Fix handling of bad input when enabling mfa

2020-09-28 21:04:44 +02:00 · 2020-09-28 21:04:44 +02:00 · 4dced10a3f
parent b80f225691
commit 4dced10a3f
2 changed files with 4 additions and 27 deletions
--- a/management/daemon.py
+++ b/management/daemon.py
@ -416,12 +416,12 @@ def totp_post_enable():
 	token = request.form.get('token')
 	label = request.form.get('label')
 	if type(token) != str:
-		return json_response({ "error": 'bad_input' }, 400)
+		return ("Bad Input", 400)
 	try:
 		validate_totp_secret(secret)
 		enable_mfa(request.user_email, "totp", secret, token, label, env)
 	except ValueError as e:
-		return str(e)
+		return (str(e), 400)
 	return "OK"

@app.route('/mfa/disable', methods=['POST'])
--- a/management/templates/mfa.html
+++ b/management/templates/mfa.html
@ -233,31 +233,8 @@ and ensure every administrator account for this control panel does the same.</st
                secret: $(el.totpSetupSecret).val(),
                label: $(el.totpSetupLabel).val()
            },
-            function(res) {
-                do_logout();
-            },
-            function(res) {
-                var errorMessage = 'Something went wrong.';
-                var parsed;
-
-                try {
-                    parsed = JSON.parse(res);
-                } catch (err) {
-                    return render_error(errorMessage);
-                }
-
-                var error = parsed && parsed.error
-                    ? parsed.error
-                    : null;
-
-                if (error === 'token_mismatch') {
-                    errorMessage = 'Code does not match.';
-                } else if (error === 'bad_input') {
-                    errorMessage = 'Received request with malformed data.';
-                }
-
-                render_error(errorMessage);
-            }
+            function(res) { do_logout(); },
+            function(res) { render_error(res); }
        );

        return false;