mirror of
https://github.com/simple-login/app.git
synced 2024-09-29 21:21:29 +02:00
Send a notification email for invalid recovery codes.
This commit is contained in:
parent
6b4d276ffe
commit
f7f91afc1e
@ -97,8 +97,14 @@ def mfa():
|
|||||||
ALERT_INVALID_TOTP_LOGIN,
|
ALERT_INVALID_TOTP_LOGIN,
|
||||||
user.email,
|
user.email,
|
||||||
"There was an unsuccessful login on your SimpleLogin account",
|
"There was an unsuccessful login on your SimpleLogin account",
|
||||||
render("transactional/invalid-totp-login.txt"),
|
render(
|
||||||
render("transactional/invalid-totp-login.html"),
|
"transactional/invalid-totp-login.txt",
|
||||||
|
type="TOTP",
|
||||||
|
),
|
||||||
|
render(
|
||||||
|
"transactional/invalid-totp-login.html",
|
||||||
|
type="TOTP",
|
||||||
|
),
|
||||||
1,
|
1,
|
||||||
)
|
)
|
||||||
flash("Incorrect token", "warning")
|
flash("Incorrect token", "warning")
|
||||||
|
@ -5,8 +5,9 @@ from flask_wtf import FlaskForm
|
|||||||
from wtforms import StringField, validators
|
from wtforms import StringField, validators
|
||||||
|
|
||||||
from app.auth.base import auth_bp
|
from app.auth.base import auth_bp
|
||||||
from app.config import MFA_USER_ID
|
from app.config import MFA_USER_ID, ALERT_INVALID_TOTP_LOGIN
|
||||||
from app.db import Session
|
from app.db import Session
|
||||||
|
from app.email_utils import send_email_with_rate_control, render
|
||||||
from app.extensions import limiter
|
from app.extensions import limiter
|
||||||
from app.log import LOG
|
from app.log import LOG
|
||||||
from app.models import User, RecoveryCode
|
from app.models import User, RecoveryCode
|
||||||
@ -67,6 +68,21 @@ def recovery_route():
|
|||||||
else:
|
else:
|
||||||
# Trigger rate limiter
|
# Trigger rate limiter
|
||||||
g.deduct_limit = True
|
g.deduct_limit = True
|
||||||
|
send_email_with_rate_control(
|
||||||
|
user,
|
||||||
|
ALERT_INVALID_TOTP_LOGIN,
|
||||||
|
user.email,
|
||||||
|
"There was an unsuccessful login on your SimpleLogin account",
|
||||||
|
render(
|
||||||
|
"transactional/invalid-totp-login.txt",
|
||||||
|
type="recovery",
|
||||||
|
),
|
||||||
|
render(
|
||||||
|
"transactional/invalid-totp-login.html",
|
||||||
|
type="recovery",
|
||||||
|
),
|
||||||
|
1,
|
||||||
|
)
|
||||||
flash("Incorrect code", "error")
|
flash("Incorrect code", "error")
|
||||||
|
|
||||||
return render_template("auth/recovery.html", recovery_form=recovery_form)
|
return render_template("auth/recovery.html", recovery_form=recovery_form)
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
{% block content %}
|
{% block content %}
|
||||||
{{ render_text("There has been an unsuccessful login attempt on your SimpleLogin account.") }}
|
{{ render_text("There has been an unsuccessful login attempt on your SimpleLogin account.") }}
|
||||||
{{ render_text("An invalid TOTP code was provided <b>but the email and password were provided correctly.</b>") }}
|
{{ render_text("An invalid " ~ type ~ " code was provided <b>but the email and password were provided correctly.</b>") }}
|
||||||
|
|
||||||
{{ render_text("This request was blocked. However, if this was <b>not</b> you, please <b>change your password immediately.</b>") }}
|
{{ render_text("This request was blocked. However, if this was <b>not</b> you, please <b>change your password immediately.</b>") }}
|
||||||
{{ render_button("Change your password", URL ~ "/dashboard/setting#change_password") }}
|
{{ render_button("Change your password", URL ~ "/dashboard/setting#change_password") }}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
There has been an unsuccessful login attempt on your SimpleLogin account.
|
There has been an unsuccessful login attempt on your SimpleLogin account.
|
||||||
An invalid TOTP code was provided but the email and password were provided correctly.
|
An invalid {{type}} code was provided but the email and password were provided correctly.
|
||||||
|
|
||||||
This request was blocked. However, if this was not you, please change your password immediately.
|
This request was blocked. However, if this was not you, please change your password immediately.
|
||||||
{{URL}}/dashboard/setting#change_password
|
{{URL}}/dashboard/setting#change_password
|
||||||
|
Loading…
Reference in New Issue
Block a user