external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-04 00:17:06 +00:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp

Browse Source
This commit is contained in:
downtownallday 2020-09-28 23:25:29 -04:00
commit 042e8b4a56
3 changed files with 49 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
api/mailinabox.yml
View File

@ -1714,28 +1714,34 @@ paths:
200:
description: Successful operation
content:
application/json:
text/html:
schema:
$ref: '#/components/schemas/MfaEnableSuccessResponse'
400:
description: Bad request
content:
application/json:
text/html:
schema:
$ref: '#/components/schemas/MfaEnableBadRequestResponse'
type: string
403:
description: Forbidden
content:
text/html:
schema:
type: string
/mfa/totp/disable:
/mfa/disable:
post:
tags:
- MFA
summary: Disable TOTP authentication
description: Disable TOTP authentication for the currently logged-in admin user
summary: Disable multi-factor authentication
description: Disables multi-factor authentication for the currently logged-in admin user. Either disables all multi-factor authentication methods or the method corresponding to the optional property `mfa_id`
operationId: mfaTotpDisable
requestBody:
required: false
content:
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/MfaDisableRequest'
x-codeSamples:
- lang: curl
source: |
@ -1745,7 +1751,7 @@ paths:
200:
description: Successful operation
content:
application/json:
text/html:
schema:
$ref: '#/components/schemas/MfaDisableSuccessResponse'
403:
@ -2624,16 +2630,29 @@ components:
MfaStatusResponse:
type: object
properties:
type:
type: string
example: totp
nullable: true
totp_secret:
type: string
nullable: true
totp_qr:
type: string
enabled_mfa:
type: object
properties:
id:
type: string
type:
type: string
secret:
type: string
mru_token:
type: string
label:
type: string
nullable: true
new_mfa:
type: object
properties:
type:
type: string
secret:
type: string
qr_code_base64:
type: string
MfaEnableRequest:
type: object
required:
@ -2644,8 +2663,10 @@ components:
type: string
code:
type: string
label:
type: string
MfaEnableSuccessResponse:
type: object
type: string
MfaEnableBadRequestResponse:
type: object
required:
@ -2653,5 +2674,11 @@ components:
properties:
error:
type: string
MfaDisableRequest:
type: object
properties:
mfa_id:
type: string
nullable: true
MfaDisableSuccessResponse:
type: object
type: string

4
management/daemon.py
View File

@ -426,12 +426,12 @@ def totp_post_enable():
token = request.form.get('token')
label = request.form.get('label')
if type(token) != str:
return json_response({ "error": 'bad_input' }, 400)
return ("Bad Input", 400)
try:
mfa_totp.validate_secret(secret)
enable_mfa(request.user_email, "totp", secret, token, label, env)
except ValueError as e:
return str(e)
return (str(e), 400)
return "OK"
@app.route('/mfa/disable', methods=['POST'])

27
management/templates/mfa.html
View File

@ -233,31 +233,8 @@ and ensure every administrator account for this control panel does the same.</st
secret: $(el.totpSetupSecret).val(),
label: $(el.totpSetupLabel).val()
},
function(res) {
do_logout();
},
function(res) {
var errorMessage = 'Something went wrong.';
var parsed;
try {
parsed = JSON.parse(res);
} catch (err) {
return render_error(errorMessage);
}
var error = parsed && parsed.error
? parsed.error
: null;
if (error === 'token_mismatch') {
errorMessage = 'Code does not match.';
} else if (error === 'bad_input') {
errorMessage = 'Received request with malformed data.';
}
render_error(errorMessage);
}
function(res) { do_logout(); },
function(res) { render_error(res); }
);
return false;