diff --git a/backend/internal/mfa.js b/backend/internal/mfa.js index 5f6865b9..79f11bf7 100644 --- a/backend/internal/mfa.js +++ b/backend/internal/mfa.js @@ -1,5 +1,5 @@ const authModel = require('../models/auth'); -const error = require('../lib/error'); +const error = require('../lib/error'); const speakeasy = require('speakeasy'); module.exports = { @@ -13,10 +13,10 @@ module.exports = { throw new error.AuthError('MFA is not enabled for this user.'); } const verified = speakeasy.totp.verify({ - secret: auth.mfa_secret, + secret: auth.mfa_secret, encoding: 'base32', - token: token, - window: 2 + token: token, + window: 2 }); if (!verified) { throw new error.AuthError('Invalid MFA token.'); @@ -58,10 +58,10 @@ module.exports = { throw new error.AuthError('MFA is not set up for this user.'); } const verified = speakeasy.totp.verify({ - secret: auth.mfa_secret, + secret: auth.mfa_secret, encoding: 'base32', - token: token, - window: 2 + token: token, + window: 2 }); if (!verified) { throw new error.AuthError('Invalid MFA token.'); diff --git a/backend/routes/mfa.js b/backend/routes/mfa.js index d142e3cd..100cda1e 100644 --- a/backend/routes/mfa.js +++ b/backend/routes/mfa.js @@ -1,16 +1,16 @@ -const express = require('express'); -const jwtdecode = require('../lib/express/jwt-decode'); +const express = require('express'); +const jwtdecode = require('../lib/express/jwt-decode'); const apiValidator = require('../lib/validator/api'); -const schema = require('../schema'); -const internalMfa = require('../internal/mfa'); -const qrcode = require('qrcode'); -const speakeasy = require('speakeasy'); -const userModel = require('../models/user'); +const schema = require('../schema'); +const internalMfa = require('../internal/mfa'); +const qrcode = require('qrcode'); +const speakeasy = require('speakeasy'); +const userModel = require('../models/user'); let router = express.Router({ caseSensitive: true, - strict: true, - mergeParams: true + strict: true, + mergeParams: true }); router @@ -35,7 +35,7 @@ router .then(({ secret, user }) => { const otpAuthUrl = speakeasy.otpauthURL({ secret: secret.ascii, - label: user.email, + label: user.email, issuer: 'Nginx Proxy Manager' }); qrcode.toDataURL(otpAuthUrl, (err, dataUrl) => { diff --git a/frontend/js/app/user/form.js b/frontend/js/app/user/form.js index fe72d4c9..15747482 100644 --- a/frontend/js/app/user/form.js +++ b/frontend/js/app/user/form.js @@ -33,9 +33,9 @@ module.exports = Mn.View.extend({ let view = this; let data = this.ui.form.serializeJSON(); - // Save "mfa_validation" value and remove it from data let mfaToken = data.mfa_validation; delete data.mfa_validation; + delete data.mfa_password; let show_password = this.model.get('email') === 'admin@example.com'; @@ -77,7 +77,12 @@ module.exports = Mn.View.extend({ if (mfaToken) { return App.Api.Mfa.enable(mfaToken) - .then(() => result); + .then(() => result) + .catch(err => { + view.ui.mfaError.text(err.message).show(); + err.mfaHandled = true; + return Promise.reject(err); + }); } return result; }) @@ -92,7 +97,9 @@ module.exports = Mn.View.extend({ }); }) .catch(err => { - this.ui.error.text(err.message).show(); + if (!err.mfaHandled) { + this.ui.error.text(err.message).show(); + } this.ui.buttons.prop('disabled', false).removeClass('btn-disabled'); }); },