mirror of
https://github.com/iv-org/invidious.git
synced 2025-05-31 14:11:54 +05:30
Add endpoint to disable 2fa
This commit is contained in:
syeopite
@@ -494,5 +494,7 @@
|
|||||||
"general-totp-invalid-code": "The TOTP code entered is invalid",
|
"general-totp-invalid-code": "The TOTP code entered is invalid",
|
||||||
"general-totp-enter-code-field": "6 digit number",
|
"general-totp-enter-code-field": "6 digit number",
|
||||||
"general-totp-enter-code-header": "Two-factor authentication",
|
"general-totp-enter-code-header": "Two-factor authentication",
|
||||||
"general-totp-verify-button": "Verifiy"
|
"general-totp-verify-button": "Verify",
|
||||||
|
"remove-totp-header": "Remove two-factor authentication",
|
||||||
|
"remove-totp-confirm-message": "Are you sure you would like to remove two-factor-authentication?"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -462,7 +462,7 @@ def totp_validator(env)
|
|||||||
# Verify if possible
|
# Verify if possible
|
||||||
if token = env.params.body["csrf_token"]?
|
if token = env.params.body["csrf_token"]?
|
||||||
begin
|
begin
|
||||||
validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale)
|
validate_request(token, sid, env.request, HMAC_KEY, locale)
|
||||||
rescue ex
|
rescue ex
|
||||||
return error_template(400, ex)
|
return error_template(400, ex)
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -208,6 +208,9 @@ module Invidious::Routes::Account
|
|||||||
user = env.get? "user"
|
user = env.get? "user"
|
||||||
sid = env.get? "sid"
|
sid = env.get? "sid"
|
||||||
|
|
||||||
|
user = user.as(User)
|
||||||
|
sid = sid.as(String)
|
||||||
|
|
||||||
if user.totp_secret && env.request.cookies["2faVerified"]?.try &.value != "1" || nil
|
if user.totp_secret && env.request.cookies["2faVerified"]?.try &.value != "1" || nil
|
||||||
return call_totp_validator(env, user, sid, locale)
|
return call_totp_validator(env, user, sid, locale)
|
||||||
end
|
end
|
||||||
@@ -218,8 +221,6 @@ module Invidious::Routes::Account
|
|||||||
return env.redirect "/login?referer=#{URI.encode_path_segment(env.request.resource)}"
|
return env.redirect "/login?referer=#{URI.encode_path_segment(env.request.resource)}"
|
||||||
end
|
end
|
||||||
|
|
||||||
user = user.as(User)
|
|
||||||
sid = sid.as(String)
|
|
||||||
csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY)
|
csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY)
|
||||||
|
|
||||||
scopes = env.params.query["scopes"]?.try &.split(",")
|
scopes = env.params.query["scopes"]?.try &.split(",")
|
||||||
@@ -503,4 +504,41 @@ module Invidious::Routes::Account
|
|||||||
|
|
||||||
env.redirect referer
|
env.redirect referer
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Endpoint to remove 2fa
|
||||||
|
def remove_2fa_page(env)
|
||||||
|
locale = env.get("preferences").as(Preferences).locale
|
||||||
|
referer = get_referer(env)
|
||||||
|
|
||||||
|
user = env.get("user").as(User)
|
||||||
|
sid = env.get("sid").as(String)
|
||||||
|
csrf_token = generate_response(sid, {":remove_2fa"}, HMAC_KEY)
|
||||||
|
|
||||||
|
return templated "user/remove_2fa"
|
||||||
|
end
|
||||||
|
|
||||||
|
# Remove 2fa post request.
|
||||||
|
def remove_2fa(env)
|
||||||
|
locale = env.get("preferences").as(Preferences).locale
|
||||||
|
|
||||||
|
user = env.get? "user"
|
||||||
|
sid = env.get? "sid"
|
||||||
|
referer = get_referer(env, unroll: false)
|
||||||
|
|
||||||
|
if !user
|
||||||
|
return env.redirect referer
|
||||||
|
end
|
||||||
|
|
||||||
|
user = user.as(User)
|
||||||
|
sid = sid.as(String)
|
||||||
|
token = env.params.body["csrf_token"]?
|
||||||
|
|
||||||
|
begin
|
||||||
|
validate_request(token, sid, env.request, HMAC_KEY, locale)
|
||||||
|
rescue ex
|
||||||
|
return error_template(400, ex)
|
||||||
|
end
|
||||||
|
|
||||||
|
PG_DB.exec("UPDATE users SET totp_secret = $1 WHERE email = $2", nil, user.email)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -83,6 +83,8 @@ module Invidious::Routing
|
|||||||
Invidious::Routing.get "/setup_2fa", Routes::Account, :setup_2fa_page
|
Invidious::Routing.get "/setup_2fa", Routes::Account, :setup_2fa_page
|
||||||
Invidious::Routing.post "/setup_2fa", Routes::Account, :setup_2fa
|
Invidious::Routing.post "/setup_2fa", Routes::Account, :setup_2fa
|
||||||
Invidious::Routing.post "/validate_2fa", Routes::Account, :validate_2fa
|
Invidious::Routing.post "/validate_2fa", Routes::Account, :validate_2fa
|
||||||
|
Invidious::Routing.get "/remove_2fa", Routes::Account, :remove_2fa_page
|
||||||
|
Invidious::Routing.post "/remove_2fa", Routes::Account, :remove_2fa
|
||||||
end
|
end
|
||||||
|
|
||||||
def register_iv_playlist_routes
|
def register_iv_playlist_routes
|
||||||
|
|||||||
24
src/invidious/views/user/remove_2fa.ecr
Normal file
24
src/invidious/views/user/remove_2fa.ecr
Normal file
@@ -0,0 +1,24 @@
|
|||||||
|
<% content_for "header" do %>
|
||||||
|
<title><%= translate(locale, "remove-totp-header") %> - Invidious</title>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
<div class="h-box">
|
||||||
|
<form class="pure-form pure-form-aligned" action="/remove_2fa?referer=<%= URI.encode_www_form(referer) %>" method="post">
|
||||||
|
<legend><%= translate(locale, "remove-totp-confirm-message") %></legend>
|
||||||
|
|
||||||
|
<div class="pure-g">
|
||||||
|
<div class="pure-u-1-2">
|
||||||
|
<button type="submit" name="submit" value="remove_2fa" class="pure-button pure-button-primary">
|
||||||
|
<%= translate(locale, "Yes") %>
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
<div class="pure-u-1-2">
|
||||||
|
<a class="pure-button" href="<%= URI.encode_www_form(referer) %>">
|
||||||
|
<%= translate(locale, "No") %>
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<input type="hidden" name="csrf_token" value="<%= URI.encode_www_form(csrf_token) %>">
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
Reference in New Issue
Block a user