Unlink security key

2020-05-05 02:20:52 -07:00 · 2020-05-05 02:20:52 -07:00 · 705941b8b8
parent a32b69078f
commit 705941b8b8
3 changed files with 64 additions and 0 deletions
--- a/app/dashboard/init.py
+++ b/app/dashboard/init.py
@ -12,6 +12,7 @@ from .views import (
    mfa_setup,
    mfa_cancel,
    fido_setup,
+    fido_cancel,
    domain_detail,
    lifetime_licence,
    directory,
--- a/app/dashboard/templates/dashboard/fido_cancel.html
+++ b/app/dashboard/templates/dashboard/fido_cancel.html
@ -0,0 +1,27 @@
+{% extends 'default.html' %}
+{% set active_page = "setting" %}
+{% block title %}
+  Unlink Security Key
+{% endblock %}
+
+
+{% block default_content %}
+  <div class="bg-white p-6" style="max-width: 60em; margin: auto">
+    <h1 class="h2">Unlink Your Security Key</h1>
+    <p>
+      Please enter the password of your account so that we can ensure it's you.
+    </p>
+
+    <form method="post">
+      {{ password_check_form.csrf_token }}
+
+      <div class="font-weight-bold mt-5">Password</div>
+
+      {{ password_check_form.password(class="form-control", autofocus="true") }}
+      {{ render_field_errors(password_check_form.password) }}
+      <button class="btn btn-lg btn-danger mt-2">Unlink Key</button>
+    </form>
+
+
+  </div>
+{% endblock %}
--- a/app/dashboard/views/fido_cancel.py
+++ b/app/dashboard/views/fido_cancel.py
@ -0,0 +1,36 @@
+from flask import render_template, flash, redirect, url_for
+from flask_login import login_required, current_user
+from flask_wtf import FlaskForm
+from wtforms import PasswordField, validators
+
+from app.dashboard.base import dashboard_bp
+from app.extensions import db
+
+
+class LoginForm(FlaskForm):
+    password = PasswordField("Password", validators=[validators.DataRequired()])
+
+
+@dashboard_bp.route("/fido_cancel", methods=["GET", "POST"])
+@login_required
+def fido_cancel():
+    if current_user.fido_uuid is None:
+        flash("You haven't registed a security key", "warning")
+        return redirect(url_for("dashboard.index"))
+
+    password_check_form = LoginForm()
+
+    if password_check_form.validate_on_submit():
+        password = password_check_form.password.data
+
+        if current_user.check_password(password):
+            current_user.fido_pk = None
+            current_user.fido_uuid = None
+            current_user.fido_credential_id = None
+            db.session.commit()
+            flash("We've unlinked your security key.", "success")
+            return redirect(url_for("dashboard.index"))
+        else:
+            flash("Incorrect password", "warning")
+
+    return render_template("dashboard/fido_cancel.html", password_check_form=password_check_form)