rnsrk/wisski-cloud-distillery
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

totp: Directly show secret to add

Browse source
This commit is contained in:
Tom Wiesing 2023-01-12 17:35:45 +01:00
parent 202599aaeb
commit ef76844922
No known key found for this signature in database
3 changed files with 15 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

3
internal/dis/component/auth/panel/password.go
View file

@ -22,7 +22,8 @@ var (
errPasswordsNotIdentical = errors.New("passwords are not identical") errPasswordsNotIdentical = errors.New("passwords are not identical")
errCredentialsIncorrect = errors.New("credentials are not correct") errCredentialsIncorrect = errors.New("credentials are not correct")
errPasswordSetFailure = errors.New("error saving new password") errPasswordSetFailure = errors.New("error saving new password")
errTOTPSetFailure = errors.New("unable to disable totp") errTOTPSetFailure = errors.New("unable to enable totp")
errTOTPUnsetFailure = errors.New("unable to disable totp")
errPasswordSet = errors.New("password was updated") errPasswordSet = errors.New("password was updated")
) )

9
internal/dis/component/auth/panel/templates/totp_enroll.html
View file

@ -7,8 +7,13 @@
<img src="{{ .TOTPImage }}" alt="TOTP Enrollment Image"> <img src="{{ .TOTPImage }}" alt="TOTP Enrollment Image">
</a> </a>
<ul> <ul>
<li>scan the token above using a <a href="https://en.wikipedia.org/wiki/Time-based_one-time_password">TOTP</a> app on your phone</li> <li>
<li>enter your current password and the now generated token to confirm</li> Scan or click the token above to add it to a <a href="https://en.wikipedia.org/wiki/Time-based_one-time_password">TOTP</a> app
</li>
<li>
Alternatively enter the secret <code>{{ .TOTPSecret }}</code> into your app directly
</li>
<li>Next, enter your current password and the now generated token to confirm</li>
</ul> </ul>
</div> </div>
{{ end }} {{ end }}

5
internal/dis/component/auth/panel/totp.go
View file

@ -73,6 +73,8 @@ var totpEnrollTemplate = static.AssetsUser.MustParseShared("totp_enroll.html", t
type totpEnrollContext struct { type totpEnrollContext struct {
userFormContext userFormContext
TOTPSecret string
TOTPImage template.URL TOTPImage template.URL
TOTPURL template.URL TOTPURL template.URL
} }
@ -114,6 +116,7 @@ func (panel *UserPanel) routeTOTPEnroll(ctx context.Context) http.Handler {
if err == nil { if err == nil {
img, _ := auth.TOTPLink(secret, 500, 500) img, _ := auth.TOTPLink(secret, 500, 500)
ctx.TOTPSecret = secret.Secret()
ctx.TOTPImage = template.URL(img) ctx.TOTPImage = template.URL(img)
ctx.TOTPURL = template.URL(secret.URL()) ctx.TOTPURL = template.URL(secret.URL())
} }
@ -190,7 +193,7 @@ func (panel *UserPanel) routeTOTPDisable(ctx context.Context) http.Handler {
{ {
err := user.DisableTOTP(r.Context()) err := user.DisableTOTP(r.Context())
if err != nil { if err != nil {
return struct{}{}, errTOTPSetFailure return struct{}{}, errTOTPUnsetFailure
} }
} }