User who has enabled MFA can cancel MFA

2019-12-29 15:10:40 +01:00 · 2019-12-29 15:10:40 +01:00 · 76eec998ea
parent 89664580b3
commit 76eec998ea
6 changed files with 83 additions and 11 deletions
--- a/app/dashboard/init.py
+++ b/app/dashboard/init.py
@ -10,5 +10,6 @@ from .views import (
    custom_domain,
    alias_contact_manager,
    mfa_setup,
+    mfa_cancel,
    domain_detail,
 )
--- a/app/dashboard/templates/dashboard/mfa_cancel.html
+++ b/app/dashboard/templates/dashboard/mfa_cancel.html
@ -0,0 +1,28 @@
+{% extends 'default.html' %}
+{% set active_page = "setting" %}
+{% block title %}
+  Cancel MFA
+{% endblock %}
+
+
+{% block default_content %}
+  <div class="bg-white p-6" style="max-width: 60em; margin: auto">
+    <h1 class="h2">Multi Factor Authentication</h1>
+    <p>
+      To cancel MFA, please enter the 6-digit number in your TOTP application (Google Authenticator, Authy, etc) here.
+    </p>
+
+    <form method="post">
+      {{ otp_token_form.csrf_token }}
+
+      <div class="font-weight-bold mt-5">Token</div>
+      <div class="small-text">The 6-digit number displayed on your phone.</div>
+
+      {{ otp_token_form.token(class="form-control", placeholder="") }}
+      {{ render_field_errors(otp_token_form.token) }}
+      <button class="btn btn-lg btn-danger mt-2">Cancel MFA</button>
+    </form>
+
+
+  </div>
+{% endblock %}
--- a/app/dashboard/templates/dashboard/mfa_setup.html
+++ b/app/dashboard/templates/dashboard/mfa_setup.html
@ -1,5 +1,5 @@
 {% extends 'default.html' %}
-
+{% set active_page = "setting" %}
 {% block title %}
  MFA Setup
 {% endblock %}
@ -10,7 +10,7 @@

 {% block default_content %}
  <div class="bg-white p-6" style="max-width: 60em; margin: auto">
-    <h1 class="h2">Two Factor Authentication</h1>
+    <h1 class="h2">Multi Factor Authentication</h1>
    <p>Please open a TOTP application (Google Authenticator, Authy, etc)
      on your smartphone and scan the following QR Code:
    </p>
--- a/app/dashboard/templates/dashboard/setting.html
+++ b/app/dashboard/templates/dashboard/setting.html
@ -50,14 +50,17 @@
      <button class="btn btn-primary">Update</button>
    </form>

+
+    <hr>
+    <h3 class="mb-0">Multi-Factor Authentication (MFA)</h3>
+    <div class="small-text mb-3">
+      Secure your account with Multi-Factor Authentication.
+      This requires having applications like Google Authenticator, Authy, FreeOTP, etc.
+    </div>
    {% if not current_user.enable_otp %}
-      <hr>
-      <h3 class="mb-0">Multi-Factor Authentication</h3>
-      <div class="small-text mb-3">
-        Secure your account with Multi-Factor Authentication.
-        This requires having applications like Google Authenticator, Authy, FreeOTP, etc.
-      </div>
      <a href="{{ url_for('dashboard.mfa_setup') }}" class="btn btn-outline-primary">Enable</a>
+    {% else %}
+      <a href="{{ url_for('dashboard.mfa_cancel') }}" class="btn btn-outline-danger">Cancel MFA</a>
    {% endif %}

    <hr>
@ -75,8 +78,12 @@
    <form method="post" class="form-inline">
      <input type="hidden" name="form-name" value="change-alias-generator">
      <select class="custom-select mr-sm-2" name="alias-generator-scheme">
-        <option value="{{ AliasGeneratorEnum.word.value }}" {% if current_user.alias_generator == AliasGeneratorEnum.word.value %} selected {% endif %} >Based on Random {{ AliasGeneratorEnum.word.name.capitalize() }}</option>
-        <option value="{{ AliasGeneratorEnum.uuid.value }}" {% if current_user.alias_generator == AliasGeneratorEnum.uuid.value %} selected {% endif %} >Based on {{ AliasGeneratorEnum.uuid.name.upper() }}</option>
+        <option value="{{ AliasGeneratorEnum.word.value }}"
+            {% if current_user.alias_generator == AliasGeneratorEnum.word.value %} selected {% endif %} >Based on
+          Random {{ AliasGeneratorEnum.word.name.capitalize() }}</option>
+        <option value="{{ AliasGeneratorEnum.uuid.value }}"
+            {% if current_user.alias_generator == AliasGeneratorEnum.uuid.value %} selected {% endif %} >Based
+          on {{ AliasGeneratorEnum.uuid.name.upper() }}</option>
      </select>
      <button class="btn btn-outline-primary">Update Preference</button>
    </form>
--- a/app/dashboard/views/mfa_cancel.py
+++ b/app/dashboard/views/mfa_cancel.py
@ -0,0 +1,36 @@
+import pyotp
+from flask import render_template, flash, redirect, url_for
+from flask_login import login_required, current_user
+from flask_wtf import FlaskForm
+from wtforms import StringField, validators
+
+from app.dashboard.base import dashboard_bp
+from app.extensions import db
+
+
+class OtpTokenForm(FlaskForm):
+    token = StringField("Token", validators=[validators.DataRequired()])
+
+
+@dashboard_bp.route("/mfa_cancel", methods=["GET", "POST"])
+@login_required
+def mfa_cancel():
+    if not current_user.enable_otp:
+        flash("you don't have MFA enabled", "warning")
+        return redirect(url_for("dashboard.index"))
+
+    otp_token_form = OtpTokenForm()
+    totp = pyotp.TOTP(current_user.otp_secret)
+
+    if otp_token_form.validate_on_submit():
+        token = otp_token_form.token.data
+
+        if totp.verify(token):
+            current_user.enable_otp = False
+            db.session.commit()
+            flash("MFA is now disabled", "warning")
+            return redirect(url_for("dashboard.index"))
+        else:
+            flash("Incorrect token", "warning")
+
+    return render_template("dashboard/mfa_cancel.html", otp_token_form=otp_token_form)
--- a/app/dashboard/views/mfa_setup.py
+++ b/app/dashboard/views/mfa_setup.py
@ -35,7 +35,7 @@ def mfa_setup():
        if totp.verify(token):
            current_user.enable_otp = True
            db.session.commit()
-            flash("2FA has been activated", "success")
+            flash("MFA has been activated", "success")
            return redirect(url_for("dashboard.index"))
        else:
            flash("Incorrect token", "warning")