diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2022-09-07 17:22:51 -0700 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2022-09-07 17:22:51 -0700 |
| commit | 26ddb940ad27ce8ac5e87084eeed857a390987bc (patch) | |
| tree | 3d6e1c46d8d703a1c6bb63820ab741d6a67ab506 /httemplate | |
| parent | 691de38ac2ca6c54b37feb50e1332bab6268773f (diff) | |
google authenticator support, RT#86743
Diffstat (limited to 'httemplate')
| -rw-r--r-- | httemplate/browse/access_user.html | 25 | ||||
| -rw-r--r-- | httemplate/edit/process/access_user.html | 2 | ||||
| -rw-r--r-- | httemplate/loginout/login.html | 6 | ||||
| -rw-r--r-- | httemplate/pref/pref.html | 12 | ||||
| -rw-r--r-- | httemplate/pref/set_totp_secret32.html | 19 |
5 files changed, 58 insertions, 6 deletions
diff --git a/httemplate/browse/access_user.html b/httemplate/browse/access_user.html index 446bfe0be..658762763 100644 --- a/httemplate/browse/access_user.html +++ b/httemplate/browse/access_user.html @@ -49,6 +49,11 @@ my $groups_sub = sub { }; +my $goog_auth_sub = sub { + my $access_user = shift; + $access_user->totp_secret32 ? 'Enabled' : ''; +}; + my $installer_sub = sub { my $access_user = shift; my @sched_item = $access_user->sched_item or return ''; @@ -66,11 +71,23 @@ my $count_query = 'SELECT COUNT(*) FROM access_user'; my $link = [ $p.'edit/access_user.html?', 'usernum' ]; my @header = ( - 'Username', 'Full name', 'Groups', 'Installer', 'Customer' ); + 'Username', + 'Full name', + 'Groups', + 'Google Auth', + 'Installer', + 'Customer', +); my @fields = ( - 'username', 'name', $groups_sub, $installer_sub, $cust_sub, ); -my $align = 'lllcl'; -my @links = ( $link, $link, $link, '', '', $cust_link ); + 'username', + 'name', + $groups_sub, + $goog_auth_sub, + $installer_sub, + $cust_sub, +); +my $align = 'lllccl'; +my @links = ( $link, $link, $link, '', '', '', $cust_link ); #if ( FS::Conf->new->config('ticket_system') ) { # push @header, 'Ticketing'; diff --git a/httemplate/edit/process/access_user.html b/httemplate/edit/process/access_user.html index c27262017..8e264c1a9 100644 --- a/httemplate/edit/process/access_user.html +++ b/httemplate/edit/process/access_user.html @@ -5,7 +5,7 @@ <% include( 'elements/process.html', 'table' => 'access_user', 'viewall_dir' => 'browse', - 'copy_on_empty' => [ '_password', '_password_encoding' ], + 'copy_on_empty' => [ '_password', '_password_encoding', 'totp_secret32' ], 'clear_on_error' => [ '_password', '_password2' ], 'process_m2m' => { 'link_table' => 'access_usergroup', 'target_table' => 'access_group', diff --git a/httemplate/loginout/login.html b/httemplate/loginout/login.html index 72e9525c4..1785ea796 100644 --- a/httemplate/loginout/login.html +++ b/httemplate/loginout/login.html @@ -27,6 +27,10 @@ <TD ALIGN="right">Password: </TD> <TD><INPUT TYPE="password" NAME="credential_1" SIZE="13"></TD> </TR> + <TR> + <TD ALIGN="right">One-time code: </TD> + <TD><INPUT TYPE="text" NAME="credential_2" SIZE="13"></TD> + </TR> </TABLE> <BR> @@ -42,7 +46,7 @@ my %error = ( 'no_cookie' => '', #First login, don't display an error 'bad_cookie' => 'Bad Cookie', #timed out? - 'bad_credentials' => 'Incorrect username / password', + 'bad_credentials' => 'Incorrect username / password / one-time code', #'logout' => 'You have been logged out.', ); diff --git a/httemplate/pref/pref.html b/httemplate/pref/pref.html index 56fde6d44..5f68d3e46 100644 --- a/httemplate/pref/pref.html +++ b/httemplate/pref/pref.html @@ -29,6 +29,18 @@ </TABLE> <BR> + <FONT CLASS="fsinnerbox-title"><% emt('Google Authenticator') %></FONT> + <TABLE CLASS="fsinnerbox"> + <TR> +% if ( $curuser->totp_secret32 ) { + <TD><IMG SRC="<% $curuser->totp_qr_code_url %>"</IMG></TD> +% } else { + <TD><A HREF="<%$p%>pref/set_totp_secret32.html">Enable</A></TD> +% } + </TR> + </TABLE> + <BR> + % } <FONT CLASS="fsinnerbox-title"><% emt("Interface") %></FONT> diff --git a/httemplate/pref/set_totp_secret32.html b/httemplate/pref/set_totp_secret32.html new file mode 100644 index 000000000..f5676bc38 --- /dev/null +++ b/httemplate/pref/set_totp_secret32.html @@ -0,0 +1,19 @@ +<& /elements/header.html, mt('Google Authenticator for [_1]', $FS::CurrentUser::CurrentUser->username) &> + +Scan this code with the Google Authenticator application on your phone. +<BR><BR> + +<IMG SRC="<% $access_user->totp_qr_code_url %>"></IMG> +<BR><BR> + +Future logins will require a 6-digit code generated by the application. + +<& /elements/footer.html &> +<%init> + +my $access_user = $FS::CurrentUser::CurrentUser; + +my $error = $access_user->set_totp_secret32 unless length($access_user->totp_secret32); +die $error if $error; #better error handling for this "shouldn't happen" case? + +</%init> |