diff --git a/locales/en-US.json b/locales/en-US.json index 664d99a9b..b3eb8d188 100644 --- a/locales/en-US.json +++ b/locales/en-US.json @@ -494,5 +494,7 @@ "general-totp-invalid-code": "The TOTP code entered is invalid", "general-totp-enter-code-field": "6 digit number", "general-totp-enter-code-header": "Two-factor authentication", - "general-totp-verify-button": "Verifiy" + "general-totp-verify-button": "Verify", + "remove-totp-header": "Remove two-factor authentication", + "remove-totp-confirm-message": "Are you sure you would like to remove two-factor-authentication?" } diff --git a/src/invidious/helpers/utils.cr b/src/invidious/helpers/utils.cr index 9e6aa2c71..edbb3b949 100644 --- a/src/invidious/helpers/utils.cr +++ b/src/invidious/helpers/utils.cr @@ -462,7 +462,7 @@ def totp_validator(env) # Verify if possible if token = env.params.body["csrf_token"]? begin - validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale) + validate_request(token, sid, env.request, HMAC_KEY, locale) rescue ex return error_template(400, ex) end diff --git a/src/invidious/routes/account.cr b/src/invidious/routes/account.cr index 23101eedd..d5b6ce42d 100644 --- a/src/invidious/routes/account.cr +++ b/src/invidious/routes/account.cr @@ -208,6 +208,9 @@ module Invidious::Routes::Account user = env.get? "user" sid = env.get? "sid" + user = user.as(User) + sid = sid.as(String) + if user.totp_secret && env.request.cookies["2faVerified"]?.try &.value != "1" || nil return call_totp_validator(env, user, sid, locale) end @@ -218,8 +221,6 @@ module Invidious::Routes::Account return env.redirect "/login?referer=#{URI.encode_path_segment(env.request.resource)}" end - user = user.as(User) - sid = sid.as(String) csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY) scopes = env.params.query["scopes"]?.try &.split(",") @@ -503,4 +504,41 @@ module Invidious::Routes::Account env.redirect referer end + + # Endpoint to remove 2fa + def remove_2fa_page(env) + locale = env.get("preferences").as(Preferences).locale + referer = get_referer(env) + + user = env.get("user").as(User) + sid = env.get("sid").as(String) + csrf_token = generate_response(sid, {":remove_2fa"}, HMAC_KEY) + + return templated "user/remove_2fa" + end + + # Remove 2fa post request. + def remove_2fa(env) + locale = env.get("preferences").as(Preferences).locale + + user = env.get? "user" + sid = env.get? "sid" + referer = get_referer(env, unroll: false) + + if !user + return env.redirect referer + end + + user = user.as(User) + sid = sid.as(String) + token = env.params.body["csrf_token"]? + + begin + validate_request(token, sid, env.request, HMAC_KEY, locale) + rescue ex + return error_template(400, ex) + end + + PG_DB.exec("UPDATE users SET totp_secret = $1 WHERE email = $2", nil, user.email) + end end diff --git a/src/invidious/routing.cr b/src/invidious/routing.cr index fc21f9765..27c08f3dc 100644 --- a/src/invidious/routing.cr +++ b/src/invidious/routing.cr @@ -83,6 +83,8 @@ module Invidious::Routing Invidious::Routing.get "/setup_2fa", Routes::Account, :setup_2fa_page Invidious::Routing.post "/setup_2fa", Routes::Account, :setup_2fa Invidious::Routing.post "/validate_2fa", Routes::Account, :validate_2fa + Invidious::Routing.get "/remove_2fa", Routes::Account, :remove_2fa_page + Invidious::Routing.post "/remove_2fa", Routes::Account, :remove_2fa end def register_iv_playlist_routes diff --git a/src/invidious/views/user/remove_2fa.ecr b/src/invidious/views/user/remove_2fa.ecr new file mode 100644 index 000000000..47f922630 --- /dev/null +++ b/src/invidious/views/user/remove_2fa.ecr @@ -0,0 +1,24 @@ +<% content_for "header" do %> +<%= translate(locale, "remove-totp-header") %> - Invidious +<% end %> + +
+
+ <%= translate(locale, "remove-totp-confirm-message") %> + +
+
+ +
+
+ + <%= translate(locale, "No") %> + +
+
+ + +
+