github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Limit name field length of TOTP authenticators and security keys

Browse Source
This commit is contained in:
OsamaSayegh
2023-08-24 09:27:38 +03:00
committed by Roman Rizzi
parent 85fddf58bc
commit c1b5faa5fd
21 changed files with 309 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/users_controller.rb
View File

@ -1551,6 +1551,11 @@ class UsersController < ApplicationController
end
def create_second_factor_security_key
if current_user.all_security_keys.count >= UserSecurityKey::MAX_KEYS_PER_USER
render_json_error(I18n.t("login.too_many_security_keys"), status: 422)
return
end
challenge_session = DiscourseWebauthn.stage_challenge(current_user, secure_session)
render json:
success_json.merge(