finn/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[SEC] Notify owner about TOTP enrollment

Browse source 
- In the spirit of #4635
- Notify the owner when their account is getting enrolled into TOTP. The
message is changed according if they have security keys or not.
- Integration test added.
This commit is contained in:
Gusted 2024-07-26 19:26:44 +02:00
parent 2285526e93
commit a7e96aae66
No known key found for this signature in database
GPG key ID: FD821B732837125F
6 changed files with 137 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
routers/web/user/setting/security/2fa.go
View file

@ -243,6 +243,11 @@ func EnrollTwoFactorPost(ctx *context.Context) {
log.Error("Unable to save changes to the session: %v", err)
}
if err := mailer.SendTOTPEnrolled(ctx, ctx.Doer); err != nil {
ctx.ServerError("SendTOTPEnrolled", err)
return
}
if err = auth.NewTwoFactor(ctx, t); err != nil {
// FIXME: We need to handle a unique constraint fail here it's entirely possible that another request has beaten us.
// If there is a unique constraint fail we should just tolerate the error