mirror of
https://github.com/haiwen/seahub.git
synced 2025-07-23 03:13:40 +00:00
add warning log for verify_token of totp (#5773)
* add warning log for verify_token of totp * improve log info * improve log level
This commit is contained in:
parent
b6014e1254
commit
160f69b83c
@ -99,17 +99,21 @@ class TOTPDevice(Device):
|
||||
|
||||
for offset in range(-self.tolerance, self.tolerance + 1):
|
||||
totp.drift = self.drift + offset
|
||||
if (totp.t() > self.last_t) and (totp.token() == token):
|
||||
self.last_t = totp.t()
|
||||
if (offset != 0) and OTP_TOTP_SYNC:
|
||||
self.drift += offset
|
||||
self.save()
|
||||
|
||||
verified = True
|
||||
break
|
||||
if token == totp.token():
|
||||
if self.last_t < totp.t():
|
||||
self.last_t = totp.t()
|
||||
if (offset != 0) and OTP_TOTP_SYNC:
|
||||
self.drift += offset
|
||||
self.save()
|
||||
verified = True
|
||||
break
|
||||
else:
|
||||
logging.warning('Warning! Suspected token replay!')
|
||||
logging.warning('user input token = %s, totp.token = %s, self.last_t = %s, totp.t = %s'
|
||||
% (token, totp.token(), self.last_t, totp.t()))
|
||||
else:
|
||||
logging.info('user input invalid token = %s, totp.token = %s, self.last_t = %s, totp.t = %s'
|
||||
% (token, totp.token(), totp.t(), self.last_t))
|
||||
% (token, totp.token(), self.last_t, totp.t()))
|
||||
verified = False
|
||||
|
||||
return verified
|
||||
|
Loading…
Reference in New Issue
Block a user