feat: 🎸 Fix TOTP not load correctly

src/routes/login.ts

@@ -68,7 +68,7 @@ function setPassword(req: Request, res: Response) {
 
 function login(req: Request, res: Response) {
     const submittedPassword = req.body.password;
-    const submittedTotp = req.body.token;
+    const submittedTotpToken = req.body.totpToken;
 
     // 首先验证密码
     if (!verifyPassword(submittedPassword)) {
@@ -78,7 +78,7 @@ function login(req: Request, res: Response) {
 
     // 如果密码正确且启用了 TOTP，验证 TOTP
     if (totp.isTotpEnabled()) {
-        if (!verifyTOTP(submittedTotp)) {
+        if (!verifyTOTP(submittedTotpToken)) {
             sendLoginError(req, res, 'totp');
             return;
         }
@@ -106,10 +106,10 @@ function login(req: Request, res: Response) {
     });
 }
 
-function verifyTOTP(submittedToken: string) {
+function verifyTOTP(submittedTotpToken: string) {
-    if (totp.validateTOTP(submittedToken)) return true;
+    if (totp.validateTOTP(submittedTotpToken)) return true;
 
-    const recoveryCodeValidates = recoveryCodeService.verifyRecoveryCode(submittedToken);
+    const recoveryCodeValidates = recoveryCodeService.verifyRecoveryCode(submittedTotpToken);
 
     return recoveryCodeValidates;
 }

src/routes/session_parser.ts

@@ -25,9 +25,7 @@ const sessionParser = session({
     })
 });
 
-// 创建一个检查认证状态的中间件
 const checkAuthState = (req: Request, res: Response, next: NextFunction) => {
-    // 如果用户未登录或者是登录页面，直接继续
     if (!req.session.loggedIn || req.path === '/login') {
         return next();
     }
@@ -35,23 +33,17 @@ const checkAuthState = (req: Request, res: Response, next: NextFunction) => {
     const currentTotpStatus = totp.isTotpEnabled();
     const currentSsoStatus = open_id.isOpenIDEnabled();
 
-    // 从 session 中获取上次登录时的认证状态
     const lastAuthState = req.session.lastAuthState || {
         totpEnabled: false,
         ssoEnabled: false
     };
 
-    // 检查认证状态是否发生变化
     if (lastAuthState.totpEnabled !== currentTotpStatus ||
         lastAuthState.ssoEnabled !== currentSsoStatus) {
-        // 如果认证状态发生变化，先销毁当前 session
         req.session.destroy((err) => {
             if (err) {
                 console.error('Error destroying session:', err);
             }
-            // 清除 cookie
-            res.clearCookie('trilium.sid');
-            // 重定向到登录页面
             res.redirect('/login');
         });
         return;
@@ -60,7 +52,6 @@ const checkAuthState = (req: Request, res: Response, next: NextFunction) => {
     next();
 };
 
-// 导出一个组合的中间件
 export default function (req: Request, res: Response, next: NextFunction) {
     sessionParser(req, res, () => {
         checkAuthState(req, res, next);

src/services/totp.ts

@@ -18,12 +18,12 @@ function checkForTotSecret() {
     return config.MultiFactorAuthentication.totpSecret === "" ? false : true;
 }
 
-function validateTOTP(guessedPasscode: string) {
+function validateTOTP(submittedPasscode: string) {
     if (config.MultiFactorAuthentication.totpSecret === "") return false;
 
     try {
         const valid = Totp.validate({
-            passcode: guessedPasscode,
+            passcode: submittedPasscode,
             secret: config.MultiFactorAuthentication.totpSecret.trim()
         });
         return valid;

src/views/login.ejs

@@ -33,10 +33,9 @@
             </div>
             <% if( totpEnabled ) { %>
                 <div class="form-group">
-                    <label for="totp-token">TOTP Token</label>
+                    <label for="totpToken">TOTP Token</label>
                     <div class="controls">
-                        <input id="totp-token" name="totp-token" placeholder="" class="form-control" type="text"
+                        <input id="totpToken" name="totpToken" placeholder="" class="form-control" type="text" required />
-                            required />
                     </div>
                 </div>
             <% } %>