mirror of
https://github.com/simple-login/app.git
synced 2024-09-20 15:05:59 +08:00
Merge pull request #753 from FozzieHi/totp-invalid-login-email
Invalid TOTP and recovery code email notifications
This commit is contained in:
commit
89a800eed9
|
@ -6,6 +6,7 @@ from itsdangerous import Signer
|
|||
from app.api.base import api_bp
|
||||
from app.config import FLASK_SECRET
|
||||
from app.db import Session
|
||||
from app.email_utils import send_invalid_totp_login_email
|
||||
from app.log import LOG
|
||||
from app.models import User, ApiKey
|
||||
|
||||
|
@ -53,6 +54,7 @@ def auth_mfa():
|
|||
|
||||
totp = pyotp.TOTP(user.otp_secret)
|
||||
if not totp.verify(mfa_token):
|
||||
send_invalid_totp_login_email(user, "TOTP")
|
||||
return jsonify(error="Wrong TOTP Token"), 400
|
||||
|
||||
ret = {"name": user.name or "", "email": user.email}
|
||||
|
|
|
@ -16,6 +16,7 @@ from wtforms import BooleanField, StringField, validators
|
|||
from app.auth.base import auth_bp
|
||||
from app.config import MFA_USER_ID, URL
|
||||
from app.db import Session
|
||||
from app.email_utils import send_invalid_totp_login_email
|
||||
from app.extensions import limiter
|
||||
from app.models import User, MfaBrowser
|
||||
|
||||
|
@ -95,6 +96,7 @@ def mfa():
|
|||
# Trigger rate limiter
|
||||
g.deduct_limit = True
|
||||
otp_token_form.token.data = None
|
||||
send_invalid_totp_login_email(user, "TOTP")
|
||||
|
||||
return render_template(
|
||||
"auth/mfa.html",
|
||||
|
|
|
@ -7,6 +7,7 @@ from wtforms import StringField, validators
|
|||
from app.auth.base import auth_bp
|
||||
from app.config import MFA_USER_ID
|
||||
from app.db import Session
|
||||
from app.email_utils import send_invalid_totp_login_email
|
||||
from app.extensions import limiter
|
||||
from app.log import LOG
|
||||
from app.models import User, RecoveryCode
|
||||
|
@ -68,5 +69,6 @@ def recovery_route():
|
|||
# Trigger rate limiter
|
||||
g.deduct_limit = True
|
||||
flash("Incorrect code", "error")
|
||||
send_invalid_totp_login_email(user, "recovery")
|
||||
|
||||
return render_template("auth/recovery.html", recovery_form=recovery_form)
|
||||
|
|
|
@ -318,6 +318,8 @@ ALERT_FROM_ADDRESS_IS_REVERSE_ALIAS = "from_address_is_reverse_alias"
|
|||
|
||||
ALERT_SPF = "spf"
|
||||
|
||||
ALERT_INVALID_TOTP_LOGIN = "invalid_totp_login"
|
||||
|
||||
# when a mailbox is also an alias
|
||||
# happens when user adds a mailbox with their domain
|
||||
# then later adds this domain into SimpleLogin
|
||||
|
|
|
@ -50,6 +50,7 @@ from app.config import (
|
|||
ALERT_DIRECTORY_DISABLED_ALIAS_CREATION,
|
||||
TRANSACTIONAL_BOUNCE_EMAIL,
|
||||
ALERT_SPF,
|
||||
ALERT_INVALID_TOTP_LOGIN,
|
||||
TEMP_DIR,
|
||||
ALIAS_AUTOMATIC_DISABLE,
|
||||
RSPAMD_SIGN_DKIM,
|
||||
|
@ -173,6 +174,24 @@ def send_change_email(new_email, current_email, link):
|
|||
)
|
||||
|
||||
|
||||
def send_invalid_totp_login_email(user, totp_type):
|
||||
send_email_with_rate_control(
|
||||
user,
|
||||
ALERT_INVALID_TOTP_LOGIN,
|
||||
user.email,
|
||||
"Unsuccessful attempt to login to your SimpleLogin account",
|
||||
render(
|
||||
"transactional/invalid-totp-login.txt",
|
||||
type=totp_type,
|
||||
),
|
||||
render(
|
||||
"transactional/invalid-totp-login.html",
|
||||
type=totp_type,
|
||||
),
|
||||
1,
|
||||
)
|
||||
|
||||
|
||||
def send_test_email_alias(email, name):
|
||||
send_email(
|
||||
email,
|
||||
|
|
|
@ -209,7 +209,7 @@
|
|||
<!-- END Change email -->
|
||||
|
||||
<!-- Change password -->
|
||||
<div class="card">
|
||||
<div class="card" id="change_password">
|
||||
<div class="card-body">
|
||||
<div class="card-title">
|
||||
Password
|
||||
|
|
12
templates/emails/transactional/invalid-totp-login.html
Normal file
12
templates/emails/transactional/invalid-totp-login.html
Normal file
|
@ -0,0 +1,12 @@
|
|||
{% extends "base.html" %}
|
||||
|
||||
{% block content %}
|
||||
{{ render_text("There has been an unsuccessful attempt to login to your SimpleLogin account.") }}
|
||||
{{ render_text("An invalid " ~ type ~ " code was provided <b>but the email and password were correct.</b>") }}
|
||||
|
||||
{{ render_text("This request has been blocked. However, if this was <b>not</b> you, please <b>change your password immediately.</b>") }}
|
||||
{{ render_button("Change your password", URL ~ "/dashboard/setting#change_password") }}
|
||||
|
||||
{{ render_text('Thanks, <br />SimpleLogin Team.') }}
|
||||
{{ raw_url(URL ~ "/dashboard/setting#change_password") }}
|
||||
{% endblock %}
|
8
templates/emails/transactional/invalid-totp-login.txt
Normal file
8
templates/emails/transactional/invalid-totp-login.txt
Normal file
|
@ -0,0 +1,8 @@
|
|||
There has been an unsuccessful attempt to login to your SimpleLogin account.
|
||||
An invalid {{type}} code was provided but the email and password were correct.
|
||||
|
||||
This request has been blocked. However, if this was not you, please change your password immediately.
|
||||
{{URL}}/dashboard/setting#change_password
|
||||
|
||||
Thanks,
|
||||
SimpleLogin Team.
|
Loading…
Reference in a new issue