Email 2FA OTP

2026-04-18 14:23:51 +02:00 · 2022-10-14 18:43:58 +13:00
parent 2b75b00d49
commit be60221d54
1 changed files with 65 additions and 2 deletions
--- a/html/src/app.js
+++ b/html/src/app.js
@@ -1139,7 +1139,12 @@ speechSynthesis.getVoices();
                params,
                origin: true
            };
-            if (json.requiresTwoFactorAuth) {
+            if (
+                json.requiresTwoFactorAuth &&
+                json.requiresTwoFactorAuth.includes('emailOtp')
+            ) {
+                this.$emit('USER:EMAILOTP', args);
+            } else if (json.requiresTwoFactorAuth) {
                this.$emit('USER:2FA', args);
            } else {
                this.$emit('USER:CURRENT', args);
@@ -1186,6 +1191,25 @@ speechSynthesis.getVoices();
        });
    };

+    /*
+        params: {
+            code: string
+        }
+    */
+    API.verifyEmailOTP = function (params) {
+        return this.call('auth/twofactorauth/emailotp/verify', {
+            method: 'POST',
+            params
+        }).then((json) => {
+            var args = {
+                json,
+                params
+            };
+            this.$emit('EMAILOTP', args);
+            return args;
+        });
+    };
+
    API.applyUserTrustLevel = function (ref) {
        ref.$isModerator = ref.developerType && ref.developerType !== 'none';
        ref.$isTroll = false;
@@ -1355,7 +1379,12 @@ speechSynthesis.getVoices();
                json,
                origin: true
            };
-            if (json.requiresTwoFactorAuth) {
+            if (
+                json.requiresTwoFactorAuth &&
+                json.requiresTwoFactorAuth.includes('emailOtp')
+            ) {
+                this.$emit('USER:EMAILOTP', args);
+            } else if (json.requiresTwoFactorAuth) {
                this.$emit('USER:2FA', args);
            } else {
                this.$emit('USER:CURRENT', args);
@@ -6043,6 +6072,36 @@ speechSynthesis.getVoices();
        );
    };

+    $app.methods.promptEmailOTP = function () {
+        this.$prompt(
+            'Enter a numeric code that was sent to your email',
+            'Email Two-factor Authentication',
+            {
+                distinguishCancelAndClose: true,
+                cancelButtonText: 'Cancel',
+                confirmButtonText: 'Verify',
+                inputPlaceholder: 'Code',
+                inputPattern: /^[0-9]{6}$/,
+                inputErrorMessage: 'Invalid Code',
+                callback: (action, instance) => {
+                    if (action === 'confirm') {
+                        API.verifyEmailOTP({
+                            code: instance.inputValue
+                        })
+                            .catch((err) => {
+                                this.promptEmailOTP();
+                                throw err;
+                            })
+                            .then((args) => {
+                                API.getCurrentUser();
+                                return args;
+                            });
+                    }
+                }
+            }
+        );
+    };
+
    $app.methods.showExportFriendsListDialog = function () {
        var {friends} = API.currentUser;
        if (Array.isArray(friends) === false) {
@@ -6122,6 +6181,10 @@ speechSynthesis.getVoices();
        $app.promptTOTP();
    });

+    API.$on('USER:EMAILOTP', function () {
+        $app.promptEmailOTP();
+    });
+
    API.$on('LOGOUT', function () {
        if (this.isLoggedIn) {
            new Noty({