commit 0fe81e8382face34604a7bb956dccd1ae1b30a8f
parent 4a2f16d905b0336887d1ff784a4e9fd55e7267e2
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Sat, 3 Dec 2022 18:06:33 -0500
add some doc
Diffstat:
1 file changed, 3 insertions(+), 0 deletions(-)
diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -1123,6 +1123,7 @@ func ForgotPasswordHandler(c echo.Context) error {
// Receive and validate GPG code/signature
data.Step = 2
+ // Step2 is guarded by the "partial-recovery-token" cookie that must be valid
partialRecoveryCookie, err := c.Cookie("partial-recovery-token")
if err != nil {
return c.Redirect(http.StatusFound, "/")
@@ -1131,6 +1132,7 @@ func ForgotPasswordHandler(c echo.Context) error {
if !found {
return c.Redirect(http.StatusFound, "/")
}
+
token, found := pgpTokenCache.Get(userID)
if !found {
return c.Redirect(http.StatusFound, "/")
@@ -1169,6 +1171,7 @@ func ForgotPasswordHandler(c echo.Context) error {
// Receive and validate new password
data.Step = 3
+ // Step3 is guarded by the "partial-recovery2-token" cookie that must be valid
partialRecovery2Cookie, err := c.Cookie("partial-recovery2-token")
if err != nil {
return c.Redirect(http.StatusFound, "/")
