TOTP google authenticator implemented properly well
This commit is contained in:
Priec
@@ -289,6 +289,34 @@ password-change-title = Change password
|
||||
password-current = Current password
|
||||
password-current-wrong = Your current password is incorrect.
|
||||
password-changed = Your password has been changed.
|
||||
|
||||
# Two-factor authentication (TOTP / Google Authenticator)
|
||||
security-title = Security
|
||||
security-2fa-intro = Two-factor authentication (2FA) adds a one-time code from an app like Google Authenticator to your sign-in.
|
||||
security-2fa-on = 2FA is on
|
||||
security-2fa-off = 2FA is off
|
||||
security-2fa-enable = Enable two-factor authentication
|
||||
security-2fa-scan = Scan this QR code in Google Authenticator (or any compatible app).
|
||||
security-2fa-manual = Or enter the key manually:
|
||||
security-2fa-enter-code = Enter the 6-digit code from the app
|
||||
security-2fa-confirm = Confirm and enable
|
||||
security-2fa-code-wrong = That code is wrong or expired. Please try again.
|
||||
security-2fa-enroll-error = Could not start 2FA setup. Please try again.
|
||||
security-2fa-enabled-ok = Two-factor authentication is enabled.
|
||||
security-2fa-backup-intro = Save these backup codes somewhere safe. Each can be used once if you lose access to your app.
|
||||
security-2fa-backup-remaining = Backup codes remaining
|
||||
security-2fa-regenerate = Generate new backup codes
|
||||
security-2fa-disable = Disable two-factor authentication
|
||||
security-2fa-disable-hint = Enter your current password to confirm.
|
||||
|
||||
# Second login step (after password)
|
||||
login-totp-title = Two-factor authentication
|
||||
login-totp-intro = Enter the code from your authenticator app.
|
||||
login-totp-error = That code is wrong or expired.
|
||||
login-totp-code = Verification code
|
||||
login-totp-submit = Verify
|
||||
login-totp-backup-hint = No access to your app? Enter one of your backup codes.
|
||||
|
||||
account-type-locked = Account type can't be changed after registration.
|
||||
checkout-create-account = Create an account from this order
|
||||
checkout-create-account-hint = We'll email you a link to set your password. This order will be linked to your account.
|
||||
|
||||
@@ -289,6 +289,34 @@ password-change-title = Zmeniť heslo
|
||||
password-current = Súčasné heslo
|
||||
password-current-wrong = Vaše súčasné heslo je nesprávne.
|
||||
password-changed = Vaše heslo bolo zmenené.
|
||||
|
||||
# Two-factor authentication (TOTP / Google Authenticator)
|
||||
security-title = Zabezpečenie
|
||||
security-2fa-intro = Dvojfaktorové overenie (2FA) pridáva k prihláseniu jednorazový kód z aplikácie ako Google Authenticator.
|
||||
security-2fa-on = 2FA je zapnuté
|
||||
security-2fa-off = 2FA je vypnuté
|
||||
security-2fa-enable = Zapnúť dvojfaktorové overenie
|
||||
security-2fa-scan = Naskenujte tento QR kód v aplikácii Google Authenticator (alebo inej kompatibilnej).
|
||||
security-2fa-manual = Alebo zadajte kľúč ručne:
|
||||
security-2fa-enter-code = Zadajte 6-miestny kód z aplikácie
|
||||
security-2fa-confirm = Potvrdiť a zapnúť
|
||||
security-2fa-code-wrong = Kód je nesprávny alebo vypršal. Skúste to znova.
|
||||
security-2fa-enroll-error = Nepodarilo sa pripraviť 2FA. Skúste to znova.
|
||||
security-2fa-enabled-ok = Dvojfaktorové overenie je zapnuté.
|
||||
security-2fa-backup-intro = Uložte si tieto záložné kódy na bezpečné miesto. Každý sa dá použiť iba raz, ak nemáte prístup k aplikácii.
|
||||
security-2fa-backup-remaining = Zostávajúce záložné kódy
|
||||
security-2fa-regenerate = Vygenerovať nové záložné kódy
|
||||
security-2fa-disable = Vypnúť dvojfaktorové overenie
|
||||
security-2fa-disable-hint = Na potvrdenie zadajte svoje súčasné heslo.
|
||||
|
||||
# Second login step (after password)
|
||||
login-totp-title = Dvojfaktorové overenie
|
||||
login-totp-intro = Zadajte kód z vašej autentifikačnej aplikácie.
|
||||
login-totp-error = Kód je nesprávny alebo vypršal.
|
||||
login-totp-code = Overovací kód
|
||||
login-totp-submit = Overiť
|
||||
login-totp-backup-hint = Nemáte prístup k aplikácii? Zadajte jeden zo svojich záložných kódov.
|
||||
|
||||
account-type-locked = Typ účtu sa po registrácii nedá zmeniť.
|
||||
checkout-create-account = Vytvoriť účet z tejto objednávky
|
||||
checkout-create-account-hint = Pošleme vám e-mail na nastavenie hesla. Objednávka sa priradí k vášmu účtu.
|
||||
|
||||
File diff suppressed because one or more lines are too long
80
assets/views/account/security.html
Normal file
80
assets/views/account/security.html
Normal file
@@ -0,0 +1,80 @@
|
||||
{% extends "base.html" %}
|
||||
{% import "macros/ui.html" as ui %}
|
||||
|
||||
{% block title %}{{ t(key="security-title", lang=lang | default(value='sk')) }}{% endblock title %}
|
||||
|
||||
{% block content %}
|
||||
<div class="mx-auto max-w-md">
|
||||
<h1 class="text-3xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="security-title", lang=lang | default(value='sk')) }}</h1>
|
||||
<p class="mt-2 text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-intro", lang=lang | default(value='sk')) }}</p>
|
||||
|
||||
{% if error == "password" %}
|
||||
{{ ui::alert_danger(message=t(key="password-current-wrong", lang=lang | default(value='sk')), extra="mt-4") }}
|
||||
{% elif error == "code" %}
|
||||
{{ ui::alert_danger(message=t(key="security-2fa-code-wrong", lang=lang | default(value='sk')), extra="mt-4") }}
|
||||
{% elif error == "enroll" %}
|
||||
{{ ui::alert_danger(message=t(key="security-2fa-enroll-error", lang=lang | default(value='sk')), extra="mt-4") }}
|
||||
{% endif %}
|
||||
|
||||
{# --- One-time backup codes, shown right after enabling / regenerating --- #}
|
||||
{% if backup_codes and backup_codes | length > 0 %}
|
||||
<div class="mt-6 rounded-radius border border-success bg-success/10 px-4 py-3" role="status">
|
||||
<p class="text-sm font-medium text-success">{{ t(key="security-2fa-enabled-ok", lang=lang | default(value='sk')) }}</p>
|
||||
<p class="mt-2 text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-backup-intro", lang=lang | default(value='sk')) }}</p>
|
||||
<ul class="mt-3 grid grid-cols-2 gap-2 font-mono text-sm text-on-surface-strong dark:text-on-surface-dark-strong">
|
||||
{% for code in backup_codes %}
|
||||
<li class="rounded-radius bg-surface px-3 py-1.5 text-center tracking-wider dark:bg-surface-dark">{{ code }}</li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
{% if enrolling %}
|
||||
{# --- Step 2: scan the QR and confirm a code --- #}
|
||||
<div class="mt-6 flex flex-col gap-4 rounded-radius border border-outline bg-surface-alt p-5 dark:border-outline-dark dark:bg-surface-dark-alt">
|
||||
<p class="text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-scan", lang=lang | default(value='sk')) }}</p>
|
||||
<img src="{{ qr }}" alt="TOTP QR" class="mx-auto size-48 rounded-radius bg-white p-2" />
|
||||
<div class="text-center">
|
||||
<p class="text-xs text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-manual", lang=lang | default(value='sk')) }}</p>
|
||||
<code class="mt-1 inline-block break-all font-mono text-sm text-on-surface-strong dark:text-on-surface-dark-strong">{{ secret }}</code>
|
||||
</div>
|
||||
<form method="post" action="/account/security/confirm" hx-boost="false" class="flex flex-col gap-3">
|
||||
<label for="code" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="security-2fa-enter-code", lang=lang | default(value='sk')) }}</label>
|
||||
{{ ui::input(name="code", id="code", type="text", required=true, autocomplete="one-time-code", attrs='inputmode="numeric" pattern="[0-9]*" maxlength="6" autofocus') }}
|
||||
{{ ui::button(label=t(key="security-2fa-confirm", lang=lang | default(value='sk')), type="submit", extra="w-full") }}
|
||||
</form>
|
||||
</div>
|
||||
|
||||
{% elif totp_enabled %}
|
||||
{# --- Enabled: status + remaining backup codes + disable / regenerate --- #}
|
||||
<div class="mt-6 flex items-center gap-2">
|
||||
{{ ui::badge(label=t(key="security-2fa-on", lang=lang | default(value='sk')), variant="success") }}
|
||||
<span class="text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-backup-remaining", lang=lang | default(value='sk')) }}: {{ backup_remaining }}</span>
|
||||
</div>
|
||||
|
||||
<form method="post" action="/account/security/backup-codes" hx-boost="false" class="mt-6 flex flex-col gap-3 rounded-radius border border-outline bg-surface-alt p-5 dark:border-outline-dark dark:bg-surface-dark-alt">
|
||||
<p class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="security-2fa-regenerate", lang=lang | default(value='sk')) }}</p>
|
||||
<label for="regen_pw" class="text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="password-current", lang=lang | default(value='sk')) }}</label>
|
||||
{{ ui::input(name="current_password", id="regen_pw", type="password", required=true, autocomplete="current-password") }}
|
||||
{{ ui::button(label=t(key="security-2fa-regenerate", lang=lang | default(value='sk')), type="submit", variant="outline-secondary", extra="w-full") }}
|
||||
</form>
|
||||
|
||||
<form method="post" action="/account/security/disable" hx-boost="false" class="mt-4 flex flex-col gap-3 rounded-radius border border-danger/40 bg-danger/5 p-5">
|
||||
<p class="text-sm font-medium text-danger">{{ t(key="security-2fa-disable", lang=lang | default(value='sk')) }}</p>
|
||||
<p class="text-xs text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-disable-hint", lang=lang | default(value='sk')) }}</p>
|
||||
<label for="disable_pw" class="text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="password-current", lang=lang | default(value='sk')) }}</label>
|
||||
{{ ui::input(name="current_password", id="disable_pw", type="password", required=true, autocomplete="current-password") }}
|
||||
{{ ui::button(label=t(key="security-2fa-disable", lang=lang | default(value='sk')), type="submit", variant="danger", extra="w-full") }}
|
||||
</form>
|
||||
|
||||
{% else %}
|
||||
{# --- Disabled: offer to enable --- #}
|
||||
<form method="post" action="/account/security/enable" hx-boost="false" class="mt-6">
|
||||
<div class="flex items-center gap-2">
|
||||
{{ ui::badge(label=t(key="security-2fa-off", lang=lang | default(value='sk')), variant="neutral") }}
|
||||
</div>
|
||||
{{ ui::button(label=t(key="security-2fa-enable", lang=lang | default(value='sk')), type="submit", extra="mt-4 w-full") }}
|
||||
</form>
|
||||
{% endif %}
|
||||
</div>
|
||||
{% endblock content %}
|
||||
47
assets/views/auth/login_totp.html
Normal file
47
assets/views/auth/login_totp.html
Normal file
@@ -0,0 +1,47 @@
|
||||
{% extends "base.html" %}
|
||||
{% import "macros/ui.html" as ui %}
|
||||
|
||||
{% block title %}{{ t(key="login-totp-title", lang=lang | default(value='sk')) }}{% endblock title %}
|
||||
|
||||
{% block content %}
|
||||
<div class="mx-auto mt-8 max-w-sm">
|
||||
<div
|
||||
class="rounded-radius border border-outline bg-surface-alt shadow-sm dark:border-outline-dark dark:bg-surface-dark-alt">
|
||||
<div
|
||||
class="flex items-center justify-between border-b border-outline px-5 py-3 dark:border-outline-dark">
|
||||
<span class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
|
||||
{{ t(key="brand", lang=lang | default(value='sk')) }}
|
||||
</span>
|
||||
{{ ui::badge(label=t(key="auth", lang=lang | default(value='sk')), variant="primary") }}
|
||||
</div>
|
||||
|
||||
<div class="p-5">
|
||||
<h1 class="text-xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">
|
||||
{{ t(key="login-totp-title", lang=lang | default(value='sk')) }}
|
||||
</h1>
|
||||
<p class="mt-2 text-sm text-on-surface dark:text-on-surface-dark">
|
||||
{{ t(key="login-totp-intro", lang=lang | default(value='sk')) }}
|
||||
</p>
|
||||
|
||||
{% if error %}
|
||||
{{ ui::alert_danger(message=t(key="login-totp-error", lang=lang | default(value='sk')), extra="mt-3") }}
|
||||
{% endif %}
|
||||
|
||||
<form method="post" action="/login/totp" hx-boost="false" class="mt-4 flex flex-col gap-4">
|
||||
<div class="flex flex-col gap-1">
|
||||
<label for="code"
|
||||
class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
|
||||
{{ t(key="login-totp-code", lang=lang | default(value='sk')) }}
|
||||
</label>
|
||||
{{ ui::input(name="code", id="code", type="text", required=true, autocomplete="one-time-code", attrs='inputmode="numeric" autofocus') }}
|
||||
</div>
|
||||
{{ ui::button(label=t(key="login-totp-submit", lang=lang | default(value='sk')), type="submit", extra="mt-1 w-full") }}
|
||||
</form>
|
||||
|
||||
<p class="mt-4 text-xs text-on-surface dark:text-on-surface-dark">
|
||||
{{ t(key="login-totp-backup-hint", lang=lang | default(value='sk')) }}
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock content %}
|
||||
@@ -196,6 +196,7 @@
|
||||
<li><a href="/account/orders" data-nav="/account/orders" class="block rounded-radius px-3 py-2 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-primary focus:outline-hidden focus-visible:underline aria-[current=page]:font-semibold aria-[current=page]:bg-primary/10 aria-[current=page]:text-primary dark:text-on-surface-dark dark:hover:text-primary-dark dark:aria-[current=page]:text-primary-dark">{{ t(key="account-orders", lang=lang | default(value='sk')) }}</a></li>
|
||||
<li><a href="/account/profile" data-nav="/account/profile" class="block rounded-radius px-3 py-2 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-primary focus:outline-hidden focus-visible:underline aria-[current=page]:font-semibold aria-[current=page]:bg-primary/10 aria-[current=page]:text-primary dark:text-on-surface-dark dark:hover:text-primary-dark dark:aria-[current=page]:text-primary-dark">{{ t(key="profile-title", lang=lang | default(value='sk')) }}</a></li>
|
||||
<li><a href="/account/password" data-nav="/account/password" class="block rounded-radius px-3 py-2 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-primary focus:outline-hidden focus-visible:underline aria-[current=page]:font-semibold aria-[current=page]:bg-primary/10 aria-[current=page]:text-primary dark:text-on-surface-dark dark:hover:text-primary-dark dark:aria-[current=page]:text-primary-dark">{{ t(key="account-change-password", lang=lang | default(value='sk')) }}</a></li>
|
||||
<li><a href="/account/security" data-nav="/account/security" class="block rounded-radius px-3 py-2 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-primary focus:outline-hidden focus-visible:underline aria-[current=page]:font-semibold aria-[current=page]:bg-primary/10 aria-[current=page]:text-primary dark:text-on-surface-dark dark:hover:text-primary-dark dark:aria-[current=page]:text-primary-dark">{{ t(key="security-title", lang=lang | default(value='sk')) }}</a></li>
|
||||
</ul>
|
||||
<form method="post" action="/logout" hx-boost="false" class="mt-4 border-t border-outline pt-3 dark:border-outline-dark">
|
||||
<button type="submit" class="block w-full rounded-radius px-3 py-2 text-left text-sm font-medium text-danger underline-offset-2 transition hover:bg-primary/5 focus:outline-hidden focus-visible:underline">{{ t(key="logout", lang=lang | default(value='sk')) }}</button>
|
||||
|
||||
@@ -61,6 +61,10 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" aria-hidden="true" fill="currentColor" class="size-4 shrink-0"><path fill-rule="evenodd" d="M15.75 1.5a6.75 6.75 0 00-6.651 7.906c.067.39-.032.717-.221.906l-6.5 6.499a3 3 0 00-.878 2.121v2.818c0 .414.336.75.75.75H6a.75.75 0 00.75-.75v-1.5h1.5A.75.75 0 009 21v-1.5h1.5a.75.75 0 00.53-.22l2.658-2.658c.19-.189.517-.288.906-.22A6.75 6.75 0 1015.75 1.5zm0 3a.75.75 0 000 1.5A2.25 2.25 0 0118 8.25a.75.75 0 001.5 0 3.75 3.75 0 00-3.75-3.75z" clip-rule="evenodd"/></svg>
|
||||
{{ t(key="account-change-password", lang=lang | default(value='sk')) }}
|
||||
</a>
|
||||
<a href="/account/security" data-nav="/account/security" role="menuitem" class="flex items-center gap-2 bg-surface-alt px-4 py-2 text-sm text-on-surface hover:bg-surface-dark-alt/5 hover:text-on-surface-strong focus-visible:bg-surface-dark-alt/10 focus-visible:text-on-surface-strong focus-visible:outline-hidden dark:bg-surface-dark-alt dark:text-on-surface-dark dark:hover:bg-surface-alt/5 dark:hover:text-on-surface-dark-strong dark:focus-visible:bg-surface-alt/10 dark:focus-visible:text-on-surface-dark-strong">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" aria-hidden="true" fill="currentColor" class="size-4 shrink-0"><path fill-rule="evenodd" d="M12 1.5a5.25 5.25 0 00-5.25 5.25v3a3 3 0 00-3 3v6.75a3 3 0 003 3h10.5a3 3 0 003-3v-6.75a3 3 0 00-3-3v-3c0-2.9-2.35-5.25-5.25-5.25zm3.75 8.25v-3a3.75 3.75 0 10-7.5 0v3h7.5z" clip-rule="evenodd"/></svg>
|
||||
{{ t(key="security-title", lang=lang | default(value='sk')) }}
|
||||
</a>
|
||||
</div>
|
||||
<!-- logout -->
|
||||
<div class="flex flex-col py-1.5">
|
||||
|
||||
Reference in New Issue
Block a user