LogalDeveloper/owncast
0
Fork 0
Code Activity

Limit OTP requests to one per expiry window. Closes #2000

Browse Source
This commit is contained in:
Gabe Kangas
2022-08-02 13:29:06 -07:00
parent c40eaa47e9
commit 0b5ddf433b
3 changed files with 37 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
auth/fediverse/fediverse_test.go
View File

@@ -10,7 +10,11 @@ const (
)
func TestOTPFlowValidation(t *testing.T) {
r := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
r, success := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
if !success {
t.Error("Registration should be permitted.")
}
if r.Code == "" {
t.Error("Code is empty")
@@ -41,3 +45,16 @@ func TestOTPFlowValidation(t *testing.T) {
t.Error("UserDisplayName is not set correctly")
}
}
func TestSingleOTPFlowRequest(t *testing.T) {
r1, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
r2, s2 := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
if r1.Code != r2.Code {
t.Error("Only one registration should be permitted.")
}
if s2 {
t.Error("Second registration should not be permitted.")
}
}