Display form to enter OTP code

2022-04-19 19:24:07 +02:00
parent c1677071fc
commit ce7118ff81
4 changed files with 75 additions and 2 deletions
--- a/src/controllers/login_controller.rs
+++ b/src/controllers/login_controller.rs
@ -11,7 +11,7 @@ use crate::controllers::base_controller::{FatalErrorPage, redirect_user, redirec
 use crate::data::login_redirect_query::LoginRedirectQuery;
 use crate::data::remote_ip::RemoteIP;
 use crate::data::session_identity::{SessionIdentity, SessionStatus};
-use crate::data::user::{TwoFactor, User};
+use crate::data::user::{FactorID, TwoFactor, User};

 struct BaseLoginPage {
    danger: Option<String>,
@ -42,6 +42,13 @@ struct ChooseSecondFactorTemplate<'a> {
    factors: &'a [TwoFactor],
 }

+#[derive(Template)]
+#[template(path = "login/opt_input.html")]
+struct LoginWithOTPTemplate<'a> {
+    _p: BaseLoginPage,
+    factor: &'a TwoFactor,
+}
+

 #[derive(serde::Deserialize)]
 pub struct LoginRequestBody {
@ -253,4 +260,40 @@ pub async fn choose_2fa_method(id: Identity, query: web::Query<ChooseSecondFacto
            .render()
            .unwrap(),
    )
+}
+
+#[derive(serde::Deserialize)]
+pub struct LoginWithOTPQuery {
+    #[serde(default)]
+    redirect: LoginRedirectQuery,
+    id: FactorID,
+}
+
+
+/// Login with OTP
+pub async fn login_with_otp(id: Identity, query: web::Query<LoginWithOTPQuery>,
+                            users: web::Data<Addr<UsersActor>>) -> impl Responder {
+    if !SessionIdentity(&id).need_2fa_auth() {
+        return redirect_user_for_login(query.redirect.get());
+    }
+
+    let user: User = users.send(users_actor::GetUserRequest(SessionIdentity(&id).user_id()))
+        .await.unwrap().0.expect("Could not find user!");
+
+    let factor = match user.find_factor(&query.id) {
+        Some(f) => f,
+        None => return HttpResponse::Ok()
+            .body(FatalErrorPage { message: "Factor not found!" }.render().unwrap())
+    };
+
+    HttpResponse::Ok().body(LoginWithOTPTemplate {
+        _p: BaseLoginPage {
+            danger: None,
+            success: None,
+            page_title: "Two-Factor Auth",
+            app_name: APP_NAME,
+            redirect_uri: query.redirect.get_encoded(),
+        },
+        factor,
+    }.render().unwrap())
 }