mirror of
https://github.com/simple-login/app.git
synced 2024-09-30 05:31:30 +02:00
do not require user to re-enter TOTP code when cancelling TOTP
This commit is contained in:
parent
f17608df50
commit
1f0ef13ff2
@ -9,19 +9,14 @@
|
|||||||
<div class="card">
|
<div class="card">
|
||||||
<div class="card-body">
|
<div class="card-body">
|
||||||
<h1 class="h2">Two Factor Authentication</h1>
|
<h1 class="h2">Two Factor Authentication</h1>
|
||||||
<p>
|
|
||||||
To remove 2FA please enter your 2FA code from the authenticator app.
|
<div>
|
||||||
</p>
|
Disabling TOTP reduces the security of your account, please make sure to re-activate it later
|
||||||
|
or use WebAuthn (FIDO).
|
||||||
|
</div>
|
||||||
|
|
||||||
<form method="post">
|
<form method="post">
|
||||||
{{ otp_token_form.csrf_token }}
|
<button class="btn btn-danger mt-2">Disable TOTP</button>
|
||||||
|
|
||||||
<div class="font-weight-bold mt-5">Token</div>
|
|
||||||
<div class="small-text">The 6-digit 2FA code.</div>
|
|
||||||
|
|
||||||
{{ otp_token_form.token(class="form-control", autofocus="true") }}
|
|
||||||
{{ render_field_errors(otp_token_form.token) }}
|
|
||||||
<button class="btn btn-lg btn-danger mt-2">Remove 2FA</button>
|
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
{% block default_content %}
|
{% block default_content %}
|
||||||
<div class="card">
|
<div class="card">
|
||||||
<div class="card-body">
|
<div class="card-body">
|
||||||
<h1 class="h3">Two Factor Authentication</h1>
|
<h1 class="h3">Two Factor Authentication - TOTP</h1>
|
||||||
<p>You will need to use a 2FA application like Google Authenticator or Authy on your phone or PC and scan the following QR Code:
|
<p>You will need to use a 2FA application like Google Authenticator or Authy on your phone or PC and scan the following QR Code:
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
@ -1,17 +1,10 @@
|
|||||||
import pyotp
|
from flask import render_template, flash, redirect, url_for, request
|
||||||
from flask import render_template, flash, redirect, url_for
|
|
||||||
from flask_login import login_required, current_user
|
from flask_login import login_required, current_user
|
||||||
from flask_wtf import FlaskForm
|
|
||||||
from wtforms import StringField, validators
|
|
||||||
|
|
||||||
from app.dashboard.base import dashboard_bp
|
from app.dashboard.base import dashboard_bp
|
||||||
|
from app.dashboard.views.enter_sudo import sudo_required
|
||||||
from app.extensions import db
|
from app.extensions import db
|
||||||
from app.models import RecoveryCode
|
from app.models import RecoveryCode
|
||||||
from app.dashboard.views.enter_sudo import sudo_required
|
|
||||||
|
|
||||||
|
|
||||||
class OtpTokenForm(FlaskForm):
|
|
||||||
token = StringField("Token", validators=[validators.DataRequired()])
|
|
||||||
|
|
||||||
|
|
||||||
@dashboard_bp.route("/mfa_cancel", methods=["GET", "POST"])
|
@dashboard_bp.route("/mfa_cancel", methods=["GET", "POST"])
|
||||||
@ -22,13 +15,8 @@ def mfa_cancel():
|
|||||||
flash("you don't have MFA enabled", "warning")
|
flash("you don't have MFA enabled", "warning")
|
||||||
return redirect(url_for("dashboard.index"))
|
return redirect(url_for("dashboard.index"))
|
||||||
|
|
||||||
otp_token_form = OtpTokenForm()
|
# user cancels TOTP
|
||||||
totp = pyotp.TOTP(current_user.otp_secret)
|
if request.method == "POST":
|
||||||
|
|
||||||
if otp_token_form.validate_on_submit():
|
|
||||||
token = otp_token_form.token.data
|
|
||||||
|
|
||||||
if totp.verify(token):
|
|
||||||
current_user.enable_otp = False
|
current_user.enable_otp = False
|
||||||
current_user.otp_secret = None
|
current_user.otp_secret = None
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
@ -37,9 +25,7 @@ def mfa_cancel():
|
|||||||
if not current_user.two_factor_authentication_enabled():
|
if not current_user.two_factor_authentication_enabled():
|
||||||
RecoveryCode.empty(current_user)
|
RecoveryCode.empty(current_user)
|
||||||
|
|
||||||
flash("MFA is now disabled", "warning")
|
flash("TOTP is now disabled", "warning")
|
||||||
return redirect(url_for("dashboard.index"))
|
return redirect(url_for("dashboard.index"))
|
||||||
else:
|
|
||||||
flash("Incorrect token", "warning")
|
|
||||||
|
|
||||||
return render_template("dashboard/mfa_cancel.html", otp_token_form=otp_token_form)
|
return render_template("dashboard/mfa_cancel.html")
|
||||||
|
Loading…
Reference in New Issue
Block a user