Log-in with TOTP enabled account on mobile was broken due to these two
commits:
- pve-manager:
509d7a20 ("mobile ui: implement dummy message box and
scrip loader")
- pve-access-control:
cb64967 ("api: drop old verify_tfa api call")
The pve-manager one overwrote the Ext.MessageBox and Ext.Msg classes
and thus removed the Ext.MessageBox.OKCANCEL constant that represented
the buttons of popup messages (without those no buttons on message
boxes where shown).
This override did not work as intended, as we still showed the
message box by accident, because at that point the Ext.MessageBox was
already initialized (so it was overwritten), but Ext.Msg was not (this
happens later).
And the pve-access-control removed the old tfa verify api (which is
now done via the /access/ticket api)
So to fix that, we have to adapt to the api changes and restore the
stock Ext.MessageBox and Ext.Msg classes by removing the overrides
(i couldn't find where we would need those)
We still cannot handle u2f/WebAuthn or recovery methods though.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
message: 'Loading...',
});
Proxmox.Utils.API2Request({
- url: '/api2/extjs/access/tfa',
- params: { response: code },
+ url: '/api2/extjs/access/ticket',
+ params: {
+ username: ticketResponse.username,
+ 'tfa-challenge': ticketResponse.ticket,
+ password: `totp:${code}`
+ },
method: 'POST',
timeout: 5000, // it'll delay both success & failure
success: function(resp, opts) {
// do not send '_dc' parameter
Ext.Ajax.disableCaching = false;
-Ext.MessageBox = Ext.Msg = {
- alert: (title, message) => console.warn(title, message),
- show: ({ title, message }) => console.warn(title, message),
-};
-
Ext.Loader.injectScriptElement = (url) => console.warn(`surpressed loading ${url}`);
projects / pve-manager.git / commitdiff