commit 77f9aae7420dfb14693240ae7e57571300436cce
parent ff3f9656d2371aefe04cf58640c0d44bed17ea6c
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Tue, 6 Jun 2023 20:11:21 -0700
limit attempts to totp and gpg sign 2fa
Diffstat:
1 file changed, 11 insertions(+), 0 deletions(-)
diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -520,6 +520,12 @@ func SessionsGpgSignTwoFactorHandler(c echo.Context, step1 bool, token string) e
data.SignedMessage = c.Request().PostFormValue("signed_message")
if !utils.PgpCheckSignMessage(pgpToken.PKey, pgpToken.Value, data.SignedMessage) {
+ item.Attempt++
+ if item.Attempt >= 4 {
+ pgpTokenCache.Delete(user.ID)
+ partialAuthCache.Delete(token)
+ return c.Redirect(http.StatusFound, "/")
+ }
data.ErrorSignedMessage = "invalid signature"
return c.Render(http.StatusOK, "sessions-gpg-sign-two-factor", data)
}
@@ -554,6 +560,11 @@ func SessionsTwoFactorHandler(c echo.Context, step1 bool, token string) error {
}
secret := string(user.TwoFactorSecret)
if !totp.Validate(code, secret) {
+ item.Attempt++
+ if item.Attempt >= 4 {
+ partialAuthCache.Delete(token)
+ return c.Redirect(http.StatusFound, "/")
+ }
data.Error = "Two-factor authentication failed."
return c.Render(http.StatusOK, "sessions-two-factor", data)
}
