fixed critical login TOTP bypass bug! whoops!!!!!

2025-01-26 23:41:35 +00:00 · 2025-01-26 23:41:35 +00:00 · 656501e69f
commit 656501e69f
parent 2e93c3c5e5
6 changed files with 150 additions and 92 deletions
--- a/controller/session.go
+++ b/controller/session.go
@ -49,6 +49,17 @@ func CreateSession(db *sqlx.DB, userAgent string) (*model.Session, error) {
 //     return err
 // }

+func SetSessionAttemptAccount(db *sqlx.DB, session *model.Session, account *model.Account) error {
+    var err error
+    session.AttemptAccount = account
+    if account == nil {
+        _, err = db.Exec("UPDATE session SET attempt_account=NULL WHERE token=$1", session.Token)
+    } else {
+        _, err = db.Exec("UPDATE session SET attempt_account=$2 WHERE token=$1", session.Token, account.ID)
+    }
+    return err
+}
+
 func SetSessionAccount(db *sqlx.DB, session *model.Session, account *model.Account) error {
    var err error
    session.Account = account