Skip to content

Commit

Permalink
Allow to use an email_verified_code on flagship login (#4318)
Browse files Browse the repository at this point in the history
  • Loading branch information
nono authored Feb 20, 2024
2 parents ee42453 + 7feea0d commit c526996
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 1 deletion.
14 changes: 14 additions & 0 deletions docs/auth.md
Original file line number Diff line number Diff line change
Expand Up @@ -228,6 +228,20 @@ Then, the client can retry by sending the two-factor token and code:
}
```

**Note:** if the two-factor authentication is enabled, and the cloudery has
already verified the email address, a parameter `email_verified_code` can be sent
to skip another 2FA code sent by mail.


```json
{
"passphrase": "4f58133ea0f415424d0a856e0d3d2e0cd28e4358fce7e333cb524729796b2791",
"client_id": "64ce5cb0-bd4c-11e6-880e-b3b7dfda89d3",
"client_secret": "eyJpc3Mi[...omitted for brevity...]",
"email_verified_code": "987456321"
}
```

**Note:** if the OAuth client has not been certified as the flagship app,
this request will return:

Expand Down
3 changes: 3 additions & 0 deletions model/instance/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -219,5 +219,8 @@ func (i *Instance) CreateEmailVerifiedCode() (string, error) {

// CheckEmailVerifiedCode will return true if the email verified code is valid.
func (i *Instance) CheckEmailVerifiedCode(code string) bool {
if code == "" {
return false
}
return GetStore().CheckEmailVerifiedCode(i, code)
}
3 changes: 2 additions & 1 deletion web/auth/flagship.go
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,7 @@ type loginFlagshipParameters struct {
Passphrase string `json:"passphrase"`
TwoFactorPasscode string `json:"two_factor_passcode"`
TwoFactorToken string `json:"two_factor_token"`
EmailVerifiedCode string `json:"email_verified_code"`
}

func loginFlagship(c echo.Context) error {
Expand All @@ -203,7 +204,7 @@ func loginFlagship(c echo.Context) error {
})
}

if inst.HasAuthMode(instance.TwoFactorMail) {
if inst.HasAuthMode(instance.TwoFactorMail) && !inst.CheckEmailVerifiedCode(args.EmailVerifiedCode) {
if len(args.TwoFactorToken) == 0 {
twoFactorToken, err := lifecycle.SendTwoFactorPasscode(inst)
if err != nil {
Expand Down

0 comments on commit c526996

Please sign in to comment.