mirror of
https://github.com/zitadel/zitadel.git
synced 2025-04-28 18:20:50 +00:00
2c97794538
* feat: nice error messages * feat: nice error messages * fix: add project type * fix: message ids * handle error messages in login * add some better error messages * fix: better error messages on login * fix: better error messages on login * fix: add internal errors * fix: tests
96 lines
2.2 KiB
Go
96 lines
2.2 KiB
Go
package handler
|
|
|
|
import (
|
|
"bytes"
|
|
"net/http"
|
|
|
|
"github.com/aaronarduino/goqrsvg"
|
|
svg "github.com/ajstarks/svgo"
|
|
"github.com/boombuler/barcode/qr"
|
|
"github.com/caos/zitadel/internal/auth_request/model"
|
|
)
|
|
|
|
const (
|
|
tmplMfaInitVerify = "mfainitverify"
|
|
)
|
|
|
|
type mfaInitVerifyData struct {
|
|
MfaType model.MfaType `schema:"mfaType"`
|
|
Code string `schema:"code"`
|
|
URL string `schema:"url"`
|
|
Secret string `schema:"secret"`
|
|
}
|
|
|
|
func (l *Login) handleMfaInitVerify(w http.ResponseWriter, r *http.Request) {
|
|
data := new(mfaInitVerifyData)
|
|
authReq, err := l.getAuthRequestAndParseData(r, data)
|
|
if err != nil {
|
|
l.renderError(w, r, authReq, err)
|
|
return
|
|
}
|
|
var verifyData *mfaVerifyData
|
|
switch data.MfaType {
|
|
case model.MfaTypeOTP:
|
|
verifyData = l.handleOtpVerify(w, r, authReq, data)
|
|
}
|
|
|
|
if verifyData != nil {
|
|
l.renderMfaInitVerify(w, r, authReq, verifyData, err)
|
|
return
|
|
}
|
|
|
|
done := &mfaDoneData{
|
|
MfaType: data.MfaType,
|
|
}
|
|
l.renderMfaInitDone(w, r, authReq, done)
|
|
}
|
|
|
|
func (l *Login) handleOtpVerify(w http.ResponseWriter, r *http.Request, authReq *model.AuthRequest, data *mfaInitVerifyData) *mfaVerifyData {
|
|
err := l.authRepo.VerifyMfaOTPSetup(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, data.Code)
|
|
if err == nil {
|
|
return nil
|
|
}
|
|
mfadata := &mfaVerifyData{
|
|
MfaType: data.MfaType,
|
|
otpData: otpData{
|
|
Secret: data.Secret,
|
|
Url: data.URL,
|
|
},
|
|
}
|
|
|
|
return mfadata
|
|
}
|
|
|
|
func (l *Login) renderMfaInitVerify(w http.ResponseWriter, r *http.Request, authReq *model.AuthRequest, data *mfaVerifyData, err error) {
|
|
var errType, errMessage string
|
|
if err != nil {
|
|
errMessage = l.getErrorMessage(r, err)
|
|
}
|
|
data.baseData = l.getBaseData(r, authReq, "Mfa Init Verify", errType, errMessage)
|
|
data.UserName = authReq.UserName
|
|
if data.MfaType == model.MfaTypeOTP {
|
|
code, err := generateQrCode(data.otpData.Url)
|
|
if err == nil {
|
|
data.otpData.QrCode = code
|
|
}
|
|
}
|
|
|
|
l.renderer.RenderTemplate(w, r, l.renderer.Templates[tmplMfaInitVerify], data, nil)
|
|
}
|
|
|
|
func generateQrCode(url string) (string, error) {
|
|
var b bytes.Buffer
|
|
s := svg.New(&b)
|
|
|
|
qrCode, err := qr.Encode(url, qr.M, qr.Auto)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
qs := goqrsvg.NewQrSVG(qrCode, 5)
|
|
qs.StartQrSVG(s)
|
|
qs.WriteQrSVG(s)
|
|
|
|
s.End()
|
|
return string(b.Bytes()), nil
|
|
}
|