Two factor authentication : TOTP #5

Merged
pierre merged 22 commits from twofactors into master 2022-04-20 07:40:51 +00:00
7 changed files with 82 additions and 3 deletions
Showing only changes of commit 3023771334 - Show all commits

View File

@ -5,3 +5,4 @@ pub mod settings_controller;
pub mod admin_controller; pub mod admin_controller;
pub mod admin_api; pub mod admin_api;
pub mod openid_controller; pub mod openid_controller;
pub mod two_factors_controller;

View File

@ -108,7 +108,6 @@ pub async fn change_password_route(user: CurrentUser,
} }
} }
HttpResponse::Ok() HttpResponse::Ok()
.body(ChangePasswordPage { .body(ChangePasswordPage {
_p: BaseSettingsPage::get("Change password", &user, danger, success), _p: BaseSettingsPage::get("Change password", &user, danger, success),

View File

@ -0,0 +1,48 @@
use std::ops::Deref;
use actix_web::{HttpResponse, Responder};
use askama::Template;
use crate::controllers::settings_controller::BaseSettingsPage;
use crate::data::current_user::CurrentUser;
use crate::data::user::User;
#[derive(Template)]
#[template(path = "settings/two_factors_page.html")]
struct TwoFactorsPage<'a> {
_p: BaseSettingsPage,
user: &'a User,
}
#[derive(Template)]
#[template(path = "settings/add_2fa_totp_page.html")]
struct AddTotpPage {
_p: BaseSettingsPage,
}
/// Manage two factors authentication methods route
pub async fn two_factors_route(user: CurrentUser) -> impl Responder {
HttpResponse::Ok()
.body(TwoFactorsPage {
_p: BaseSettingsPage::get(
"Two factors auth",
&user,
None,
None),
user: user.deref(),
}.render().unwrap())
}
/// Configure a new TOTP authentication factor
pub async fn add_totp_factor_route(user: CurrentUser) -> impl Responder {
HttpResponse::Ok()
.body(AddTotpPage {
_p: BaseSettingsPage::get(
"Configure new TOTP factor",
&user,
None,
None),
}.render().unwrap())
}

View File

@ -118,6 +118,8 @@ async fn main() -> std::io::Result<()> {
.route("/settings", web::get().to(settings_controller::account_settings_details_route)) .route("/settings", web::get().to(settings_controller::account_settings_details_route))
.route("/settings/change_password", web::get().to(settings_controller::change_password_route)) .route("/settings/change_password", web::get().to(settings_controller::change_password_route))
.route("/settings/change_password", web::post().to(settings_controller::change_password_route)) .route("/settings/change_password", web::post().to(settings_controller::change_password_route))
.route("/settings/two_factors", web::get().to(two_factors_controller::two_factors_route))
.route("settings/two_factors/add_totp", web::get().to(two_factors_controller::add_totp_factor_route))
// Admin routes // Admin routes
.route("/admin", web::get() .route("/admin", web::get()

View File

@ -0,0 +1,6 @@
{% extends "base_settings_page.html" %}
{% block content %}
TODO : show a form to add a new TOTP password
{% endblock content %}

View File

@ -26,6 +26,11 @@
Change password Change password
</a> </a>
</li> </li>
<li>
<a href="/settings/two_factors" class="nav-link link-dark">
Two-factor authentication
</a>
</li>
{% if _p.is_admin %} {% if _p.is_admin %}
<hr/> <hr/>

View File

@ -0,0 +1,18 @@
{% extends "base_settings_page.html" %}
{% block content %}
<div class="alert alert-dismissible alert-warning">
<h4 class="alert-heading">Warning!</h4>
<p class="mb-0">Once a new factor has been added to your account, you can not access
your account anymore using only your password. If you remove all your second factors,
2 Factor Authentication is automatically disabled for your account.</p>
</div>
<p>
<a href="/settings/two_factors/add_totp" type="button" class="btn btn-primary">Add One Time Password (OTP) factor</a>
</p>
TODO : show the list of currently registered 2 factors methods
{% endblock content %}