53 lines
No EOL
1.4 KiB
JavaScript
53 lines
No EOL
1.4 KiB
JavaScript
|
|
import {
|
|
validateOTPCode
|
|
} from "../../lib/otp.mjs";
|
|
|
|
|
|
function sendTOTPForm(response, errors=[]) {
|
|
response.render(`views/htmx/totpForm.njk`, {
|
|
errors: errors
|
|
});
|
|
}
|
|
|
|
|
|
export const get = async function(request, response) {
|
|
if (request.getAuthState() != 'totp-verfication') {
|
|
response.redirect('/htmx/authForm');
|
|
return;
|
|
}
|
|
|
|
sendTOTPForm(response);
|
|
}
|
|
|
|
export const post = async function(request, response) {
|
|
// redirect if not in TOTP verification state
|
|
if (request.getAuthState() != 'totp-verfication') {
|
|
response.redirect('/htmx/authForm');
|
|
return;
|
|
}
|
|
|
|
// validate input
|
|
if (!request.body.otpToken || typeof request.body.otpToken != 'string') {
|
|
sendTOTPForm(response, [{
|
|
title: 'OTP token is required',
|
|
detail: 'no OTP token was received.'
|
|
}]);
|
|
return;
|
|
}
|
|
|
|
let otpToken = request.body.otpToken;
|
|
let dbUser = await request.getUser();
|
|
|
|
let validationResult = await validateOTPCode(dbUser.mail, dbUser.otpsecret, otpToken);
|
|
|
|
if (validationResult != null) {
|
|
request.setAuthState('authenticated');
|
|
response.set('HX-Redirect', '/profile').status(200).end();
|
|
} else {
|
|
sendTOTPForm(response, [{
|
|
title: 'OTP validation failed',
|
|
detail: 'the provided OTP token is invalid. Please try again.'
|
|
}]);
|
|
}
|
|
} |