Browse Source
Don't delete token when tracking attempts
pull/6411/head
Daniel García
1 month ago
No known key found for this signature in database
GPG Key ID: FC8A7D14C3CD543A
1 changed files with
2 additions and
2 deletions
-
src/api/core/two_factor/protected_actions.rs
|
|
@ -126,9 +126,9 @@ pub async fn validate_protected_action_otp( |
|
|
pa_data.add_attempt(); |
|
|
pa_data.add_attempt(); |
|
|
pa.data = pa_data.to_json(); |
|
|
pa.data = pa_data.to_json(); |
|
|
|
|
|
|
|
|
// Delete the token after x attempts if it has been used too many times
|
|
|
// Fail after x attempts if the token has been used too many times.
|
|
|
|
|
|
// Don't delete it, as we use it to keep track of attempts.
|
|
|
if pa_data.attempts >= CONFIG.email_attempts_limit() { |
|
|
if pa_data.attempts >= CONFIG.email_attempts_limit() { |
|
|
pa.delete(conn).await?; |
|
|
|
|
|
err!("Token has expired") |
|
|
err!("Token has expired") |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
