improve 2fa feedback

2018-05-06 19:29:13 +02:00 · 2018-05-06 19:29:13 +02:00 · d014095998
parent a083be6c2c
commit d014095998
3 changed files with 19 additions and 12 deletions
--- a/app/controllers/Auth.scala
+++ b/app/controllers/Auth.scala
@ -71,6 +71,8 @@ object Auth extends LilaController {
    Ok(html.auth.login(api.loginForm, referrer)).fuccess
  }

+  private val is2fa = Set("MissingTotpToken", "InvalidTotpToken")
+
  def authenticate = OpenBody { implicit ctx =>
    Firewall {
      implicit val req = ctx.body
@ -88,7 +90,7 @@ object Auth extends LilaController {
                negotiate(
                  html = fuccess {
                    err.errors match {
-                      case List(play.api.data.FormError("", List("MissingTotpToken" | "InvalidTotpToken"), _)) => Ok("2fa")
+                      case List(play.api.data.FormError("", List(err), _)) if is2fa(err) => Ok(err)
                      case _ => Unauthorized(html.auth.login(err, referrer))
                    }
                  },
@ -101,7 +103,7 @@ object Auth extends LilaController {
                  UserRepo.email(u.id) foreach {
                    _ foreach { garbageCollect(u, _) }
                  }
-                  authenticateUser(u, Some(redirectTo => Ok(redirectTo)))
+                  authenticateUser(u, Some(redirectTo => Ok(s"ok:$redirectTo")))
              }
            )
          }
--- a/app/views/auth/login.scala.html
+++ b/app/views/auth/login.scala.html
@ -13,14 +13,17 @@ moreJs = jsTag("login.js")) {
          @auth.formFields(form("username"), form("password"), none, register = false)
        </ul>
      </div>
-      <ul class="two-factor none">
-        @defining(form("token")) { field =>
-        <li class="token">
-          <label for="@field.name">2FA Token</label>
-          <input type="text" id="@field.name" name="@field.name" />
-        </li>
-        }
-      </ul>
+      <div class="two-factor none">
+        <p class="error none">Invalid token.</p>
+        <ul>
+          @defining(form("token")) { field =>
+          <li class="token">
+            <label for="@field.name">2FA Token</label>
+            <input type="text" id="@field.name" name="@field.name" />
+          </li>
+          }
+        </ul>
+      </div>
      <button type="submit" class="submit button" data-icon="F"> @trans.signIn()</button>
    </form>
  </div>
--- a/public/javascripts/login.js
+++ b/public/javascripts/login.js
@ -14,13 +14,15 @@ function load($f) {
        token: $f.find('.token input').val()
      },
      success: function(res) {
-        if (res === '2fa') {
+        if (res === 'MissingTotpToken' || res === 'InvalidTotpToken') {
          $f.find('.one-factor').hide();
          $f.find('.two-factor').show();
          $f.find('.token input').val('');
          $f.find('.submit').attr('disabled', false);
+          if (res === 'InvalidTotpToken') $f.find('.two-factor .error').show();
        }
-        else lichess.redirect(res);
+        else if (res.indexOf('ok:') === 0) lichess.redirect(res.substr(3));
+        else alert(res);
      },
      error: function(err) {
        $f.replaceWith($(err.responseText).find('form.login'));