Skip to content

Commit

Permalink
Fix config copy operation, warn on insecure value.
Browse files Browse the repository at this point in the history
  • Loading branch information
zyro committed Sep 20, 2024
1 parent b03b120 commit 44f146d
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions server/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -415,6 +415,9 @@ func ValidateConfig(logger *zap.Logger, c Config) map[string]string {

if k := c.GetMFA().StorageEncryptionKey; k != "" && len(k) != 32 {
logger.Fatal("MFA encryption key has to be 32 bits long")
} else if k == NewMFAConfig().StorageEncryptionKey {
logger.Warn("WARNING: insecure default parameter value, change this for production!", zap.String("param", "mfa.storage_encryption_key"))
configWarnings["mfa.storage_encryption_key"] = "Insecure default parameter value, change this for production!"
}

return configWarnings
Expand Down Expand Up @@ -529,6 +532,7 @@ func (c *config) Clone() (Config, error) {
configSatori := *(c.Satori)
configStorage := *(c.Storage)
configGoogleAuth := *(c.GoogleAuth)
configMFA := *(c.MFA)
nc := &config{
Name: c.Name,
Datadir: c.Datadir,
Expand All @@ -549,6 +553,7 @@ func (c *config) Clone() (Config, error) {
Satori: &configSatori,
GoogleAuth: &configGoogleAuth,
Storage: &configStorage,
MFA: &configMFA,
}
nc.Socket.CertPEMBlock = make([]byte, len(c.Socket.CertPEMBlock))
copy(nc.Socket.CertPEMBlock, c.Socket.CertPEMBlock)
Expand Down

0 comments on commit 44f146d

Please sign in to comment.