From a42df9a27b92df03d7386c6bdebcffc0312dd02b Mon Sep 17 00:00:00 2001
From: fufesou <fufesou@users.noreply.github.com>
Date: Sun, 21 Jan 2024 19:14:28 -0800
Subject: [PATCH] Refact, verification login with secret (#6943)

Signed-off-by: fufesou <shuanglongchen@yeah.net>
---
 flutter/lib/common/hbbs/hbbs.dart     | 10 ++++++++--
 flutter/lib/common/widgets/login.dart | 13 +++++++------
 src/hbbs_http/account.rs              |  2 ++
 src/ui/index.tis                      | 16 +++++++++++++---
 4 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/flutter/lib/common/hbbs/hbbs.dart b/flutter/lib/common/hbbs/hbbs.dart
index 2bb5bc40b..b500afd5e 100644
--- a/flutter/lib/common/hbbs/hbbs.dart
+++ b/flutter/lib/common/hbbs/hbbs.dart
@@ -121,6 +121,7 @@ class LoginRequest {
   String? type;
   String? verificationCode;
   String? tfaCode;
+  String? secret;
 
   LoginRequest(
       {this.username,
@@ -130,7 +131,8 @@ class LoginRequest {
       this.autoLogin,
       this.type,
       this.verificationCode,
-      this.tfaCode});
+      this.tfaCode,
+      this.secret});
 
   Map<String, dynamic> toJson() {
     final Map<String, dynamic> data = <String, dynamic>{};
@@ -144,6 +146,7 @@ class LoginRequest {
       data['verificationCode'] = verificationCode;
     }
     if (tfaCode != null) data['tfaCode'] = tfaCode;
+    if (secret != null) data['secret'] = secret;
 
     Map<String, dynamic> deviceInfo = {};
     try {
@@ -160,14 +163,17 @@ class LoginResponse {
   String? access_token;
   String? type;
   String? tfa_type;
+  String? secret;
   UserPayload? user;
 
-  LoginResponse({this.access_token, this.type, this.tfa_type, this.user});
+  LoginResponse(
+      {this.access_token, this.type, this.tfa_type, this.secret, this.user});
 
   LoginResponse.fromJson(Map<String, dynamic> json) {
     access_token = json['access_token'];
     type = json['type'];
     tfa_type = json['tfa_type'];
+    secret = json['secret'];
     user = json['user'] != null ? UserPayload.fromJson(json['user']) : null;
   }
 }
diff --git a/flutter/lib/common/widgets/login.dart b/flutter/lib/common/widgets/login.dart
index 64ea188a0..a6b8048a8 100644
--- a/flutter/lib/common/widgets/login.dart
+++ b/flutter/lib/common/widgets/login.dart
@@ -390,8 +390,7 @@ class LoginWidgetUserPass extends StatelessWidget {
 
 const kAuthReqTypeOidc = 'oidc/';
 
-/// common login dialog for desktop
-/// call this directly
+// call this directly
 Future<bool?> loginDialog() async {
   var username =
       TextEditingController(text: UserModel.getLocalUserInfo()?['name'] ?? '');
@@ -457,11 +456,12 @@ Future<bool?> loginDialog() async {
           if (isEmailVerification != null) {
             if (isMobile) {
               if (close != null) close(false);
-              verificationCodeDialog(resp.user, isEmailVerification);
+              verificationCodeDialog(
+                  resp.user, resp.secret, isEmailVerification);
             } else {
               setState(() => isInProgress = false);
-              final res =
-                  await verificationCodeDialog(resp.user, isEmailVerification);
+              final res = await verificationCodeDialog(
+                  resp.user, resp.secret, isEmailVerification);
               if (res == true) {
                 if (close != null) close(false);
                 return;
@@ -611,7 +611,7 @@ Future<bool?> loginDialog() async {
 }
 
 Future<bool?> verificationCodeDialog(
-    UserPayload? user, bool isEmailVerification) async {
+    UserPayload? user, String? secret, bool isEmailVerification) async {
   var autoLogin = true;
   var isInProgress = false;
   String? errorText;
@@ -626,6 +626,7 @@ Future<bool?> verificationCodeDialog(
         final resp = await gFFI.userModel.login(LoginRequest(
             verificationCode: code.text,
             tfaCode: isEmailVerification ? null : code.text,
+            secret: secret,
             username: user?.name,
             id: await bind.mainGetMyId(),
             uuid: await bind.mainGetUuid(),
diff --git a/src/hbbs_http/account.rs b/src/hbbs_http/account.rs
index 7e35905b2..3f1a7f1c1 100644
--- a/src/hbbs_http/account.rs
+++ b/src/hbbs_http/account.rs
@@ -97,6 +97,8 @@ pub struct AuthBody {
     pub r#type: String,
     #[serde(default)]
     pub tfa_type: String,
+    #[serde(default)]
+    pub secret: String,
     pub user: UserPayload,
 }
 
diff --git a/src/ui/index.tis b/src/ui/index.tis
index 13c8141c3..b6d80fa04 100644
--- a/src/ui/index.tis
+++ b/src/ui/index.tis
@@ -1242,9 +1242,10 @@ function login() {
 }
 
 function on_2fa_check(last_msg) {
-    var isEmailCheck = !last_msg.tfa_type || last_msg.tfa_type == 'email_check';
+    const isEmailCheck = !last_msg.tfa_type || last_msg.tfa_type == 'email_check';
+    const secret = last_msg.secret;
+    const emailHint = last_msg.user.email;
 
-    var emailHint = last_msg.user.email;
     msgbox("custom-2fa-verification-code", translate('Verification code'), <div .form .set-password> 
             { isEmailCheck && <div><span>{translate('Email')}:</span><span>{emailHint}</span></div> }
             <div><span>{translate(isEmailCheck ? 'Verification code' : '2FA code')}:</span><input|text name="verification_code" .outline-focus /></div> 
@@ -1260,7 +1261,16 @@ function on_2fa_check(last_msg) {
             }
             abLoading = true;
             var url = handler.get_api_server();
-            const loginData = {username: last_msg.user.name, id: my_id, uuid: handler.get_uuid(), type: 'email_code', verificationCode: code, tfaCode: isEmailCheck ? '' : code, deviceInfo: getDeviceInfo()};
+            const loginData = {
+                username: last_msg.user.name,
+                id: my_id,
+                uuid: handler.get_uuid(),
+                type: 'email_code',
+                verificationCode: code,
+                tfaCode: isEmailCheck ? '' : code,
+                secret: secret,
+                deviceInfo: getDeviceInfo()
+            };
             httpRequest(url + "/api/login", #post, loginData, 
                 function(data) {
                     if (data.error) {