From ef7684492256126d5737f3f070b4c28a85559df3 Mon Sep 17 00:00:00 2001
From: Tom Wiesing <tkw01536@gmail.com>
Date: Thu, 12 Jan 2023 17:35:45 +0100
Subject: [PATCH] totp: Directly show secret to add

---
 internal/dis/component/auth/panel/password.go            | 3 ++-
 .../dis/component/auth/panel/templates/totp_enroll.html  | 9 +++++++--
 internal/dis/component/auth/panel/totp.go                | 9 ++++++---
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/internal/dis/component/auth/panel/password.go b/internal/dis/component/auth/panel/password.go
index 6903a51..b11f8d6 100644
--- a/internal/dis/component/auth/panel/password.go
+++ b/internal/dis/component/auth/panel/password.go
@@ -22,7 +22,8 @@ var (
 	errPasswordsNotIdentical = errors.New("passwords are not identical")
 	errCredentialsIncorrect  = errors.New("credentials are not correct")
 	errPasswordSetFailure    = errors.New("error saving new password")
-	errTOTPSetFailure        = errors.New("unable to disable totp")
+	errTOTPSetFailure        = errors.New("unable to enable totp")
+	errTOTPUnsetFailure      = errors.New("unable to disable totp")
 	errPasswordSet           = errors.New("password was updated")
 )
 
diff --git a/internal/dis/component/auth/panel/templates/totp_enroll.html b/internal/dis/component/auth/panel/templates/totp_enroll.html
index 5962c29..6625ad1 100644
--- a/internal/dis/component/auth/panel/templates/totp_enroll.html
+++ b/internal/dis/component/auth/panel/templates/totp_enroll.html
@@ -7,8 +7,13 @@
         <img src="{{ .TOTPImage }}" alt="TOTP Enrollment Image">
     </a>
     <ul>
-        <li>scan the token above using a <a href="https://en.wikipedia.org/wiki/Time-based_one-time_password">TOTP</a> app on your phone</li>
-        <li>enter your current password and the now generated token to confirm</li>
+        <li>
+            Scan or click the token above to add it to a <a href="https://en.wikipedia.org/wiki/Time-based_one-time_password">TOTP</a> app
+        </li>
+        <li>
+            Alternatively enter the secret <code>{{ .TOTPSecret }}</code> into your app directly
+        </li>
+        <li>Next, enter your current password and the now generated token to confirm</li>
     </ul>
 </div>
 {{ end }}
\ No newline at end of file
diff --git a/internal/dis/component/auth/panel/totp.go b/internal/dis/component/auth/panel/totp.go
index 717e24b..c49bacd 100644
--- a/internal/dis/component/auth/panel/totp.go
+++ b/internal/dis/component/auth/panel/totp.go
@@ -73,8 +73,10 @@ var totpEnrollTemplate = static.AssetsUser.MustParseShared("totp_enroll.html", t
 
 type totpEnrollContext struct {
 	userFormContext
-	TOTPImage template.URL
-	TOTPURL   template.URL
+
+	TOTPSecret string
+	TOTPImage  template.URL
+	TOTPURL    template.URL
 }
 
 func (panel *UserPanel) routeTOTPEnroll(ctx context.Context) http.Handler {
@@ -114,6 +116,7 @@ func (panel *UserPanel) routeTOTPEnroll(ctx context.Context) http.Handler {
 				if err == nil {
 					img, _ := auth.TOTPLink(secret, 500, 500)
 
+					ctx.TOTPSecret = secret.Secret()
 					ctx.TOTPImage = template.URL(img)
 					ctx.TOTPURL = template.URL(secret.URL())
 				}
@@ -190,7 +193,7 @@ func (panel *UserPanel) routeTOTPDisable(ctx context.Context) http.Handler {
 			{
 				err := user.DisableTOTP(r.Context())
 				if err != nil {
-					return struct{}{}, errTOTPSetFailure
+					return struct{}{}, errTOTPUnsetFailure
 				}
 			}