fix(web): use a distinct salt for TOTP authentication

If TOTP is enabled for a user, it will be disabled until the user
configure it again, which will generate a new private salt.
This commit is contained in:
Francis Lachapelle
2021-10-15 16:11:24 -04:00
parent ba86b0fd11
commit d4da1facf9
11 changed files with 115 additions and 35 deletions
+1 -1
View File
@@ -1138,7 +1138,7 @@
size_t s_len, secret_len;
key = [[[self userSettings] userSalt] substringToIndex: 12];
key = [[[self userSettings] userPrivateSalt] substringToIndex: 12];
s = [key UTF8String];
s_len = strlen(s);