From: Dominik Csapak <d.csapak@proxmox.com>
Date: Thu, 14 Dec 2023 09:55:16 +0000 (+0100)
Subject: ui: mobile: fix totp login
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=84505f2de86f52c55b12fc846f7821af3b56a863;p=pve-manager.git

ui: mobile: fix totp login

Log-in with TOTP enabled account on mobile was broken due to these two
commits:
- pve-manager: 509d7a20 ("mobile ui: implement dummy message box and
  scrip loader")
- pve-access-control: cb64967 ("api: drop old verify_tfa api call")

The pve-manager one overwrote the Ext.MessageBox and Ext.Msg classes
and thus removed the Ext.MessageBox.OKCANCEL constant that represented
the buttons of popup messages (without those no buttons on message
boxes where shown).

This override did not work as intended, as we still  showed the
message box by accident, because at that point the Ext.MessageBox was
already initialized (so it was overwritten), but Ext.Msg was not (this
happens later).

And the pve-access-control removed the old tfa verify api (which is
now done via the /access/ticket api)

So to fix that, we have to adapt to the api changes and restore the
stock Ext.MessageBox and Ext.Msg classes by removing the overrides
(i couldn't find where we would need those)

We still cannot handle u2f/WebAuthn or recovery methods though.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---

diff --git a/www/mobile/Login.js b/www/mobile/Login.js
index 0abc2a14..06c8b3d4 100644
--- a/www/mobile/Login.js
+++ b/www/mobile/Login.js
@@ -35,8 +35,12 @@ Ext.define('PVE.Login', {
 			    message: 'Loading...',
 			});
 			Proxmox.Utils.API2Request({
-			    url: '/api2/extjs/access/tfa',
-			    params: { response: code },
+			    url: '/api2/extjs/access/ticket',
+			    params: {
+				username: ticketResponse.username,
+				'tfa-challenge': ticketResponse.ticket,
+				password: `totp:${code}`
+			    },
 			    method: 'POST',
 			    timeout: 5000, // it'll delay both success & failure
 			    success: function(resp, opts) {
diff --git a/www/mobile/Toolkit.js b/www/mobile/Toolkit.js
index c6e4e4a0..7bde24e6 100644
--- a/www/mobile/Toolkit.js
+++ b/www/mobile/Toolkit.js
@@ -7,9 +7,4 @@ Ext.Ajax.setDisableCaching(false);
 // do not send '_dc' parameter
 Ext.Ajax.disableCaching = false;
 
-Ext.MessageBox = Ext.Msg = {
-    alert: (title, message) => console.warn(title, message),
-    show: ({ title, message }) => console.warn(title, message),
-};
-
 Ext.Loader.injectScriptElement = (url) => console.warn(`surpressed loading ${url}`);