ensure the server does not crash on misconfigured validator

talentone · Aug 9, 2023 · 25b5edf · 25b5edf
1 parent 8ebab29
commit 25b5edf
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/server/auth/code/auth_code.go b/server/auth/code/auth_code.go
@@ -57,7 +57,7 @@ func (ca *authenticator) Init(jsonconf json.RawMessage, name string) error {
 	}
 
 	if config.MaxRetries < 1 {
-		return errors.New("auth_code: invalid reties count")
+		return errors.New("auth_code: invalid retries count")
 	}
 
 	ca.name = name

diff --git a/server/session.go b/server/session.go
@@ -1019,7 +1019,13 @@ func (s *Session) authSecretReset(params []byte) error {
 		return err
 	}
 
-	code, _, err := store.Store.GetLogicalAuthHandler(tempScheme).GenSecret(&auth.Rec{
+	tempAuth := store.Store.GetLogicalAuthHandler(tempScheme)
+	if tempAuth == nil || !tempAuth.IsInitialized() {
+		logs.Err.Println("s.authSecretReset: validator with missing temp auth", credMethod, tempScheme, s.sid)
+		return types.ErrInternal
+	}
+
+	code, _, err := tempAuth.GenSecret(&auth.Rec{
 		Uid:        uid,
 		AuthLevel:  auth.LevelAuth,
 		Features:   auth.FeatureNoLogin,