TOTP fully functioning, account settings done!

2025-01-23 13:53:06 +00:00 · 2025-01-23 13:53:06 +00:00 · e004491b55
commit e004491b55
parent 50cbce92fc
11 changed files with 143 additions and 48 deletions
--- a/admin/http.go
+++ b/admin/http.go
@ -284,26 +284,65 @@ func loginHandler(app *model.AppState) http.Handler {
            return
        }

-        totpMethod, err := controller.CheckTOTPForAccount(app.DB, account.ID, credentials.TOTP)
-        if err != nil {
-            fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err)
-            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
-            render()
-            return
+        var totpMethod *model.TOTP
+        if len(credentials.TOTP) == 0 {
+            // check if user has TOTP
+            totps, err := controller.GetTOTPsForAccount(app.DB, account.ID)
+            if err != nil {
+                fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err)
+                controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
+                render()
+                return
+            }
+
+            if len(totps) > 0 {
+                type loginTOTPData struct {
+                    Session *model.Session
+                    Username string
+                    Password string
+                }
+                err = pages["login-totp"].Execute(w, loginTOTPData{
+                    Session: session,
+                    Username: credentials.Username,
+                    Password: credentials.Password,
+                })
+                if err != nil {
+                    fmt.Fprintf(os.Stderr, "WARN: Failed to render login TOTP page: %v\n", err)
+                    http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+                    return
+                }
+            }
+        } else {
+            totpMethod, err = controller.CheckTOTPForAccount(app.DB, account.ID, credentials.TOTP)
+            if err != nil {
+                fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err)
+                controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
+                render()
+                return
+            }
+            if totpMethod == nil {
+                controller.SetSessionError(app.DB, session, "Invalid TOTP.")
+                render()
+                return
+            }
        }
-        if totpMethod == nil {
-            controller.SetSessionError(app.DB, session, "Invalid TOTP.")
-            render()
-            return
+
+        if totpMethod != nil {
+            fmt.Printf(
+                "[%s] INFO: Account \"%s\" logged in with method \"%s\"\n",
+                time.Now().Format(time.UnixDate),
+                account.Username,
+                totpMethod.Name,
+            )
+        } else {
+            fmt.Printf(
+                "[%s] INFO: Account \"%s\" logged in\n",
+                time.Now().Format(time.UnixDate),
+                account.Username,
+            )
        }

        // TODO: log login activity to user
-        fmt.Printf(
-            "[%s] INFO: Account \"%s\" logged in with method \"%s\"\n",
-            time.Now().Format(time.UnixDate),
-            account.Username,
-            totpMethod.Name,
-        )

        // login success!
        controller.SetSessionAccount(app.DB, session, account)