external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-03-13 17:17:23 +01:00
Code Issues Releases Wiki Activity

Update API route naming, update setup page

Browse Source 
* Rename /two-factor-auth/ => /2fa/
* Nest totp routes under /2fa/totp/
* Update ids and methods in panel to allow for different setup types
This commit is contained in:
Felix Spöttel
2020-09-02 19:41:06 +02:00
parent f205c48564
commit 8597646a12
3 changed files with 56 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
management/daemon.py
View File

@@ -412,29 +412,31 @@ def ssl_provision_certs():
# Two Factor Auth
@app.route('/two-factor-auth/status', methods=['GET'])
@app.route('/2fa/status', methods=['GET'])
@authorized_personnel_only
def two_factor_auth_get_status():
email, privs = auth_service.authenticate(request, env)
two_factor_secret, two_factor_token = get_two_factor_info(email, env)
email, _ = auth_service.authenticate(request, env)
two_factor_secret, _ = get_two_factor_info(email, env)
if two_factor_secret != None:
return json_response({ 'status': 'on' })
return json_response({
"type": 'totp'
})
secret = totp.get_secret()
secret_url = totp.get_otp_uri(secret, email)
secret_qr = totp.get_qr_code(secret_url)
return json_response({
"status": 'off',
"secret": secret,
"qr_code": secret_qr
"type": None,
"totp_secret": secret,
"totp_qr": secret_qr
})
@app.route('/two-factor-auth/setup', methods=['POST'])
@app.route('/2fa/totp/enable', methods=['POST'])
@authorized_personnel_only
def two_factor_auth_post_setup():
email, privs = auth_service.authenticate(request, env)
def totp_post_enable():
email, _ = auth_service.authenticate(request, env)
secret = request.form.get('secret')
token = request.form.get('token')
@@ -448,10 +450,10 @@ def two_factor_auth_post_setup():
return json_response({ "error": 'token_mismatch' }, 400)
@app.route('/two-factor-auth/disable', methods=['POST'])
@app.route('/2fa/totp/disable', methods=['POST'])
@authorized_personnel_only
def two_factor_auth_post_disable():
email, privs = auth_service.authenticate(request, env)
def totp_post_disable():
email, _ = auth_service.authenticate(request, env)
remove_two_factor_secret(email, env)
return json_response({})