forked from MarseyWorld/MarseyWorld
parent
b588422d37
commit
1b8aade025
|
@ -502,13 +502,8 @@ def lost_2fa(v):
|
|||
@limiter.limit('1/second', scope=rpath)
|
||||
@limiter.limit("3/day", deduct_when=lambda response: response.status_code < 400)
|
||||
def lost_2fa_post():
|
||||
print(1, flush=True)
|
||||
|
||||
username = request.values.get("username")
|
||||
user = get_user(username, graceful=True)
|
||||
|
||||
print(2, flush=True)
|
||||
|
||||
if not user or not user.email or not user.mfa_secret:
|
||||
return render_template("message.html",
|
||||
title="Removal request received",
|
||||
|
@ -520,25 +515,17 @@ def lost_2fa_post():
|
|||
if not email_regex.fullmatch(email):
|
||||
abort(400, "Invalid email")
|
||||
|
||||
print(3, flush=True)
|
||||
|
||||
password = request.values.get("password")
|
||||
if not user.verifyPass(password):
|
||||
return render_template("message.html",
|
||||
title="Removal request received",
|
||||
message="If username, password, and email match, we will send you an email."), 202
|
||||
|
||||
print(4, flush=True)
|
||||
|
||||
valid = int(time.time())
|
||||
token = generate_hash(f"{user.id}+{user.username}+disable2fa+{valid}+{user.mfa_secret}+{user.login_nonce}")
|
||||
|
||||
print(5, flush=True)
|
||||
|
||||
action_url = f"{SITE_FULL}/reset_2fa?id={user.id}&t={valid}&token={token}"
|
||||
|
||||
print(6, flush=True)
|
||||
|
||||
send_mail(to_address=user.email,
|
||||
subject="Two-factor Authentication Removal Request",
|
||||
html=render_template("email/2fa_remove.html",
|
||||
|
@ -546,8 +533,6 @@ def lost_2fa_post():
|
|||
v=user)
|
||||
)
|
||||
|
||||
print(7, flush=True)
|
||||
|
||||
return render_template("message.html",
|
||||
title="Removal request received",
|
||||
message="If the username, password, and email match, we will send you an email. Please check your spam folder if you can't find it."), 202
|
||||
|
|
Loading…
Reference in New Issue