DEV: increase the length of backup codes
16 ^ 8 though not tiny but is a workable search space in the event of breach, 16 ^ 16 is not.
This commit is contained in:
parent
c677f8ee6a
commit
bff9880d63
|
@ -191,7 +191,7 @@ module SecondFactorManager
|
|||
def generate_backup_codes
|
||||
codes = []
|
||||
10.times do
|
||||
codes << SecureRandom.hex(8)
|
||||
codes << SecureRandom.hex(16)
|
||||
end
|
||||
|
||||
codes_json = codes.map do |code|
|
||||
|
|
|
@ -3548,7 +3548,8 @@ describe UsersController do
|
|||
|
||||
response_body = JSON.parse(response.body)
|
||||
|
||||
expect(response_body['backup_codes'].length).to be(10)
|
||||
# we use SecureRandom.hex(16) for backup codes, ensure this continues to be the case
|
||||
expect(response_body['backup_codes'].map(&:length)).to eq([32] * 10)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue