2022-01-19 19:41:06 +00:00
|
|
|
import {handleSubmit} from 'app/client/lib/formUtils';
|
2022-01-07 18:11:52 +00:00
|
|
|
import {AppModel} from 'app/client/models/AppModel';
|
|
|
|
import {reportError, reportSuccess} from 'app/client/models/errors';
|
|
|
|
import {bigBasicButton, bigPrimaryButton} from 'app/client/ui2018/buttons';
|
|
|
|
import {colors, vars} from 'app/client/ui2018/cssVars';
|
|
|
|
import {icon} from 'app/client/ui2018/icons';
|
|
|
|
import {cssLink} from 'app/client/ui2018/links';
|
|
|
|
import {loadingSpinner} from 'app/client/ui2018/loaders';
|
2022-01-24 20:38:32 +00:00
|
|
|
import {cssModalBody, cssModalTitle, cssModalWidth, IModalControl,
|
|
|
|
modal, cssModalButtons as modalButtons} from 'app/client/ui2018/modals';
|
2022-01-07 18:11:52 +00:00
|
|
|
import {ApiError} from 'app/common/ApiError';
|
|
|
|
import {FullUser} from 'app/common/LoginSessionAPI';
|
2022-01-21 22:54:15 +00:00
|
|
|
import {AuthMethod, ChallengeRequired, UserMFAPreferences} from 'app/common/UserAPI';
|
2022-01-19 19:41:06 +00:00
|
|
|
import {Disposable, dom, input, makeTestId, MultiHolder, Observable, styled} from 'grainjs';
|
2022-01-07 18:11:52 +00:00
|
|
|
import {toDataURL} from 'qrcode';
|
|
|
|
|
|
|
|
const testId = makeTestId('test-mfa-');
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Step in the dialog flow for enabling a MFA method.
|
|
|
|
*/
|
|
|
|
type EnableAuthMethodStep =
|
|
|
|
| 'verify-password'
|
|
|
|
| 'choose-auth-method'
|
2022-01-19 19:41:06 +00:00
|
|
|
| 'configure-auth-app'
|
|
|
|
| 'configure-phone-message';
|
2022-01-07 18:11:52 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Step in the dialog flow for disabling a MFA method.
|
|
|
|
*/
|
|
|
|
type DisableAuthMethodStep =
|
|
|
|
| 'confirm-disable'
|
|
|
|
| 'verify-password'
|
|
|
|
| 'disable-method';
|
|
|
|
|
|
|
|
interface MFAConfigOptions {
|
|
|
|
appModel: AppModel;
|
2022-01-19 19:41:06 +00:00
|
|
|
// Called when the MFA status is changed successfully.
|
|
|
|
onChange: () => void;
|
|
|
|
}
|
|
|
|
|
|
|
|
interface EnablePhoneMessageOptions {
|
|
|
|
// Called on successful completion of the enable phone message form.
|
|
|
|
onSuccess: (newPhoneNumber: string) => void;
|
|
|
|
// If true, shows a back text button on the first screen of the form.
|
|
|
|
showBackButton?: boolean;
|
|
|
|
// The text to use for the back button if `showBackButton` is true.
|
|
|
|
backButtonText?: string;
|
|
|
|
// Called when the back button is clicked.
|
|
|
|
onBack?: () => void;
|
2022-01-07 18:11:52 +00:00
|
|
|
}
|
|
|
|
|
2022-01-19 19:41:06 +00:00
|
|
|
// Common HTML input options for 6 digit verification fields (SMS and TOTP).
|
|
|
|
const verificationCodeInputOpts = {
|
|
|
|
name: 'verificationCode',
|
|
|
|
type: 'text',
|
|
|
|
inputmode: 'numeric',
|
|
|
|
pattern: '\\d{6}',
|
|
|
|
required: 'true',
|
|
|
|
};
|
|
|
|
|
2022-01-07 18:11:52 +00:00
|
|
|
/**
|
|
|
|
* Shows information about multi-factor authentication preferences for the logged-in user
|
|
|
|
* and buttons for enabling/disabling them.
|
|
|
|
*
|
2022-01-19 19:41:06 +00:00
|
|
|
* Currently supports software tokens (TOTP) and SMS.
|
2022-01-07 18:11:52 +00:00
|
|
|
*/
|
|
|
|
export class MFAConfig extends Disposable {
|
|
|
|
private _appModel: AppModel;
|
|
|
|
private _user: FullUser;
|
|
|
|
|
|
|
|
constructor(
|
|
|
|
private _mfaPrefs: Observable<UserMFAPreferences|null>,
|
2022-01-19 19:41:06 +00:00
|
|
|
private _options: MFAConfigOptions
|
2022-01-07 18:11:52 +00:00
|
|
|
) {
|
|
|
|
super();
|
2022-01-19 19:41:06 +00:00
|
|
|
this._appModel = _options.appModel;
|
|
|
|
this._user = this._appModel.currentUser!;
|
2022-01-07 18:11:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
public buildDom() {
|
|
|
|
return this._buildButtons();
|
|
|
|
}
|
|
|
|
|
|
|
|
private _buildButtons() {
|
2022-01-19 19:41:06 +00:00
|
|
|
return cssButtons(
|
|
|
|
dom.domComputed(this._mfaPrefs, mfaPrefs => {
|
2022-01-24 20:38:32 +00:00
|
|
|
if (!mfaPrefs) { return cssSmallSpinner(cssSmallLoadingSpinner()); }
|
2022-01-19 19:41:06 +00:00
|
|
|
|
|
|
|
const {isSmsMfaEnabled, isSoftwareTokenMfaEnabled, phoneNumber} = mfaPrefs;
|
|
|
|
return [
|
|
|
|
!isSmsMfaEnabled && !isSoftwareTokenMfaEnabled ?
|
|
|
|
cssTextBtn(
|
2022-01-21 22:54:15 +00:00
|
|
|
'Configure two-factor authentication',
|
2022-01-19 19:41:06 +00:00
|
|
|
dom.on('click', () => this._showAddAuthMethodModal(undefined, {
|
|
|
|
onSuccess: () => {
|
|
|
|
reportSuccess('Two-factor authentication enabled');
|
|
|
|
this._options.onChange();
|
|
|
|
}
|
|
|
|
})),
|
|
|
|
testId('enable-2fa'),
|
|
|
|
) :
|
|
|
|
dom.frag(
|
2022-01-07 18:11:52 +00:00
|
|
|
cssDataRow(
|
|
|
|
cssIconAndText(cssIcon('BarcodeQR'), cssText('Authenticator app')),
|
2022-01-19 19:41:06 +00:00
|
|
|
isSoftwareTokenMfaEnabled ?
|
|
|
|
cssTextBtn(
|
|
|
|
'Disable',
|
|
|
|
dom.on('click', () => this._showDisableAuthMethodModal('TOTP', {
|
|
|
|
onSuccess: () => {
|
|
|
|
reportSuccess('Authentication app disabled');
|
|
|
|
this._options.onChange();
|
|
|
|
}
|
|
|
|
})),
|
|
|
|
testId('disable-auth-app'),
|
|
|
|
) :
|
|
|
|
cssTextBtn(
|
|
|
|
'Enable',
|
|
|
|
dom.on('click', () => this._showAddAuthMethodModal('TOTP', {
|
|
|
|
onSuccess: () => {
|
|
|
|
reportSuccess('Authentication app enabled');
|
|
|
|
this._options.onChange();
|
|
|
|
}
|
|
|
|
})),
|
|
|
|
testId('enable-auth-app'),
|
|
|
|
),
|
|
|
|
testId('auth-app-row')
|
2022-01-07 18:11:52 +00:00
|
|
|
),
|
2022-01-19 19:41:06 +00:00
|
|
|
cssDataRow(
|
|
|
|
cssIconAndText(
|
|
|
|
cssIcon('MobileChat'),
|
|
|
|
cssText('SMS', isSmsMfaEnabled && phoneNumber ? ` to ${phoneNumber}` : null),
|
|
|
|
),
|
|
|
|
isSmsMfaEnabled ?
|
|
|
|
[
|
|
|
|
cssTextBtn(
|
|
|
|
'Change',
|
|
|
|
dom.on('click', () => this._showAddAuthMethodModal('SMS', {
|
|
|
|
onSuccess: () => {
|
|
|
|
reportSuccess('Phone number changed');
|
|
|
|
this._options.onChange();
|
|
|
|
}
|
|
|
|
})),
|
|
|
|
testId('change-phone-number'),
|
|
|
|
),
|
|
|
|
cssTextBtn(
|
|
|
|
'Disable',
|
|
|
|
dom.on('click', () => this._showDisableAuthMethodModal('SMS', {
|
|
|
|
onSuccess: () => {
|
|
|
|
reportSuccess('Phone message disabled');
|
|
|
|
this._options.onChange();
|
|
|
|
}
|
|
|
|
})),
|
|
|
|
testId('disable-sms'),
|
|
|
|
),
|
|
|
|
] :
|
|
|
|
cssTextBtn(
|
|
|
|
'Enable',
|
|
|
|
dom.on('click', () => this._showAddAuthMethodModal('SMS', {
|
|
|
|
onSuccess: () => {
|
|
|
|
reportSuccess('Phone message enabled');
|
|
|
|
this._options.onChange();
|
|
|
|
}
|
|
|
|
})),
|
|
|
|
testId('enable-sms'),
|
|
|
|
),
|
|
|
|
testId('sms-row')
|
|
|
|
),
|
|
|
|
),
|
|
|
|
];
|
|
|
|
}),
|
|
|
|
testId('buttons')
|
|
|
|
);
|
2022-01-07 18:11:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Displays a modal that allows users to enable a MFA method for their account.
|
|
|
|
*
|
2022-01-19 19:41:06 +00:00
|
|
|
* @param {AuthMethod | undefined} method If specified, skips the 'choose-auth-method' step.
|
2022-01-21 22:54:15 +00:00
|
|
|
* @param {() => void} options.onSuccess Called after successfully adding an auth method.
|
2022-01-07 18:11:52 +00:00
|
|
|
*/
|
2022-01-19 19:41:06 +00:00
|
|
|
private _showAddAuthMethodModal(
|
|
|
|
method: AuthMethod | undefined,
|
|
|
|
options: {onSuccess: () => void}
|
|
|
|
): void {
|
2022-01-07 18:11:52 +00:00
|
|
|
return modal((ctl, owner) => {
|
|
|
|
const currentStep = Observable.create<EnableAuthMethodStep>(owner, 'verify-password');
|
|
|
|
|
|
|
|
return [
|
|
|
|
dom.domComputed((use) => {
|
|
|
|
const step = use(currentStep);
|
|
|
|
switch (step) {
|
|
|
|
case 'verify-password': {
|
|
|
|
return [
|
2022-01-21 22:54:15 +00:00
|
|
|
this._buildSecurityVerificationForm(ctl, {onSuccess: async (hadSecondStep) => {
|
|
|
|
/**
|
2022-02-19 09:46:49 +00:00
|
|
|
* If method was unspecified, but second step verification occurred, we know that
|
2022-01-21 22:54:15 +00:00
|
|
|
* the client doesn't have up-to-date 2FA preferences. Close the modal, and force
|
|
|
|
* a refresh of UserMFAPreferences, which should cause the correct buttons to be
|
|
|
|
* rendered once preferences are loaded.
|
|
|
|
*
|
|
|
|
* This is ultimately caused by older Grist sessions (pre-2FA) not having access
|
|
|
|
* or refresh tokens, which makes it impossible to get MFA status without first
|
|
|
|
* requiring that users re-authenticate. Token-less sessions currently return a
|
|
|
|
* disabled status for all 2FA methods as an interim solution, until all old
|
|
|
|
* sessions have expired (3 months).
|
|
|
|
*
|
|
|
|
* TODO: Revisit this 3 months after this commit has landed in prod; we may no longer
|
|
|
|
* need much of these changes.
|
|
|
|
*/
|
|
|
|
if (!method && hadSecondStep) {
|
|
|
|
ctl.close();
|
|
|
|
this._options.onChange();
|
|
|
|
}
|
2022-01-19 19:41:06 +00:00
|
|
|
if (!method) { return currentStep.set('choose-auth-method'); }
|
|
|
|
|
|
|
|
currentStep.set(method === 'SMS' ? 'configure-phone-message' : 'configure-auth-app');
|
2022-01-07 18:11:52 +00:00
|
|
|
}}),
|
|
|
|
];
|
|
|
|
}
|
|
|
|
case 'choose-auth-method': {
|
|
|
|
return [
|
2022-01-19 19:41:06 +00:00
|
|
|
cssModalTitle('Two-factor authentication', testId('title')),
|
2022-01-07 18:11:52 +00:00
|
|
|
cssModalBody(
|
2022-01-19 19:41:06 +00:00
|
|
|
cssMainText(
|
|
|
|
"Once you enable two step authentication, you'll need to enter a special code " +
|
2022-01-07 18:11:52 +00:00
|
|
|
"when you log in. Please choose a method you'd like to receive codes with."
|
|
|
|
),
|
|
|
|
cssAuthMethods(
|
|
|
|
cssAuthMethod(
|
2022-01-19 19:41:06 +00:00
|
|
|
cssAuthMethodTitle(cssGreenIcon('BarcodeQR2'), 'Authenticator app', testId('auth-method-title')),
|
2022-01-07 18:11:52 +00:00
|
|
|
cssAuthMethodDesc(
|
|
|
|
"An authenticator app lets you access your security code without receiving a call " +
|
|
|
|
"or text message. If you don't already have an authenticator app, we'd recommend " +
|
|
|
|
"using ",
|
|
|
|
cssLink('Google Authenticator', dom.on('click', e => e.stopPropagation()), {
|
|
|
|
href: 'https://play.google.com/store/apps/' +
|
|
|
|
'details?id=com.google.android.apps.authenticator2&hl=en_US&gl=US',
|
|
|
|
target: '_blank',
|
|
|
|
}),
|
|
|
|
".",
|
|
|
|
),
|
2022-01-19 19:41:06 +00:00
|
|
|
dom.on('click', () => currentStep.set('configure-auth-app')),
|
|
|
|
testId('auth-app-method'),
|
2022-01-07 18:11:52 +00:00
|
|
|
),
|
2022-01-19 19:41:06 +00:00
|
|
|
cssAuthMethod(
|
|
|
|
cssAuthMethodTitle(cssGreenIcon('MobileChat2'), 'Phone message', testId('auth-method-title')),
|
|
|
|
cssAuthMethodDesc(
|
2022-01-20 02:26:20 +00:00
|
|
|
'You need to add a U.S. phone number where you can receive authentication codes by text.',
|
2022-01-19 19:41:06 +00:00
|
|
|
),
|
|
|
|
dom.on('click', () => currentStep.set('configure-phone-message')),
|
|
|
|
testId('sms-method'),
|
|
|
|
),
|
|
|
|
),
|
2022-01-07 18:11:52 +00:00
|
|
|
),
|
|
|
|
];
|
|
|
|
}
|
|
|
|
case 'configure-auth-app': {
|
|
|
|
return [
|
|
|
|
this._buildConfigureAuthAppForm(ctl, {onSuccess: async () => {
|
|
|
|
ctl.close();
|
2022-01-19 19:41:06 +00:00
|
|
|
options.onSuccess();
|
2022-01-07 18:11:52 +00:00
|
|
|
}}),
|
2022-01-19 19:41:06 +00:00
|
|
|
method ? null: cssBackBtn('← Back to methods',
|
|
|
|
dom.on('click', () => { currentStep.set('choose-auth-method'); }),
|
|
|
|
testId('back-to-methods'),
|
|
|
|
),
|
|
|
|
];
|
|
|
|
}
|
|
|
|
case 'configure-phone-message': {
|
|
|
|
return [
|
|
|
|
this._buildConfigurePhoneMessageForm(ctl, {
|
|
|
|
onSuccess: async () => {
|
|
|
|
ctl.close();
|
|
|
|
options.onSuccess();
|
|
|
|
},
|
|
|
|
showBackButton: !method,
|
|
|
|
backButtonText: '← Back to methods',
|
|
|
|
onBack: () => currentStep.set('choose-auth-method'),
|
|
|
|
}),
|
2022-01-07 18:11:52 +00:00
|
|
|
];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}),
|
2022-01-24 20:38:32 +00:00
|
|
|
cssModalWidth('fixed-wide'),
|
2022-01-07 18:11:52 +00:00
|
|
|
];
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Displays a modal that allows users to disable a MFA method for their account.
|
|
|
|
*
|
2022-01-19 19:41:06 +00:00
|
|
|
* @param {AuthMethod} method The auth method to disable.
|
2022-01-21 22:54:15 +00:00
|
|
|
* @param {() => void} options.onSuccess Called after successfully disabling an auth method.
|
2022-01-07 18:11:52 +00:00
|
|
|
*/
|
2022-01-19 19:41:06 +00:00
|
|
|
private _showDisableAuthMethodModal(method: AuthMethod, options: {onSuccess: () => void}): void {
|
2022-01-07 18:11:52 +00:00
|
|
|
return modal((ctl, owner) => {
|
|
|
|
const currentStep = Observable.create<DisableAuthMethodStep>(owner, 'confirm-disable');
|
|
|
|
|
|
|
|
return [
|
|
|
|
dom.domComputed((use) => {
|
|
|
|
const step = use(currentStep);
|
|
|
|
switch (step) {
|
|
|
|
case 'confirm-disable': {
|
|
|
|
return [
|
2022-01-19 19:41:06 +00:00
|
|
|
cssModalTitle(
|
|
|
|
`Disable ${method === 'TOTP' ? 'authentication app' : 'phone message'}?`,
|
|
|
|
testId('title')
|
|
|
|
),
|
2022-01-07 18:11:52 +00:00
|
|
|
cssModalBody(
|
2022-01-19 19:41:06 +00:00
|
|
|
cssMainText(
|
2022-01-07 18:11:52 +00:00
|
|
|
"Two-factor authentication is an extra layer of security for your Grist account designed " +
|
|
|
|
"to ensure that you're the only person who can access your account, even if someone " +
|
|
|
|
"knows your password."
|
|
|
|
),
|
|
|
|
cssModalButtons(
|
2022-01-19 19:41:06 +00:00
|
|
|
bigPrimaryButton('Yes, disable',
|
|
|
|
dom.on('click', () => currentStep.set('verify-password')),
|
|
|
|
testId('disable'),
|
|
|
|
),
|
|
|
|
bigBasicButton('Cancel', dom.on('click', () => ctl.close()), testId('cancel')),
|
2022-01-07 18:11:52 +00:00
|
|
|
),
|
|
|
|
),
|
|
|
|
];
|
|
|
|
}
|
|
|
|
case 'verify-password': {
|
|
|
|
return [
|
2022-01-19 19:41:06 +00:00
|
|
|
this._buildSecurityVerificationForm(ctl, {onSuccess: () => {
|
|
|
|
currentStep.set('disable-method');
|
|
|
|
}}),
|
2022-01-07 18:11:52 +00:00
|
|
|
];
|
|
|
|
}
|
|
|
|
case 'disable-method': {
|
2022-01-19 19:41:06 +00:00
|
|
|
const disableMethod = method === 'SMS' ?
|
|
|
|
this._unregisterSMS() :
|
|
|
|
this._unregisterSoftwareToken();
|
|
|
|
disableMethod
|
|
|
|
.then(() => { options.onSuccess(); })
|
|
|
|
.catch(reportError)
|
|
|
|
.finally(() => ctl.close());
|
|
|
|
|
2022-01-24 20:38:32 +00:00
|
|
|
return cssSpinner(loadingSpinner());
|
2022-01-07 18:11:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}),
|
2022-01-24 20:38:32 +00:00
|
|
|
cssModalWidth('fixed-wide'),
|
2022-01-07 18:11:52 +00:00
|
|
|
];
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Builds security verification forms, including a password form and optional 2FA verification form.
|
|
|
|
*
|
|
|
|
* A callback function must be passed, which will be called after successful completion of the
|
|
|
|
* verification forms.
|
|
|
|
*
|
|
|
|
* @param {() => void} options.onSuccess Called after successful completion of verification.
|
|
|
|
*/
|
2022-01-21 22:54:15 +00:00
|
|
|
private _buildSecurityVerificationForm(
|
|
|
|
ctl: IModalControl,
|
|
|
|
{onSuccess}: {onSuccess: (hadSecondStep: boolean) => void}
|
|
|
|
) {
|
2022-01-19 19:41:06 +00:00
|
|
|
const holder = new MultiHolder();
|
|
|
|
const securityStep = Observable.create<'password' | 'sms' | 'totp' | 'loading'>(holder, 'password');
|
|
|
|
const password = Observable.create(holder, '');
|
|
|
|
const session = Observable.create(holder, '');
|
2022-01-21 22:54:15 +00:00
|
|
|
const challengeDetails = Observable.create<ChallengeRequired | null>(holder, null);
|
2022-01-07 18:11:52 +00:00
|
|
|
|
|
|
|
return [
|
2022-01-19 19:41:06 +00:00
|
|
|
dom.autoDispose(holder),
|
2022-01-07 18:11:52 +00:00
|
|
|
dom.domComputed(securityStep, (step) => {
|
|
|
|
switch (step) {
|
2022-01-19 19:41:06 +00:00
|
|
|
case 'loading': {
|
2022-01-24 20:38:32 +00:00
|
|
|
return cssSpinner(loadingSpinner());
|
2022-01-19 19:41:06 +00:00
|
|
|
}
|
2022-01-07 18:11:52 +00:00
|
|
|
case 'password': {
|
2022-01-19 19:41:06 +00:00
|
|
|
let formElement: HTMLFormElement;
|
|
|
|
const multiHolder = new MultiHolder();
|
|
|
|
const pending = Observable.create(multiHolder, false);
|
|
|
|
const errorObs: Observable<string|null> = Observable.create(multiHolder, null);
|
2022-01-07 18:11:52 +00:00
|
|
|
|
|
|
|
return dom.frag(
|
2022-01-19 19:41:06 +00:00
|
|
|
dom.autoDispose(pending.addListener(isPending => isPending && errorObs.set(null))),
|
|
|
|
dom.autoDispose(multiHolder),
|
|
|
|
cssModalTitle('Confirm your password', testId('title')),
|
2022-01-07 18:11:52 +00:00
|
|
|
cssModalBody(
|
2022-01-19 19:41:06 +00:00
|
|
|
formElement = dom('form',
|
|
|
|
cssMainText('Please confirm your password to continue.'),
|
|
|
|
cssBoldSubHeading('Password'),
|
|
|
|
cssInput(password,
|
|
|
|
{onInput: true},
|
|
|
|
{
|
|
|
|
name: 'password',
|
|
|
|
placeholder: 'password',
|
|
|
|
type: 'password',
|
|
|
|
autocomplete: 'current-password',
|
|
|
|
id: 'current-password',
|
|
|
|
required: 'true',
|
|
|
|
},
|
|
|
|
(el) => { setTimeout(() => el.focus(), 10); },
|
|
|
|
dom.onKeyDown({Enter: () => formElement.requestSubmit()}),
|
|
|
|
testId('password-input'),
|
|
|
|
),
|
|
|
|
cssFormError(dom.text(use => use(errorObs) ?? ''), testId('form-error')),
|
2022-01-07 18:11:52 +00:00
|
|
|
handleSubmit(pending,
|
2022-01-19 19:41:06 +00:00
|
|
|
({password: pass}) => this._verifyPassword(pass),
|
2022-01-07 18:11:52 +00:00
|
|
|
(result) => {
|
2022-01-21 22:54:15 +00:00
|
|
|
if (!result.isChallengeRequired) { return onSuccess(false); }
|
2022-01-07 18:11:52 +00:00
|
|
|
|
|
|
|
session.set(result.session);
|
2022-01-21 22:54:15 +00:00
|
|
|
challengeDetails.set(result);
|
2022-01-19 19:41:06 +00:00
|
|
|
if (result.challengeName === 'SMS_MFA') {
|
|
|
|
securityStep.set('sms');
|
2022-01-07 18:11:52 +00:00
|
|
|
} else {
|
2022-01-19 19:41:06 +00:00
|
|
|
securityStep.set('totp');
|
2022-01-07 18:11:52 +00:00
|
|
|
}
|
|
|
|
},
|
2022-01-19 19:41:06 +00:00
|
|
|
(err) => handleFormError(err, errorObs),
|
2022-01-07 18:11:52 +00:00
|
|
|
),
|
|
|
|
cssModalButtons(
|
2022-01-19 19:41:06 +00:00
|
|
|
bigPrimaryButton('Confirm', dom.boolAttr('disabled', pending), testId('confirm')),
|
|
|
|
bigBasicButton('Cancel', dom.on('click', () => ctl.close()), testId('cancel')),
|
2022-01-07 18:11:52 +00:00
|
|
|
),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
);
|
|
|
|
}
|
2022-01-19 19:41:06 +00:00
|
|
|
case 'totp': {
|
|
|
|
let formElement: HTMLFormElement;
|
|
|
|
const multiHolder = new MultiHolder();
|
|
|
|
const pending = Observable.create(multiHolder, false);
|
|
|
|
const verificationCode = Observable.create(multiHolder, '');
|
|
|
|
const errorObs: Observable<string|null> = Observable.create(multiHolder, null);
|
2022-01-21 22:54:15 +00:00
|
|
|
const {isAlternateChallengeAvailable, deliveryDestination} = challengeDetails.get()!;
|
2022-01-07 18:11:52 +00:00
|
|
|
|
|
|
|
return dom.frag(
|
2022-01-19 19:41:06 +00:00
|
|
|
dom.autoDispose(pending.addListener(isPending => isPending && errorObs.set(null))),
|
|
|
|
dom.autoDispose(multiHolder),
|
|
|
|
cssModalTitle('Almost there!', testId('title')),
|
2022-01-07 18:11:52 +00:00
|
|
|
cssModalBody(
|
2022-01-19 19:41:06 +00:00
|
|
|
formElement = dom('form',
|
|
|
|
cssMainText(
|
|
|
|
'Enter the authentication code generated by your app to confirm your account.',
|
|
|
|
testId('main-text'),
|
|
|
|
),
|
|
|
|
cssBoldSubHeading('Verification Code'),
|
|
|
|
cssCodeInput(verificationCode,
|
|
|
|
{onInput: true},
|
|
|
|
verificationCodeInputOpts,
|
|
|
|
(el) => { setTimeout(() => el.focus(), 10); },
|
|
|
|
dom.onKeyDown({Enter: () => formElement.requestSubmit()}),
|
|
|
|
testId('verification-code-input'),
|
|
|
|
),
|
|
|
|
cssInput(session, {onInput: true}, {name: 'session', type: 'hidden'}),
|
|
|
|
cssFormError(dom.text(use => use(errorObs) ?? ''), testId('form-error')),
|
2022-01-07 18:11:52 +00:00
|
|
|
handleSubmit(pending,
|
2022-01-19 19:41:06 +00:00
|
|
|
({verificationCode: code, session: s}) => this._verifySecondStep('TOTP', code, s),
|
2022-01-21 22:54:15 +00:00
|
|
|
() => onSuccess(true),
|
2022-01-19 19:41:06 +00:00
|
|
|
(err) => handleFormError(err, errorObs),
|
2022-01-07 18:11:52 +00:00
|
|
|
),
|
|
|
|
cssModalButtons(
|
2022-01-19 19:41:06 +00:00
|
|
|
bigPrimaryButton('Submit', dom.boolAttr('disabled', pending), testId('submit')),
|
|
|
|
bigBasicButton('Cancel', dom.on('click', () => ctl.close()), testId('cancel')),
|
|
|
|
),
|
2022-01-21 22:54:15 +00:00
|
|
|
!isAlternateChallengeAvailable ? null : cssSubText(
|
|
|
|
'Receive a code by SMS? ',
|
2022-01-19 19:41:06 +00:00
|
|
|
cssLink(
|
2022-01-21 22:54:15 +00:00
|
|
|
// Use masked phone from prefs or challenge response, if available.
|
|
|
|
`Text ${deliveryDestination}.`,
|
2022-01-19 19:41:06 +00:00
|
|
|
dom.on('click', async () => {
|
|
|
|
if (pending.get()) { return; }
|
|
|
|
|
|
|
|
securityStep.set('loading');
|
|
|
|
try {
|
|
|
|
const result = await this._verifyPassword(password.get(), 'SMS');
|
|
|
|
if (result.isChallengeRequired) {
|
|
|
|
session.set(result.session);
|
2022-01-21 22:54:15 +00:00
|
|
|
challengeDetails.set(result);
|
2022-01-19 19:41:06 +00:00
|
|
|
securityStep.set('sms');
|
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
reportError(err as Error|string);
|
|
|
|
securityStep.set('totp');
|
|
|
|
}
|
|
|
|
}),
|
2022-01-07 18:11:52 +00:00
|
|
|
),
|
2022-01-19 19:41:06 +00:00
|
|
|
testId('use-sms'),
|
2022-01-07 18:11:52 +00:00
|
|
|
),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
);
|
|
|
|
}
|
2022-01-19 19:41:06 +00:00
|
|
|
case 'sms': {
|
|
|
|
let formElement: HTMLFormElement;
|
|
|
|
const multiHolder = new MultiHolder();
|
|
|
|
const pending = Observable.create(multiHolder, false);
|
|
|
|
const verificationCode = Observable.create(multiHolder, '');
|
|
|
|
const isResendingCode = Observable.create(multiHolder, false);
|
|
|
|
const errorObs: Observable<string|null> = Observable.create(multiHolder, null);
|
|
|
|
const resendingListener = isResendingCode.addListener(isResending => {
|
|
|
|
if (!isResending) { return; }
|
|
|
|
|
|
|
|
errorObs.set(null);
|
|
|
|
verificationCode.set('');
|
|
|
|
});
|
2022-01-21 22:54:15 +00:00
|
|
|
const {isAlternateChallengeAvailable, deliveryDestination} = challengeDetails.get()!;
|
2022-01-19 19:41:06 +00:00
|
|
|
|
|
|
|
return dom.frag(
|
|
|
|
dom.autoDispose(pending.addListener(isPending => isPending && errorObs.set(null))),
|
|
|
|
dom.autoDispose(resendingListener),
|
|
|
|
dom.autoDispose(multiHolder),
|
|
|
|
dom.domComputed(isResendingCode, isLoading => {
|
2022-01-24 20:38:32 +00:00
|
|
|
if (isLoading) { return cssSpinner(loadingSpinner()); }
|
2022-01-19 19:41:06 +00:00
|
|
|
|
|
|
|
return [
|
|
|
|
cssModalTitle('Almost there!', testId('title')),
|
|
|
|
cssModalBody(
|
|
|
|
formElement = dom('form',
|
|
|
|
cssMainText(
|
|
|
|
'We have sent an authentication code to ',
|
2022-01-21 22:54:15 +00:00
|
|
|
cssLightlyBoldedText(deliveryDestination),
|
2022-01-19 19:41:06 +00:00
|
|
|
'. Enter it below to confirm your account.',
|
|
|
|
testId('main-text'),
|
|
|
|
),
|
|
|
|
cssBoldSubHeading('Authentication Code'),
|
|
|
|
cssCodeInput(verificationCode,
|
|
|
|
{onInput: true},
|
|
|
|
{...verificationCodeInputOpts, autocomplete: 'one-time-code'},
|
|
|
|
(el) => { setTimeout(() => el.focus(), 10); },
|
|
|
|
dom.onKeyDown({Enter: () => formElement.requestSubmit()}),
|
|
|
|
testId('verification-code-input'),
|
|
|
|
),
|
|
|
|
cssInput(session, {onInput: true}, {name: 'session', type: 'hidden'}),
|
|
|
|
cssSubText(
|
2022-01-21 22:54:15 +00:00
|
|
|
"Didn't receive a code? ",
|
2022-01-19 19:41:06 +00:00
|
|
|
cssLink(
|
2022-01-21 22:54:15 +00:00
|
|
|
'Resend it',
|
2022-01-19 19:41:06 +00:00
|
|
|
dom.on('click', async () => {
|
|
|
|
if (pending.get()) { return; }
|
|
|
|
|
|
|
|
try {
|
|
|
|
isResendingCode.set(true);
|
|
|
|
const result = await this._verifyPassword(password.get(), 'SMS');
|
2022-01-21 22:54:15 +00:00
|
|
|
if (result.isChallengeRequired) {
|
|
|
|
session.set(result.session);
|
|
|
|
challengeDetails.set(result);
|
|
|
|
}
|
2022-01-19 19:41:06 +00:00
|
|
|
} finally {
|
|
|
|
isResendingCode.set(false);
|
|
|
|
}
|
|
|
|
}),
|
|
|
|
testId('resend-code'),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
cssFormError(dom.text(use => use(errorObs) ?? ''), testId('form-error')),
|
|
|
|
handleSubmit(pending,
|
|
|
|
({verificationCode: code, session: s}) => this._verifySecondStep('SMS', code, s),
|
2022-01-21 22:54:15 +00:00
|
|
|
() => onSuccess(true),
|
2022-01-19 19:41:06 +00:00
|
|
|
(err) => handleFormError(err, errorObs),
|
|
|
|
),
|
|
|
|
cssModalButtons(
|
|
|
|
bigPrimaryButton('Submit', dom.boolAttr('disabled', pending), testId('submit')),
|
|
|
|
bigBasicButton('Cancel', dom.on('click', () => ctl.close()), testId('cancel')),
|
|
|
|
),
|
2022-01-21 22:54:15 +00:00
|
|
|
!isAlternateChallengeAvailable ? null : cssSubText(
|
2022-01-19 19:41:06 +00:00
|
|
|
cssLink(
|
|
|
|
'Use code from authenticator app?',
|
|
|
|
dom.on('click', async () => {
|
|
|
|
if (pending.get()) { return; }
|
|
|
|
|
|
|
|
securityStep.set('loading');
|
|
|
|
try {
|
|
|
|
const result = await this._verifyPassword(password.get(), 'TOTP');
|
|
|
|
if (result.isChallengeRequired) {
|
|
|
|
session.set(result.session);
|
|
|
|
securityStep.set('totp');
|
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
reportError(err as Error|string);
|
|
|
|
securityStep.set('sms');
|
|
|
|
}
|
|
|
|
}),
|
|
|
|
testId('use-auth-app'),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
)
|
|
|
|
)
|
|
|
|
];
|
|
|
|
}),
|
|
|
|
);
|
|
|
|
}
|
2022-01-07 18:11:52 +00:00
|
|
|
}
|
|
|
|
}),
|
|
|
|
];
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Builds a form for registering a software token (TOTP) MFA method.
|
|
|
|
*
|
|
|
|
* A callback function must be passed, which will be called after successful completion of the
|
|
|
|
* registration form.
|
|
|
|
*
|
|
|
|
* @param {() => void} options.onSuccess Called after successful completion of registration.
|
|
|
|
*/
|
|
|
|
private _buildConfigureAuthAppForm(ctl: IModalControl, {onSuccess}: {onSuccess: () => void}) {
|
2022-01-19 19:41:06 +00:00
|
|
|
let formElement: HTMLFormElement;
|
|
|
|
const holder = new MultiHolder();
|
|
|
|
const qrCode: Observable<string|null> = Observable.create(holder, null);
|
|
|
|
const verificationCode = Observable.create(holder, '');
|
|
|
|
const pending = Observable.create(holder, false);
|
|
|
|
const errorObs: Observable<string|null> = Observable.create(holder, null);
|
2022-01-07 18:11:52 +00:00
|
|
|
|
|
|
|
this._getSoftwareTokenQRCode()
|
2022-01-19 19:41:06 +00:00
|
|
|
.then(code => qrCode.isDisposed() || qrCode.set(code))
|
|
|
|
.catch(e => { ctl.close(); reportError(e); });
|
2022-01-07 18:11:52 +00:00
|
|
|
|
|
|
|
return [
|
2022-01-19 19:41:06 +00:00
|
|
|
dom.autoDispose(pending.addListener(isPending => isPending && errorObs.set(null))),
|
|
|
|
dom.autoDispose(holder),
|
2022-01-07 18:11:52 +00:00
|
|
|
dom.domComputed(qrCode, code => {
|
2022-01-24 20:38:32 +00:00
|
|
|
if (code === null) { return cssSpinner(loadingSpinner()); }
|
2022-01-07 18:11:52 +00:00
|
|
|
|
|
|
|
return [
|
2022-01-19 19:41:06 +00:00
|
|
|
cssModalTitle('Configure authenticator app', testId('title')),
|
2022-01-07 18:11:52 +00:00
|
|
|
cssModalBody(
|
|
|
|
cssModalBody(
|
2022-01-19 19:41:06 +00:00
|
|
|
formElement = dom('form',
|
|
|
|
cssMainText(
|
|
|
|
"An authenticator app lets you access your security code without receiving a call " +
|
|
|
|
"or text message. If you don't already have an authenticator app, we'd recommend " +
|
|
|
|
"using ",
|
|
|
|
cssLink('Google Authenticator', {
|
|
|
|
href: 'https://play.google.com/store/apps/' +
|
|
|
|
'details?id=com.google.android.apps.authenticator2&hl=en_US&gl=US',
|
|
|
|
target: '_blank',
|
|
|
|
}),
|
|
|
|
".",
|
|
|
|
),
|
|
|
|
cssBoldSubHeading('To configure your authenticator app:'),
|
|
|
|
cssListItem('1. Add a new account'),
|
|
|
|
cssListItem('2. Scan the following barcode', {style: 'margin-bottom: 8px'}),
|
|
|
|
cssQRCode({src: code}, testId('qr-code')),
|
|
|
|
cssListItem('3. Enter the verification code that appears after scanning the barcode'),
|
|
|
|
cssBoldSubHeading('Authentication code'),
|
|
|
|
cssCodeInput(verificationCode,
|
|
|
|
{onInput: true},
|
|
|
|
verificationCodeInputOpts,
|
|
|
|
dom.onKeyDown({Enter: () => formElement.requestSubmit()}),
|
|
|
|
testId('verification-code-input'),
|
|
|
|
),
|
|
|
|
cssFormError(dom.text(use => use(errorObs) ?? ''), testId('form-error')),
|
2022-01-07 18:11:52 +00:00
|
|
|
handleSubmit(pending,
|
2022-01-19 19:41:06 +00:00
|
|
|
({verificationCode: c}) => this._confirmRegisterSoftwareToken(c),
|
2022-01-07 18:11:52 +00:00
|
|
|
() => onSuccess(),
|
2022-01-19 19:41:06 +00:00
|
|
|
(err) => handleFormError(err, errorObs),
|
|
|
|
),
|
2022-01-07 18:11:52 +00:00
|
|
|
cssModalButtons(
|
2022-01-19 19:41:06 +00:00
|
|
|
bigPrimaryButton('Verify', dom.boolAttr('disabled', pending), testId('verify')),
|
|
|
|
bigBasicButton('Cancel', dom.on('click', () => ctl.close()), testId('cancel')),
|
2022-01-07 18:11:52 +00:00
|
|
|
),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
];
|
|
|
|
}),
|
|
|
|
];
|
|
|
|
}
|
|
|
|
|
2022-01-19 19:41:06 +00:00
|
|
|
/**
|
|
|
|
* Builds a form for registering a SMS MFA method.
|
|
|
|
*
|
|
|
|
* A callback function must be passed, which will be called after successful completion of the
|
|
|
|
* registration form.
|
|
|
|
*
|
|
|
|
* @param {EnablePhoneMessageOptions} options Form options.
|
|
|
|
*/
|
|
|
|
private _buildConfigurePhoneMessageForm(
|
|
|
|
ctl: IModalControl,
|
|
|
|
{onSuccess, showBackButton, backButtonText, onBack}: EnablePhoneMessageOptions,
|
|
|
|
) {
|
|
|
|
const holder = new MultiHolder();
|
|
|
|
const configStep = Observable.create<'enter-phone' | 'verify-phone'>(holder, 'enter-phone');
|
|
|
|
const pending = Observable.create(holder, false);
|
|
|
|
const phoneNumber = Observable.create(holder, '');
|
|
|
|
const maskedPhoneNumber = Observable.create(holder, '');
|
|
|
|
|
|
|
|
return [
|
|
|
|
dom.autoDispose(holder),
|
|
|
|
dom.domComputed(configStep, (step) => {
|
|
|
|
switch (step) {
|
|
|
|
case 'enter-phone': {
|
|
|
|
let formElement: HTMLFormElement;
|
|
|
|
const multiHolder = new MultiHolder();
|
|
|
|
const errorObs: Observable<string|null> = Observable.create(multiHolder, null);
|
|
|
|
|
|
|
|
return dom.frag(
|
|
|
|
dom.autoDispose(pending.addListener(isPending => isPending && errorObs.set(null))),
|
|
|
|
dom.autoDispose(multiHolder),
|
|
|
|
cssModalTitle('Configure phone message', testId('title')),
|
|
|
|
cssModalBody(
|
|
|
|
formElement = dom('form',
|
|
|
|
cssMainText(
|
2022-01-20 02:26:20 +00:00
|
|
|
'You need to add a U.S. phone number where you can receive authentication codes by text.',
|
2022-01-19 19:41:06 +00:00
|
|
|
),
|
|
|
|
cssBoldSubHeading('Phone number'),
|
|
|
|
cssInput(phoneNumber,
|
|
|
|
{onInput: true},
|
2022-01-20 02:26:20 +00:00
|
|
|
{name: 'phoneNumber', placeholder: '+1 (201) 555 0123', type: 'text', required: 'true'},
|
2022-01-19 19:41:06 +00:00
|
|
|
(el) => { setTimeout(() => el.focus(), 10); },
|
|
|
|
dom.onKeyDown({Enter: () => formElement.requestSubmit()}),
|
|
|
|
testId('phone-number-input'),
|
|
|
|
),
|
|
|
|
cssFormError(dom.text(use => use(errorObs) ?? ''), testId('form-error')),
|
|
|
|
handleSubmit(pending,
|
|
|
|
({phoneNumber: phone}) => this._registerSMS(phone),
|
|
|
|
({deliveryDestination}) => {
|
|
|
|
maskedPhoneNumber.set(deliveryDestination);
|
|
|
|
configStep.set('verify-phone');
|
|
|
|
},
|
|
|
|
(err) => handleFormError(err, errorObs),
|
|
|
|
),
|
|
|
|
cssModalButtons(
|
|
|
|
bigPrimaryButton('Send code', dom.boolAttr('disabled', pending), testId('send-code')),
|
|
|
|
bigBasicButton('Cancel', dom.on('click', () => ctl.close()), testId('cancel')),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
showBackButton && backButtonText !== undefined && onBack ?
|
|
|
|
cssBackBtn(backButtonText, dom.on('click', () => onBack()), testId('back')) :
|
|
|
|
null,
|
|
|
|
);
|
|
|
|
}
|
|
|
|
case 'verify-phone': {
|
|
|
|
let formElement: HTMLFormElement;
|
|
|
|
const multiHolder = new MultiHolder();
|
|
|
|
const verificationCode = Observable.create(multiHolder, '');
|
|
|
|
const isResendingCode = Observable.create(multiHolder, false);
|
|
|
|
const errorObs: Observable<string|null> = Observable.create(multiHolder, null);
|
|
|
|
const resendingListener = isResendingCode.addListener(isResending => {
|
|
|
|
if (!isResending) { return; }
|
|
|
|
|
|
|
|
errorObs.set(null);
|
|
|
|
verificationCode.set('');
|
|
|
|
});
|
|
|
|
|
|
|
|
return dom.frag(
|
|
|
|
dom.autoDispose(pending.addListener(isPending => isPending && errorObs.set(null))),
|
|
|
|
dom.autoDispose(resendingListener),
|
|
|
|
dom.autoDispose(multiHolder),
|
|
|
|
dom.domComputed(isResendingCode, isLoading => {
|
2022-01-24 20:38:32 +00:00
|
|
|
if (isLoading) { return cssSpinner(loadingSpinner()); }
|
2022-01-19 19:41:06 +00:00
|
|
|
|
|
|
|
return [
|
|
|
|
cssModalTitle('Confirm your phone', testId('title')),
|
|
|
|
cssModalBody(
|
|
|
|
formElement = dom('form',
|
|
|
|
cssMainText(
|
|
|
|
'We have sent the authentication code to ',
|
|
|
|
cssLightlyBoldedText(maskedPhoneNumber.get()),
|
|
|
|
'. Enter it below to confirm your account.',
|
|
|
|
testId('main-text'),
|
|
|
|
),
|
|
|
|
cssBoldSubHeading('Authentication Code'),
|
|
|
|
cssCodeInput(verificationCode,
|
|
|
|
{onInput: true},
|
|
|
|
{...verificationCodeInputOpts, autocomplete: 'one-time-code'},
|
|
|
|
(el) => { setTimeout(() => el.focus(), 10); },
|
|
|
|
dom.onKeyDown({Enter: () => formElement.requestSubmit()}),
|
|
|
|
testId('verification-code-input'),
|
|
|
|
),
|
|
|
|
cssSubText(
|
2022-01-21 22:54:15 +00:00
|
|
|
"Didn't receive a code? ",
|
2022-01-19 19:41:06 +00:00
|
|
|
cssLink(
|
2022-01-21 22:54:15 +00:00
|
|
|
'Resend it',
|
2022-01-19 19:41:06 +00:00
|
|
|
dom.on('click', async () => {
|
|
|
|
if (pending.get()) { return; }
|
|
|
|
|
|
|
|
try {
|
|
|
|
isResendingCode.set(true);
|
|
|
|
await this._registerSMS(phoneNumber.get());
|
|
|
|
} finally {
|
|
|
|
isResendingCode.set(false);
|
|
|
|
}
|
|
|
|
}),
|
|
|
|
testId('resend-code'),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
cssFormError(dom.text(use => use(errorObs) ?? ''), testId('form-error')),
|
|
|
|
handleSubmit(pending,
|
|
|
|
({verificationCode: code}) => this._confirmRegisterSMS(code),
|
|
|
|
() => onSuccess(maskedPhoneNumber.get()),
|
|
|
|
(err) => handleFormError(err, errorObs),
|
|
|
|
),
|
|
|
|
cssModalButtons(
|
|
|
|
bigPrimaryButton('Confirm', dom.boolAttr('disabled', pending), testId('confirm')),
|
|
|
|
bigBasicButton('Cancel', dom.on('click', () => ctl.close()), testId('cancel')),
|
|
|
|
),
|
|
|
|
)
|
|
|
|
),
|
|
|
|
cssBackBtn('← Back to phone number',
|
|
|
|
dom.on('click', () => configStep.set('enter-phone')),
|
|
|
|
testId('back-to-phone')
|
|
|
|
),
|
|
|
|
];
|
|
|
|
})
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}),
|
|
|
|
];
|
|
|
|
}
|
|
|
|
|
2022-01-07 18:11:52 +00:00
|
|
|
private async _registerSoftwareToken() {
|
|
|
|
return await this._appModel.api.registerSoftwareToken();
|
|
|
|
}
|
|
|
|
|
2022-01-19 19:41:06 +00:00
|
|
|
private async _confirmRegisterSoftwareToken(verificationCode: string) {
|
|
|
|
await this._appModel.api.confirmRegisterSoftwareToken(verificationCode);
|
|
|
|
}
|
|
|
|
|
2022-01-07 18:11:52 +00:00
|
|
|
private async _unregisterSoftwareToken() {
|
2022-01-19 19:41:06 +00:00
|
|
|
await this._appModel.api.unregisterSoftwareToken();
|
|
|
|
}
|
|
|
|
|
|
|
|
private async _registerSMS(phoneNumber: string) {
|
|
|
|
return await this._appModel.api.registerSMS(phoneNumber);
|
|
|
|
}
|
|
|
|
|
|
|
|
private async _confirmRegisterSMS(verificationCode: string) {
|
|
|
|
await this._appModel.api.confirmRegisterSMS(verificationCode);
|
|
|
|
}
|
|
|
|
|
|
|
|
private async _unregisterSMS() {
|
|
|
|
await this._appModel.api.unregisterSMS();
|
|
|
|
}
|
|
|
|
|
|
|
|
private async _verifyPassword(password: string, preferredMfaMethod?: AuthMethod) {
|
|
|
|
return await this._appModel.api.verifyPassword(password, preferredMfaMethod);
|
|
|
|
}
|
|
|
|
|
|
|
|
private async _verifySecondStep(authMethod: AuthMethod, verificationCode: string, session: string) {
|
|
|
|
await this._appModel.api.verifySecondStep(authMethod, verificationCode, session);
|
2022-01-07 18:11:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns a data URL for a QR code that encodes a software token (TOTP) MFA shared secret. The
|
|
|
|
* URL can be set on an HTML image tag to display an image of the QR code in the browser.
|
|
|
|
*
|
|
|
|
* Used by _buildConfigureAuthAppForm to build the TOTP registration form.
|
|
|
|
*/
|
|
|
|
private async _getSoftwareTokenQRCode() {
|
|
|
|
const {secretCode} = await this._registerSoftwareToken();
|
|
|
|
const qrCodeUrl = `otpauth://totp/${encodeURI(`Grist:${this._user.email}`)}?secret=${secretCode}&issuer=Grist`;
|
|
|
|
const qrCode = await toDataURL(qrCodeUrl);
|
|
|
|
return qrCode;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2022-01-19 19:41:06 +00:00
|
|
|
* Sets the error details on `errObs` if `err` is a 4XX error (except 401). Otherwise, reports the
|
|
|
|
* error via the Notifier instance.
|
2022-01-07 18:11:52 +00:00
|
|
|
*/
|
2022-01-19 19:41:06 +00:00
|
|
|
function handleFormError(err: unknown, errObs: Observable<string|null>) {
|
|
|
|
if (
|
|
|
|
err instanceof ApiError &&
|
|
|
|
err.status !== 401 &&
|
|
|
|
err.status >= 400 &&
|
|
|
|
err.status < 500
|
|
|
|
) {
|
|
|
|
errObs.set(err.details?.userError ?? err.message);
|
|
|
|
} else {
|
|
|
|
reportError(err as Error|string);
|
2022-01-07 18:11:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-01-19 19:41:06 +00:00
|
|
|
const spinnerSizePixels = '24px';
|
2022-01-07 18:11:52 +00:00
|
|
|
|
2022-01-19 19:41:06 +00:00
|
|
|
const cssButtons = styled('div', `
|
|
|
|
min-height: ${spinnerSizePixels};
|
2022-01-07 18:11:52 +00:00
|
|
|
position: relative;
|
|
|
|
display: flex;
|
|
|
|
flex-direction: column;
|
|
|
|
margin: 8px 0px;
|
|
|
|
`);
|
|
|
|
|
|
|
|
const cssDataRow = styled('div', `
|
|
|
|
margin-top: 8px;
|
|
|
|
display: flex;
|
|
|
|
gap: 16px;
|
|
|
|
`);
|
|
|
|
|
|
|
|
const cssText = styled('div', `
|
|
|
|
font-size: ${vars.mediumFontSize};
|
|
|
|
border: none;
|
|
|
|
padding: 0;
|
|
|
|
text-align: left;
|
|
|
|
`);
|
|
|
|
|
2022-01-19 19:41:06 +00:00
|
|
|
const cssMainText = styled(cssText, `
|
2022-01-07 18:11:52 +00:00
|
|
|
margin-bottom: 32px;
|
|
|
|
`);
|
|
|
|
|
2022-01-19 19:41:06 +00:00
|
|
|
const cssListItem = styled(cssText, `
|
|
|
|
margin-bottom: 16px;
|
|
|
|
`);
|
|
|
|
|
|
|
|
const cssSubText = styled(cssText, `
|
|
|
|
margin-top: 16px;
|
|
|
|
`);
|
|
|
|
|
2022-01-07 18:11:52 +00:00
|
|
|
const cssFormError = styled('div', `
|
|
|
|
color: red;
|
|
|
|
min-height: 20px;
|
|
|
|
margin-top: 16px;
|
|
|
|
`);
|
|
|
|
|
|
|
|
const cssIconAndText = styled('div', `
|
|
|
|
display: flex;
|
|
|
|
align-items: center;
|
|
|
|
gap: 8px;
|
|
|
|
`);
|
|
|
|
|
|
|
|
const cssTextBtn = styled('button', `
|
|
|
|
font-size: ${vars.mediumFontSize};
|
|
|
|
color: ${colors.lightGreen};
|
|
|
|
cursor: pointer;
|
|
|
|
background-color: transparent;
|
|
|
|
border: none;
|
|
|
|
padding: 0;
|
|
|
|
text-align: left;
|
|
|
|
|
|
|
|
&:hover {
|
|
|
|
color: ${colors.darkGreen};
|
|
|
|
}
|
|
|
|
`);
|
|
|
|
|
2022-01-19 19:41:06 +00:00
|
|
|
const cssBackBtn = styled(cssTextBtn, `
|
|
|
|
margin-top: 16px;
|
|
|
|
`);
|
|
|
|
|
2022-01-07 18:11:52 +00:00
|
|
|
const cssAuthMethods = styled('div', `
|
2022-01-24 20:38:32 +00:00
|
|
|
display: grid;
|
|
|
|
grid-auto-rows: 1fr;
|
2022-01-07 18:11:52 +00:00
|
|
|
margin-top: 16px;
|
|
|
|
gap: 8px;
|
|
|
|
`);
|
|
|
|
|
|
|
|
const cssAuthMethod = styled('div', `
|
|
|
|
border: 1px solid ${colors.mediumGreyOpaque};
|
2022-01-21 00:51:34 +00:00
|
|
|
border-radius: 3px;
|
2022-01-07 18:11:52 +00:00
|
|
|
cursor: pointer;
|
|
|
|
|
|
|
|
&:hover {
|
|
|
|
border: 1px solid ${colors.slate};
|
|
|
|
}
|
|
|
|
`);
|
|
|
|
|
|
|
|
const cssAuthMethodTitle = styled(cssIconAndText, `
|
|
|
|
font-size: ${vars.mediumFontSize};
|
|
|
|
font-weight: bold;
|
|
|
|
color: ${colors.lightGreen};
|
2022-01-21 00:51:34 +00:00
|
|
|
margin: 16px 16px 8px 16px;
|
2022-01-07 18:11:52 +00:00
|
|
|
`);
|
|
|
|
|
|
|
|
const cssAuthMethodDesc = styled('div', `
|
|
|
|
color: #8a8a8a;
|
2022-01-24 20:38:32 +00:00
|
|
|
padding: 0px 16px 16px 40px;
|
2022-01-07 18:11:52 +00:00
|
|
|
`);
|
|
|
|
|
|
|
|
const cssInput = styled(input, `
|
|
|
|
font-size: ${vars.mediumFontSize};
|
|
|
|
height: 42px;
|
|
|
|
line-height: 16px;
|
|
|
|
width: 100%;
|
|
|
|
padding: 13px;
|
|
|
|
border: 1px solid #D9D9D9;
|
|
|
|
border-radius: 3px;
|
|
|
|
outline: none;
|
|
|
|
|
|
|
|
&[type=number] {
|
|
|
|
-moz-appearance: textfield;
|
|
|
|
}
|
|
|
|
&[type=number]::-webkit-inner-spin-button,
|
|
|
|
&[type=number]::-webkit-outer-spin-button {
|
|
|
|
-webkit-appearance: none;
|
|
|
|
margin: 0;
|
|
|
|
}
|
|
|
|
`);
|
|
|
|
|
|
|
|
const cssCodeInput = styled(cssInput, `
|
|
|
|
width: 200px;
|
|
|
|
`);
|
|
|
|
|
2022-01-19 19:41:06 +00:00
|
|
|
const cssSmallLoadingSpinner = styled(loadingSpinner, `
|
|
|
|
width: ${spinnerSizePixels};
|
|
|
|
height: ${spinnerSizePixels};
|
|
|
|
border-radius: ${spinnerSizePixels};
|
|
|
|
`);
|
|
|
|
|
|
|
|
const cssCenteredDiv = styled('div', `
|
2022-01-07 18:11:52 +00:00
|
|
|
display: flex;
|
|
|
|
justify-content: center;
|
|
|
|
align-items: center;
|
|
|
|
`);
|
|
|
|
|
2022-01-24 20:38:32 +00:00
|
|
|
const cssSmallSpinner = cssCenteredDiv;
|
|
|
|
|
|
|
|
const cssSpinner = styled(cssCenteredDiv, `
|
2022-01-19 19:41:06 +00:00
|
|
|
height: 200px;
|
2022-01-24 20:38:32 +00:00
|
|
|
min-width: 200px;
|
2022-01-07 18:11:52 +00:00
|
|
|
`);
|
|
|
|
|
2022-01-19 19:41:06 +00:00
|
|
|
const cssBoldSubHeading = styled('div', `
|
|
|
|
font-weight: bold;
|
2022-01-07 18:11:52 +00:00
|
|
|
margin-bottom: 16px;
|
|
|
|
`);
|
|
|
|
|
2022-01-19 19:41:06 +00:00
|
|
|
const cssLightlyBoldedText = styled('span', `
|
|
|
|
font-weight: 500;
|
2022-01-07 18:11:52 +00:00
|
|
|
`);
|
|
|
|
|
|
|
|
const cssQRCode = styled('img', `
|
|
|
|
width: 140px;
|
|
|
|
height: 140px;
|
2022-01-19 19:41:06 +00:00
|
|
|
margin-bottom: 16px;
|
2022-01-07 18:11:52 +00:00
|
|
|
`);
|
|
|
|
|
|
|
|
const cssIcon = styled(icon, `
|
|
|
|
width: 16px;
|
|
|
|
height: 16px;
|
|
|
|
`);
|
|
|
|
|
|
|
|
const cssGreenIcon = styled(cssIcon, `
|
|
|
|
background-color: ${colors.lightGreen};
|
|
|
|
`);
|
|
|
|
|
|
|
|
const cssModalButtons = styled(modalButtons, `
|
|
|
|
margin: 16px 0 0 0;
|
|
|
|
`);
|