2FA on login page

2024-11-10 12:42:44 +01:00 · 2022-07-20 21:12:23 +10:00 · 2022-07-20 21:12:23 +10:00 · c07950570c
commit c07950570c
parent 02bb548953
2 changed files with 35 additions and 4 deletions
--- a/slowcord/login/public/js/handler.js
+++ b/slowcord/login/public/js/handler.js
@ -16,6 +16,18 @@ const handleSubmit = async (path, body) => {
 		return;
 	}

+	if (json.ticket) {
+		// my terrible solution to 2fa
+		const twoFactorForm = document.forms["2fa"];
+		const loginForm = document.forms["login"];
+
+		twoFactorForm.style.display = "flex";
+		loginForm.style.display = "none";
+
+		twoFactorForm.ticket.value = json.ticket;
+		return;
+	}
+
 	// Very fun error message here lol
 	const error =
 		json.errors
--- a/slowcord/login/public/login.html
+++ b/slowcord/login/public/login.html
@ -27,8 +27,7 @@
 				<p id="failure">Login failed</p>
 			</div>

-
-			<form action="javascript:void(0);">
+			<form action="javascript:void(0);" name="login">
 				<label for="email">Email</label>
 				<input type="email" name="email" />

@ -42,9 +41,18 @@
 					Login with Discord
 				</a>

-				<div class="h-captcha" data-sitekey="fa3163ea-79a7-4b7b-b752-b58c545906c8"></div>
+				<div class="h-captcha" data-sitekey="fa3163ea-79a7-4b7b-b752-b58c545906c8" data-theme="dark"></div>
 				<script src="https://js.hcaptcha.com/1/api.js" async defer></script>
 			</form>
+
+			<form action="javascript:void(0);" name="2fa" style="display: none">
+				<label for="code">2FA Code</label>
+				<input type="number" name="code" />
+
+				<input type="hidden" name="ticket" />
+
+				<input type="submit" value="Login"/>
+			</form>
 		</div>
 	</div>

@ -66,7 +74,7 @@
 		token = window.localStorage.getItem("token");
 		if (token) window.location.href = "/app";

-		document.forms[0].addEventListener("submit", async (e) => {
+		document.forms["login"].addEventListener("submit", async (e) => {
 			const data = new FormData(e.target);
 			const email = data.get("email");
 			const password = data.get("password");
@ -78,6 +86,17 @@
 				captcha_key: hcaptcha,
 			});
 		})
+
+		document.forms["2fa"].addEventListener("submit", async (e) => {
+			const data = new FormData(e.target);
+			const code = data.get("code");
+			const ticket = data.get("ticket");
+
+			await handleSubmit("/api/v9/auth/mfa/totp", {
+				code: code,
+				ticket: ticket,
+			});
+		})
 	</script>
 </body>