Compare commits
No commits in common. "0a270ca31a83a0da715fc7e59b98047bd94b0224" and "846e69fe7b15c2672cdc054b4a071f806f51d767" have entirely different histories.
0a270ca31a
...
846e69fe7b
6 changed files with 62 additions and 25 deletions
|
@ -47,6 +47,10 @@ export default define(meta, paramDef, async (ps, user) => {
|
|||
throw new Error("incorrect password");
|
||||
}
|
||||
|
||||
if (!profile.twoFactorEnabled) {
|
||||
throw new Error("2fa not enabled");
|
||||
}
|
||||
|
||||
const clientData = JSON.parse(ps.clientDataJSON);
|
||||
|
||||
if (clientData.type !== "webauthn.create") {
|
||||
|
@ -144,8 +148,6 @@ export default define(meta, paramDef, async (ps, user) => {
|
|||
}),
|
||||
);
|
||||
|
||||
UserProfiles.update(user.id, { securityKeysAvailable: true });
|
||||
|
||||
return {
|
||||
id: credentialIdString,
|
||||
name: ps.name,
|
||||
|
|
|
@ -32,6 +32,10 @@ export default define(meta, paramDef, async (ps, user) => {
|
|||
throw new Error("incorrect password");
|
||||
}
|
||||
|
||||
// if (!profile.twoFactorEnabled) {
|
||||
// throw new Error("2fa not enabled");
|
||||
// }
|
||||
|
||||
// 32 byte challenge
|
||||
const entropy = await randomBytes(32);
|
||||
const challenge = entropy
|
||||
|
|
|
@ -47,9 +47,8 @@ export default define(meta, paramDef, async (ps, user) => {
|
|||
});
|
||||
|
||||
if (keyCount === 0) {
|
||||
await UserProfiles.update(user.id, {
|
||||
await UserProfiles.update(me.id, {
|
||||
usePasswordLessLogin: false,
|
||||
securityKeysAvailable: false,
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
@ -116,7 +116,7 @@ export default async (ctx: Koa.Context) => {
|
|||
);
|
||||
}
|
||||
|
||||
if (!profile.twoFactorEnabled && !profile.securityKeysAvailable) {
|
||||
if (!profile.twoFactorEnabled) {
|
||||
if (same) {
|
||||
signin(ctx, user);
|
||||
return;
|
||||
|
@ -128,7 +128,7 @@ export default async (ctx: Koa.Context) => {
|
|||
}
|
||||
}
|
||||
|
||||
if (token && profile.twoFactorEnabled) {
|
||||
if (token) {
|
||||
if (!same) {
|
||||
await fail(403, {
|
||||
id: "932c904e-9460-45b7-9ce6-7ed33be7eb2c",
|
||||
|
|
|
@ -79,10 +79,10 @@
|
|||
{{ i18n.ts.retry }}
|
||||
</MkButton>
|
||||
</div>
|
||||
<div v-if="user && user.securityKeys && user.twoFactorEnabled" class="or-hr">
|
||||
<div v-if="user && user.securityKeys" class="or-hr">
|
||||
<p class="or-msg">{{ i18n.ts.or }}</p>
|
||||
</div>
|
||||
<div v-if="user.twoFactorEnabled" class="twofa-group totp-group">
|
||||
<div class="twofa-group totp-group">
|
||||
<p style="margin-bottom: 0">
|
||||
{{ i18n.ts.twoStepAuthentication }}
|
||||
</p>
|
||||
|
@ -247,23 +247,25 @@ function queryKey() {
|
|||
function onSubmit() {
|
||||
signing.value = true;
|
||||
console.log("submit");
|
||||
if (window.PublicKeyCredential && user.value.securityKeys) {
|
||||
os.api("signin", {
|
||||
username: username.value,
|
||||
password: password.value,
|
||||
"hcaptcha-response": hCaptchaResponse.value,
|
||||
"g-recaptcha-response": reCaptchaResponse.value,
|
||||
})
|
||||
.then((res) => {
|
||||
totpLogin.value = true;
|
||||
signing.value = false;
|
||||
challengeData.value = res;
|
||||
return queryKey();
|
||||
if (!totpLogin.value && user.value && user.value.twoFactorEnabled) {
|
||||
if (window.PublicKeyCredential && user.value.securityKeys) {
|
||||
os.api("signin", {
|
||||
username: username.value,
|
||||
password: password.value,
|
||||
"hcaptcha-response": hCaptchaResponse.value,
|
||||
"g-recaptcha-response": reCaptchaResponse.value,
|
||||
})
|
||||
.catch(loginFailed);
|
||||
} else if (!totpLogin.value && user.value && user.value.twoFactorEnabled) {
|
||||
totpLogin.value = true;
|
||||
signing.value = false;
|
||||
.then((res) => {
|
||||
totpLogin.value = true;
|
||||
signing.value = false;
|
||||
challengeData.value = res;
|
||||
return queryKey();
|
||||
})
|
||||
.catch(loginFailed);
|
||||
} else {
|
||||
totpLogin.value = true;
|
||||
signing.value = false;
|
||||
}
|
||||
} else {
|
||||
os.api("signin", {
|
||||
username: username.value,
|
||||
|
|
|
@ -14,7 +14,17 @@
|
|||
<template #caption>{{ i18n.ts.totpDescription }}</template>
|
||||
<div v-if="$i.twoFactorEnabled" class="_gaps_s">
|
||||
<div v-text="i18n.ts._2fa.alreadyRegistered" />
|
||||
<MkButton @click="unregisterTOTP"
|
||||
<template v-if="$i.securityKeysList.length > 0">
|
||||
<MkButton @click="renewTOTP"
|
||||
><i
|
||||
:class="icon('ph-shield-check')"
|
||||
style="margin-inline-end: 0.5rem"
|
||||
></i
|
||||
>{{ i18n.ts._2fa.renewTOTP }}</MkButton
|
||||
>
|
||||
<MkInfo>{{ i18n.ts._2fa.whyTOTPOnlyRenew }}</MkInfo>
|
||||
</template>
|
||||
<MkButton v-else @click="unregisterTOTP"
|
||||
><i
|
||||
:class="icon('ph-shield-slash')"
|
||||
style="margin-inline-end: 0.5rem"
|
||||
|
@ -49,6 +59,13 @@
|
|||
{{ i18n.ts._2fa.securityKeyNotSupported }}
|
||||
</MkInfo>
|
||||
|
||||
<MkInfo
|
||||
v-else-if="supportsCredentials && !$i.twoFactorEnabled"
|
||||
warn
|
||||
>
|
||||
{{ i18n.ts._2fa.registerTOTPBeforeKey }}
|
||||
</MkInfo>
|
||||
|
||||
<template v-else>
|
||||
<MkButton primary @click="addSecurityKey"
|
||||
><i
|
||||
|
@ -188,6 +205,19 @@ function unregisterTOTP() {
|
|||
});
|
||||
}
|
||||
|
||||
function renewTOTP() {
|
||||
os.confirm({
|
||||
type: "question",
|
||||
title: i18n.ts._2fa.renewTOTP,
|
||||
text: i18n.ts._2fa.renewTOTPConfirm,
|
||||
okText: i18n.ts._2fa.renewTOTPOk,
|
||||
cancelText: i18n.ts._2fa.renewTOTPCancel,
|
||||
}).then(({ canceled }) => {
|
||||
if (canceled) return;
|
||||
registerTOTP();
|
||||
});
|
||||
}
|
||||
|
||||
async function unregisterKey(key) {
|
||||
const confirm = await os.confirm({
|
||||
type: "question",
|
||||
|
|
Loading…
Reference in a new issue