diff --git a/doc/authen_pause.schema.txt b/doc/authen_pause.schema.txt index 450ed8205..a801abf3e 100644 --- a/doc/authen_pause.schema.txt +++ b/doc/authen_pause.schema.txt @@ -56,7 +56,6 @@ CREATE TABLE usertable ( `changed` int(11) DEFAULT NULL, changedby char(10) DEFAULT NULL, lastvisit datetime DEFAULT NULL, - mfa tinyint(1) DEFAULT 0, mfa_secret32 varchar(16) DEFAULT NULL, mfa_recovery_codes text DEFAULT NULL, PRIMARY KEY (`user`), diff --git a/doc/schemas/authen_pause.schema.sqlite b/doc/schemas/authen_pause.schema.sqlite index 36ae5725b..a1046d5be 100644 --- a/doc/schemas/authen_pause.schema.sqlite +++ b/doc/schemas/authen_pause.schema.sqlite @@ -36,7 +36,6 @@ CREATE TABLE usertable ( changed int(11) DEFAULT NULL, changedby char(10) DEFAULT NULL, lastvisit datetime DEFAULT NULL, - mfa tinyint(1) DEFAULT 0, mfa_secret32 varchar(16) DEFAULT NULL, mfa_recovery_codes text DEFAULT NULL, PRIMARY KEY (user) diff --git a/lib/pause_2017/PAUSE/Web/Controller/User/Mfa.pm b/lib/pause_2017/PAUSE/Web/Controller/User/Mfa.pm index e13adcc0b..a0e48f78e 100644 --- a/lib/pause_2017/PAUSE/Web/Controller/User/Mfa.pm +++ b/lib/pause_2017/PAUSE/Web/Controller/User/Mfa.pm @@ -41,14 +41,12 @@ sub edit { $pause->{error}{invalid_code} = 1; return; } - my ($mfa, $secret32, $recovery_codes); + my ($secret32, $recovery_codes); if ($req->param("pause99_mfa_reset")) { - $mfa = 0; $secret32 = undef; $recovery_codes = undef; $c->flash(mfa_disabled => 1); } else { - $mfa = 1; $secret32 = $auth->secret32; $c->flash(mfa_enabled => 1); my @codes = _generate_recovery_codes(); @@ -57,8 +55,8 @@ sub edit { } my $dbh = $mgr->authen_connect; my $tbl = $PAUSE::Config->{AUTHEN_USER_TABLE}; - my $sql = "UPDATE $tbl SET mfa = ?, mfa_secret32 = ?, mfa_recovery_codes = ?, changed = ?, changedby = ? WHERE user = ?"; - if ($dbh->do($sql, undef, $mfa, $secret32, $recovery_codes, time, $pause->{User}{userid}, $u->{userid})) { + my $sql = "UPDATE $tbl SET mfa_secret32 = ?, mfa_recovery_codes = ?, changed = ?, changedby = ? WHERE user = ?"; + if ($dbh->do($sql, undef, $secret32, $recovery_codes, time, $pause->{User}{userid}, $u->{userid})) { my $mailblurb = $c->render_to_string("email/user/mfa/edit", format => "email"); my $header = {Subject => "User update for $u->{userid}"}; my @to = $u->{secretemail}; diff --git a/lib/pause_2017/PAUSE/Web/Plugin/WithMFAProtection.pm b/lib/pause_2017/PAUSE/Web/Plugin/WithMFAProtection.pm index fe4a1a0e8..95f0ae171 100644 --- a/lib/pause_2017/PAUSE/Web/Plugin/WithMFAProtection.pm +++ b/lib/pause_2017/PAUSE/Web/Plugin/WithMFAProtection.pm @@ -16,7 +16,7 @@ sub register { my $u = $c->active_user_record; # XXX: The active user record does not have mfa when an admin user is pretending someone else. - return 1 unless $u->{mfa}; + return 1 unless $u->{mfa_secret32}; my $otp = $c->req->body_params->param('otp'); if (defined $otp and $otp ne '') { diff --git a/lib/pause_2017/templates/user/mfa/edit.html.ep b/lib/pause_2017/templates/user/mfa/edit.html.ep index 698bb4749..452f85cf5 100644 --- a/lib/pause_2017/templates/user/mfa/edit.html.ep +++ b/lib/pause_2017/templates/user/mfa/edit.html.ep @@ -22,7 +22,7 @@ % } -

<% if (!$pause->{HiddenUser}{mfa}) { %>Enable<% } else { %>Disable<% } %> Multifactor Authentication for <%= $pause->{HiddenUser}{userid} %> +

<% if (!$pause->{HiddenUser}{mfa_secret32}) { %>Enable<% } else { %>Disable<% } %> Multifactor Authentication for <%= $pause->{HiddenUser}{userid} %> % if (exists $pause->{UserGroups}{admin}) { (lastvisit <%= $pause->{HiddenUser}{lastvisit} || "before 2005-12-02" %>) % } @@ -37,7 +37,7 @@ Verification Code is invalid.
% } -% if (!$pause->{HiddenUser}{mfa}) { +% if (!$pause->{HiddenUser}{mfa_secret32}) {

Submit 6-digit code to enable Multifactor Authentication.

diff --git a/one-off-utils/schemachange-2024-04_2.sql b/one-off-utils/schemachange-2024-04_2.sql index b981d9722..241660ce1 100644 --- a/one-off-utils/schemachange-2024-04_2.sql +++ b/one-off-utils/schemachange-2024-04_2.sql @@ -1,3 +1,2 @@ -ALTER TABLE usertable ADD COLUMN mfa tinyint(1) DEFAULT 0; ALTER TABLE usertable ADD COLUMN mfa_secret32 varchar(16); ALTER TABLE usertable ADD COLUMN mfa_recovery_codes text;