mirror of
https://github.com/mayswind/ezbookkeeping.git
synced 2026-05-17 08:14:25 +08:00
support login with 2fa
This commit is contained in:
MaysWind
@@ -74,7 +74,13 @@ func (a *AuthorizationsApi) AuthorizeHandler(c *core.Context) (interface{}, *err
|
||||
c.SetTokenClaims(claims)
|
||||
|
||||
log.InfofWithRequestId(c, "[authorizations.AuthorizeHandler] user \"uid:%d\" has logined, token type is %d, token will be expired at %d", user.Uid, claims.Type, claims.ExpiresAt)
|
||||
return token, nil
|
||||
|
||||
authResp := &models.AuthResponse{
|
||||
Token : token,
|
||||
Need2FA: twoFactorEnable,
|
||||
}
|
||||
|
||||
return authResp, nil
|
||||
}
|
||||
|
||||
func (a *AuthorizationsApi) TwoFactorAuthorizeHandler(c *core.Context) (interface{}, *errs.Error) {
|
||||
@@ -123,7 +129,13 @@ func (a *AuthorizationsApi) TwoFactorAuthorizeHandler(c *core.Context) (interfac
|
||||
c.SetTokenClaims(claims)
|
||||
|
||||
log.InfofWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] user \"uid:%d\" has authorized two factor via passcode, token will be expired at %d", user.Uid, claims.ExpiresAt)
|
||||
return token, nil
|
||||
|
||||
authResp := &models.AuthResponse{
|
||||
Token : token,
|
||||
Need2FA: false,
|
||||
}
|
||||
|
||||
return authResp, nil
|
||||
}
|
||||
|
||||
func (a *AuthorizationsApi) TwoFactorAuthorizeByRecoveryCodeHandler(c *core.Context) (interface{}, *errs.Error) {
|
||||
@@ -144,7 +156,7 @@ func (a *AuthorizationsApi) TwoFactorAuthorizeByRecoveryCodeHandler(c *core.Cont
|
||||
}
|
||||
|
||||
if !enableTwoFactor {
|
||||
return nil, errs.ErrTwoFactorKeyIsNotEnabled
|
||||
return nil, errs.ErrTwoFactorIsNotEnabled
|
||||
}
|
||||
|
||||
user, err := a.users.GetUserById(uid)
|
||||
|
||||
@@ -33,7 +33,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorStatusHandler(c *core.Context) (in
|
||||
uid := c.GetCurrentUid()
|
||||
twoFactorSetting, err := a.twoFactorAuthorizations.GetUserTwoFactorSettingByUid(uid)
|
||||
|
||||
if err == errs.ErrTwoFactorKeyIsNotEnabled {
|
||||
if err == errs.ErrTwoFactorIsNotEnabled {
|
||||
statusResp := &models.TwoFactorStatusResponse{
|
||||
Enable: false,
|
||||
}
|
||||
@@ -64,7 +64,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableRequestHandler(c *core.Conte
|
||||
}
|
||||
|
||||
if enabled {
|
||||
return nil, errs.ErrTwoFactorKeyAlreadyEnabled
|
||||
return nil, errs.ErrTwoFactorAlreadyEnabled
|
||||
}
|
||||
|
||||
user, err := a.users.GetUserById(uid)
|
||||
@@ -123,7 +123,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableConfirmHandler(c *core.Conte
|
||||
}
|
||||
|
||||
if exists {
|
||||
return nil, errs.ErrTwoFactorKeyAlreadyEnabled
|
||||
return nil, errs.ErrTwoFactorAlreadyEnabled
|
||||
}
|
||||
|
||||
user, err := a.users.GetUserById(uid)
|
||||
@@ -212,7 +212,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorDisableHandler(c *core.Context) (i
|
||||
}
|
||||
|
||||
if !enableTwoFactor {
|
||||
return nil, errs.ErrTwoFactorKeyIsNotEnabled
|
||||
return nil, errs.ErrTwoFactorIsNotEnabled
|
||||
}
|
||||
|
||||
err = a.twoFactorAuthorizations.DeleteTwoFactorRecoveryCodes(uid)
|
||||
@@ -244,7 +244,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorRecoveryCodeRegenerateHandler(c *c
|
||||
}
|
||||
|
||||
if !enableTwoFactor {
|
||||
return nil, errs.ErrTwoFactorKeyIsNotEnabled
|
||||
return nil, errs.ErrTwoFactorIsNotEnabled
|
||||
}
|
||||
|
||||
recoveryCodes, err := a.twoFactorAuthorizations.GenerateTwoFactorRecoveryCodes()
|
||||
|
||||
@@ -5,7 +5,7 @@ import "net/http"
|
||||
var (
|
||||
ErrPasscodeInvalid = NewNormalError(NORMAL_SUBCATEGORY_TWOFACTOR, 0, http.StatusUnauthorized, "passcode is invalid")
|
||||
ErrTwoFactorRecoveryCodeInvalid = NewNormalError(NORMAL_SUBCATEGORY_TWOFACTOR, 1, http.StatusUnauthorized, "two factor recovery code is invalid")
|
||||
ErrTwoFactorKeyIsNotEnabled = NewNormalError(NORMAL_SUBCATEGORY_TWOFACTOR, 2, http.StatusBadRequest, "two factor key is not enabled")
|
||||
ErrTwoFactorKeyAlreadyEnabled = NewNormalError(NORMAL_SUBCATEGORY_TWOFACTOR, 3, http.StatusBadRequest, "two factor key has already been enabled")
|
||||
ErrTwoFactorIsNotEnabled = NewNormalError(NORMAL_SUBCATEGORY_TWOFACTOR, 2, http.StatusBadRequest, "two factor is not enabled")
|
||||
ErrTwoFactorAlreadyEnabled = NewNormalError(NORMAL_SUBCATEGORY_TWOFACTOR, 3, http.StatusBadRequest, "two factor has already been enabled")
|
||||
ErrTwoFactorRecoveryCodeNotExist = NewNormalError(NORMAL_SUBCATEGORY_TWOFACTOR, 4, http.StatusUnauthorized, "two factor recovery code does not exist")
|
||||
)
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
package models
|
||||
|
||||
type AuthResponse struct {
|
||||
Token string `json:"token"`
|
||||
Need2FA bool `json:"need2FA"`
|
||||
}
|
||||
@@ -53,7 +53,7 @@ func (s *TwoFactorAuthorizationService) GetUserTwoFactorSettingByUid(uid int64)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
} else if !has {
|
||||
return nil, errs.ErrTwoFactorKeyIsNotEnabled
|
||||
return nil, errs.ErrTwoFactorIsNotEnabled
|
||||
}
|
||||
|
||||
twoFactor.Secret, err = utils.DecryptSecret(twoFactor.Secret, s.CurrentConfig().SecretKey)
|
||||
@@ -109,7 +109,7 @@ func (s *TwoFactorAuthorizationService) DeleteTwoFactorSetting(uid int64) error
|
||||
deletedRows, err := sess.Where("uid=?", uid).Delete(&models.TwoFactor{})
|
||||
|
||||
if deletedRows < 1 {
|
||||
return errs.ErrTwoFactorKeyIsNotEnabled
|
||||
return errs.ErrTwoFactorIsNotEnabled
|
||||
}
|
||||
|
||||
return err
|
||||
|
||||
Reference in New Issue
Block a user