Add totp check when logging in

2020-04-17 18:39:18 +02:00 · 2020-04-17 18:39:18 +02:00 · 42beec531e
parent 97d78b032e
commit 42beec531e
3 changed files with 22 additions and 0 deletions
--- a/pkg/routes/api/v1/login.go
+++ b/pkg/routes/api/v1/login.go
@ -53,6 +53,21 @@ func Login(c echo.Context) error {
 		return handler.HandleHTTPError(err, c)
 	}

+	totpEnabled, err := user2.TOTPEnabledForUser(user)
+	if err != nil {
+		return handler.HandleHTTPError(err, c)
+	}
+
+	if totpEnabled {
+		_, err = user2.ValidateTOTPPasscode(&user2.TOTPPasscode{
+			User:     user,
+			Passcode: u.TOTPPasscode,
+		})
+		if err != nil {
+			return handler.HandleHTTPError(err, c)
+		}
+	}
+
 	// Create token
 	t, err := NewUserJWTAuthtoken(user)
 	if err != nil {
--- a/pkg/user/totp.go
+++ b/pkg/user/totp.go
@ -44,6 +44,11 @@ type TOTPPasscode struct {
 	Passcode string `json:"passcode"`
 }

+// TOTPEnabledForUser checks if totp is enabled for a user - not if it is activated, use getTOTPForUser to check that.
+func TOTPEnabledForUser(user *User) (bool, error) {
+	return x.Where("user_id = ?", user.ID).Exist(&TOTP{})
+}
+
 func getTOTPForUser(user *User) (t *TOTP, err error) {
 	t = &TOTP{}
 	exists, err := x.Where("user_id = ?", user.ID).Get(t)
--- a/pkg/user/user.go
+++ b/pkg/user/user.go
@ -37,6 +37,8 @@ type Login struct {
 	Username string `json:"username"`
 	// The password for the user.
 	Password string `json:"password"`
+	// The totp passcode of a user. Only needs to be provided when enabled.
+	TOTPPasscode string `json:"totp_passcode"`
 }

 // User holds information about an user