mirror of
https://github.com/1f349/tulip.git
synced 2024-12-22 08:14:13 +00:00
Remove OTP code
This commit is contained in:
parent
fe29128ad2
commit
f00d1c4a51
@ -167,6 +167,10 @@ WHERE subject = ?`,
|
||||
}
|
||||
|
||||
func (t *Tx) SetTwoFactor(sub uuid.UUID, secret string, digits int) error {
|
||||
if secret == "" && digits == 0 {
|
||||
_, err := t.tx.Exec(`DELETE FROM otp WHERE otp.subject = ?`, sub.String())
|
||||
return err
|
||||
}
|
||||
_, err := t.tx.Exec(`INSERT INTO otp(subject, secret, digits) VALUES (?, ?, ?) ON CONFLICT(subject) DO UPDATE SET secret = excluded.secret, digits = excluded.digits`, sub.String(), secret, digits)
|
||||
return err
|
||||
}
|
||||
|
21
pages/remove-otp.go.html
Normal file
21
pages/remove-otp.go.html
Normal file
@ -0,0 +1,21 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<title>{{.ServiceName}}</title>
|
||||
</head>
|
||||
<body>
|
||||
<header>
|
||||
<h1>{{.ServiceName}}</h1>
|
||||
</header>
|
||||
<main>
|
||||
<form method="POST" action="/edit/otp">
|
||||
<input type="hidden" name="remove" value="1"/>
|
||||
<div>
|
||||
<label for="field_code">OTP Code:</label>
|
||||
<input type="text" name="code" id="field_code" required autofocus pattern="[0-9]{6,8}" title="6/7/8 digit one time passcode"/>
|
||||
</div>
|
||||
<button type="submit">Remove OTP</button>
|
||||
</form>
|
||||
</main>
|
||||
</body>
|
||||
</html>
|
49
server/I-am-just-testing.go
Normal file
49
server/I-am-just-testing.go
Normal file
@ -0,0 +1,49 @@
|
||||
package server
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/go-oauth2/oauth2/v4"
|
||||
)
|
||||
|
||||
var _ oauth2.TokenStore = &TestingStruct{}
|
||||
|
||||
type TestingStruct struct {
|
||||
}
|
||||
|
||||
func (t TestingStruct) Create(ctx context.Context, info oauth2.TokenInfo) error {
|
||||
fmt.Println(info.GetAccessExpiresIn())
|
||||
fmt.Println(info.GetRefreshExpiresIn())
|
||||
return errors.New("error")
|
||||
}
|
||||
|
||||
func (t TestingStruct) RemoveByCode(ctx context.Context, code string) error {
|
||||
//TODO implement me
|
||||
panic("implement me")
|
||||
}
|
||||
|
||||
func (t TestingStruct) RemoveByAccess(ctx context.Context, access string) error {
|
||||
//TODO implement me
|
||||
panic("implement me")
|
||||
}
|
||||
|
||||
func (t TestingStruct) RemoveByRefresh(ctx context.Context, refresh string) error {
|
||||
//TODO implement me
|
||||
panic("implement me")
|
||||
}
|
||||
|
||||
func (t TestingStruct) GetByCode(ctx context.Context, code string) (oauth2.TokenInfo, error) {
|
||||
//TODO implement me
|
||||
panic("implement me")
|
||||
}
|
||||
|
||||
func (t TestingStruct) GetByAccess(ctx context.Context, access string) (oauth2.TokenInfo, error) {
|
||||
//TODO implement me
|
||||
panic("implement me")
|
||||
}
|
||||
|
||||
func (t TestingStruct) GetByRefresh(ctx context.Context, refresh string) (oauth2.TokenInfo, error) {
|
||||
//TODO implement me
|
||||
panic("implement me")
|
||||
}
|
@ -76,6 +76,30 @@ func (h *HttpServer) fetchAndValidateOtp(rw http.ResponseWriter, sub uuid.UUID,
|
||||
}
|
||||
|
||||
func (h *HttpServer) EditOtpPost(rw http.ResponseWriter, req *http.Request, _ httprouter.Params, auth UserAuth) {
|
||||
if req.Method == http.MethodPost && req.FormValue("remove") == "1" {
|
||||
if !req.Form.Has("code") {
|
||||
// render page
|
||||
pages.RenderPageTemplate(rw, "remove-otp", map[string]any{
|
||||
"ServiceName": h.conf.ServiceName,
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
otpInput := req.Form.Get("code")
|
||||
if h.fetchAndValidateOtp(rw, auth.Data.ID, otpInput) {
|
||||
return
|
||||
}
|
||||
|
||||
if h.DbTx(rw, func(tx *database.Tx) error {
|
||||
return tx.SetTwoFactor(auth.Data.ID, "", 0)
|
||||
}) {
|
||||
return
|
||||
}
|
||||
|
||||
http.Redirect(rw, req, "/", http.StatusFound)
|
||||
return
|
||||
}
|
||||
|
||||
var digits int
|
||||
switch req.FormValue("digits") {
|
||||
case "6":
|
||||
|
Loading…
Reference in New Issue
Block a user