mirror of
https://github.com/TriliumNext/Notes.git
synced 2025-08-10 18:39:22 +08:00
feat: 🎸 Fix TOTP not load correctly
This commit is contained in:
Jin
parent
8f157e04d4
commit
083ee5d23b
@ -68,7 +68,7 @@ function setPassword(req: Request, res: Response) {
|
||||
|
||||
function login(req: Request, res: Response) {
|
||||
const submittedPassword = req.body.password;
|
||||
const submittedTotp = req.body.token;
|
||||
const submittedTotpToken = req.body.totpToken;
|
||||
|
||||
// 首先验证密码
|
||||
if (!verifyPassword(submittedPassword)) {
|
||||
@ -78,7 +78,7 @@ function login(req: Request, res: Response) {
|
||||
|
||||
// 如果密码正确且启用了 TOTP,验证 TOTP
|
||||
if (totp.isTotpEnabled()) {
|
||||
if (!verifyTOTP(submittedTotp)) {
|
||||
if (!verifyTOTP(submittedTotpToken)) {
|
||||
sendLoginError(req, res, 'totp');
|
||||
return;
|
||||
}
|
||||
@ -106,10 +106,10 @@ function login(req: Request, res: Response) {
|
||||
});
|
||||
}
|
||||
|
||||
function verifyTOTP(submittedToken: string) {
|
||||
if (totp.validateTOTP(submittedToken)) return true;
|
||||
function verifyTOTP(submittedTotpToken: string) {
|
||||
if (totp.validateTOTP(submittedTotpToken)) return true;
|
||||
|
||||
const recoveryCodeValidates = recoveryCodeService.verifyRecoveryCode(submittedToken);
|
||||
const recoveryCodeValidates = recoveryCodeService.verifyRecoveryCode(submittedTotpToken);
|
||||
|
||||
return recoveryCodeValidates;
|
||||
}
|
||||
|
||||
@ -25,9 +25,7 @@ const sessionParser = session({
|
||||
})
|
||||
});
|
||||
|
||||
// 创建一个检查认证状态的中间件
|
||||
const checkAuthState = (req: Request, res: Response, next: NextFunction) => {
|
||||
// 如果用户未登录或者是登录页面,直接继续
|
||||
if (!req.session.loggedIn || req.path === '/login') {
|
||||
return next();
|
||||
}
|
||||
@ -35,23 +33,17 @@ const checkAuthState = (req: Request, res: Response, next: NextFunction) => {
|
||||
const currentTotpStatus = totp.isTotpEnabled();
|
||||
const currentSsoStatus = open_id.isOpenIDEnabled();
|
||||
|
||||
// 从 session 中获取上次登录时的认证状态
|
||||
const lastAuthState = req.session.lastAuthState || {
|
||||
totpEnabled: false,
|
||||
ssoEnabled: false
|
||||
};
|
||||
|
||||
// 检查认证状态是否发生变化
|
||||
if (lastAuthState.totpEnabled !== currentTotpStatus ||
|
||||
lastAuthState.ssoEnabled !== currentSsoStatus) {
|
||||
// 如果认证状态发生变化,先销毁当前 session
|
||||
req.session.destroy((err) => {
|
||||
if (err) {
|
||||
console.error('Error destroying session:', err);
|
||||
}
|
||||
// 清除 cookie
|
||||
res.clearCookie('trilium.sid');
|
||||
// 重定向到登录页面
|
||||
res.redirect('/login');
|
||||
});
|
||||
return;
|
||||
@ -60,7 +52,6 @@ const checkAuthState = (req: Request, res: Response, next: NextFunction) => {
|
||||
next();
|
||||
};
|
||||
|
||||
// 导出一个组合的中间件
|
||||
export default function (req: Request, res: Response, next: NextFunction) {
|
||||
sessionParser(req, res, () => {
|
||||
checkAuthState(req, res, next);
|
||||
|
||||
@ -18,12 +18,12 @@ function checkForTotSecret() {
|
||||
return config.MultiFactorAuthentication.totpSecret === "" ? false : true;
|
||||
}
|
||||
|
||||
function validateTOTP(guessedPasscode: string) {
|
||||
function validateTOTP(submittedPasscode: string) {
|
||||
if (config.MultiFactorAuthentication.totpSecret === "") return false;
|
||||
|
||||
try {
|
||||
const valid = Totp.validate({
|
||||
passcode: guessedPasscode,
|
||||
passcode: submittedPasscode,
|
||||
secret: config.MultiFactorAuthentication.totpSecret.trim()
|
||||
});
|
||||
return valid;
|
||||
|
||||
@ -33,10 +33,9 @@
|
||||
</div>
|
||||
<% if( totpEnabled ) { %>
|
||||
<div class="form-group">
|
||||
<label for="totp-token">TOTP Token</label>
|
||||
<label for="totpToken">TOTP Token</label>
|
||||
<div class="controls">
|
||||
<input id="totp-token" name="totp-token" placeholder="" class="form-control" type="text"
|
||||
required />
|
||||
<input id="totpToken" name="totpToken" placeholder="" class="form-control" type="text" required />
|
||||
</div>
|
||||
</div>
|
||||
<% } %>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user