[PR #657] [MERGED] Updated authenticator TOTP #2637

Closed
opened 2025-11-07 07:49:53 -06:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/657
Author: @BlackDex
Created: 10/10/2019
Status: Merged
Merged: 10/12/2019
Merged by: @dani-garcia

Base: masterHead: totp-timedrift


📝 Commits (3)

📊 Changes

12 files changed (+49 additions, -10 deletions)

View changed files

migrations/mysql/2019-10-10-083032_add_column_to_twofactor/down.sql (+0 -0)
migrations/mysql/2019-10-10-083032_add_column_to_twofactor/up.sql (+1 -0)
migrations/postgresql/2019-10-10-083032_add_column_to_twofactor/down.sql (+0 -0)
migrations/postgresql/2019-10-10-083032_add_column_to_twofactor/up.sql (+1 -0)
migrations/sqlite/2019-10-10-083032_add_column_to_twofactor/down.sql (+0 -0)
migrations/sqlite/2019-10-10-083032_add_column_to_twofactor/up.sql (+1 -0)
📝 src/api/core/two_factor/authenticator.rs (+40 -9)
📝 src/api/identity.rs (+1 -1)
📝 src/db/models/two_factor.rs (+2 -0)
📝 src/db/schemas/mysql/schema.rs (+1 -0)
📝 src/db/schemas/postgresql/schema.rs (+1 -0)
📝 src/db/schemas/sqlite/schema.rs (+1 -0)

📄 Description

  • Added security check for previouse used codes
  • Allow TOTP codes with 1 step back and forward when there is a time
    drift. This means in total 3 codes could be valid. But only newer codes
    then the previouse used codes are excepted after that.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/657 **Author:** [@BlackDex](https://github.com/BlackDex) **Created:** 10/10/2019 **Status:** ✅ Merged **Merged:** 10/12/2019 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `master` ← **Head:** `totp-timedrift` --- ### 📝 Commits (3) - [`ebf4009`](https://github.com/dani-garcia/vaultwarden/commit/ebf40099f2fc73cc5309ddd7fff6a679dc9ae839) Updated authenticator TOTP - [`d989a19`](https://github.com/dani-garcia/vaultwarden/commit/d989a19f764c5838e6a4ae698af2e32af567a3fe) Merge branch 'master' of https://github.com/dani-garcia/bitwarden_rs into totp-timedrift - [`9466f02`](https://github.com/dani-garcia/vaultwarden/commit/9466f0269607098304c03f87e2ed116b93a2c01d) Recoded TOTP time drift validation ### 📊 Changes **12 files changed** (+49 additions, -10 deletions) <details> <summary>View changed files</summary> ➕ `migrations/mysql/2019-10-10-083032_add_column_to_twofactor/down.sql` (+0 -0) ➕ `migrations/mysql/2019-10-10-083032_add_column_to_twofactor/up.sql` (+1 -0) ➕ `migrations/postgresql/2019-10-10-083032_add_column_to_twofactor/down.sql` (+0 -0) ➕ `migrations/postgresql/2019-10-10-083032_add_column_to_twofactor/up.sql` (+1 -0) ➕ `migrations/sqlite/2019-10-10-083032_add_column_to_twofactor/down.sql` (+0 -0) ➕ `migrations/sqlite/2019-10-10-083032_add_column_to_twofactor/up.sql` (+1 -0) 📝 `src/api/core/two_factor/authenticator.rs` (+40 -9) 📝 `src/api/identity.rs` (+1 -1) 📝 `src/db/models/two_factor.rs` (+2 -0) 📝 `src/db/schemas/mysql/schema.rs` (+1 -0) 📝 `src/db/schemas/postgresql/schema.rs` (+1 -0) 📝 `src/db/schemas/sqlite/schema.rs` (+1 -0) </details> ### 📄 Description - Added security check for previouse used codes - Allow TOTP codes with 1 step back and forward when there is a time drift. This means in total 3 codes could be valid. But only newer codes then the previouse used codes are excepted after that. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2025-11-07 07:49:53 -06:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#2637