Don't show Link to TOTP if not set up (#27585) (#27588)

Backport #27585 by @JakobDev Fixes https://codeberg.org/forgejo/forgejo/issues/1592 When login in with WebAuth, the page has a link to use TOTP instead. This link is always displayed, no matter if the User has set up TOTP or not, which do of cause not work for those who have not. Co-authored-by: JakobDev <jakobdev@gmx.de>
1 year ago · 63a321b83a
parent 844ab9a441
commit 63a321b83a
2 changed files with 13 additions and 3 deletions
--- a/routers/web/auth/webauthn.go
+++ b/routers/web/auth/webauthn.go
@ -37,6 +37,14 @@ func WebAuthn(ctx *context.Context) {
 		return
 	}

+	hasTwoFactor, err := auth.HasTwoFactorByUID(ctx, ctx.Session.Get("twofaUid").(int64))
+	if err != nil {
+		ctx.ServerError("HasTwoFactorByUID", err)
+		return
+	}
+
+	ctx.Data["HasTwoFactor"] = hasTwoFactor
+
 	ctx.HTML(http.StatusOK, tplWebAuthn)
 }

--- a/templates/user/auth/webauthn.tmpl
+++ b/templates/user/auth/webauthn.tmpl
@ -14,9 +14,11 @@
 				<div class="is-loading" style="width: 40px; height: 40px"></div>
 				{{ctx.Locale.Tr "webauthn_press_button"}}
 			</div>
-			<div class="ui attached segment">
-				<a href="{{AppSubUrl}}/user/two_factor">{{ctx.Locale.Tr "webauthn_use_twofa"}}</a>
-			</div>
+			{{if .HasTwoFactor}}
+				<div class="ui attached segment">
+					<a href="{{AppSubUrl}}/user/two_factor">{{ctx.Locale.Tr "webauthn_use_twofa"}}</a>
+				</div>
+			{{end}}
 		</div>
 	</div>
 </div>