Two-factor disenroll button, other fixes for authy support

2026-02-03 14:13:29 +00:00 · 2013-09-28 11:42:58 -07:00
parent caaff31794
commit 7b95e948a3
6 changed files with 15 additions and 2 deletions
--- a/acl/edit_user.cgi
+++ b/acl/edit_user.cgi
@@ -301,7 +301,8 @@ if ($user{'twofactor_provider'}) {
 		       &webmin::list_twofactor_providers();
 	print &ui_table_row($text{'edit_twofactor'},
 		&text('edit_twofactorprov', "<i>$prov->[1]</i>",
-		      "<tt>$user{'twofactor_id'}</tt>"));
+		      "<tt>$user{'twofactor_id'}</tt>")."<br>\n".
+		&ui_checkbox('cancel', 1, $text{'edit_twofactorcancel'}, 0));
 	}

 print &ui_hidden_table_end("security");
--- a/acl/index.cgi
+++ b/acl/index.cgi
@@ -289,6 +289,7 @@ return ($config{'select'} ? "" : &ui_checkbox("d", $_[0]->{'name'}, "", 0)).
       ($ro ? "<b>" : "").
       "<a href='$_[1]?$_[2]=".&urlize($_[0]->{'name'})."'>".
 	$_[0]->{'name'}."</a>".
+       ($_[0]->{'twofactor_id'} ? "*" : "").
       ($ro ? "</b>" : "").
       ($lck ? "</i>" : "");
 }
--- a/acl/lang/en
+++ b/acl/lang/en
@@ -51,6 +51,7 @@ edit_modules=Modules
 edit_clone=Clone
 edit_twofactor=Two-factor authentication type
 edit_twofactorprov=Using provider $1 with ID $2
+edit_twofactorcancel=Remove two-factor authentication requirement
 edit_lang=Language
 edit_notabs=Categorise modules?
 edit_logout=Inactivity logout time
--- a/acl/save_user.cgi
+++ b/acl/save_user.cgi
@@ -324,6 +324,12 @@ elsif ($in{'lock'} && $user{'pass'} !~ /^\!/ && $in{'pass_def'} <= 1) {
 # Check for force change
 $user{'temppass'} = $in{'temp'};

+# Cancel two-factor if requested
+if ($in{'cancel'}) {
+	$user->{'twofactor_provider'} = undef;
+	$user->{'twofactor_id'} = undef;
+	}
+
 if ($in{'old'}) {
 	# update user and all ACLs
 	&modify_user($in{'old'}, \%user);
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -5921,6 +5921,9 @@ return $tmp;
 sub validate_twofactor
 {
 my ($user, $token) = @_;
+$token =~ s/^\s+//;
+$token =~ s/\s+$//;
+$token || return "No two-factor token entered";
 my $tf = $twofactor{$user};
 $tf || return undef;
 pipe(TOKENr, TOKENw);
--- a/session_login.cgi
+++ b/session_login.cgi
@@ -90,7 +90,8 @@ print &ui_table_row($text{'session_pass'},
 # Two-factor token, for users that have it
 if ($miniserv{'twofactor_provider'}) {
 	print &ui_table_row($text{'session_twofactor'},
-		&ui_textbox("twofactor", undef, 20, 0, undef, $tags));
+		&ui_textbox("twofactor", undef, 20, 0, undef,
+			    "autocomplete=off"));
 	}

 # Remember session cookie?