1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
import { encodeCrock, stringToBytes } from "@gnu-taler/taler-util";
import { h, VNode } from "preact";
import { useMemo, useState } from "preact/hooks";
import { AuthMethodSetupProps } from "./index";
import { AnastasisClientFrame } from "../index";
import { TextInput } from "../../../components/fields/TextInput";
import { QR } from "../../../components/QR";
import { base32enc, computeTOTPandCheck } from "./totp";
/**
* This is hard-coded in the protocol for TOTP auth.
*/
const ANASTASIS_TOTP_DIGITS = 8;
export function AuthMethodTotpSetup({
addAuthMethod,
cancel,
configured,
}: AuthMethodSetupProps): VNode {
const [name, setName] = useState("anastasis");
const [test, setTest] = useState("");
const secretKey = useMemo(() => {
const array = new Uint8Array(32);
return window.crypto.getRandomValues(array);
}, []);
const secret32 = base32enc(secretKey);
const totpURL = `otpauth://totp/${name}?digits=${ANASTASIS_TOTP_DIGITS}&secret=${secret32}`;
const addTotpAuth = (): void =>
addAuthMethod({
authentication_method: {
type: "totp",
instructions: `Enter ${ANASTASIS_TOTP_DIGITS} digits code for "${name}"`,
challenge: encodeCrock(secretKey),
},
});
const testCodeMatches = computeTOTPandCheck(secretKey, 8, parseInt(test, 10));
const errors = !name
? "The TOTP name is missing"
: !testCodeMatches
? "The test code doesnt match"
: undefined;
function goNextIfNoErrors(): void {
if (!errors) addTotpAuth();
}
return (
<AnastasisClientFrame hideNav title="Add TOTP authentication">
<p>
For Time-based One-Time Password (TOTP) authentication, you need to set
a name for the TOTP secret. Then, you must scan the generated QR code
with your TOTP App to import the TOTP secret into your TOTP App.
</p>
<div class="block">
<TextInput label="TOTP Name" grabFocus bind={[name, setName]} />
</div>
<div style={{ height: 300 }}>
<QR text={totpURL} />
</div>
<p>
Confirm that your TOTP App works by entering the current 8-digit TOTP
code here:
</p>
<TextInput
label="Test code"
onConfirm={goNextIfNoErrors}
bind={[test, setTest]}
/>
<div>
We note that Google's implementation of TOTP is incomplete and will not
work. We recommend using FreeOTP+.
</div>
{configured.length > 0 && (
<section class="section">
<div class="block">Your TOTP numbers:</div>
<div class="block">
{configured.map((c, i) => {
return (
<div
key={i}
class="box"
style={{ display: "flex", justifyContent: "space-between" }}
>
<p style={{ marginTop: "auto", marginBottom: "auto" }}>
{c.instructions}
</p>
<div>
<button class="button is-danger" onClick={c.remove}>
Delete
</button>
</div>
</div>
);
})}
</div>
</section>
)}
<div>
<div
style={{
marginTop: "2em",
display: "flex",
justifyContent: "space-between",
}}
>
<button class="button" onClick={cancel}>
Cancel
</button>
<span data-tooltip={errors}>
<button
class="button is-info"
disabled={errors !== undefined}
onClick={addTotpAuth}
>
Add
</button>
</span>
</div>
</div>
</AnastasisClientFrame>
);
}
|