security: No longer allow user_hash for esup-otp-manager routes (requ…

…ire esup-otp-manager => 1.4.0)
EsupPortail · Jul 16, 2024 · 5d889c5 · 5d889c5
1 parent cd3c3b0
commit 5d889c5
Show file tree

Hide file tree

Showing 5 changed files with 201 additions and 189 deletions.
diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 esup-otp-api is a RESTful api using NodeJS to generate, send and verify one-time codes for [EsupPortail]
 
 ### Version
-1.5.0
+1.6.0
 
 Runs on Node v20.11.1 and npm v10.2.4
 

diff --git a/controllers/api.js b/controllers/api.js
@@ -381,7 +381,6 @@ export async function verify_code(req, res) {
     throw new errors.InvalidCredentialsError();
 }
 
-
 /**
  * Génére un nouvel attribut d'auth (secret key ou matrice ou bypass codes)
  *
@@ -414,6 +413,11 @@ export async function delete_method_secret(req, res) {
     return method.delete_method_secret(user, req, res);
 }
 
+export async function generate_webauthn_method_secret(req, res) {
+    req.params.method = "webauthn";
+    return generate_method_secret(req, res);
+}
+
 export async function verify_webauthn_auth(req, res) {
     req.params.method = "webauthn";
     const { user, method } = await getUserAndMethodModule(req);