Compare commits

..

No commits in common. "0a270ca31a83a0da715fc7e59b98047bd94b0224" and "846e69fe7b15c2672cdc054b4a071f806f51d767" have entirely different histories.

6 changed files with 62 additions and 25 deletions

View file

@ -47,6 +47,10 @@ export default define(meta, paramDef, async (ps, user) => {
throw new Error("incorrect password");
}
if (!profile.twoFactorEnabled) {
throw new Error("2fa not enabled");
}
const clientData = JSON.parse(ps.clientDataJSON);
if (clientData.type !== "webauthn.create") {
@ -144,8 +148,6 @@ export default define(meta, paramDef, async (ps, user) => {
}),
);
UserProfiles.update(user.id, { securityKeysAvailable: true });
return {
id: credentialIdString,
name: ps.name,

View file

@ -32,6 +32,10 @@ export default define(meta, paramDef, async (ps, user) => {
throw new Error("incorrect password");
}
// if (!profile.twoFactorEnabled) {
// throw new Error("2fa not enabled");
// }
// 32 byte challenge
const entropy = await randomBytes(32);
const challenge = entropy

View file

@ -47,9 +47,8 @@ export default define(meta, paramDef, async (ps, user) => {
});
if (keyCount === 0) {
await UserProfiles.update(user.id, {
await UserProfiles.update(me.id, {
usePasswordLessLogin: false,
securityKeysAvailable: false,
});
}

View file

@ -116,7 +116,7 @@ export default async (ctx: Koa.Context) => {
);
}
if (!profile.twoFactorEnabled && !profile.securityKeysAvailable) {
if (!profile.twoFactorEnabled) {
if (same) {
signin(ctx, user);
return;
@ -128,7 +128,7 @@ export default async (ctx: Koa.Context) => {
}
}
if (token && profile.twoFactorEnabled) {
if (token) {
if (!same) {
await fail(403, {
id: "932c904e-9460-45b7-9ce6-7ed33be7eb2c",

View file

@ -79,10 +79,10 @@
{{ i18n.ts.retry }}
</MkButton>
</div>
<div v-if="user && user.securityKeys && user.twoFactorEnabled" class="or-hr">
<div v-if="user && user.securityKeys" class="or-hr">
<p class="or-msg">{{ i18n.ts.or }}</p>
</div>
<div v-if="user.twoFactorEnabled" class="twofa-group totp-group">
<div class="twofa-group totp-group">
<p style="margin-bottom: 0">
{{ i18n.ts.twoStepAuthentication }}
</p>
@ -247,23 +247,25 @@ function queryKey() {
function onSubmit() {
signing.value = true;
console.log("submit");
if (window.PublicKeyCredential && user.value.securityKeys) {
os.api("signin", {
username: username.value,
password: password.value,
"hcaptcha-response": hCaptchaResponse.value,
"g-recaptcha-response": reCaptchaResponse.value,
})
.then((res) => {
totpLogin.value = true;
signing.value = false;
challengeData.value = res;
return queryKey();
if (!totpLogin.value && user.value && user.value.twoFactorEnabled) {
if (window.PublicKeyCredential && user.value.securityKeys) {
os.api("signin", {
username: username.value,
password: password.value,
"hcaptcha-response": hCaptchaResponse.value,
"g-recaptcha-response": reCaptchaResponse.value,
})
.catch(loginFailed);
} else if (!totpLogin.value && user.value && user.value.twoFactorEnabled) {
totpLogin.value = true;
signing.value = false;
.then((res) => {
totpLogin.value = true;
signing.value = false;
challengeData.value = res;
return queryKey();
})
.catch(loginFailed);
} else {
totpLogin.value = true;
signing.value = false;
}
} else {
os.api("signin", {
username: username.value,

View file

@ -14,7 +14,17 @@
<template #caption>{{ i18n.ts.totpDescription }}</template>
<div v-if="$i.twoFactorEnabled" class="_gaps_s">
<div v-text="i18n.ts._2fa.alreadyRegistered" />
<MkButton @click="unregisterTOTP"
<template v-if="$i.securityKeysList.length > 0">
<MkButton @click="renewTOTP"
><i
:class="icon('ph-shield-check')"
style="margin-inline-end: 0.5rem"
></i
>{{ i18n.ts._2fa.renewTOTP }}</MkButton
>
<MkInfo>{{ i18n.ts._2fa.whyTOTPOnlyRenew }}</MkInfo>
</template>
<MkButton v-else @click="unregisterTOTP"
><i
:class="icon('ph-shield-slash')"
style="margin-inline-end: 0.5rem"
@ -49,6 +59,13 @@
{{ i18n.ts._2fa.securityKeyNotSupported }}
</MkInfo>
<MkInfo
v-else-if="supportsCredentials && !$i.twoFactorEnabled"
warn
>
{{ i18n.ts._2fa.registerTOTPBeforeKey }}
</MkInfo>
<template v-else>
<MkButton primary @click="addSecurityKey"
><i
@ -188,6 +205,19 @@ function unregisterTOTP() {
});
}
function renewTOTP() {
os.confirm({
type: "question",
title: i18n.ts._2fa.renewTOTP,
text: i18n.ts._2fa.renewTOTPConfirm,
okText: i18n.ts._2fa.renewTOTPOk,
cancelText: i18n.ts._2fa.renewTOTPCancel,
}).then(({ canceled }) => {
if (canceled) return;
registerTOTP();
});
}
async function unregisterKey(key) {
const confirm = await os.confirm({
type: "question",