We have clarified our Privacy Statement even further. Please have a look at our changes.
Browse Source

Make mail code verification less strict

master
Jonas Lochmann 1 week ago
parent
commit
d8d741ab28
Signed by: Jonas Lochmann <git@inkompetenz.org> GPG Key ID: 8B8C9AEE10FA5B36
2 changed files with 12 additions and 2 deletions
  1. +2
    -2
      src/function/authentication/login-by-mail.ts
  2. +10
    -0
      src/util/random-words.ts

+ 2
- 2
src/function/authentication/login-by-mail.ts View File

@@ -18,7 +18,7 @@
import { Forbidden, Gone, InternalServerError, TooManyRequests } from 'http-errors'
import { Database } from '../../database'
import { sendAuthenticationMail } from '../../util/mail'
import { randomWords } from '../../util/random-words'
import { areWordSequencesEqual, randomWords } from '../../util/random-words'
import { checkMailSendLimit } from '../../util/ratelimit-authmail'
import { generateAuthToken } from '../../util/token'
import { createAuthTokenByMailAddress } from './index'
@@ -78,7 +78,7 @@ export const signInByMailCode = async ({ mailLoginToken, receivedCode, database
}
}

if (entry.receivedCode !== receivedCode) {
if (!areWordSequencesEqual(entry.receivedCode, receivedCode)) {
entry.remainingAttempts--

await entry.save({ transaction })

+ 10
- 0
src/util/random-words.ts View File

@@ -31,3 +31,13 @@ export const randomWords = (numberOfWords: number) => (
.map((item) => randomWord())
.join(' ')
)

const preprocessStringForComparing = (input: string) => (
input
.replace(/ |\*/g, '')
.toLowerCase()
)

export const areWordSequencesEqual = (a: string, b: string) => (
preprocessStringForComparing(a) === preprocessStringForComparing(b)
)

Loading…
Cancel
Save