This commit is contained in:
@@ -192,21 +192,7 @@ todo: 2fa is going to be an absolute must have pretty soon, look into what's inv
|
||||
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3395
|
||||
|
||||
Process:
|
||||
SIGN UP
|
||||
(copied a bit from digital ocean)
|
||||
User settings has a SECURITY section where control 2fa stuff
|
||||
user chooses 2fa button to setup, a dialog pops up sends a request to server at which point a secret key for 2fa is generated and stored in the User account
|
||||
and gets back the secret to display in a qr code on screen to searching
|
||||
/auth/setup-totp
|
||||
user is redirected to a client form with the qr code displayed for teh secret
|
||||
User gets QR code then displayed to sign up with auth software
|
||||
User has to enter a valid code to save or enable 2fa fully otherwise it's not enabled if they cancel out
|
||||
until the correct code is entered it will not be enabled yet
|
||||
If user moves out of 2fa area without validating then it generates a new secret next time they go In
|
||||
|
||||
DISABLE
|
||||
user goes to user settings->Security and click on disable 2fa button which is only enabled to click when the account has 2fa already enabled
|
||||
this removes the 2fa secret from their account and sets 2fa off.
|
||||
LOGIN
|
||||
User logs in as normal, server checks if they have 2fa enabled
|
||||
if no 2fa enabled then send back token as normal
|
||||
@@ -215,6 +201,7 @@ todo: 2fa is going to be an absolute must have pretty soon, look into what's inv
|
||||
client sees it's a 2fa and redirects to a page (or login page has a "dialog") to enter 2fa 6 digit code
|
||||
temp token and 2fa 6 digit code is sent to a /verify route
|
||||
if they match / pass then the normal token is sent back and login proceeds as normal
|
||||
NO TOKEN IS SENT ON 2fa enabled account without pin verification
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -13,6 +13,8 @@ export function processLogin(authResponse, loggedInWithKnownPassword) {
|
||||
return reject();
|
||||
}
|
||||
|
||||
|
||||
|
||||
//is token present?
|
||||
if (!authResponse || !authResponse.token) {
|
||||
window.$gz.store.commit(
|
||||
|
||||
@@ -162,6 +162,9 @@ export default new Vuex.Store({
|
||||
},
|
||||
setNewNotificationCount(state, data) {
|
||||
state.newNotificationCount = data;
|
||||
},
|
||||
setTfaEnabled(state, data) {
|
||||
state.tfaEnabled = data;
|
||||
}
|
||||
},
|
||||
actions: {}
|
||||
|
||||
@@ -2,12 +2,26 @@
|
||||
<v-row v-if="formState.ready">
|
||||
<v-col>
|
||||
<v-form ref="form">
|
||||
<button
|
||||
type="submit"
|
||||
disabled
|
||||
style="display: none"
|
||||
aria-hidden="true"
|
||||
></button>
|
||||
<v-row>
|
||||
<gz-error :error-box-message="formState.errorBoxMessage"></gz-error>
|
||||
<template v-if="tfaEnabled">
|
||||
<v-btn color="accent" text @click="disable()">{{
|
||||
$ay.t("AuthDisableTwoFactor")
|
||||
}}</v-btn>
|
||||
<v-col cols="12">
|
||||
<v-card class="mx-auto my-12" max-width="600">
|
||||
<v-card-title>{{ $ay.t("AuthConnectAppTitle") }}</v-card-title>
|
||||
|
||||
<v-card-text>
|
||||
<v-btn color="accent" @click="disable()">{{
|
||||
$ay.t("AuthDisableTwoFactor")
|
||||
}}</v-btn>
|
||||
</v-card-text>
|
||||
</v-card>
|
||||
</v-col>
|
||||
</template>
|
||||
<template v-else>
|
||||
<v-col cols="12">
|
||||
@@ -171,6 +185,7 @@ export default {
|
||||
vm.formState.serverError = res.error;
|
||||
window.$gz.form.setErrorBoxErrors(vm);
|
||||
} else {
|
||||
window.$gz.store.commit("setTfaEnabled", false);
|
||||
await window.$gz.dialog.displayLTModalNotificationMessage(
|
||||
"AuthTwoFactorDisabled"
|
||||
);
|
||||
@@ -205,6 +220,7 @@ export default {
|
||||
window.$gz.form.setErrorBoxErrors(vm);
|
||||
} else {
|
||||
if (res.data.ok == true) {
|
||||
window.$gz.store.commit("setTfaEnabled", true);
|
||||
//all ok, 2fa enabled
|
||||
await window.$gz.dialog.displayLTModalNotificationMessage(
|
||||
"AuthConnectCompleted"
|
||||
|
||||
@@ -407,44 +407,17 @@ export default {
|
||||
// throw new Error(res.error);
|
||||
throw new Error(window.$gz.errorHandler.errorToString(res, vm));
|
||||
}
|
||||
await processLogin(res.data, loggedInWithKnownPassword);
|
||||
|
||||
//check if support and updates has expired and is paid for license and show warning if so
|
||||
if (
|
||||
vm.$store.state.globalSettings.maintenanceExpired &&
|
||||
(vm.$store.state.globalSettings.licenseStatus == 3 ||
|
||||
vm.$store.state.globalSettings.licenseStatus == 4)
|
||||
) {
|
||||
(async function() {
|
||||
await window.$gz.dialog.displayLTModalNotificationMessage(
|
||||
"MaintenanceExpiredNote",
|
||||
"MaintenanceExpired",
|
||||
"error",
|
||||
"https://www.ayanova.com/subscriptionexpired.htm"
|
||||
);
|
||||
})();
|
||||
//check for 2fa enabled, if so then need to do one more step before process login can be called
|
||||
if (res.data.tfa) {
|
||||
//prompt for 2fa
|
||||
|
||||
//send 2fa code to server if ok, then proceed as normal
|
||||
|
||||
await this.step2(res, loggedInWithKnownPassword);
|
||||
}
|
||||
|
||||
let toPath = vm.$route.params.topath; //set in app.vue::mounted
|
||||
if (toPath != undefined) {
|
||||
//check if it's an open report link and if so
|
||||
//trigger that to open in a new window and continue on to normal home page
|
||||
if (toPath.startsWith("/viewreport")) {
|
||||
(async function() {
|
||||
//open report links have a query string /viewreport?oid=[objectid]&rid=[reportid]
|
||||
let searchParams = new URLSearchParams(vm.$route.params.search);
|
||||
let objectId = parseInt(searchParams.get("oid"));
|
||||
let reportId = parseInt(searchParams.get("rid"));
|
||||
await window.$gz.api.renderReport(objectId, reportId); //objectid,reportid
|
||||
})();
|
||||
vm.$router.push(vm.$store.state.homePage);
|
||||
} else {
|
||||
//otherwise open the url indicated
|
||||
vm.$router.push(vm.$route.params.topath);
|
||||
}
|
||||
} else {
|
||||
vm.$router.push(vm.$store.state.homePage);
|
||||
}
|
||||
await this.step2(res, loggedInWithKnownPassword);
|
||||
} catch (error) {
|
||||
//bad creds?
|
||||
if (
|
||||
@@ -479,6 +452,47 @@ export default {
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
async step2(res, loggedInWithKnownPassword) {
|
||||
let vm = this;
|
||||
await processLogin(res.data, loggedInWithKnownPassword);
|
||||
|
||||
//check if support and updates has expired and is paid for license and show warning if so
|
||||
if (
|
||||
vm.$store.state.globalSettings.maintenanceExpired &&
|
||||
(vm.$store.state.globalSettings.licenseStatus == 3 ||
|
||||
vm.$store.state.globalSettings.licenseStatus == 4)
|
||||
) {
|
||||
(async function() {
|
||||
await window.$gz.dialog.displayLTModalNotificationMessage(
|
||||
"MaintenanceExpiredNote",
|
||||
"MaintenanceExpired",
|
||||
"error",
|
||||
"https://www.ayanova.com/subscriptionexpired.htm"
|
||||
);
|
||||
})();
|
||||
}
|
||||
|
||||
let toPath = vm.$route.params.topath; //set in app.vue::mounted
|
||||
if (toPath != undefined) {
|
||||
//check if it's an open report link and if so
|
||||
//trigger that to open in a new window and continue on to normal home page
|
||||
if (toPath.startsWith("/viewreport")) {
|
||||
(async function() {
|
||||
//open report links have a query string /viewreport?oid=[objectid]&rid=[reportid]
|
||||
let searchParams = new URLSearchParams(vm.$route.params.search);
|
||||
let objectId = parseInt(searchParams.get("oid"));
|
||||
let reportId = parseInt(searchParams.get("rid"));
|
||||
await window.$gz.api.renderReport(objectId, reportId); //objectid,reportid
|
||||
})();
|
||||
vm.$router.push(vm.$store.state.homePage);
|
||||
} else {
|
||||
//otherwise open the url indicated
|
||||
vm.$router.push(vm.$route.params.topath);
|
||||
}
|
||||
} else {
|
||||
vm.$router.push(vm.$store.state.homePage);
|
||||
}
|
||||
}
|
||||
},
|
||||
beforeRouteEnter(to, from, next) {
|
||||
|
||||
Reference in New Issue
Block a user