fixed critical login TOTP bypass bug! whoops!!!!!

2025-01-26 23:41:35 +00:00 · 2025-01-26 23:41:35 +00:00 · 1efe52a8cb
commit 1efe52a8cb
parent 2e93c3c5e5
7 changed files with 166 additions and 99 deletions
--- a/admin/views/login-totp.html
+++ b/admin/views/login-totp.html
@ -26,14 +26,19 @@ input {

 {{define "content"}}
 <main>
-    <form action="/admin/login" method="POST" id="login-totp">
+    {{if .Session.Message.Valid}}
+    <p id="message">{{html .Session.Message.String}}</p>
+    {{end}}
+    {{if .Session.Error.Valid}}
+    <p id="error">{{html .Session.Error.String}}</p>
+    {{end}}
+
+    <form action="/admin/totp" method="POST" id="login-totp">
        <h1>Two-Factor Authentication</h1>

        <div>
            <label for="totp">TOTP</label>
            <input type="text" name="totp" value="" autocomplete="one-time-code" required autofocus>
-            <input type="hidden" name="username" value="{{.Username}}">
-            <input type="hidden" name="password" value="{{.Password}}">
        </div>

        <button type="submit" class="save">Login</button>