From f7f91afc1ea274bfe5e09f826bc3065ab447efe9 Mon Sep 17 00:00:00 2001 From: george Date: Thu, 20 Jan 2022 16:41:42 +0000 Subject: [PATCH] Send a notification email for invalid recovery codes. --- app/auth/views/mfa.py | 10 ++++++++-- app/auth/views/recovery.py | 18 +++++++++++++++++- .../transactional/invalid-totp-login.html | 2 +- .../transactional/invalid-totp-login.txt | 2 +- 4 files changed, 27 insertions(+), 5 deletions(-) diff --git a/app/auth/views/mfa.py b/app/auth/views/mfa.py index 949a2831..9af158ab 100644 --- a/app/auth/views/mfa.py +++ b/app/auth/views/mfa.py @@ -97,8 +97,14 @@ def mfa(): ALERT_INVALID_TOTP_LOGIN, user.email, "There was an unsuccessful login on your SimpleLogin account", - render("transactional/invalid-totp-login.txt"), - render("transactional/invalid-totp-login.html"), + render( + "transactional/invalid-totp-login.txt", + type="TOTP", + ), + render( + "transactional/invalid-totp-login.html", + type="TOTP", + ), 1, ) flash("Incorrect token", "warning") diff --git a/app/auth/views/recovery.py b/app/auth/views/recovery.py index 3d2a4249..d72672fe 100644 --- a/app/auth/views/recovery.py +++ b/app/auth/views/recovery.py @@ -5,8 +5,9 @@ from flask_wtf import FlaskForm from wtforms import StringField, validators from app.auth.base import auth_bp -from app.config import MFA_USER_ID +from app.config import MFA_USER_ID, ALERT_INVALID_TOTP_LOGIN from app.db import Session +from app.email_utils import send_email_with_rate_control, render from app.extensions import limiter from app.log import LOG from app.models import User, RecoveryCode @@ -67,6 +68,21 @@ def recovery_route(): else: # Trigger rate limiter g.deduct_limit = True + send_email_with_rate_control( + user, + ALERT_INVALID_TOTP_LOGIN, + user.email, + "There was an unsuccessful login on your SimpleLogin account", + render( + "transactional/invalid-totp-login.txt", + type="recovery", + ), + render( + "transactional/invalid-totp-login.html", + type="recovery", + ), + 1, + ) flash("Incorrect code", "error") return render_template("auth/recovery.html", recovery_form=recovery_form) diff --git a/templates/emails/transactional/invalid-totp-login.html b/templates/emails/transactional/invalid-totp-login.html index bc950c88..b8af0d34 100644 --- a/templates/emails/transactional/invalid-totp-login.html +++ b/templates/emails/transactional/invalid-totp-login.html @@ -2,7 +2,7 @@ {% block content %} {{ render_text("There has been an unsuccessful login attempt on your SimpleLogin account.") }} - {{ render_text("An invalid TOTP code was provided but the email and password were provided correctly.") }} + {{ render_text("An invalid " ~ type ~ " code was provided but the email and password were provided correctly.") }} {{ render_text("This request was blocked. However, if this was not you, please change your password immediately.") }} {{ render_button("Change your password", URL ~ "/dashboard/setting#change_password") }} diff --git a/templates/emails/transactional/invalid-totp-login.txt b/templates/emails/transactional/invalid-totp-login.txt index 314f9c51..78bbe810 100644 --- a/templates/emails/transactional/invalid-totp-login.txt +++ b/templates/emails/transactional/invalid-totp-login.txt @@ -1,5 +1,5 @@ There has been an unsuccessful login attempt on your SimpleLogin account. -An invalid TOTP code was provided but the email and password were provided correctly. +An invalid {{type}} code was provided but the email and password were provided correctly. This request was blocked. However, if this was not you, please change your password immediately. {{URL}}/dashboard/setting#change_password