From 49fa4ff3db83f22ebe3d015c1e4f1ade6a555111 Mon Sep 17 00:00:00 2001 From: Bruno Michel Date: Tue, 5 Dec 2023 18:20:06 +0100 Subject: [PATCH] Fix email_verified_code usage When a Cozy instance has for authentication the combo magic link + 2FA, and its owner wants to login via the cloudery, we try to avoid a flow with two emails (one for finding the instance domain, and the other with the 6-digits code). To do that, we use an email_verified_code, and the stack needs to change its behavior on the login page when this code is present, which was not done correctly before this commit. --- assets/scripts/login.js | 5 ++++- web/auth/auth.go | 12 +++++++++-- web/statik/statik.go | 44 ++++++++++++++++++++--------------------- 3 files changed, 36 insertions(+), 25 deletions(-) diff --git a/assets/scripts/login.js b/assets/scripts/login.js index e2c6e8686e3..d14e692d7ce 100644 --- a/assets/scripts/login.js +++ b/assets/scripts/login.js @@ -45,11 +45,14 @@ const data = new URLSearchParams() data.append('passphrase', pass) data.append('trusted-device-token', trustedTokenInput.value) - data.append('email_verified_code', emailVerifiedCodeInput.value) data.append('long-run-session', longRun) data.append('redirect', redirect) data.append('csrf_token', csrfTokenInput.value) + if (emailVerifiedCodeInput) { + data.append('email_verified_code', emailVerifiedCodeInput.value) + } + // For the /auth/authorize/move && /auth/confirm pages if (stateInput) { data.append('state', stateInput.value) diff --git a/web/auth/auth.go b/web/auth/auth.go index e27847eae4f..fb3bc2f4aef 100644 --- a/web/auth/auth.go +++ b/web/auth/auth.go @@ -205,6 +205,14 @@ func renderLoginForm(c echo.Context, i *instance.Instance, code int, credsErrors iterations = settings.PassphraseKdfIterations } + // When we have an email_verified_code, we need to ask the user their + // password, not send them an email with a magic link + emailVerifiedCode := c.QueryParam("email_verified_code") + magicLink := i.MagicLink + if emailVerifiedCode != "" { + magicLink = false + } + return c.Render(code, "login.html", echo.Map{ "TemplateTitle": i.TemplateTitle(), "Domain": i.ContextualDomain(), @@ -220,8 +228,8 @@ func renderLoginForm(c echo.Context, i *instance.Instance, code int, credsErrors "CredentialsError": credsErrors, "Redirect": redirectStr, "CSRF": c.Get("csrf"), - "EmailVerifiedCode": c.QueryParam("email_verified_code"), - "MagicLink": i.MagicLink, + "EmailVerifiedCode": emailVerifiedCode, + "MagicLink": magicLink, "OAuth": hasOAuth, "FranceConnect": hasFranceConnect, }) diff --git a/web/statik/statik.go b/web/statik/statik.go index 876279383ab..84e574f2523 100644 --- a/web/statik/statik.go +++ b/web/statik/statik.go @@ -38778,29 +38778,29 @@ wYnBkGaJUaJUQjZ2bgRHkNML+wA5TP4WMskE -----END COZY ASSET----- -----BEGIN COZY ASSET----- Name: /scripts/login.js -Size: 3530 +Size: 3581 -G8kNAJwFdiwb0HZg3DzIC0mLrGZqf021cgLGf+BU/Rg5VeqcWyWQMj8pBkilsPRJ -CgpTK/e+GpYKDRi+1Um/NT2X1pjRSjrbaRUFhaYDGsADUSYoj+F8F6EyRVzkMy2c -360jp9ATGq78dlLrjS/WOwwDrk5YMVfp9oAIPTVvwu+ifD9l4UoDTRgNdn5RIBO5 -6OAnUJOiSOxDyAcXdFcBrQ46VKZtZ6IxbjwWr3fXebZpzcxIKWiDebFnWgjbSAcU -JnHx5gNn7uyw4nwvDZI76uVY94KTEl6E7XcZ6jUWqQXvnLMycFRkFkgaH+OdXBSz -xTH6mSwhJKB/9d9n+83eu4/ESQvocV7tG/MYy8ygau7BBGie9pxgzEgTqE+nMYXQ -aA/pR632XAOps/0G+6LznlUC+nFeAf7yZLsWteYz/UNo6ijkWMESyXV+VlgkiDHB -+oogABWirbV+wj0S6tOOpE/UkEB0SfdJgkWp2Gc4nc+kKTxJNUCbeFb4IatrGoGz -KTvTyzGvkwZiE0pUlYJOeDcsKwQyEISo/G7YSP3Om5uf9a8H9x9fIO4hFncIUA7v -gNUTwo1/DJLevEU9zh6S+bmAjE7+oC2+RYtv+l//oHA9qbwgxY8nrBKVsbIYzxsa -yLi7+8Jn7m7msI2NC6S02Y3u71yDNifYAqbQqvks+LuqtdpVlCEQTg5AIxphGmL6 -hMKXDHJHrsdEwZ2PCnb6g8NErEtdfprIBQhC9WOQgYRRM9m1v+9n4u5Phhf8AES1 -S9+QvD0UHbXgltPcC01pRUYWZfXc2s7OrKiAO+O0hShkXdWvFmzOrgZ/KIQv7KMx -zZB+YZZlsTPdazZMKSXe3MC0FgkMGLDwsS5khKo7iv7S7DAmKEno6ZExZZf2J2ea -VTqrE+VgI/+AZYwQpjvKfuyeSTOhKqUptLl478zpdn5WA4yjvOKEpxqKDbY7PxOF -ubfUcP0CO2yfy+w0o72M/FxPN7OcpAjChGpWw0xkfeQGLZ0Ixi23ooEog0QRlF3v -xF8SuEywFoSaQP5knXnnQ7FfnvJY5MuzZ8ObeW+Oir6kWsZb0axpODgeQ+a1TDs6 -8QrRcFQIF625c/iMpzsFm6mgWggcY+MNYyfjyi63k0zS+1AAaTMB1hlXFZp1JwIX -jFyMzDDIv7V0TnIckuCZPT3+kpjVydjDPC1KClKfQj40edAEOnu6bAyz/vnyqgjs -jpynrsKijOuVGaOGUk2GWkoxmMeJJNlWxKjhQU+pmzmCwFwal4Msq9g27oLTUdZT -iPX51j/bCiHPa1y9W5GtFLrlfhYJ0RXTilbUPhrVMOn9wKXESGsQ +G/wNABwHbqw8oGsgB17zv6m6s0zPaR8uAsl3mXTBaVPrqxsoruhodg+QSmExcb93 +ElBOOJ1r+gn7RuyAHCdNh6Sm5gCFnfCTcmoPcbOLWjL2txrp4HzrujACe4aWKz92 +1qqxaTzB4YCzC6wQxXQ7b2cYty4muJ2U72MapjZQIoyiFD9MyChcePQTaEhhEnsf +yp3zuovAVIEOVdJWQtAkrjyWXM6PY2g6M0ukJLRmP20lLQI7kQ4oksSlm3s+mqPD +Cv1paIhwR7Oc1C3haMIV9/+VXbNGk5rwlmXITiZFyQJZ4yHWhAtjlmWKPlWGEDLQ +X/2zYdpMrXloTWgBPfRX22I/xUpmUDUHYAI0T7vMUJYTTcAu7UUPcq32kH/Yao+1 +kFqaNpim3nvGGTCM8wxwlyeb11grPr3fAo2FIhwzaCI6Dz6mlBDElGC9QQxARFSU +1lfcA0Nz2ja3mRohEEzbfxJhiVzsC5zqR9YknkI1QJt4VvggqmuKAhzN2ZFBjnmd +1KRtKBErhk64HZoVPMkEMinfDp2ob724+Jj/enD/eAPqEmqqiAHK4RZoPUHc9Icc +0tOXWE+zBxV+ziPthd1xh29B4x3/1z+Ev44LJ1D145hWojRVFp2xqIASd36abJA7 +HaFbGxukYjVfdCtp0OYCNoQeODZPg7uztVK7jNIC/Ck9UCqcfbxw1DGBTwXkHOd7 +zBTc8lFA9z4Apkt1WvJJRk5AELIbc2FAfuRCduL366UQd38yvJwbgMh26TVOzm5R +oTZuSp4715xmMjL1ZnVStIlkiZN9a2PrUqb5A8NZ2PrYtlUs519TiK1ob8/KDgiO +U1YwbHd+h3KY06TsxbNYVmzCxQWMm6rA5tHO57Iz3clcgoYEpsM0Y1/Cpt91OZul +SxVhextFDoxp+FBvAD9wnMhyK6RMjwKZVZwFXolHttlkLmGc3J1ty6I0VZ9QshBH +NnL9ANNtUeaw+G6+Evm54XRGOVGtRRKyJQ7LUqowNzZqFTDO1B2rqdoSqIBK6dX6 +jYLTPG4hUBXkN+NgjXVpOlzEmuJwaaWtLnlPHwV7oxWTN7ylcpLe8Rj09cxUBB05 +RdP4pJA7OeP7Ga5xVelkHaFcb+yQ9h4maMZVdza3gZOaujpLRRJgGZHK0KicAJww +PTL/9jKNSQ2N4WSka51lduL4ibbE1QTHnKTKBTXaoBclOTYD/ka70hhG3fP6KDlp +9rIYHodGtdgrUomaqwhFqKnig69FUYRsuWBUtKAT4pKcQGBhdfJmCJGdxp1wqsLg +yqX6eBejFaq3nNUeu10w8yrX+/dpLBBdzc40vBaxoxiNvR8fFdl1RQY= -----END COZY ASSET----- -----BEGIN COZY ASSET----- Name: /scripts/new-password.js