deepcrayon/lila
deepcrayon/lila
1
0
Fork 0
Code Releases Activity

totpDefault -> currentTotp, totp(period) can be private

Browse source
This commit is contained in:
Niklas Fiekas 2018-05-06 17:56:14 +02:00
parent 10faba2025
commit 605d452506
3 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/Account.scala
View file

@ -199,7 +199,7 @@ object Account extends LilaController {
} { password =>
Env.user.authenticator.authenticateById(
me.id,
PasswordAndToken(ClearPassword(password), me.totpSecret.map(_.totpDefault))
PasswordAndToken(ClearPassword(password), me.totpSecret.map(_.currentTotp))
).map(_.isDefined) flatMap {
case false => BadRequest(html.account.close(me, Env.security.forms.closeAccount)).fuccess
case true => Env.current.closeAccount(me.id, self = true) inject {

4
modules/user/src/main/TotpSecret.scala
View file

@ -14,9 +14,9 @@ case class TotpSecret(secret: Array[Byte]) extends AnyVal {
def base32: String = new Base32().encodeAsString(secret)
def totpDefault = totp(System.currentTimeMillis / 30000)
def currentTotp = totp(System.currentTimeMillis / 30000)
def totp(period: Long): TotpToken = TotpToken {
private def totp(period: Long): TotpToken = TotpToken {
val msg = BigInt(period).toByteArray.reverse.padTo(8, 0.toByte).reverse
val hmac = Mac.getInstance("HMACSHA1")

9
modules/user/src/test/TotpTest.scala
View file

@ -1,6 +1,7 @@
package lila.user
import org.specs2.mutable.Specification
import User.TotpToken
class TotpTest extends Specification {
@ -12,15 +13,15 @@ class TotpTest extends Specification {
"authenticate" in {
val secret = TotpSecret.random
val token = secret.totp(System.currentTimeMillis / 30000)
val token = secret.currentTotp
secret.verify(token) must beTrue
}
"not authenticate" in {
val secret = TotpSecret("1234567890123456")
secret.verify("") must beFalse
secret.verify("000000") must beFalse
secret.verify("123456") must beFalse
secret.verify(TotpToken("")) must beFalse
secret.verify(TotpToken("000000")) must beFalse
secret.verify(TotpToken("123456")) must beFalse
}
}
}