diff --git a/acl/lang/en b/acl/lang/en
index 6dfa3e2a3..e4a017fdf 100644
--- a/acl/lang/en
+++ b/acl/lang/en
@@ -514,9 +514,18 @@ twofactor_enable=Enroll For Two-Factor Authentication
twofactor_header=Two-factor authentication enrollment details
twofactor_enrolling=Enrolling for two-factor authentication with provider $1 ..
twofactor_failed=.. enrollment failed : $1
-twofactor_done=.. complete. Your ID with this provider is $1.
+twofactor_done=.. completed, with ID $1
twofactor_setup=Two-factor authentication has not been enabled on this system yet, but can be turned on using the Webmin Configuration module.
twofactor_ebutton=No button clicked!
+twofactor_testdesc=Before logging out, you can test your new two-factor authentication setup here by entering a token. If for some reason it doesn't work, turn off two-factor authentication and try setting it up again.
+twofactor_testfield=Two-factor token
+twofactor_test=Validate Token
+twofactor_terr=Failed to test two-factor setup
+twofactor_etestuser=Login does not have two-factor enabled!
+twofactor_testing=Testing two-factor validation with $1 ..
+twofactor_testfailed=.. test failed! Maybe the wrong token was entered, or your authentication app has not been configured correctly?
+twofactor_testok=.. test passed! You can now safely login using two-factor authentication.
+twofactor_testdis=Disable Two-Factor Now
forgot_title=Send Password Reset Link
forgot_err=Failed to send password reset link
diff --git a/acl/save_twofactor.cgi b/acl/save_twofactor.cgi
index 865a83da4..ec0b8cea9 100755
--- a/acl/save_twofactor.cgi
+++ b/acl/save_twofactor.cgi
@@ -55,7 +55,7 @@ if ($in{'enable'}) {
my $mfunc = "webmin::message_twofactor_".
$miniserv{'twofactor_provider'};
if (defined(&{\&{$mfunc}})) {
- print &{\&{$mfunc}}($user);
+ print "".&{\&{$mfunc}}($user);
}
# Save user
@@ -65,6 +65,15 @@ if ($in{'enable'}) {
&webmin_log("twofactor", "user", $user->{'name'},
{ 'provider' => $user->{'twofactor_provider'},
'id' => $user->{'twofactor_id'} });
+
+ # Show a test form, so the user can validate
+ print &ui_form_start("test_twofactor.cgi");
+ print $text{'twofactor_testdesc'},"\n";
+ print "$text{'twofactor_testfield'} \n",
+ &ui_textbox("test", undef, 12),"\n";
+ print &ui_hidden("user", $in{'user'}) if ($in{'user'});
+ print "
\n";
+ print &ui_form_end([ [ undef, $text{'twofactor_test'} ] ]);
}
&ui_print_footer("", $text{'index_return'});
diff --git a/acl/test_twofactor.cgi b/acl/test_twofactor.cgi
new file mode 100755
index 000000000..55ab3c7d8
--- /dev/null
+++ b/acl/test_twofactor.cgi
@@ -0,0 +1,47 @@
+#!/usr/local/bin/perl
+# Validate a user-supplied two-factor token
+
+use strict;
+use warnings;
+no warnings 'redefine';
+no warnings 'uninitialized';
+require './acl-lib.pl';
+our (%in, %text, %access, $base_remote_user);
+&foreign_require("webmin");
+&error_setup($text{'twofactor_terr'});
+&ReadParse();
+
+# Get the user
+my @users = &list_users();
+my $user;
+if ($in{'user'}) {
+ &can_edit_user($in{'user'}) || &error($text{'edit_euser'});
+ ($user) = grep { $_->{'name'} eq $in{'user'} } @users;
+ }
+else {
+ ($user) = grep { $_->{'name'} eq $base_remote_user } @users;
+ }
+$user || &error($text{'twofactor_euser'});
+$user->{'twofactor_provider'} || &error($text{'twofactor_etestuser'});
+my @provs = &webmin::list_twofactor_providers();
+my ($prov) = grep { $_->[0] eq $user->{'twofactor_provider'} } @provs;
+
+# Call the validation function
+&ui_print_header(undef, $text{'twofactor_title'}, "");
+
+print &text('twofactor_testing', $prov->[1]),"
\n";
+my $func = "webmin::validate_twofactor_".$user->{'twofactor_provider'};
+my $err = &{\&{$func}}($user->{'twofactor_id'}, $in{'test'},
+ $user->{'twofactor_apikey'});
+if ($err) {
+ print &text('twofactor_testfailed', $err),"
\n";
+
+ print &ui_form_start("save_twofactor.cgi");
+ print &ui_hidden("user", $in{'user'}) if ($in{'user'});
+ print &ui_form_end([ [ "disable", $text{'twofactor_testdis'} ] ]);
+ }
+else {
+ print $text{'twofactor_testok'},"
\n";
+ }
+
+&ui_print_footer("", $text{'index_return'});