Skip to content

Commit 26cc758

Browse files
DanielleMaywoodDanielleMaywood
committed
fix: check one-time passcode expiry
1 parent bff384b commit 26cc758

File tree

4 files changed

+10
-9
lines changed

4 files changed

+10
-9
lines changed

coderd/apidoc/docs.go

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/apidoc/swagger.json

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/userauth.go

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -205,7 +205,7 @@ func (api *API) postConvertLoginType(rw http.ResponseWriter, r *http.Request) {
205205

206206
// Requests a one-time passcode for a user.
207207
//
208-
// @Summary Request one-time passcode.
208+
// @Summary Request one-time passcode
209209
// @ID request-one-time-passcode
210210
// @Accept json
211211
// @Tags Authorization
@@ -307,7 +307,7 @@ func (api *API) notifyUserRequestedOneTimePasscode(ctx context.Context, user dat
307307

308308
// Change a users password with a one-time passcode.
309309
//
310-
// @Summary Change password with a one-time passcode.
310+
// @Summary Change password with a one-time passcode
311311
// @ID change-password-with-a-one-time-passcode
312312
// @Accept json
313313
// @Tags Authorization
@@ -358,7 +358,8 @@ func (api *API) postChangePasswordWithOneTimePasscode(rw http.ResponseWriter, r
358358
return xerrors.Errorf("compare one time passcode: %w", err)
359359
}
360360

361-
if !equal {
361+
now := dbtime.Now()
362+
if !equal || now.After(user.OneTimePasscodeExpiresAt.Time) {
362363
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
363364
Message: "Incorrect email or one-time-passcode.",
364365
})

docs/reference/api/authorization.md

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)