Don't show Link to TOTP if not set up (#27585) (#27588)

Backport #27585 by @JakobDev

Fixes https://codeberg.org/forgejo/forgejo/issues/1592

When login in with WebAuth, the page has a link to use TOTP instead.
This link is always displayed, no matter if the User has set up TOTP or
not, which do of cause not work for those who have not.

Co-authored-by: JakobDev <jakobdev@gmx.de>
This commit is contained in:
Giteabot 2023-10-12 04:59:21 +08:00 committed by GitHub
parent 844ab9a441
commit 63a321b83a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 3 deletions

View file

@ -37,6 +37,14 @@ func WebAuthn(ctx *context.Context) {
return
}
hasTwoFactor, err := auth.HasTwoFactorByUID(ctx, ctx.Session.Get("twofaUid").(int64))
if err != nil {
ctx.ServerError("HasTwoFactorByUID", err)
return
}
ctx.Data["HasTwoFactor"] = hasTwoFactor
ctx.HTML(http.StatusOK, tplWebAuthn)
}

View file

@ -14,9 +14,11 @@
<div class="is-loading" style="width: 40px; height: 40px"></div>
{{ctx.Locale.Tr "webauthn_press_button"}}
</div>
<div class="ui attached segment">
<a href="{{AppSubUrl}}/user/two_factor">{{ctx.Locale.Tr "webauthn_use_twofa"}}</a>
</div>
{{if .HasTwoFactor}}
<div class="ui attached segment">
<a href="{{AppSubUrl}}/user/two_factor">{{ctx.Locale.Tr "webauthn_use_twofa"}}</a>
</div>
{{end}}
</div>
</div>
</div>