1
0
mirror of https://github.com/haiwen/seahub.git synced 2025-07-23 03:13:40 +00:00

add warning log for verify_token of totp (#5773)

* add warning log for verify_token of totp

* improve log info

* improve log level
This commit is contained in:
WJH 2023-11-16 17:27:30 +08:00 committed by GitHub
parent b6014e1254
commit 160f69b83c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -99,17 +99,21 @@ class TOTPDevice(Device):
for offset in range(-self.tolerance, self.tolerance + 1):
totp.drift = self.drift + offset
if (totp.t() > self.last_t) and (totp.token() == token):
self.last_t = totp.t()
if (offset != 0) and OTP_TOTP_SYNC:
self.drift += offset
self.save()
verified = True
break
if token == totp.token():
if self.last_t < totp.t():
self.last_t = totp.t()
if (offset != 0) and OTP_TOTP_SYNC:
self.drift += offset
self.save()
verified = True
break
else:
logging.warning('Warning! Suspected token replay!')
logging.warning('user input token = %s, totp.token = %s, self.last_t = %s, totp.t = %s'
% (token, totp.token(), self.last_t, totp.t()))
else:
logging.info('user input invalid token = %s, totp.token = %s, self.last_t = %s, totp.t = %s'
% (token, totp.token(), totp.t(), self.last_t))
% (token, totp.token(), self.last_t, totp.t()))
verified = False
return verified