port 2fa to scalatags
parent
3c4bcf97be
commit
4fdd6280fe
|
@ -186,11 +186,11 @@ object Account extends LilaController {
|
|||
def twoFactor = Auth { implicit ctx => me =>
|
||||
if (me.totpSecret.isDefined)
|
||||
Env.security.forms.disableTwoFactor(me) map { form =>
|
||||
html.account.disableTwoFactor(me, form)
|
||||
html.account.twoFactor.disable(me, form)
|
||||
}
|
||||
else
|
||||
Env.security.forms.setupTwoFactor(me) map { form =>
|
||||
html.account.setupTwoFactor(me, form)
|
||||
html.account.twoFactor.setup(me, form)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -200,7 +200,7 @@ object Account extends LilaController {
|
|||
val currentSessionId = ~Env.security.api.reqSessionId(ctx.req)
|
||||
Env.security.forms.setupTwoFactor(me) flatMap { form =>
|
||||
FormFuResult(form) { err =>
|
||||
fuccess(html.account.setupTwoFactor(me, err))
|
||||
fuccess(html.account.twoFactor.setup(me, err))
|
||||
} { data =>
|
||||
UserRepo.setupTwoFactor(me.id, TotpSecret(data.secret)) >>
|
||||
lila.security.Store.closeUserExceptSessionId(me.id, currentSessionId) inject
|
||||
|
@ -215,7 +215,7 @@ object Account extends LilaController {
|
|||
implicit val req = ctx.body
|
||||
Env.security.forms.disableTwoFactor(me) flatMap { form =>
|
||||
FormFuResult(form) { err =>
|
||||
fuccess(html.account.disableTwoFactor(me, err))
|
||||
fuccess(html.account.twoFactor.disable(me, err))
|
||||
} { _ =>
|
||||
UserRepo.disableTwoFactor(me.id) inject Redirect(routes.Account.twoFactor)
|
||||
}
|
||||
|
|
|
@ -1,18 +0,0 @@
|
|||
@(u: User, form: Form[_])(implicit ctx: Context)
|
||||
@import lila.app.ui.ScalatagsTwirlForm._
|
||||
|
||||
@account.layout(
|
||||
title = s"${u.username} - Two-factor authentication",
|
||||
active = "twofactor",
|
||||
evenMoreCss = cssTag("form3.css")) {
|
||||
<div class="content_box small_box high twofactor">
|
||||
<h1 class="lichess_title"><i data-icon="E" class="is-green"></i> Two-factor authentication enabled</h1>
|
||||
<p class="explanation">Your account is protected with two-factor authentication.</p>
|
||||
<form class="form3" action="@routes.Account.disableTwoFactor" method="POST">
|
||||
<p class="explanation">You need your password and an authentication code from your authenticator app to disable two-factor authentication.</p>
|
||||
@form3.password(form("passwd"), trans.password.frag()).toHtml
|
||||
@form3.group(form("token"), raw("Authentication code"))(form3.input(_)(*.pattern := "[0-9]{6}", *.autocomplete := "off"))
|
||||
@form3.actionHtml(form3.submit(raw("Disable two-factor authentication"), icon = None))
|
||||
</form>
|
||||
</div>
|
||||
}.toHtml
|
|
@ -1,31 +0,0 @@
|
|||
@(u: User, form: Form[_])(implicit ctx: Context)
|
||||
@import lila.app.ui.ScalatagsTwirlForm._
|
||||
|
||||
@moreJs = {
|
||||
@jsAt("javascripts/vendor/qrcode.min.js")
|
||||
@jsTag("twofactor.form.js")
|
||||
}
|
||||
|
||||
@account.layout(
|
||||
title = s"${u.username} - Two-factor authentication",
|
||||
active = "twofactor",
|
||||
evenMoreCss = cssTag("form3.css"),
|
||||
evenMoreJs = moreJs) {
|
||||
<div class="content_box small_box high twofactor">
|
||||
<h1 class="lichess_title">Setup two-factor authentication</h1>
|
||||
<form class="form3" action="@routes.Account.setupTwoFactor" method="POST">
|
||||
<div class="form-group">Two-factor authentication adds another layer of security to your account.</div>
|
||||
<div class="form-group">Get an app for two-factor authentication, for example Google Authenticator for <a class="blue" href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2">Android</a> or <a class="blue" href="https://itunes.apple.com/app/google-authenticator/id388497605?mt=8">iOS.</a></div>
|
||||
<div class="form-group">Scan the QR code with the app.</div>
|
||||
<div style="width: 276px; height: 275px; padding: 10px; background: white; margin: 2em auto;">
|
||||
<div id="qrcode" style="width: 256px; height: 256px;"></div>
|
||||
</div>
|
||||
<div class="form-group explanation">Enter your password and the authentication code generated by the app to complete the setup. You will need an authentication code every time you log in.</div>
|
||||
@form3.hidden(form("secret"))
|
||||
@form3.password(form("passwd"), trans.password.frag()).toHtml
|
||||
@form3.group(form("token"), raw("Authentication code"))(form3.input(_)(*.pattern := "[0-9]{6}", *.autocomplete := "off"))
|
||||
@form3.globalError(form)
|
||||
@form3.actionHtml(form3.submit(raw("Enable two-factor authentication")))
|
||||
</form>
|
||||
</div>
|
||||
}.toHtml
|
|
@ -0,0 +1,61 @@
|
|||
package views.html
|
||||
package account
|
||||
|
||||
import lila.api.Context
|
||||
import lila.app.templating.Environment._
|
||||
import lila.app.ui.ScalatagsTemplate._
|
||||
|
||||
import controllers.routes
|
||||
|
||||
object twoFactor {
|
||||
|
||||
private val qrCode = raw("""<div style="width: 276px; height: 275px; padding: 10px; background: white; margin: 2em auto;"><div id="qrcode" style="width: 256px; height: 256px;"></div></div>""")
|
||||
|
||||
def setup(u: lila.user.User, form: play.api.data.Form[_])(implicit ctx: Context) = account.layout(
|
||||
title = s"${u.username} - Two-factor authentication",
|
||||
active = "twofactor",
|
||||
evenMoreCss = cssTag("form3.css"),
|
||||
evenMoreJs = frag(
|
||||
jsAt("javascripts/vendor/qrcode.min.js"),
|
||||
jsTag("twofactor.form.js")
|
||||
)
|
||||
) {
|
||||
div(cls := "content_box small_box high twofactor")(
|
||||
h1(cls := "lichess_title")("Setup two-factor authentication"),
|
||||
st.form(cls := "form3", action := routes.Account.setupTwoFactor, method := "POST")(
|
||||
div(cls := "form-group")("Two-factor authentication adds another layer of security to your account."),
|
||||
div(cls := "form-group")(
|
||||
raw("""Get an app for two-factor authentication, for example Google Authenticator for <a class="blue" href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2">Android</a> or <a class="blue" href="https://itunes.apple.com/app/google-authenticator/id388497605?mt=8">iOS.</a>""")
|
||||
),
|
||||
div(cls := "form-group")("Scan the QR code with the app."),
|
||||
qrCode,
|
||||
div(cls := "form-group explanation")("Enter your password and the authentication code generated by the app to complete the setup. You will need an authentication code every time you log in."),
|
||||
form3.hidden(form("secret")),
|
||||
form3.password(form("passwd"), trans.password.frag()),
|
||||
form3.group(form("token"), raw("Authentication code"))(form3.input(_)(pattern := "[0-9]{6}", autocomplete := "off", required := "")),
|
||||
form3.globalError(form),
|
||||
form3.actionHtml(form3.submit(raw("Enable two-factor authentication")))
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
def disable(u: lila.user.User, form: play.api.data.Form[_])(implicit ctx: Context) = account.layout(
|
||||
title = s"${u.username} - Two-factor authentication",
|
||||
active = "twofactor",
|
||||
evenMoreCss = cssTag("form3.css")
|
||||
) {
|
||||
div(cls := "content_box small_box high twofactor")(
|
||||
h1(cls := "lichess_title")(
|
||||
raw("""<i data-icon="E" class="is-green"></i> """),
|
||||
"Two-factor authentication enabled"
|
||||
),
|
||||
p(cls := "explanation")("Your account is protected with two-factor authentication."),
|
||||
st.form(cls := "form3", action := routes.Account.disableTwoFactor, method := "POST")(
|
||||
p(cls := "explanation")("You need your password and an authentication code from your authenticator app to disable two-factor authentication."),
|
||||
form3.password(form("passwd"), trans.password.frag()),
|
||||
form3.group(form("token"), raw("Authentication code"))(form3.input(_)(pattern := "[0-9]{6}", autocomplete := "off", required := "")),
|
||||
form3.actionHtml(form3.submit(raw("Disable two-factor authentication"), icon = None))
|
||||
)
|
||||
)
|
||||
}
|
||||
}
|
|
@ -133,7 +133,7 @@ final class DataForm(
|
|||
def disableTwoFactor(u: User) = authenticator loginCandidate u map { candidate =>
|
||||
Form(tuple(
|
||||
"passwd" -> passwordMapping(candidate),
|
||||
"token" -> text.verifying("invalidAuthenticationToken", t => u.totpSecret.??(_.verify(TotpToken(t))))
|
||||
"token" -> text.verifying("invalidAuthenticationCode", t => u.totpSecret.??(_.verify(TotpToken(t))))
|
||||
))
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue