fix: remove u2f with pin from 2fa check (#1121)

* fix: remove u2f with pin from 2fa check * show error message on mfa init verify
2024-12-12 02:54:20 +00:00 · 2020-12-18 16:30:57 +01:00 · 2020-12-18 16:30:57 +01:00 · e15fc0b92b
commit e15fc0b92b
parent 410a53f15b
3 changed files with 5 additions and 13 deletions
--- a/internal/ui/login/handler/mfa_verify_handler.go
+++ b/internal/ui/login/handler/mfa_verify_handler.go
@ -60,6 +60,9 @@ func (l *Login) renderMFAVerifySelected(w http.ResponseWriter, r *http.Request,
 	case model.MFATypeOTP:
 		data.MFAProviders = removeSelectedProviderFromList(verificationStep.MFAProviders, model.MFATypeOTP)
 		data.SelectedMFAProvider = model.MFATypeOTP
+	default:
+		l.renderError(w, r, authReq, err)
+		return
 	}
 	l.renderer.RenderTemplate(w, r, l.renderer.Templates[tmplMFAVerify], data, nil)
 }
--- a/internal/ui/login/static/templates/mfa_init_verify.html
+++ b/internal/ui/login/static/templates/mfa_init_verify.html
@ -35,6 +35,8 @@
        </div>
    {{end}}

+    {{ template "error-message" .}}
+
    <div class="actions">
        <button class="primary" id="submit-button" type="submit">{{t "Actions.Next"}}</button>
        <a class="button secondary" href="{{ mfaPromptChangeUrl .AuthReqID .MFAType }}">
--- a/internal/user/model/user_view.go
+++ b/internal/user/model/user_view.go
@ -163,19 +163,6 @@ func (u *UserView) MFATypesAllowed(level req_model.MFALevel, policy *iam_model.L
 			}
 		}
 		//PLANNED: add sms
-		fallthrough
-	case req_model.MFALevelMultiFactor:
-		if policy.HasMultiFactors() {
-			for _, mfaType := range policy.MultiFactors {
-				switch mfaType {
-				case iam_model.MultiFactorTypeU2FWithPIN:
-					if u.IsPasswordlessReady() {
-						types = append(types, req_model.MFATypeU2FUserVerification)
-					}
-				}
-			}
-		}
-		//PLANNED: add token
 	}
 	return types, required
 }