Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit26cc758

Browse files
fix: check one-time passcode expiry
1 parentbff384b commit26cc758

File tree

4 files changed

+10
-9
lines changed

4 files changed

+10
-9
lines changed

‎coderd/apidoc/docs.go

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/apidoc/swagger.json

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/userauth.go

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -205,7 +205,7 @@ func (api *API) postConvertLoginType(rw http.ResponseWriter, r *http.Request) {
205205

206206
// Requests a one-time passcode for a user.
207207
//
208-
// @Summary Request one-time passcode.
208+
// @Summary Request one-time passcode
209209
// @ID request-one-time-passcode
210210
// @Accept json
211211
// @Tags Authorization
@@ -307,7 +307,7 @@ func (api *API) notifyUserRequestedOneTimePasscode(ctx context.Context, user dat
307307

308308
// Change a users password with a one-time passcode.
309309
//
310-
// @Summary Change password with a one-time passcode.
310+
// @Summary Change password with a one-time passcode
311311
// @ID change-password-with-a-one-time-passcode
312312
// @Accept json
313313
// @Tags Authorization
@@ -358,7 +358,8 @@ func (api *API) postChangePasswordWithOneTimePasscode(rw http.ResponseWriter, r
358358
returnxerrors.Errorf("compare one time passcode: %w",err)
359359
}
360360

361-
if!equal {
361+
now:=dbtime.Now()
362+
if!equal||now.After(user.OneTimePasscodeExpiresAt.Time) {
362363
httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{
363364
Message:"Incorrect email or one-time-passcode.",
364365
})

‎docs/reference/api/authorization.md

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp