From bf3607c737a3805da07848e85ca185f38624a602 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Fri, 12 Mar 2021 01:38:29 +0000
Subject: [PATCH]

---
 ayanova/devdocs/todo.txt            | 15 +-----
 ayanova/src/api/authutil.js         |  2 +
 ayanova/src/store.js                |  3 ++
 ayanova/src/views/home-security.vue | 22 ++++++--
 ayanova/src/views/login.vue         | 84 +++++++++++++++++------------
 5 files changed, 74 insertions(+), 52 deletions(-)

diff --git a/ayanova/devdocs/todo.txt b/ayanova/devdocs/todo.txt
index 9b2ae2d7..9573a97e 100644
--- a/ayanova/devdocs/todo.txt
+++ b/ayanova/devdocs/todo.txt
@@ -192,21 +192,7 @@ todo: 2fa is going to be an absolute must have pretty soon, look into what's inv
 	https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3395
 
 	Process:
-	SIGN UP
-	(copied a bit from digital ocean)
-	User settings has a SECURITY section where control 2fa stuff				
-		user chooses 2fa button to setup, a dialog pops up sends a request to server at which point a secret key for 2fa is generated and stored in the User account
-		and gets back the secret to display in a qr code on screen to searching
-		/auth/setup-totp		 
-		user is redirected to a client form with the qr code displayed for teh secret
-		User gets QR code then displayed to sign up with auth software
-		User has to enter a valid code to save or enable 2fa fully otherwise it's not enabled if they cancel out
-		until the correct code is entered it will not be enabled yet
-		If user moves out of 2fa area without validating then it generates a new secret next time they go In
 
-	DISABLE
-		user goes to user settings->Security and click on disable 2fa button which is only enabled to click when the account has 2fa already enabled
-		this removes the 2fa secret from their account and sets 2fa off.
 	LOGIN
 	User logs in as normal, server checks if they have 2fa enabled
 		if no 2fa enabled then send back token as normal
@@ -215,6 +201,7 @@ todo: 2fa is going to be an absolute must have pretty soon, look into what's inv
 			client sees it's a 2fa and redirects to a page (or login page has a "dialog") to enter 2fa 6 digit code 
 			temp token and 2fa 6 digit code is sent to a /verify route
 			if they match / pass then the normal token is sent back and login proceeds as normal
+			NO TOKEN IS SENT ON 2fa enabled account without pin verification
 
 
 
diff --git a/ayanova/src/api/authutil.js b/ayanova/src/api/authutil.js
index 00a0a686..805a8a1e 100644
--- a/ayanova/src/api/authutil.js
+++ b/ayanova/src/api/authutil.js
@@ -13,6 +13,8 @@ export function processLogin(authResponse, loggedInWithKnownPassword) {
         return reject();
       }
 
+     
+
       //is token present?
       if (!authResponse || !authResponse.token) {
         window.$gz.store.commit(
diff --git a/ayanova/src/store.js b/ayanova/src/store.js
index c56de477..72ba84e8 100644
--- a/ayanova/src/store.js
+++ b/ayanova/src/store.js
@@ -162,6 +162,9 @@ export default new Vuex.Store({
     },
     setNewNotificationCount(state, data) {
       state.newNotificationCount = data;
+    },
+    setTfaEnabled(state, data) {
+      state.tfaEnabled = data;
     }
   },
   actions: {}
diff --git a/ayanova/src/views/home-security.vue b/ayanova/src/views/home-security.vue
index c420f0ba..d70139a5 100644
--- a/ayanova/src/views/home-security.vue
+++ b/ayanova/src/views/home-security.vue
@@ -2,12 +2,26 @@
   <v-row v-if="formState.ready">
     <v-col>
       <v-form ref="form">
+        <button
+          type="submit"
+          disabled
+          style="display: none"
+          aria-hidden="true"
+        ></button>
         <v-row>
           <gz-error :error-box-message="formState.errorBoxMessage"></gz-error>
           <template v-if="tfaEnabled">
-            <v-btn color="accent" text @click="disable()">{{
-              $ay.t("AuthDisableTwoFactor")
-            }}</v-btn>
+            <v-col cols="12">
+              <v-card class="mx-auto my-12" max-width="600">
+                <v-card-title>{{ $ay.t("AuthConnectAppTitle") }}</v-card-title>
+
+                <v-card-text>
+                  <v-btn color="accent" @click="disable()">{{
+                    $ay.t("AuthDisableTwoFactor")
+                  }}</v-btn>
+                </v-card-text>
+              </v-card>
+            </v-col>
           </template>
           <template v-else>
             <v-col cols="12">
@@ -171,6 +185,7 @@ export default {
           vm.formState.serverError = res.error;
           window.$gz.form.setErrorBoxErrors(vm);
         } else {
+          window.$gz.store.commit("setTfaEnabled", false);
           await window.$gz.dialog.displayLTModalNotificationMessage(
             "AuthTwoFactorDisabled"
           );
@@ -205,6 +220,7 @@ export default {
           window.$gz.form.setErrorBoxErrors(vm);
         } else {
           if (res.data.ok == true) {
+            window.$gz.store.commit("setTfaEnabled", true);
             //all ok, 2fa enabled
             await window.$gz.dialog.displayLTModalNotificationMessage(
               "AuthConnectCompleted"
diff --git a/ayanova/src/views/login.vue b/ayanova/src/views/login.vue
index 66cfaed7..878f621d 100644
--- a/ayanova/src/views/login.vue
+++ b/ayanova/src/views/login.vue
@@ -407,44 +407,17 @@ export default {
             // throw new Error(res.error);
             throw new Error(window.$gz.errorHandler.errorToString(res, vm));
           }
-          await processLogin(res.data, loggedInWithKnownPassword);
 
-          //check if support and updates has expired and is paid for license and show warning if so
-          if (
-            vm.$store.state.globalSettings.maintenanceExpired &&
-            (vm.$store.state.globalSettings.licenseStatus == 3 ||
-              vm.$store.state.globalSettings.licenseStatus == 4)
-          ) {
-            (async function() {
-              await window.$gz.dialog.displayLTModalNotificationMessage(
-                "MaintenanceExpiredNote",
-                "MaintenanceExpired",
-                "error",
-                "https://www.ayanova.com/subscriptionexpired.htm"
-              );
-            })();
+          //check for 2fa enabled, if so then need to do one more step before process login can be called
+          if (res.data.tfa) {
+            //prompt for 2fa
+
+            //send 2fa code to server if ok, then proceed as normal
+
+            await this.step2(res, loggedInWithKnownPassword);
           }
 
-          let toPath = vm.$route.params.topath; //set in app.vue::mounted
-          if (toPath != undefined) {
-            //check if it's an open report link and if so
-            //trigger that to open in a new window and continue on to normal home page
-            if (toPath.startsWith("/viewreport")) {
-              (async function() {
-                //open report links have a query string /viewreport?oid=[objectid]&rid=[reportid]
-                let searchParams = new URLSearchParams(vm.$route.params.search);
-                let objectId = parseInt(searchParams.get("oid"));
-                let reportId = parseInt(searchParams.get("rid"));
-                await window.$gz.api.renderReport(objectId, reportId); //objectid,reportid
-              })();
-              vm.$router.push(vm.$store.state.homePage);
-            } else {
-              //otherwise open the url indicated
-              vm.$router.push(vm.$route.params.topath);
-            }
-          } else {
-            vm.$router.push(vm.$store.state.homePage);
-          }
+          await this.step2(res, loggedInWithKnownPassword);
         } catch (error) {
           //bad creds?
           if (
@@ -479,6 +452,47 @@ export default {
           }
         }
       }
+    },
+    async step2(res, loggedInWithKnownPassword) {
+      let vm = this;
+      await processLogin(res.data, loggedInWithKnownPassword);
+
+      //check if support and updates has expired and is paid for license and show warning if so
+      if (
+        vm.$store.state.globalSettings.maintenanceExpired &&
+        (vm.$store.state.globalSettings.licenseStatus == 3 ||
+          vm.$store.state.globalSettings.licenseStatus == 4)
+      ) {
+        (async function() {
+          await window.$gz.dialog.displayLTModalNotificationMessage(
+            "MaintenanceExpiredNote",
+            "MaintenanceExpired",
+            "error",
+            "https://www.ayanova.com/subscriptionexpired.htm"
+          );
+        })();
+      }
+
+      let toPath = vm.$route.params.topath; //set in app.vue::mounted
+      if (toPath != undefined) {
+        //check if it's an open report link and if so
+        //trigger that to open in a new window and continue on to normal home page
+        if (toPath.startsWith("/viewreport")) {
+          (async function() {
+            //open report links have a query string /viewreport?oid=[objectid]&rid=[reportid]
+            let searchParams = new URLSearchParams(vm.$route.params.search);
+            let objectId = parseInt(searchParams.get("oid"));
+            let reportId = parseInt(searchParams.get("rid"));
+            await window.$gz.api.renderReport(objectId, reportId); //objectid,reportid
+          })();
+          vm.$router.push(vm.$store.state.homePage);
+        } else {
+          //otherwise open the url indicated
+          vm.$router.push(vm.$route.params.topath);
+        }
+      } else {
+        vm.$router.push(vm.$store.state.homePage);
+      }
     }
   },
   beforeRouteEnter(to, from, next) {