Winsomnia/MireaBackend
1
0
Fork 0
Code Pull Requests Actions Projects Releases Activity

feat: add logging for empty secret

Browse Source
This commit is contained in:
Polianin Nikita 2024-12-25 05:48:22 +03:00
parent c12323dc29
commit c66f3355ec
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Security/Services/AuthService.cs
View File

@ -145,7 +145,13 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I
case TwoFactorAuthenticator.Totp: case TwoFactorAuthenticator.Totp:
{ {
if (string.IsNullOrEmpty(firstTokenAuth.Secret)) if (string.IsNullOrEmpty(firstTokenAuth.Secret))
{
logger.LogWarning("The user {Fingerprint} for {UserId} tried to pass the 2FA even though the secret is empty",
requestContext.Fingerprint,
firstTokenAuth.UserId);
throw new InvalidOperationException("Required authentication data is missing."); throw new InvalidOperationException("Required authentication data is missing.");
}
var totp = new TotpService(firstTokenAuth.Secret); var totp = new TotpService(firstTokenAuth.Secret);