diff --git a/api/mailinabox.yml b/api/mailinabox.yml index 118c0ce9..15a048f9 100644 --- a/api/mailinabox.yml +++ b/api/mailinabox.yml @@ -2637,10 +2637,6 @@ components: type: string type: type: string - secret: - type: string - mru_token: - type: string label: type: string nullable: true @@ -2681,4 +2677,4 @@ components: type: string nullable: true MfaDisableSuccessResponse: - type: string \ No newline at end of file + type: string diff --git a/management/daemon.py b/management/daemon.py index bc519789..04b109f7 100755 --- a/management/daemon.py +++ b/management/daemon.py @@ -9,7 +9,7 @@ import auth, utils, mfa from mailconfig import get_mail_users, get_mail_users_ex, get_admins, add_mail_user, set_mail_password, remove_mail_user from mailconfig import get_mail_user_privileges, add_remove_mail_user_privilege from mailconfig import get_mail_aliases, get_mail_aliases_ex, get_mail_domains, add_mail_alias, remove_mail_alias -from mfa import get_mfa_state, provision_totp, validate_totp_secret, enable_mfa, disable_mfa +from mfa import get_public_mfa_state, provision_totp, validate_totp_secret, enable_mfa, disable_mfa env = utils.load_environment() @@ -403,7 +403,7 @@ def ssl_provision_certs(): @authorized_personnel_only def mfa_get_status(): return json_response({ - "enabled_mfa": get_mfa_state(request.user_email, env), + "enabled_mfa": get_public_mfa_state(request.user_email, env), "new_mfa": { "totp": provision_totp(request.user_email, env) } diff --git a/management/mfa.py b/management/mfa.py index 4db0ac9e..b7f29bce 100644 --- a/management/mfa.py +++ b/management/mfa.py @@ -21,6 +21,14 @@ def get_mfa_state(email, env): for r in c.fetchall() ] +def get_public_mfa_state(email, env): + c = open_database(env) + c.execute('SELECT id, type, label FROM mfa WHERE user_id=?', (get_user_id(email, c),)) + return [ + { "id": r[0], "type": r[1], "label": r[2] } + for r in c.fetchall() + ] + def enable_mfa(email, type, secret, token, label, env): if type == "totp": validate_totp_secret(secret)