Add UI for testing two-factor after enrollment

aafecf0fb2

acl/lang/en

@@ -514,9 +514,18 @@ twofactor_enable=Enroll For Two-Factor Authentication
 twofactor_header=Two-factor authentication enrollment details
 twofactor_enrolling=Enrolling for two-factor authentication with provider $1 ..
 twofactor_failed=.. enrollment failed : $1
-twofactor_done=.. complete. Your ID with this provider is <tt>$1</tt>.
+twofactor_done=.. completed, with ID <tt>$1</tt>
 twofactor_setup=Two-factor authentication has not been enabled on this system yet, but can be turned on using the <a href='$1'>Webmin Configuration</a> module.
 twofactor_ebutton=No button clicked!
+twofactor_testdesc=Before logging out, you can test your new two-factor authentication setup here by entering a token. If for some reason it doesn't work, turn off two-factor authentication and try setting it up again.
+twofactor_testfield=Two-factor token
+twofactor_test=Validate Token
+twofactor_terr=Failed to test two-factor setup
+twofactor_etestuser=Login does not have two-factor enabled!
+twofactor_testing=Testing two-factor validation with $1 ..
+twofactor_testfailed=.. test failed! Maybe the wrong token was entered, or your authentication app has not been configured correctly?
+twofactor_testok=.. test passed! You can now safely login using two-factor authentication.
+twofactor_testdis=Disable Two-Factor Now
 
 forgot_title=Send Password Reset Link
 forgot_err=Failed to send password reset link

acl/save_twofactor.cgi

@@ -55,7 +55,7 @@ if ($in{'enable'}) {
 		my $mfunc = "webmin::message_twofactor_".
 			    $miniserv{'twofactor_provider'};
 		if (defined(&{\&{$mfunc}})) {
-			print &{\&{$mfunc}}($user);
+			print "<p></p>".&{\&{$mfunc}}($user);
 			}
 
 		# Save user
@@ -65,6 +65,15 @@ if ($in{'enable'}) {
 		&webmin_log("twofactor", "user", $user->{'name'},
 			    { 'provider' => $user->{'twofactor_provider'},
 			      'id' => $user->{'twofactor_id'} });
+
+		# Show a test form, so the user can validate
+		print &ui_form_start("test_twofactor.cgi");
+		print $text{'twofactor_testdesc'},"<p>\n";
+		print "$text{'twofactor_testfield'}&nbsp;\n",
+		      &ui_textbox("test", undef, 12),"\n";
+		print &ui_hidden("user", $in{'user'}) if ($in{'user'});
+		print "<p>\n";
+		print &ui_form_end([ [ undef, $text{'twofactor_test'} ] ]);
 		}
 
 	&ui_print_footer("", $text{'index_return'});

acl/test_twofactor.cgi

@@ -0,0 +1,47 @@
+#!/usr/local/bin/perl
+# Validate a user-supplied two-factor token
+
+use strict;
+use warnings;
+no warnings 'redefine';
+no warnings 'uninitialized';
+require './acl-lib.pl';
+our (%in, %text, %access, $base_remote_user);
+&foreign_require("webmin");
+&error_setup($text{'twofactor_terr'});
+&ReadParse();
+
+# Get the user
+my @users = &list_users();
+my $user;
+if ($in{'user'}) {
+	&can_edit_user($in{'user'}) || &error($text{'edit_euser'});
+	($user) = grep { $_->{'name'} eq $in{'user'} } @users;
+	}
+else {
+	($user) = grep { $_->{'name'} eq $base_remote_user } @users;
+	}
+$user || &error($text{'twofactor_euser'});
+$user->{'twofactor_provider'} || &error($text{'twofactor_etestuser'});
+my @provs = &webmin::list_twofactor_providers();
+my ($prov) = grep { $_->[0] eq $user->{'twofactor_provider'} } @provs;
+
+# Call the validation function
+&ui_print_header(undef, $text{'twofactor_title'}, "");
+
+print &text('twofactor_testing', $prov->[1]),"<br>\n";
+my $func = "webmin::validate_twofactor_".$user->{'twofactor_provider'};
+my $err = &{\&{$func}}($user->{'twofactor_id'}, $in{'test'},
+		       $user->{'twofactor_apikey'});
+if ($err) {
+	print &text('twofactor_testfailed', $err),"<p>\n";
+
+	print &ui_form_start("save_twofactor.cgi");
+	print &ui_hidden("user", $in{'user'}) if ($in{'user'});
+	print &ui_form_end([ [ "disable", $text{'twofactor_testdis'} ] ]);
+	}
+else {
+	print $text{'twofactor_testok'},"<p>\n";
+	}
+
+&ui_print_footer("", $text{'index_return'});