Fixed a bug that prevented the mfa to be enabled

backend/internal/mfa.js

@@ -1,5 +1,5 @@
 const authModel = require('../models/auth');
-const error = require('../lib/error');
+const error     = require('../lib/error');
 const speakeasy = require('speakeasy');
 
 module.exports = {
@@ -13,10 +13,10 @@ module.exports = {
 					throw new error.AuthError('MFA is not enabled for this user.');
 				}
 				const verified = speakeasy.totp.verify({
-					secret: auth.mfa_secret,
+					secret:   auth.mfa_secret,
 					encoding: 'base32',
-					token: token,
+					token:    token,
-					window: 2
+					window:   2
 				});
 				if (!verified) {
 					throw new error.AuthError('Invalid MFA token.');
@@ -58,10 +58,10 @@ module.exports = {
 					throw new error.AuthError('MFA is not set up for this user.');
 				}
 				const verified = speakeasy.totp.verify({
-					secret: auth.mfa_secret,
+					secret:   auth.mfa_secret,
 					encoding: 'base32',
-					token: token,
+					token:    token,
-					window: 2
+					window:   2
 				});
 				if (!verified) {
 					throw new error.AuthError('Invalid MFA token.');

backend/routes/mfa.js

@@ -1,16 +1,16 @@
-const express = require('express');
+const express      = require('express');
-const jwtdecode = require('../lib/express/jwt-decode');
+const jwtdecode    = require('../lib/express/jwt-decode');
 const apiValidator = require('../lib/validator/api');
-const schema = require('../schema');
+const schema       = require('../schema');
-const internalMfa = require('../internal/mfa');
+const internalMfa  = require('../internal/mfa');
-const qrcode = require('qrcode');
+const qrcode       = require('qrcode');
-const speakeasy = require('speakeasy');
+const speakeasy    = require('speakeasy');
-const userModel = require('../models/user');
+const userModel    = require('../models/user');
 
 let router = express.Router({
 	caseSensitive: true,
-	strict: true,
+	strict:        true,
-	mergeParams: true
+	mergeParams:   true
 });
 
 router
@@ -35,7 +35,7 @@ router
 			.then(({ secret, user }) => {
 				const otpAuthUrl = speakeasy.otpauthURL({
 					secret: secret.ascii,
-					label: user.email,
+					label:  user.email,
 					issuer: 'Nginx Proxy Manager'
 				});
 				qrcode.toDataURL(otpAuthUrl, (err, dataUrl) => {

frontend/js/app/user/form.js

@@ -33,9 +33,9 @@ module.exports = Mn.View.extend({
             let view = this;
             let data = this.ui.form.serializeJSON();
 
-            // Save "mfa_validation" value and remove it from data
             let mfaToken = data.mfa_validation;
             delete data.mfa_validation;
+            delete data.mfa_password;
 
             let show_password = this.model.get('email') === 'admin@example.com';
 
@@ -77,7 +77,12 @@ module.exports = Mn.View.extend({
 
                     if (mfaToken) {
                         return App.Api.Mfa.enable(mfaToken)
-                            .then(() => result);
+                            .then(() => result)
+                            .catch(err => {
+                                view.ui.mfaError.text(err.message).show();
+                                err.mfaHandled = true;
+                                return Promise.reject(err);
+                            });
                     }
                     return result;
                 })
@@ -92,7 +97,9 @@ module.exports = Mn.View.extend({
                     });
                 })
                 .catch(err => {
-                    this.ui.error.text(err.message).show();
+                    if (!err.mfaHandled) {
+                        this.ui.error.text(err.message).show();
+                    }
                     this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
                 });
         },