commit d5735ed0558bbf54bd9cac96c5bd8abaf92c864c
parent d899773a5c062b1a0a132e482aebd7c05127d6f6
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Tue, 6 Jun 2023 21:32:10 -0700
dedup code
Diffstat:
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -231,6 +231,8 @@ func protectHomeHandler(c echo.Context) error {
return c.HTMLBlob(http.StatusOK, buf.Bytes())
}
+const max2faAttempts = 4
+
// partialAuthCache keep track of partial auth token -> user id.
// When a user login and have 2fa enabled, we create a "partial" auth cookie.
// The token can be used to complete the 2fa authentication.
@@ -481,7 +483,7 @@ func SessionsGpgTwoFactorHandler(c echo.Context, step1 bool, token string) error
data.Code = c.Request().PostFormValue("pgp_code")
if data.Code != pgpToken.Value {
item.Attempt++
- if item.Attempt >= 4 {
+ if item.Attempt >= max2faAttempts {
cleanup()
return c.Redirect(http.StatusFound, "/")
}
@@ -535,7 +537,7 @@ func SessionsGpgSignTwoFactorHandler(c echo.Context, step1 bool, token string) e
if !utils.PgpCheckSignMessage(pgpToken.PKey, pgpToken.Value, data.SignedMessage) {
item.Attempt++
- if item.Attempt >= 4 {
+ if item.Attempt >= max2faAttempts {
cleanup()
return c.Redirect(http.StatusFound, "/")
}
@@ -574,7 +576,7 @@ func SessionsTwoFactorHandler(c echo.Context, step1 bool, token string) error {
secret := string(user.TwoFactorSecret)
if !totp.Validate(code, secret) {
item.Attempt++
- if item.Attempt >= 4 {
+ if item.Attempt >= max2faAttempts {
cleanup()
return c.Redirect(http.StatusFound, "/")
}
