1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
/* eslint-disable @typescript-eslint/camelcase */
import {
encodeCrock,
stringToBytes
} from "@gnu-taler/taler-util";
import { h, VNode } from "preact";
import { useMemo, useState } from "preact/hooks";
import { AuthMethodSetupProps } from "../AuthenticationEditorScreen";
import { AnastasisClientFrame } from "../index";
import { TextInput } from "../../../components/fields/TextInput";
import { QR } from "../../../components/QR";
import { base32enc, computeTOTPandCheck } from "./totp";
export function AuthMethodTotpSetup({ addAuthMethod, cancel, configured }: AuthMethodSetupProps): VNode {
const [name, setName] = useState("anastasis");
const [test, setTest] = useState("");
const digits = 8
const secretKey = useMemo(() => {
const array = new Uint8Array(32)
return window.crypto.getRandomValues(array)
}, [])
const secret32 = base32enc(secretKey);
const totpURL = `otpauth://totp/${name}?digits=${digits}&secret=${secret32}`
const addTotpAuth = (): void => addAuthMethod({
authentication_method: {
type: "totp",
instructions: `Enter ${digits} digits code for "${name}"`,
challenge: encodeCrock(stringToBytes(totpURL)),
},
});
const testCodeMatches = computeTOTPandCheck(secretKey, 8, parseInt(test, 10));
const errors = !name ? 'The TOTP name is missing' : (
!testCodeMatches ? 'The test code doesnt match' : undefined
);
return (
<AnastasisClientFrame hideNav title="Add TOTP authentication">
<p>
For Time-based One-Time Password (TOTP) authentication, you need to set
a name for the TOTP secret. Then, you must scan the generated QR code
with your TOTP App to import the TOTP secret into your TOTP App.
</p>
<div class="block">
<TextInput
label="TOTP Name"
grabFocus
bind={[name, setName]} />
</div>
<div style={{ height: 300 }}>
<QR text={totpURL} />
</div>
<p>
After scanning the code with your TOTP App, test it in the input below.
</p>
<TextInput
label="Test code"
bind={[test, setTest]} />
{configured.length > 0 && <section class="section">
<div class="block">
Your TOTP numbers:
</div><div class="block">
{configured.map((c, i) => {
return <div key={i} class="box" style={{ display: 'flex', justifyContent: 'space-between' }}>
<p style={{ marginTop: 'auto', marginBottom: 'auto' }}>{c.instructions}</p>
<div><button class="button is-danger" onClick={c.remove}>Delete</button></div>
</div>
})}
</div></section>}
<div>
<div style={{ marginTop: '2em', display: 'flex', justifyContent: 'space-between' }}>
<button class="button" onClick={cancel}>Cancel</button>
<span data-tooltip={errors}>
<button class="button is-info" disabled={errors !== undefined} onClick={addTotpAuth}>Add</button>
</span>
</div>
</div>
</AnastasisClientFrame>
);
}
|