commit 2ff191fccd1547c1f51556e88f1f6f5cd75cbf7a
parent 8b8d3b179fa50419348608144862468ae8282f33
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Wed, 25 Jan 2023 00:04:02 -0800
rolleyes
Diffstat:
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -1042,7 +1042,7 @@ func forgotPasswordHandler(c echo.Context) error {
// Step2 is guarded by the "token" that must be valid
token := c.Request().PostFormValue("token")
item, found := partialRecoveryCache.Get(token)
- if !found {
+ if !found || item.Step != RecoveryCaptchaCompleted {
return c.Redirect(http.StatusFound, "/")
}
userID := item.UserID
@@ -1084,7 +1084,7 @@ func forgotPasswordHandler(c echo.Context) error {
// Step3 is guarded by the "token" that must be valid
token := c.Request().PostFormValue("token")
item, found := partialRecoveryCache.Get(token)
- if !found {
+ if !found || item.Step != RecoveryGpgValidated {
return c.Redirect(http.StatusFound, "/")
}
userID := item.UserID
