Fix config copy operation, warn on insecure value.

heroiclabs · Sep 20, 2024 · 44f146d · 44f146d
1 parent b03b120
commit 44f146d
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/server/config.go b/server/config.go
@@ -415,6 +415,9 @@ func ValidateConfig(logger *zap.Logger, c Config) map[string]string {
 
 	if k := c.GetMFA().StorageEncryptionKey; k != "" && len(k) != 32 {
 		logger.Fatal("MFA encryption key has to be 32 bits long")
+	} else if k == NewMFAConfig().StorageEncryptionKey {
+		logger.Warn("WARNING: insecure default parameter value, change this for production!", zap.String("param", "mfa.storage_encryption_key"))
+		configWarnings["mfa.storage_encryption_key"] = "Insecure default parameter value, change this for production!"
 	}
 
 	return configWarnings
@@ -529,6 +532,7 @@ func (c *config) Clone() (Config, error) {
 	configSatori := *(c.Satori)
 	configStorage := *(c.Storage)
 	configGoogleAuth := *(c.GoogleAuth)
+	configMFA := *(c.MFA)
 	nc := &config{
 		Name:             c.Name,
 		Datadir:          c.Datadir,
@@ -549,6 +553,7 @@ func (c *config) Clone() (Config, error) {
 		Satori:           &configSatori,
 		GoogleAuth:       &configGoogleAuth,
 		Storage:          &configStorage,
+		MFA:              &configMFA,
 	}
 	nc.Socket.CertPEMBlock = make([]byte, len(c.Socket.CertPEMBlock))
 	copy(nc.Socket.CertPEMBlock, c.Socket.CertPEMBlock)