diff --git a/src/routes/login.ts b/src/routes/login.ts index 9d8c1e6dc..f3636422f 100644 --- a/src/routes/login.ts +++ b/src/routes/login.ts @@ -68,7 +68,7 @@ function setPassword(req: Request, res: Response) { function login(req: Request, res: Response) { const submittedPassword = req.body.password; - const submittedTotp = req.body.token; + const submittedTotpToken = req.body.totpToken; // 首先验证密码 if (!verifyPassword(submittedPassword)) { @@ -78,7 +78,7 @@ function login(req: Request, res: Response) { // 如果密码正确且启用了 TOTP,验证 TOTP if (totp.isTotpEnabled()) { - if (!verifyTOTP(submittedTotp)) { + if (!verifyTOTP(submittedTotpToken)) { sendLoginError(req, res, 'totp'); return; } @@ -106,10 +106,10 @@ function login(req: Request, res: Response) { }); } -function verifyTOTP(submittedToken: string) { - if (totp.validateTOTP(submittedToken)) return true; +function verifyTOTP(submittedTotpToken: string) { + if (totp.validateTOTP(submittedTotpToken)) return true; - const recoveryCodeValidates = recoveryCodeService.verifyRecoveryCode(submittedToken); + const recoveryCodeValidates = recoveryCodeService.verifyRecoveryCode(submittedTotpToken); return recoveryCodeValidates; } diff --git a/src/routes/session_parser.ts b/src/routes/session_parser.ts index 9d52580d2..d8e1add6c 100644 --- a/src/routes/session_parser.ts +++ b/src/routes/session_parser.ts @@ -25,9 +25,7 @@ const sessionParser = session({ }) }); -// 创建一个检查认证状态的中间件 const checkAuthState = (req: Request, res: Response, next: NextFunction) => { - // 如果用户未登录或者是登录页面,直接继续 if (!req.session.loggedIn || req.path === '/login') { return next(); } @@ -35,23 +33,17 @@ const checkAuthState = (req: Request, res: Response, next: NextFunction) => { const currentTotpStatus = totp.isTotpEnabled(); const currentSsoStatus = open_id.isOpenIDEnabled(); - // 从 session 中获取上次登录时的认证状态 const lastAuthState = req.session.lastAuthState || { totpEnabled: false, ssoEnabled: false }; - // 检查认证状态是否发生变化 if (lastAuthState.totpEnabled !== currentTotpStatus || lastAuthState.ssoEnabled !== currentSsoStatus) { - // 如果认证状态发生变化,先销毁当前 session req.session.destroy((err) => { if (err) { console.error('Error destroying session:', err); } - // 清除 cookie - res.clearCookie('trilium.sid'); - // 重定向到登录页面 res.redirect('/login'); }); return; @@ -60,7 +52,6 @@ const checkAuthState = (req: Request, res: Response, next: NextFunction) => { next(); }; -// 导出一个组合的中间件 export default function (req: Request, res: Response, next: NextFunction) { sessionParser(req, res, () => { checkAuthState(req, res, next); diff --git a/src/services/totp.ts b/src/services/totp.ts index f6fecf89c..e1d1b1a5e 100644 --- a/src/services/totp.ts +++ b/src/services/totp.ts @@ -18,12 +18,12 @@ function checkForTotSecret() { return config.MultiFactorAuthentication.totpSecret === "" ? false : true; } -function validateTOTP(guessedPasscode: string) { +function validateTOTP(submittedPasscode: string) { if (config.MultiFactorAuthentication.totpSecret === "") return false; try { const valid = Totp.validate({ - passcode: guessedPasscode, + passcode: submittedPasscode, secret: config.MultiFactorAuthentication.totpSecret.trim() }); return valid; diff --git a/src/views/login.ejs b/src/views/login.ejs index 68776ebe4..f07b924d2 100644 --- a/src/views/login.ejs +++ b/src/views/login.ejs @@ -33,10 +33,9 @@ <% if( totpEnabled ) { %>
- +
- +
<% } %>