From cc4a8a962bb2215fa51feeca5a077175a5ed8cc9 Mon Sep 17 00:00:00 2001
From: Pierre Hubert <pierre.git@communiquons.org>
Date: Sat, 12 Nov 2022 11:50:32 +0100
Subject: [PATCH] User can delete his own 2FA login history

---
 src/actors/users_actor.rs                | 11 ++++
 src/controllers/two_factor_api.rs        | 12 +++++
 src/data/user.rs                         |  7 +++
 src/main.rs                              |  5 ++
 templates/settings/two_factors_page.html | 65 ++++++++++++++++--------
 5 files changed, 80 insertions(+), 20 deletions(-)

diff --git a/src/actors/users_actor.rs b/src/actors/users_actor.rs
index 8f9c9d8..76d8eb8 100644
--- a/src/actors/users_actor.rs
+++ b/src/actors/users_actor.rs
@@ -55,6 +55,10 @@ pub struct ChangePasswordResult(pub bool);
 #[rtype(result = "bool")]
 pub struct AddSuccessful2FALogin(pub UserID, pub IpAddr);
 
+#[derive(Message)]
+#[rtype(result = "bool")]
+pub struct Clear2FALoginHistory(pub UserID);
+
 #[derive(Debug)]
 pub struct UpdateUserResult(pub bool);
 
@@ -125,6 +129,13 @@ impl Handler<AddSuccessful2FALogin> for UsersActor {
     }
 }
 
+impl Handler<Clear2FALoginHistory> for UsersActor {
+    type Result = <Clear2FALoginHistory as actix::Message>::Result;
+    fn handle(&mut self, msg: Clear2FALoginHistory, _ctx: &mut Self::Context) -> Self::Result {
+        self.manager.clear_2fa_login_history(&msg.0)
+    }
+}
+
 impl Handler<GetUserRequest> for UsersActor {
     type Result = MessageResult<GetUserRequest>;
 
diff --git a/src/controllers/two_factor_api.rs b/src/controllers/two_factor_api.rs
index 1326d46..2703762 100644
--- a/src/controllers/two_factor_api.rs
+++ b/src/controllers/two_factor_api.rs
@@ -120,3 +120,15 @@ pub async fn delete_factor(
         HttpResponse::Ok().body("Removed factor!")
     }
 }
+
+pub async fn clear_login_history(
+    user: CurrentUser,
+    users: web::Data<Addr<UsersActor>>,
+) -> impl Responder {
+    users
+        .send(users_actor::Clear2FALoginHistory(user.uid.clone()))
+        .await
+        .unwrap();
+
+    HttpResponse::Ok().body("History successfully cleared")
+}
diff --git a/src/data/user.rs b/src/data/user.rs
index 1394a84..4fe7c17 100644
--- a/src/data/user.rs
+++ b/src/data/user.rs
@@ -313,4 +313,11 @@ impl EntityManager<User> {
             user
         })
     }
+
+    pub fn clear_2fa_login_history(&mut self, id: &UserID) -> bool {
+        self.update_user(id, |mut user| {
+            user.last_successful_2fa = Default::default();
+            user
+        })
+    }
 }
diff --git a/src/main.rs b/src/main.rs
index f642622..4243b19 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -192,6 +192,11 @@ async fn main() -> std::io::Result<()> {
                 "/settings/api/two_factor/delete_factor",
                 web::post().to(two_factor_api::delete_factor),
             )
+            .route(
+                "/settings/api/two_factor/clear_login_history",
+                // Use POST to prevent CSRF
+                web::post().to(two_factor_api::clear_login_history),
+            )
             // Admin routes
             .route(
                 "/admin",
diff --git a/templates/settings/two_factors_page.html b/templates/settings/two_factors_page.html
index 87ea375..f7a34cc 100644
--- a/templates/settings/two_factors_page.html
+++ b/templates/settings/two_factors_page.html
@@ -35,26 +35,31 @@
 </table>
 
 {% if !user.last_successful_2fa.is_empty() %}
-<h5 style="margin-top: 50px">Successful 2FA login history</h5>
-<table class="table table-hover" style="max-width: 800px;" aria-describedby="Factors list">
-    <thead>
-    <tr>
-        <th scope="col">IP address</th>
-        <th scope="col">Date</th>
-        <th scope="col">Bypass 2FA</th>
-    </tr>
-    </thead>
-    <tbody>
-    {% for e in user.get_formatted_2fa_successful_logins() %}
-    <tr>
-        <td>{{ e.ip }}</td>
-        <td>{{ e.fmt_time() }}</td>
-        <td>{% if e.can_bypass_2fa %}YES{% else %}NO{% endif %}</td>
-    </tr>
-    {% endfor %}
-    </tbody>
-</table>
-{% endif %}
+<div id="2fa_history_container">
+    <h5 style="margin-top: 50px">Successful 2FA login history</h5>
+    <p>
+        <a type="button" class="btn btn-danger btn-sm" onclick="clear_login_history()">Clear history</a>
+    </p>
+    <table class="table table-hover" style="max-width: 800px;" aria-describedby="Factors list">
+        <thead>
+        <tr>
+            <th scope="col">IP address</th>
+            <th scope="col">Date</th>
+            <th scope="col">Bypass 2FA</th>
+        </tr>
+        </thead>
+        <tbody>
+        {% for e in user.get_formatted_2fa_successful_logins() %}
+        <tr>
+            <td>{{ e.ip }}</td>
+            <td>{{ e.fmt_time() }}</td>
+            <td>{% if e.can_bypass_2fa %}YES{% else %}NO{% endif %}</td>
+        </tr>
+        {% endfor %}
+        </tbody>
+    </table>
+    {% endif %}
+</div>
 
 <script>
     async function delete_factor(id) {
@@ -83,5 +88,25 @@
         }
     }
 
+    async function clear_login_history() {
+        if (!confirm("Do you really want to clear your 2FA login history?"))
+            return;
+
+        try {
+            const res = await fetch("/settings/api/two_factor/clear_login_history", {
+                method: "post"
+            });
+
+            let text = await res.text();
+            alert(text);
+
+            if (res.status == 200)
+                document.getElementById("2fa_history_container").remove();
+        } catch(e) {
+            console.error(e);
+            alert("Failed to clear 2FA history!");
+        }
+    }
+
 </script>
 {% endblock content %}