diff --git a/server/core/helpers/otp.ts b/server/core/helpers/otp.ts index 673a043f6..814c76c10 100644 --- a/server/core/helpers/otp.ts +++ b/server/core/helpers/otp.ts @@ -1,6 +1,7 @@ -import { Secret, TOTP } from 'otpauth' import { CONFIG } from '@server/initializers/config.js' import { WEBSERVER } from '@server/initializers/constants.js' +import { Secret, TOTP } from 'otpauth' +import { logger } from './logger.js' import { decrypt } from './peertube-crypto.js' async function isOTPValid (options: { @@ -9,22 +10,28 @@ async function isOTPValid (options: { }) { const { token, encryptedSecret } = options - const secret = await decrypt(encryptedSecret, CONFIG.SECRETS.PEERTUBE) + try { + const secret = await decrypt(encryptedSecret, CONFIG.SECRETS.PEERTUBE) - const totp = new TOTP({ - ...baseOTPOptions(), + const totp = new TOTP({ + ...baseOTPOptions(), - secret - }) + secret + }) - const delta = totp.validate({ - token, - window: 1 - }) + const delta = totp.validate({ + token, + window: 1 + }) - if (delta === null) return false + if (delta === null) return false - return true + return true + } catch (err) { + logger.error('Cannot decrypt/validate OTP', { err }) + + return false + } } function generateOTPSecret (email: string) { @@ -42,8 +49,7 @@ function generateOTPSecret (email: string) { } export { - isOTPValid, - generateOTPSecret + generateOTPSecret, isOTPValid } // ---------------------------------------------------------------------------