!("No token available"),
};
if issued_token != &*token {
if !crypto::ct_eq(issued_token, token) {
email_data.add_attempt();
if email_data.attempts >= CONFIG.email_attempts_limit() {
email_data.reset_token();