Fix OTP authentication for external accounts

2025-07-04 16:48:26 +00:00 · 2021-09-06 01:07:31 +02:00
parent 8158e36d40
commit 468ba90158
12 changed files with 95 additions and 46 deletions
--- a/modules/webapp/src/main/elm/Page/Login/Data.elm
+++ b/modules/webapp/src/main/elm/Page/Login/Data.elm
@ -18,7 +18,7 @@ import Api
 import Api.Model.AuthResult exposing (AuthResult)
 import Data.Flags exposing (Flags)
 import Http
-import Page exposing (Page(..))
+import Page exposing (LoginData, Page(..))


 type alias Model =
@ -40,7 +40,7 @@ type FormState

 type AuthStep
    = StepLogin
-    | StepOtp AuthResult
+    | StepOtp String


 emptyModel : Model
@ -54,11 +54,11 @@ emptyModel =
    }


-init : Flags -> Bool -> ( Model, Cmd Msg )
-init flags oauth =
+init : Flags -> LoginData -> ( Model, Cmd Msg )
+init flags ld =
    let
        cmd =
-            if oauth then
+            if ld.openid > 0 then
                Api.loginSession flags AuthResp

            else
@ -74,4 +74,4 @@ type Msg
    | Authenticate
    | AuthResp (Result Http.Error AuthResult)
    | SetOtp String
-    | AuthOtp AuthResult
+    | AuthOtp String
--- a/modules/webapp/src/main/elm/Page/Login/Update.elm
+++ b/modules/webapp/src/main/elm/Page/Login/Update.elm
@ -10,13 +10,13 @@ module Page.Login.Update exposing (update)
 import Api
 import Api.Model.AuthResult exposing (AuthResult)
 import Data.Flags exposing (Flags)
-import Page exposing (Page(..))
+import Page exposing (LoginData, Page(..))
 import Page.Login.Data exposing (..)
 import Ports


-update : ( Maybe Page, Bool ) -> Flags -> Msg -> Model -> ( Model, Cmd Msg, Maybe AuthResult )
-update ( referrer, oauth ) flags msg model =
+update : LoginData -> Flags -> Msg -> Model -> ( Model, Cmd Msg, Maybe AuthResult )
+update loginData flags msg model =
    case msg of
        SetUsername str ->
            ( { model | username = str }, Cmd.none, Nothing )
@ -40,11 +40,11 @@ update ( referrer, oauth ) flags msg model =
            in
            ( model, Api.login flags userPass AuthResp, Nothing )

-        AuthOtp acc ->
+        AuthOtp token ->
            let
                sf =
                    { rememberMe = model.rememberMe
-                    , token = Maybe.withDefault "" acc.token
+                    , token = token
                    , otp = model.otp
                    }
            in
@ -53,7 +53,7 @@ update ( referrer, oauth ) flags msg model =
        AuthResp (Ok lr) ->
            let
                gotoRef =
-                    Maybe.withDefault HomePage referrer |> Page.goto
+                    Maybe.withDefault HomePage loginData.referrer |> Page.goto
            in
            if lr.success && not lr.requireSecondFactor then
                ( { model | formState = AuthSuccess lr, password = "" }
@ -62,7 +62,11 @@ update ( referrer, oauth ) flags msg model =
                )

            else if lr.success && lr.requireSecondFactor then
-                ( { model | formState = FormInitial, authStep = StepOtp lr, password = "" }
+                ( { model
+                    | formState = FormInitial
+                    , authStep = StepOtp <| Maybe.withDefault "" lr.token
+                    , password = ""
+                  }
                , Cmd.none
                , Nothing
                )
@ -77,11 +81,22 @@ update ( referrer, oauth ) flags msg model =
            let
                empty =
                    Api.Model.AuthResult.empty
+
+                session =
+                    Maybe.withDefault "" loginData.session
            in
-            ( { model | password = "", formState = HttpError err }
-            , Ports.removeAccount ()
-            , Just empty
-            )
+            -- A value of 2 indicates that TOTP is required
+            if loginData.openid == 2 then
+                ( { model | formState = FormInitial, authStep = StepOtp session, password = "" }
+                , Cmd.none
+                , Nothing
+                )
+
+            else
+                ( { model | password = "", formState = HttpError err }
+                , Ports.removeAccount ()
+                , Just empty
+                )


 setAccount : AuthResult -> Cmd msg
--- a/modules/webapp/src/main/elm/Page/Login/View2.elm
+++ b/modules/webapp/src/main/elm/Page/Login/View2.elm
@ -104,11 +104,11 @@ openIdLinks texts flags =
                ]


-otpForm : Texts -> Flags -> Model -> AuthResult -> Html Msg
-otpForm texts flags model acc =
+otpForm : Texts -> Flags -> Model -> String -> Html Msg
+otpForm texts flags model token =
    Html.form
        [ action "#"
-        , onSubmit (AuthOtp acc)
+        , onSubmit (AuthOtp token)
        , autocomplete False
        ]
        [ div [ class "flex flex-col mt-6" ]
--- a/modules/webapp/src/main/elm/Page/Register/Update.elm
+++ b/modules/webapp/src/main/elm/Page/Register/Update.elm
@ -97,7 +97,7 @@ update flags msg model =

                cmd =
                    if r.success then
-                        Page.goto (LoginPage ( Nothing, False ))
+                        Page.goto (LoginPage Page.emptyLoginData)

                    else
                        Cmd.none
--- a/modules/webapp/src/main/elm/Page/Register/View2.elm
+++ b/modules/webapp/src/main/elm/Page/Register/View2.elm
@ -232,7 +232,7 @@ viewContent texts flags _ model =
                        [ text texts.alreadySignedUp
                        ]
                    , a
-                        [ Page.href (LoginPage ( Nothing, False ))
+                        [ Page.href (LoginPage Page.emptyLoginData)
                        , class ("ml-2" ++ S.link)
                        ]
                        [ i [ class "fa fa-user-plus mr-1" ] []