Commit 3b395a8d authored by fv3rdugo's avatar fv3rdugo
Browse files

[#319] Show errors check code

TODO check login status
parent 6920b95e
......@@ -899,7 +899,10 @@ sub tfa {
$sth->execute($USER->{name});
my $row = $sth->fetchrow_hashref;
if ($row->{two_fa} == 1){
if ($row->{two_fa} == 1 && $c->session('ignore_2fa') != 1){
#if ($c->session('ignore_2fa')){
# return render_machines_user($c);
#}else{
$c->render(
template => ($CONFIG_FRONT->{login_custom} or 'bootstrap/code')
,css => ['/css/main.css']
......@@ -909,6 +912,7 @@ sub tfa {
,user => $USER
);
return code($c);
#}
}else{
return render_machines_user($c);
}
......@@ -920,32 +924,31 @@ sub code {
my $code;
my $form_code;
my $sth = $$Ravada::Auth::SQL::CON->dbh->prepare("SELECT secret FROM users WHERE name=?");
$sth->execute($USER->{name});
my $row = $sth->fetchrow_hashref;
my @error =();
my $sth = $$Ravada::Auth::SQL::CON->dbh->prepare("SELECT secret FROM users WHERE name=?");
$sth->execute($USER->{name});
my $row = $sth->fetchrow_hashref;
my @error =();
if ($c->param('login_code_click')){
$code = generateCurrentNumber( $row->{secret} );
$form_code = $c->param('form_code');
if ($form_code == $code) {
$c->stash(css=>['/css/sb-admin.css']
,js=>[
'/js/ravada.js'
]
,csssnippets => []
);
return render_machines_user($c);
_logged_in($c);
if ($form_code == $code && $form_code =~ m{^\d{6}$}) {
$c->session(ignore_2fa =>1) if $c->param('remember');
$c->stash( css=>['/css/sb-admin.css']
,js=>['/js/ravada.js']
);
return render_machines_user($c);
}else{
push @error,("Access denied");
push @error,("Somethings wrong! Repeat the operation, your insert code isn't correct");
$c->redirect_to('/logout');
#return logout($c);
push @error,("Two-factor authentication failed.");
return $c->render(
template => 'bootstrap/code'
,css => ['/css/main.css']
,js => ['/js/main.js']
,error =>\@error
);
}
}
}
......
......@@ -7,15 +7,14 @@
<div class="container" ng-controller="">
<form class="form-singin" method="post">
<div class="form-signin">
<label class="col-form-label" for="formGroupExampleInput"><%=l 'Two factor authentication code' %></label>
<label class="col-form-label"><%=l 'Two factor authentication' %></label>
<input type="text" class="form-control required" name="form_code" placeholder="<%=l 'Enter your code' %>" required/>
<br>
<input type='submit' class="btn btn-lg btn-success btn-block" onclick='this.form.submit();' name='login_code_click' value='<%=l 'Verify' %>'></input>
<div class="checkbox">
<!-- <label><input type="checkbox" name="remember"> Let two-factor authentication remember your computer</label> -->
<label><input type="checkbox" name="remember"> Remember this computer</label>
</div>
<input type='submit' class="btn btn-lg btn-success" onclick='this.form.submit();' name='login_code_click' value='<%=l 'Verify' %>'></input>
<button id="submit" class="btn btn-lg btn-danger" href="/logout"><i class="fa fa-fw fa-power-off"></i><%=l 'Log Out' %></button>
</div>
</div>
% if (scalar @$error) {
% for my $i (@$error) {
<div class="alert alert-danger">
......@@ -24,11 +23,9 @@
% }
% }
</form>
</div>
</div>
</header>
%= include 'bootstrap/scripts'
</body>
</html>
<input type='submit' class="btn btn-primary" onclick='this.form.submit();' name='qrcode_click' value='<%=l 'Enable' %>'></input>
<!DOCTYPE html>
<html>
%= include 'bootstrap/header'
<body id="page-top" data-spy="scroll" data-target=".navbar-fixed-top" role="document">
<div id="wrapper">
%= include 'bootstrap/navigation'
<div id="page-wrapper">
<!--BASES AND DOMAINS LIST-->
<div >
<div class="page-header">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="text-center"><%=l 'Two Factor Authentication Settings' %></h2>
</div>
<div>
% if ($change_2fa) {
<div>
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
</div>
<div>
<p class="list-item"><%=l 'You\'ve enabled two-factor authentication by your account and you\'re receiving code by mobile app.' %></p>
<p class="list-item"><%=l 'Turning off two-step verification will make your account less secure.' %></p>
<p class="list-item"><%=l 'Are you sure you want to proceed?' %></p>
</div>
<div>
<form method="post" enctype="multipart/form-data">
<button type="button" class="btn btn-default"><%= l 'Cancel' %></button>
<input type='submit' class="btn btn-danger" onclick='this.form.submit();' name='dis_2faclick' value='<%=l 'Turn Off Two-Step Verification' %>'></input>
</form>
</div
% } else {
<form method='post' enctype="multipart/form-data">
<div>
<p class="list-item"><i class="fa fa-shield fa-fw fa-3x" aria-hidden="true"></i>&nbsp; <%=l 'It adds security. With this enabled, even if someone managed to get your password, they would also need your phone to log in to your account.' %></p>
<p class="list-item"><i class="fa fa-mobile fa-fw fa-3x" aria-hidden="true"></i>&nbsp; <%=l 'You set up your phone to generate verification codes. Then, we\'ll prompt your enter these codes when you try to log in on a new computer or devide.' %></p>
</div>
<form method='post' enctype="multipart/form-data">
<div class="modal-body">
<p class="list-item"><%=l 'Authenthication apps (like Google Authenticator or Authy) generate verification codes.' %></p>
<p class="list-item"><%=l '1. Open the app and scan the QR bardcode below.' %></p>
<p class="list-item"><img src="<%= $qrcode %>"/></p>
<p class="list-item"><%=l '2. Enter the verification code generated by the app.' %></p>
<!--DELETE --> <p class="list-item"><%= $code %></p>
<input type="text" class="form-control required" name="form_code" placeholder="<%=l 'Enter code' %>" required/>
<button type="button" class="btn btn-default" >Back</button>
<input type='submit' class="btn btn-primary" onclick='this.form.submit();' name='qrcode_click' value='<%=l 'Enable' %>'></input>
</div>
</form>
% }
</div>
</div>
</div>
</div>
</div>
</div>
%= include 'bootstrap/scripts'
%= include 'bootstrap/footer'
<script>
$('input[type=button]').click( function() {
var url = $('#url').text();
$(location).attr('href', url)
});
</script>
</body>
</html>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment