izackp/Apollo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix security risk in pairing process w/ add device name for OTP pair

Browse Source
This commit is contained in:
Yukino Song
2024-08-28 23:52:02 +08:00
parent 096e8ac62f
commit 36b1a15676
4 changed files with 37 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/confighttp.cpp
View File

@@ -765,7 +765,15 @@ namespace confighttp {
throw std::runtime_error("Passphrase too short!");
}
outputTree.put("otp", nvhttp::request_otp(it->second));
std::string passphrase = it->second;
std::string deviceName;
it = args.find("deviceName");
if (it != std::end(args)) {
deviceName = it->second;
}
outputTree.put("otp", nvhttp::request_otp(passphrase, deviceName));
outputTree.put("status", true);
outputTree.put("message", "OTP created, effective within 3 minutes.");
}