1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
/*
This file is part of GNU Anastasis
(C) 2021-2022 Anastasis SARL
GNU Anastasis is free software; you can redistribute it and/or modify it under the
terms of the GNU Affero General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
GNU Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with
GNU Anastasis; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
*/
import { encodeCrock } from "@gnu-taler/taler-util";
import { h, VNode } from "preact";
import { useMemo, useState } from "preact/hooks";
import { TextInput } from "../../../components/fields/TextInput.js";
import { QR } from "../../../components/QR.js";
import { AnastasisClientFrame } from "../index.js";
import { AuthMethodSetupProps } from "./index.js";
import { base32enc, computeTOTPandCheck } from "./totp.js";
/**
* This is hard-coded in the protocol for TOTP auth.
*/
const ANASTASIS_TOTP_DIGITS = 8;
export function AuthMethodTotpSetup({
addAuthMethod,
cancel,
configured,
}: AuthMethodSetupProps): VNode {
const [name, setName] = useState("anastasis");
const [test, setTest] = useState("");
const secretKey = useMemo(() => {
const array = new Uint8Array(32);
if (typeof window === "undefined") return array;
return window.crypto.getRandomValues(array);
}, []);
const secret32 = base32enc(secretKey);
const totpURL = `otpauth://totp/${name}?digits=${ANASTASIS_TOTP_DIGITS}&secret=${secret32}`;
const addTotpAuth = (): void =>
addAuthMethod({
authentication_method: {
type: "totp",
instructions: `Enter ${ANASTASIS_TOTP_DIGITS} digits code for "${name}"`,
challenge: encodeCrock(secretKey),
},
});
const testCodeMatches = computeTOTPandCheck(secretKey, 8, parseInt(test, 10));
const errors = !name
? "The TOTP name is missing"
: !testCodeMatches
? "The test code doesnt match"
: undefined;
function goNextIfNoErrors(): void {
if (!errors) addTotpAuth();
}
return (
<AnastasisClientFrame hideNav title="Add TOTP authentication">
<p>
For Time-based One-Time Password (TOTP) authentication, you need to set
a name for the TOTP secret. Then, you must scan the generated QR code
with your TOTP App to import the TOTP secret into your TOTP App.
</p>
<div class="block">
<TextInput label="TOTP Name" grabFocus bind={[name, setName]} />
</div>
<div style={{ height: 300 }}>
<QR text={totpURL} />
</div>
<p>
Confirm that your TOTP App works by entering the current 8-digit TOTP
code here:
</p>
<TextInput
label="Test code"
onConfirm={goNextIfNoErrors}
bind={[test, setTest]}
/>
<div>
We note that Google's implementation of TOTP is incomplete and will
not work. We recommend using FreeOTP+.
</div>
{configured.length > 0 && (
<section class="section">
<div class="block">Your TOTP numbers:</div>
<div class="block">
{configured.map((c, i) => {
return (
<div
key={i}
class="box"
style={{ display: "flex", justifyContent: "space-between" }}
>
<p style={{ marginTop: "auto", marginBottom: "auto" }}>
{c.instructions}
</p>
<div>
<button class="button is-danger" onClick={c.remove}>
Delete
</button>
</div>
</div>
);
})}
</div>
</section>
)}
<div>
<div
style={{
marginTop: "2em",
display: "flex",
justifyContent: "space-between",
}}
>
<button class="button" onClick={cancel}>
Cancel
</button>
<span data-tooltip={errors}>
<button
class="button is-info"
disabled={errors !== undefined}
onClick={addTotpAuth}
>
Add
</button>
</span>
</div>
</div>
</AnastasisClientFrame>
);
}
|