Send a notification email for invalid recovery codes.

2022-01-20 16:41:42 +00:00 · 2022-01-20 16:41:42 +00:00 · f7f91afc1e
parent 6b4d276ffe
commit f7f91afc1e
4 changed files with 27 additions and 5 deletions
--- a/app/auth/views/mfa.py
+++ b/app/auth/views/mfa.py
@ -97,8 +97,14 @@ def mfa():
                ALERT_INVALID_TOTP_LOGIN,
                user.email,
                "There was an unsuccessful login on your SimpleLogin account",
-                render("transactional/invalid-totp-login.txt"),
-                render("transactional/invalid-totp-login.html"),
+                render(
+                    "transactional/invalid-totp-login.txt",
+                    type="TOTP",
+                ),
+                render(
+                    "transactional/invalid-totp-login.html",
+                    type="TOTP",
+                ),
                1,
            )
            flash("Incorrect token", "warning")
--- a/app/auth/views/recovery.py
+++ b/app/auth/views/recovery.py
@ -5,8 +5,9 @@ from flask_wtf import FlaskForm
 from wtforms import StringField, validators

 from app.auth.base import auth_bp
-from app.config import MFA_USER_ID
+from app.config import MFA_USER_ID, ALERT_INVALID_TOTP_LOGIN
 from app.db import Session
+from app.email_utils import send_email_with_rate_control, render
 from app.extensions import limiter
 from app.log import LOG
 from app.models import User, RecoveryCode
@ -67,6 +68,21 @@ def recovery_route():
        else:
            # Trigger rate limiter
            g.deduct_limit = True
+            send_email_with_rate_control(
+                user,
+                ALERT_INVALID_TOTP_LOGIN,
+                user.email,
+                "There was an unsuccessful login on your SimpleLogin account",
+                render(
+                    "transactional/invalid-totp-login.txt",
+                    type="recovery",
+                ),
+                render(
+                    "transactional/invalid-totp-login.html",
+                    type="recovery",
+                ),
+                1,
+            )
            flash("Incorrect code", "error")

    return render_template("auth/recovery.html", recovery_form=recovery_form)
--- a/templates/emails/transactional/invalid-totp-login.html
+++ b/templates/emails/transactional/invalid-totp-login.html
@ -2,7 +2,7 @@

 {% block content %}
  {{ render_text("There has been an unsuccessful login attempt on your SimpleLogin account.") }}
-  {{ render_text("An invalid TOTP code was provided <b>but the email and password were provided correctly.</b>") }}
+  {{ render_text("An invalid " ~ type ~ " code was provided <b>but the email and password were provided correctly.</b>") }}

  {{ render_text("This request was blocked. However, if this was <b>not</b> you, please <b>change your password immediately.</b>") }}
  {{ render_button("Change your password", URL ~ "/dashboard/setting#change_password") }}
--- a/templates/emails/transactional/invalid-totp-login.txt
+++ b/templates/emails/transactional/invalid-totp-login.txt
@ -1,5 +1,5 @@
 There has been an unsuccessful login attempt on your SimpleLogin account.
-An invalid TOTP code was provided but the email and password were provided correctly.
+An invalid {{type}} code was provided but the email and password were provided correctly.

 This request was blocked. However, if this was not you, please change your password immediately.
 {{URL}}/dashboard/setting#change_password