diff --git a/dashboard/src/components/EnvComponents/Features.tsx b/dashboard/src/components/EnvComponents/Features.tsx
index 0acb7fa..77553bf 100644
--- a/dashboard/src/components/EnvComponents/Features.tsx
+++ b/dashboard/src/components/EnvComponents/Features.tsx
@@ -25,7 +25,6 @@ const Features = ({ variables, setVariables }: any) => {
-
Email Verification:
@@ -109,15 +108,12 @@ const Features = ({ variables, setVariables }: any) => {
/>
-
- {
- !variables.DISABLE_MULTI_FACTOR_AUTHENTICATION &&
+ {/** TODO enable after final release */}
+ {/* {!variables.DISABLE_MULTI_FACTOR_AUTHENTICATION && (
TOTP:
-
- Note: to enable totp mfa
-
+ Note: to enable totp mfa
@@ -129,25 +125,24 @@ const Features = ({ variables, setVariables }: any) => {
/>
- }
- {!variables.DISABLE_MULTI_FACTOR_AUTHENTICATION &&
+ )} */}
+ {!variables.DISABLE_MULTI_FACTOR_AUTHENTICATION && (
-
- EMAIL OTP:
-
- Note: to enable email otp mfa
-
-
+
+ EMAIL OTP:
+ Note: to enable email otp mfa
+
-
-
-
- }
+
+
+
+
+ )}
diff --git a/server/env/env.go b/server/env/env.go
index 09ed82c..2aa08b3 100644
--- a/server/env/env.go
+++ b/server/env/env.go
@@ -834,9 +834,10 @@ func InitAllEnv() error {
envData[constants.EnvKeyDisablePlayGround] = boolValue
}
}
-
+ // TODO: remove after beta launch
+ envData[constants.EnvKeyDisableTOTPLogin] = true
if _, ok := envData[constants.EnvKeyDisableTOTPLogin]; !ok {
- envData[constants.EnvKeyDisableTOTPLogin] = osDisableTOTPLogin == "false"
+ envData[constants.EnvKeyDisableTOTPLogin] = osDisableTOTPLogin == "true"
}
if osDisableTOTPLogin != "" {
boolValue, err := strconv.ParseBool(osDisableTOTPLogin)
@@ -847,6 +848,7 @@ func InitAllEnv() error {
envData[constants.EnvKeyDisableTOTPLogin] = boolValue
}
}
+ fmt.Println("=> final value", envData[constants.EnvKeyDisableTOTPLogin])
if _, ok := envData[constants.EnvKeyDisableMailOTPLogin]; !ok {
envData[constants.EnvKeyDisableMailOTPLogin] = osDisableMailOTPLogin == "true"
diff --git a/server/resolvers/login.go b/server/resolvers/login.go
index 858b455..47b3cc6 100644
--- a/server/resolvers/login.go
+++ b/server/resolvers/login.go
@@ -182,45 +182,6 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
}
return otpData, nil
}
- // If mfa enabled and also totp enabled
- // first priority is given to totp
- if refs.BoolValue(user.IsMultiFactorAuthEnabled) && !isMFADisabled && !isTOTPLoginDisabled {
- expiresAt := time.Now().Add(3 * time.Minute).Unix()
- if err := setOTPMFaSession(expiresAt); err != nil {
- log.Debug("Failed to set mfa session: ", err)
- return nil, err
- }
- authenticator, err := db.Provider.GetAuthenticatorDetailsByUserId(ctx, user.ID, constants.EnvKeyTOTPAuthenticator)
- // Check if it's the first time user or if their TOTP is not verified
- if err != nil || ((authenticator == nil) || (authenticator != nil && authenticator.VerifiedAt == nil)) {
- // Generate a base64 URL and initiate the registration for TOTP
- authConfig, err := authenticators.Provider.Generate(ctx, user.ID)
- if err != nil {
- log.Debug("error while generating base64 url: ", err)
- return nil, err
- }
- recoveryCodes := []*string{}
- for _, code := range authConfig.RecoveryCodes {
- recoveryCodes = append(recoveryCodes, refs.NewStringRef(code))
- }
- // when user is first time registering for totp
- res = &model.AuthResponse{
- Message: `Proceed to totp verification screen`,
- ShouldShowTotpScreen: refs.NewBoolRef(true),
- AuthenticatorScannerImage: refs.NewStringRef(authConfig.ScannerImage),
- AuthenticatorSecret: refs.NewStringRef(authConfig.Secret),
- AuthenticatorRecoveryCodes: recoveryCodes,
- }
- return res, nil
- } else {
- //when user is already register for totp
- res = &model.AuthResponse{
- Message: `Proceed to totp screen`,
- ShouldShowTotpScreen: refs.NewBoolRef(true),
- }
- return res, nil
- }
- }
// If multi factor authentication is enabled and is email based login and email otp is enabled
if refs.BoolValue(user.IsMultiFactorAuthEnabled) && !isMFADisabled && !isMailOTPDisabled && isEmailServiceEnabled && isEmailLogin {
expiresAt := time.Now().Add(1 * time.Minute).Unix()
@@ -275,6 +236,44 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
ShouldShowMobileOtpScreen: refs.NewBoolRef(isMobileLogin),
}, nil
}
+ // If mfa enabled and also totp enabled
+ if refs.BoolValue(user.IsMultiFactorAuthEnabled) && !isMFADisabled && !isTOTPLoginDisabled {
+ expiresAt := time.Now().Add(3 * time.Minute).Unix()
+ if err := setOTPMFaSession(expiresAt); err != nil {
+ log.Debug("Failed to set mfa session: ", err)
+ return nil, err
+ }
+ authenticator, err := db.Provider.GetAuthenticatorDetailsByUserId(ctx, user.ID, constants.EnvKeyTOTPAuthenticator)
+ // Check if it's the first time user or if their TOTP is not verified
+ if err != nil || ((authenticator == nil) || (authenticator != nil && authenticator.VerifiedAt == nil)) {
+ // Generate a base64 URL and initiate the registration for TOTP
+ authConfig, err := authenticators.Provider.Generate(ctx, user.ID)
+ if err != nil {
+ log.Debug("error while generating base64 url: ", err)
+ return nil, err
+ }
+ recoveryCodes := []*string{}
+ for _, code := range authConfig.RecoveryCodes {
+ recoveryCodes = append(recoveryCodes, refs.NewStringRef(code))
+ }
+ // when user is first time registering for totp
+ res = &model.AuthResponse{
+ Message: `Proceed to totp verification screen`,
+ ShouldShowTotpScreen: refs.NewBoolRef(true),
+ AuthenticatorScannerImage: refs.NewStringRef(authConfig.ScannerImage),
+ AuthenticatorSecret: refs.NewStringRef(authConfig.Secret),
+ AuthenticatorRecoveryCodes: recoveryCodes,
+ }
+ return res, nil
+ } else {
+ //when user is already register for totp
+ res = &model.AuthResponse{
+ Message: `Proceed to totp screen`,
+ ShouldShowTotpScreen: refs.NewBoolRef(true),
+ }
+ return res, nil
+ }
+ }
code := ""
codeChallenge := ""
diff --git a/server/resolvers/update_env.go b/server/resolvers/update_env.go
index 6ac770c..abd43d2 100644
--- a/server/resolvers/update_env.go
+++ b/server/resolvers/update_env.go
@@ -261,7 +261,6 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
}
if !updatedData[constants.EnvKeyDisableMagicLinkLogin].(bool) {
updatedData[constants.EnvKeyDisableMailOTPLogin] = true
- updatedData[constants.EnvKeyDisableTOTPLogin] = false
}
}
@@ -276,19 +275,8 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
}
}
- if updatedData[constants.EnvKeyDisableMultiFactorAuthentication].(bool) {
- updatedData[constants.EnvKeyDisableTOTPLogin] = true
+ if updatedData[constants.EnvKeyDisableMultiFactorAuthentication].(bool) && updatedData[constants.EnvKeyIsEmailServiceEnabled].(bool) {
updatedData[constants.EnvKeyDisableMailOTPLogin] = true
- } else {
- if !updatedData[constants.EnvKeyDisableMailOTPLogin].(bool) && !updatedData[constants.EnvKeyDisableTOTPLogin].(bool) {
- errors.New("can't enable both mfa methods at same time")
- updatedData[constants.EnvKeyDisableMailOTPLogin] = true
- updatedData[constants.EnvKeyDisableTOTPLogin] = false
- } else if updatedData[constants.EnvKeyDisableMailOTPLogin].(bool) && updatedData[constants.EnvKeyDisableTOTPLogin].(bool) {
- errors.New("can't disable both mfa methods at same time")
- updatedData[constants.EnvKeyDisableMailOTPLogin] = true
- updatedData[constants.EnvKeyDisableTOTPLogin] = false
- }
}
if !currentData[constants.EnvKeyEnforceMultiFactorAuthentication].(bool) && updatedData[constants.EnvKeyEnforceMultiFactorAuthentication].(bool) && !updatedData[constants.EnvKeyDisableMultiFactorAuthentication].(bool) {