mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-08-03 17:44:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

reset password flow

Browse source
This commit is contained in:
Milo Schwartz 2024-12-22 16:59:30 -05:00
parent 9c37036a39
commit f224bfa4ee
No known key found for this signature in database
22 changed files with 739 additions and 184 deletions
Download patch file Download diff file Expand all files Collapse all files

8
server/routers/auth/requestTotpSecret.ts
View file

@ -13,6 +13,7 @@ import { verify } from "@node-rs/argon2";
import { createTOTPKeyURI } from "oslo/otp";
import config from "@server/config";
import logger from "@server/logger";
import { verifyPassword } from "@server/auth/password";
export const requestTotpSecretBody = z
.object({
@ -47,12 +48,7 @@ export async function requestTotpSecret(
const user = req.user as User;
try {
const validPassword = await verify(user.passwordHash, password, {
memoryCost: 19456,
timeCost: 2,
outputLen: 32,
parallelism: 1
});
const validPassword = await verifyPassword(password, user.passwordHash);
if (!validPassword) {
return next(unauthorized());
}