barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2025-11-03 23:55:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: disable basic auth on totp users

Browse Source
This commit is contained in:
Stavros
2025-05-01 13:05:48 +03:00
parent aab01b3195
commit 83483d6374
3 changed files with 24 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/handlers/handlers.go
View File

@@ -126,6 +126,12 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
// Get user context // Get user context
userContext := h.Hooks.UseUserContext(c) userContext := h.Hooks.UseUserContext(c)
// If we are using basic auth, we need to check if the user has totp and if it does then disable basic auth
if userContext.Provider == "basic" && userContext.TotpEnabled {
log.Warn().Str("username", userContext.Username).Msg("User has totp enabled, disabling basic auth")
userContext.IsLoggedIn = false
}
// Check if user is logged in // Check if user is logged in
if userContext.IsLoggedIn { if userContext.IsLoggedIn {
log.Debug().Msg("Authenticated") log.Debug().Msg("Authenticated")

24
internal/hooks/hooks.go
View File

@@ -35,17 +35,27 @@ func (hooks *Hooks) UseUserContext(c *gin.Context) types.UserContext {
if basic != nil { if basic != nil {
log.Debug().Msg("Got basic auth") log.Debug().Msg("Got basic auth")
// Check if user exists and password is correct // Get user
user := hooks.Auth.GetUser(basic.Username) user := hooks.Auth.GetUser(basic.Username)
if user != nil && hooks.Auth.CheckPassword(*user, basic.Password) { // Check we have a user
if user == nil {
log.Error().Str("username", basic.Username).Msg("User does not exist")
// Return empty context
return types.UserContext{}
}
// Check if the user has a correct password
if hooks.Auth.CheckPassword(*user, basic.Password) {
// Return user context since we are logged in with basic auth // Return user context since we are logged in with basic auth
return types.UserContext{ return types.UserContext{
Username: basic.Username, Username: basic.Username,
Name: utils.Capitalize(basic.Username), Name: utils.Capitalize(basic.Username),
Email: fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), hooks.Config.Domain), Email: fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), hooks.Config.Domain),
IsLoggedIn: true, IsLoggedIn: true,
Provider: "basic", Provider: "basic",
TotpEnabled: user.TotpSecret != "",
} }
} }

1
internal/types/types.go
View File

@@ -51,6 +51,7 @@ type UserContext struct {
Provider string Provider string
TotpPending bool TotpPending bool
OAuthGroups string OAuthGroups string
TotpEnabled bool
} }
// LoginAttempt tracks information about login attempts for rate limiting // LoginAttempt tracks information about login attempts for rate limiting