用户增加OTP认证设置

2026-02-10 16:38:46 +08:00 · 2022-07-24 16:14:38 +08:00
parent 847d08a9bb
commit f3ac8a5cc5
9 changed files with 222 additions and 7 deletions
--- a/internal/web/actions/default/users/update.go
+++ b/internal/web/actions/default/users/update.go
@@ -6,6 +6,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"github.com/xlzd/gotp"
 )

 type UpdateAction struct {
@@ -30,7 +31,7 @@ func (this *UpdateAction) RunGet(params struct {
 		this.ErrorPage(err)
 		return
 	}
-	user := userResp.User
+	var user = userResp.User
 	if user == nil {
 		this.NotFound("user", params.UserId)
 		return
@@ -42,7 +43,7 @@ func (this *UpdateAction) RunGet(params struct {
 		this.ErrorPage(err)
 		return
 	}
-	countAccessKeys := countAccessKeyResp.Count
+	var countAccessKeys = countAccessKeyResp.Count

 	// 是否有实名认证
 	hasNewIndividualIdentity, hasNewEnterpriseIdentity, identityTag, err := userutils.CheckUserIdentity(this.RPC(), this.AdminContext(), params.UserId)
@@ -51,6 +52,12 @@ func (this *UpdateAction) RunGet(params struct {
 		return
 	}

+	// OTP认证
+	var otpLoginIsOn = false
+	if user.OtpLogin != nil {
+		otpLoginIsOn = user.OtpLogin.IsOn
+	}
+
 	this.Data["user"] = maps.Map{
 		"id":              user.Id,
 		"username":        user.Username,
@@ -66,6 +73,9 @@ func (this *UpdateAction) RunGet(params struct {
 		"hasNewIndividualIdentity": hasNewIndividualIdentity,
 		"hasNewEnterpriseIdentity": hasNewEnterpriseIdentity,
 		"identityTag":              identityTag,
+
+		// otp
+		"otpLoginIsOn": otpLoginIsOn,
 	}

 	this.Data["clusterId"] = 0
@@ -89,6 +99,9 @@ func (this *UpdateAction) RunPost(params struct {
 	IsOn      bool
 	ClusterId int64

+	// OTP
+	OtpOn bool
+
 	Must *actions.Must
 	CSRF *actionutils.CSRF
 }) {
@@ -152,5 +165,50 @@ func (this *UpdateAction) RunPost(params struct {
 		return
 	}

+	// 修改OTP
+	otpLoginResp, err := this.RPC().LoginRPC().FindEnabledLogin(this.AdminContext(), &pb.FindEnabledLoginRequest{
+		UserId: params.UserId,
+		Type:   "otp",
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	{
+		var otpLogin = otpLoginResp.Login
+		if params.OtpOn {
+			if otpLogin == nil {
+				otpLogin = &pb.Login{
+					Id:   0,
+					Type: "otp",
+					ParamsJSON: maps.Map{
+						"secret": gotp.RandomSecret(16), // TODO 改成可以设置secret长度
+					}.AsJSON(),
+					IsOn:   true,
+					UserId: params.UserId,
+				}
+			} else {
+				// 如果已经有了，就覆盖，这样可以保留既有的参数
+				otpLogin.IsOn = true
+			}
+
+			_, err = this.RPC().LoginRPC().UpdateLogin(this.AdminContext(), &pb.UpdateLoginRequest{Login: otpLogin})
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+		} else {
+			_, err = this.RPC().LoginRPC().UpdateLogin(this.AdminContext(), &pb.UpdateLoginRequest{Login: &pb.Login{
+				Type:   "otp",
+				IsOn:   false,
+				UserId: params.UserId,
+			}})
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+		}
+	}
+
 	this.Success()
 }