LAB-linuxserver/heimdalljs
1
0
Fork 0
mirror of https://github.com/linuxserver/heimdalljs.git synced 2026-02-20 05:12:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

better comment for why we delete totpSecret from the body

Browse Source
This commit is contained in:
alex-phillips 2020-02-22 13:50:44 -05:00
parent ac69aba621
commit 8a899a1701
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
routes/users.js
View File

@ -114,7 +114,10 @@ router.put('/', upload.single('avatar'), async (req, res, next) => {
delete req.body.password
}
// ALWAYS DELETE totp, this should only be set by the server
/**
* This is just a security precaution.
* ALWAYS DELETE totp, this should only be set by the server.
*/
delete req.body.totpSecret
// Begin process to set up and confirm multi-factor authentication