dani-garcia · dani-garcia · Mar 17, 2024 · Feb 15, 2024 · Mar 17, 2024
diff --git a/migrations/mysql/2024-02-14-135828_change_time_stamp_data_type/down.sql b/migrations/mysql/2024-02-14-135828_change_time_stamp_data_type/down.sql
diff --git a/migrations/mysql/2024-02-14-135828_change_time_stamp_data_type/up.sql b/migrations/mysql/2024-02-14-135828_change_time_stamp_data_type/up.sql
@@ -0,0 +1 @@
+ALTER TABLE twofactor MODIFY last_used BIGINT NOT NULL;
diff --git a/migrations/postgresql/2024-02-14-135953_change_time_stamp_data_type/down.sql b/migrations/postgresql/2024-02-14-135953_change_time_stamp_data_type/down.sql
diff --git a/migrations/postgresql/2024-02-14-135953_change_time_stamp_data_type/up.sql b/migrations/postgresql/2024-02-14-135953_change_time_stamp_data_type/up.sql
@@ -0,0 +1,3 @@
+ALTER TABLE twofactor
+ALTER COLUMN last_used TYPE BIGINT,
+ALTER COLUMN last_used SET NOT NULL;
diff --git a/migrations/sqlite/2024-02-14-140000_change_time_stamp_data_type/down.sql b/migrations/sqlite/2024-02-14-140000_change_time_stamp_data_type/down.sql
diff --git a/migrations/sqlite/2024-02-14-140000_change_time_stamp_data_type/up.sql b/migrations/sqlite/2024-02-14-140000_change_time_stamp_data_type/up.sql
@@ -0,0 +1 @@
+-- Integer size in SQLite is already i64, so we don't need to do anything
diff --git a/src/api/core/two_factor/authenticator.rs b/src/api/core/two_factor/authenticator.rs
@@ -157,18 +157,18 @@ pub async fn validate_totp_code(
         let generated = totp_custom::<Sha1>(30, 6, &decoded_secret, time);
 
         // Check the given code equals the generated and if the time_step is larger then the one last used.
-        if generated == totp_code && time_step > i64::from(twofactor.last_used) {
+        if generated == totp_code && time_step > twofactor.last_used {
             // If the step does not equals 0 the time is drifted either server or client side.
             if step != 0 {
                 warn!("TOTP Time drift detected. The step offset is {}", step);
             }
 
             // Save the last used time step so only totp time steps higher then this one are allowed.
             // This will also save a newly created twofactor if the code is correct.
-            twofactor.last_used = time_step as i32;
+            twofactor.last_used = time_step;
             twofactor.save(conn).await?;
             return Ok(());
-        } else if generated == totp_code && time_step <= i64::from(twofactor.last_used) {
+        } else if generated == totp_code && time_step <= twofactor.last_used {
             warn!("This TOTP or a TOTP code within {} steps back or forward has already been used!", steps);
             err!(
                 format!("Invalid TOTP code! Server time: {} IP: {}", current_time.format("%F %T UTC"), ip.ip),

diff --git a/src/db/models/two_factor.rs b/src/db/models/two_factor.rs
@@ -12,7 +12,7 @@ db_object! {
         pub atype: i32,
         pub enabled: bool,
         pub data: String,
-        pub last_used: i32,
+        pub last_used: i64,
     }
 }
 

diff --git a/src/db/schemas/mysql/schema.rs b/src/db/schemas/mysql/schema.rs
@@ -160,7 +160,7 @@ table! {
         atype -> Integer,
         enabled -> Bool,
         data -> Text,
-        last_used -> Integer,
+        last_used -> BigInt,
     }
 }
 

diff --git a/src/db/schemas/postgresql/schema.rs b/src/db/schemas/postgresql/schema.rs
@@ -160,7 +160,7 @@ table! {
         atype -> Integer,
         enabled -> Bool,
         data -> Text,
-        last_used -> Integer,
+        last_used -> BigInt,
     }
 }
 

diff --git a/src/db/schemas/sqlite/schema.rs b/src/db/schemas/sqlite/schema.rs
@@ -160,7 +160,7 @@ table! {
         atype -> Integer,
         enabled -> Bool,
         data -> Text,
-        last_used -> Integer,
+        last_used -> BigInt,
     }
 }