|
|
|
@ -744,26 +744,25 @@ async fn register_verification_email( |
|
|
|
|
|
|
|
let should_send_mail = CONFIG.mail_enabled() && CONFIG.signups_verify(); |
|
|
|
|
|
|
|
if User::find_by_mail(&data.email, &mut conn).await.is_some() { |
|
|
|
if should_send_mail { |
|
|
|
// There is still a timing side channel here in that the code
|
|
|
|
// paths that send mail take noticeably longer than ones that
|
|
|
|
// don't. Add a randomized sleep to mitigate this somewhat.
|
|
|
|
use rand::{rngs::SmallRng, Rng, SeedableRng}; |
|
|
|
let mut rng = SmallRng::from_os_rng(); |
|
|
|
let delta: i32 = 100; |
|
|
|
let sleep_ms = (1_000 + rng.random_range(-delta..=delta)) as u64; |
|
|
|
tokio::time::sleep(tokio::time::Duration::from_millis(sleep_ms)).await; |
|
|
|
} |
|
|
|
return Ok(RegisterVerificationResponse::NoContent(())); |
|
|
|
} |
|
|
|
|
|
|
|
let token_claims = |
|
|
|
crate::auth::generate_register_verify_claims(data.email.clone(), data.name.clone(), should_send_mail); |
|
|
|
let token = crate::auth::encode_jwt(&token_claims); |
|
|
|
|
|
|
|
if should_send_mail { |
|
|
|
mail::send_register_verify_email(&data.email, &token).await?; |
|
|
|
if User::find_by_mail(&data.email, &mut conn).await.is_some() { |
|
|
|
if should_send_mail { |
|
|
|
// There is still a timing side channel here in that the code
|
|
|
|
// paths that send mail take noticeably longer than ones that
|
|
|
|
// don't. Add a randomized sleep to mitigate this somewhat.
|
|
|
|
use rand::{rngs::SmallRng, Rng, SeedableRng}; |
|
|
|
let mut rng = SmallRng::from_os_rng(); |
|
|
|
let delta: i32 = 100; |
|
|
|
let sleep_ms = (1_000 + rng.random_range(-delta..=delta)) as u64; |
|
|
|
tokio::time::sleep(tokio::time::Duration::from_millis(sleep_ms)).await; |
|
|
|
} |
|
|
|
} else { |
|
|
|
mail::send_register_verify_email(&data.email, &token).await?; |
|
|
|
} |
|
|
|
|
|
|
|
Ok(RegisterVerificationResponse::NoContent(())) |
|
|
|
} else { |
|
|
|
|
Timshel
1 week ago