RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove TOTP secret from endpoint logs

pull/175/head
Clement Michaud 2017-10-17 23:09:17 +02:00
parent dacdce6c50
commit 2b65680774
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/src/lib/routes/secondfactor/totp/sign/post.ts
View File

@ -23,12 +23,10 @@ export default function (vars: ServerVariables) {
return AuthenticationSession.get(req)
.then(function (_authSession: AuthenticationSession.AuthenticationSession) {
authSession = _authSession;
vars.logger.info(req, "Initiate TOTP validation for user '%s'.", authSession.userid);
vars.logger.info(req, "Initiate TOTP validation for user \"%s\".", authSession.userid);
return vars.userDataStore.retrieveTOTPSecret(authSession.userid);
})
.then(function (doc: TOTPSecretDocument) {
vars.logger.debug(req, "TOTP secret is %s", JSON.stringify(doc));
if (!vars.totpHandler.validate(token, doc.secret.base32))
return BluebirdPromise.reject(new Error("Invalid TOTP token."));