This commit is contained in:
2021-03-12 01:38:29 +00:00
parent 2913c32eeb
commit bf3607c737
5 changed files with 74 additions and 52 deletions

View File

@@ -192,21 +192,7 @@ todo: 2fa is going to be an absolute must have pretty soon, look into what's inv
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3395 https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3395
Process: Process:
SIGN UP
(copied a bit from digital ocean)
User settings has a SECURITY section where control 2fa stuff
user chooses 2fa button to setup, a dialog pops up sends a request to server at which point a secret key for 2fa is generated and stored in the User account
and gets back the secret to display in a qr code on screen to searching
/auth/setup-totp
user is redirected to a client form with the qr code displayed for teh secret
User gets QR code then displayed to sign up with auth software
User has to enter a valid code to save or enable 2fa fully otherwise it's not enabled if they cancel out
until the correct code is entered it will not be enabled yet
If user moves out of 2fa area without validating then it generates a new secret next time they go In
DISABLE
user goes to user settings->Security and click on disable 2fa button which is only enabled to click when the account has 2fa already enabled
this removes the 2fa secret from their account and sets 2fa off.
LOGIN LOGIN
User logs in as normal, server checks if they have 2fa enabled User logs in as normal, server checks if they have 2fa enabled
if no 2fa enabled then send back token as normal if no 2fa enabled then send back token as normal
@@ -215,6 +201,7 @@ todo: 2fa is going to be an absolute must have pretty soon, look into what's inv
client sees it's a 2fa and redirects to a page (or login page has a "dialog") to enter 2fa 6 digit code client sees it's a 2fa and redirects to a page (or login page has a "dialog") to enter 2fa 6 digit code
temp token and 2fa 6 digit code is sent to a /verify route temp token and 2fa 6 digit code is sent to a /verify route
if they match / pass then the normal token is sent back and login proceeds as normal if they match / pass then the normal token is sent back and login proceeds as normal
NO TOKEN IS SENT ON 2fa enabled account without pin verification

View File

@@ -13,6 +13,8 @@ export function processLogin(authResponse, loggedInWithKnownPassword) {
return reject(); return reject();
} }
//is token present? //is token present?
if (!authResponse || !authResponse.token) { if (!authResponse || !authResponse.token) {
window.$gz.store.commit( window.$gz.store.commit(

View File

@@ -162,6 +162,9 @@ export default new Vuex.Store({
}, },
setNewNotificationCount(state, data) { setNewNotificationCount(state, data) {
state.newNotificationCount = data; state.newNotificationCount = data;
},
setTfaEnabled(state, data) {
state.tfaEnabled = data;
} }
}, },
actions: {} actions: {}

View File

@@ -2,12 +2,26 @@
<v-row v-if="formState.ready"> <v-row v-if="formState.ready">
<v-col> <v-col>
<v-form ref="form"> <v-form ref="form">
<button
type="submit"
disabled
style="display: none"
aria-hidden="true"
></button>
<v-row> <v-row>
<gz-error :error-box-message="formState.errorBoxMessage"></gz-error> <gz-error :error-box-message="formState.errorBoxMessage"></gz-error>
<template v-if="tfaEnabled"> <template v-if="tfaEnabled">
<v-btn color="accent" text @click="disable()">{{ <v-col cols="12">
<v-card class="mx-auto my-12" max-width="600">
<v-card-title>{{ $ay.t("AuthConnectAppTitle") }}</v-card-title>
<v-card-text>
<v-btn color="accent" @click="disable()">{{
$ay.t("AuthDisableTwoFactor") $ay.t("AuthDisableTwoFactor")
}}</v-btn> }}</v-btn>
</v-card-text>
</v-card>
</v-col>
</template> </template>
<template v-else> <template v-else>
<v-col cols="12"> <v-col cols="12">
@@ -171,6 +185,7 @@ export default {
vm.formState.serverError = res.error; vm.formState.serverError = res.error;
window.$gz.form.setErrorBoxErrors(vm); window.$gz.form.setErrorBoxErrors(vm);
} else { } else {
window.$gz.store.commit("setTfaEnabled", false);
await window.$gz.dialog.displayLTModalNotificationMessage( await window.$gz.dialog.displayLTModalNotificationMessage(
"AuthTwoFactorDisabled" "AuthTwoFactorDisabled"
); );
@@ -205,6 +220,7 @@ export default {
window.$gz.form.setErrorBoxErrors(vm); window.$gz.form.setErrorBoxErrors(vm);
} else { } else {
if (res.data.ok == true) { if (res.data.ok == true) {
window.$gz.store.commit("setTfaEnabled", true);
//all ok, 2fa enabled //all ok, 2fa enabled
await window.$gz.dialog.displayLTModalNotificationMessage( await window.$gz.dialog.displayLTModalNotificationMessage(
"AuthConnectCompleted" "AuthConnectCompleted"

View File

@@ -407,6 +407,54 @@ export default {
// throw new Error(res.error); // throw new Error(res.error);
throw new Error(window.$gz.errorHandler.errorToString(res, vm)); throw new Error(window.$gz.errorHandler.errorToString(res, vm));
} }
//check for 2fa enabled, if so then need to do one more step before process login can be called
if (res.data.tfa) {
//prompt for 2fa
//send 2fa code to server if ok, then proceed as normal
await this.step2(res, loggedInWithKnownPassword);
}
await this.step2(res, loggedInWithKnownPassword);
} catch (error) {
//bad creds?
if (
error.message &&
error.message.includes("ErrorUserNotAuthenticated")
) {
vm.errorBadCreds = true;
return;
}
//server closed by server state setting?
if (error.code == 2000 || error.code == 2001 || error.code == 2006) {
vm.formState.errorBoxMessage = error.message;
return;
}
//probably here because server unresponsive.
if (error.message) {
let msg = error.message;
if (
msg.includes("NetworkError") ||
msg.includes("Failed to fetch")
) {
msg =
"Could not connect to AyaNova server at " +
window.$gz.api.APIUrl("") +
"\r\nError: " +
error.message;
}
//this just makes the error a little cleaner to remove the extraneous typeerror
msg = msg.replace(" TypeError:", "");
vm.formState.errorBoxMessage = msg;
return;
}
}
}
},
async step2(res, loggedInWithKnownPassword) {
let vm = this;
await processLogin(res.data, loggedInWithKnownPassword); await processLogin(res.data, loggedInWithKnownPassword);
//check if support and updates has expired and is paid for license and show warning if so //check if support and updates has expired and is paid for license and show warning if so
@@ -445,40 +493,6 @@ export default {
} else { } else {
vm.$router.push(vm.$store.state.homePage); vm.$router.push(vm.$store.state.homePage);
} }
} catch (error) {
//bad creds?
if (
error.message &&
error.message.includes("ErrorUserNotAuthenticated")
) {
vm.errorBadCreds = true;
return;
}
//server closed by server state setting?
if (error.code == 2000 || error.code == 2001 || error.code == 2006) {
vm.formState.errorBoxMessage = error.message;
return;
}
//probably here because server unresponsive.
if (error.message) {
let msg = error.message;
if (
msg.includes("NetworkError") ||
msg.includes("Failed to fetch")
) {
msg =
"Could not connect to AyaNova server at " +
window.$gz.api.APIUrl("") +
"\r\nError: " +
error.message;
}
//this just makes the error a little cleaner to remove the extraneous typeerror
msg = msg.replace(" TypeError:", "");
vm.formState.errorBoxMessage = msg;
return;
}
}
}
} }
}, },
beforeRouteEnter(to, from, next) { beforeRouteEnter(to, from, next) {