mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2025-04-04 00:17:06 +00:00
Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp
This commit is contained in:
downtownallday
commit
042e8b4a56
@ -1714,28 +1714,34 @@ paths:
|
|||||||
200:
|
200:
|
||||||
description: Successful operation
|
description: Successful operation
|
||||||
content:
|
content:
|
||||||
application/json:
|
text/html:
|
||||||
schema:
|
schema:
|
||||||
$ref: '#/components/schemas/MfaEnableSuccessResponse'
|
$ref: '#/components/schemas/MfaEnableSuccessResponse'
|
||||||
400:
|
400:
|
||||||
description: Bad request
|
description: Bad request
|
||||||
content:
|
content:
|
||||||
application/json:
|
text/html:
|
||||||
schema:
|
schema:
|
||||||
$ref: '#/components/schemas/MfaEnableBadRequestResponse'
|
type: string
|
||||||
403:
|
403:
|
||||||
description: Forbidden
|
description: Forbidden
|
||||||
content:
|
content:
|
||||||
text/html:
|
text/html:
|
||||||
schema:
|
schema:
|
||||||
type: string
|
type: string
|
||||||
/mfa/totp/disable:
|
/mfa/disable:
|
||||||
post:
|
post:
|
||||||
tags:
|
tags:
|
||||||
- MFA
|
- MFA
|
||||||
summary: Disable TOTP authentication
|
summary: Disable multi-factor authentication
|
||||||
description: Disable TOTP authentication for the currently logged-in admin user
|
description: Disables multi-factor authentication for the currently logged-in admin user. Either disables all multi-factor authentication methods or the method corresponding to the optional property `mfa_id`
|
||||||
operationId: mfaTotpDisable
|
operationId: mfaTotpDisable
|
||||||
|
requestBody:
|
||||||
|
required: false
|
||||||
|
content:
|
||||||
|
application/x-www-form-urlencoded:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/MfaDisableRequest'
|
||||||
x-codeSamples:
|
x-codeSamples:
|
||||||
- lang: curl
|
- lang: curl
|
||||||
source: |
|
source: |
|
||||||
@ -1745,7 +1751,7 @@ paths:
|
|||||||
200:
|
200:
|
||||||
description: Successful operation
|
description: Successful operation
|
||||||
content:
|
content:
|
||||||
application/json:
|
text/html:
|
||||||
schema:
|
schema:
|
||||||
$ref: '#/components/schemas/MfaDisableSuccessResponse'
|
$ref: '#/components/schemas/MfaDisableSuccessResponse'
|
||||||
403:
|
403:
|
||||||
@ -2624,16 +2630,29 @@ components:
|
|||||||
MfaStatusResponse:
|
MfaStatusResponse:
|
||||||
type: object
|
type: object
|
||||||
properties:
|
properties:
|
||||||
type:
|
enabled_mfa:
|
||||||
type: string
|
type: object
|
||||||
example: totp
|
properties:
|
||||||
nullable: true
|
id:
|
||||||
totp_secret:
|
type: string
|
||||||
type: string
|
type:
|
||||||
nullable: true
|
type: string
|
||||||
totp_qr:
|
secret:
|
||||||
type: string
|
type: string
|
||||||
|
mru_token:
|
||||||
|
type: string
|
||||||
|
label:
|
||||||
|
type: string
|
||||||
nullable: true
|
nullable: true
|
||||||
|
new_mfa:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
type:
|
||||||
|
type: string
|
||||||
|
secret:
|
||||||
|
type: string
|
||||||
|
qr_code_base64:
|
||||||
|
type: string
|
||||||
MfaEnableRequest:
|
MfaEnableRequest:
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
@ -2644,8 +2663,10 @@ components:
|
|||||||
type: string
|
type: string
|
||||||
code:
|
code:
|
||||||
type: string
|
type: string
|
||||||
|
label:
|
||||||
|
type: string
|
||||||
MfaEnableSuccessResponse:
|
MfaEnableSuccessResponse:
|
||||||
type: object
|
type: string
|
||||||
MfaEnableBadRequestResponse:
|
MfaEnableBadRequestResponse:
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
@ -2653,5 +2674,11 @@ components:
|
|||||||
properties:
|
properties:
|
||||||
error:
|
error:
|
||||||
type: string
|
type: string
|
||||||
|
MfaDisableRequest:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
mfa_id:
|
||||||
|
type: string
|
||||||
|
nullable: true
|
||||||
MfaDisableSuccessResponse:
|
MfaDisableSuccessResponse:
|
||||||
type: object
|
type: string
|
||||||
@ -426,12 +426,12 @@ def totp_post_enable():
|
|||||||
token = request.form.get('token')
|
token = request.form.get('token')
|
||||||
label = request.form.get('label')
|
label = request.form.get('label')
|
||||||
if type(token) != str:
|
if type(token) != str:
|
||||||
return json_response({ "error": 'bad_input' }, 400)
|
return ("Bad Input", 400)
|
||||||
try:
|
try:
|
||||||
mfa_totp.validate_secret(secret)
|
mfa_totp.validate_secret(secret)
|
||||||
enable_mfa(request.user_email, "totp", secret, token, label, env)
|
enable_mfa(request.user_email, "totp", secret, token, label, env)
|
||||||
except ValueError as e:
|
except ValueError as e:
|
||||||
return str(e)
|
return (str(e), 400)
|
||||||
return "OK"
|
return "OK"
|
||||||
|
|
||||||
@app.route('/mfa/disable', methods=['POST'])
|
@app.route('/mfa/disable', methods=['POST'])
|
||||||
|
|||||||
@ -233,31 +233,8 @@ and ensure every administrator account for this control panel does the same.</st
|
|||||||
secret: $(el.totpSetupSecret).val(),
|
secret: $(el.totpSetupSecret).val(),
|
||||||
label: $(el.totpSetupLabel).val()
|
label: $(el.totpSetupLabel).val()
|
||||||
},
|
},
|
||||||
function(res) {
|
function(res) { do_logout(); },
|
||||||
do_logout();
|
function(res) { render_error(res); }
|
||||||
},
|
|
||||||
function(res) {
|
|
||||||
var errorMessage = 'Something went wrong.';
|
|
||||||
var parsed;
|
|
||||||
|
|
||||||
try {
|
|
||||||
parsed = JSON.parse(res);
|
|
||||||
} catch (err) {
|
|
||||||
return render_error(errorMessage);
|
|
||||||
}
|
|
||||||
|
|
||||||
var error = parsed && parsed.error
|
|
||||||
? parsed.error
|
|
||||||
: null;
|
|
||||||
|
|
||||||
if (error === 'token_mismatch') {
|
|
||||||
errorMessage = 'Code does not match.';
|
|
||||||
} else if (error === 'bad_input') {
|
|
||||||
errorMessage = 'Received request with malformed data.';
|
|
||||||
}
|
|
||||||
|
|
||||||
render_error(errorMessage);
|
|
||||||
}
|
|
||||||
);
|
);
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user