fixes; reset 2fa

build.sh

@@ -1,3 +1,3 @@
 #!/usr/bin/env bash
 
-env CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -ldflags='-linkmode external -extldflags "-static" -s -w' -o openvpn-user
+env CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -ldflags "-linkmode external -extldflags -static -s -w" -o openvpn-user

openvpn-user.go

@@ -10,7 +10,7 @@ import (
 )
 
 const (
-	version = "1.0.6"
+	version = "1.0.7"
 )
 
 var (
@@ -56,6 +56,9 @@ var (
 	registerAppCommandUserFlag = registerAppCommand.Flag("user", "Username.").Short('u').Required().String()
 	registerAppCommandTotpFlag = registerAppCommand.Flag("totp", "TOTP.").Short('t').Required().String()
 
+	resetAppCommand         = kingpin.Command("reset-app", "register 2FA application")
+	resetAppCommandUserFlag = resetAppCommand.Flag("user", "Username.").Short('u').Required().String()
+
 	checkAppCommand         = kingpin.Command("check-app", "check 2FA application")
 	checkAppCommandUserFlag = checkAppCommand.Flag("user", "Username.").Short('u').Required().String()
 
@@ -120,6 +123,8 @@ func main() {
 		wrap(openvpnUser.RegisterOtpSecret(*updateSecretCommandUserFlag, *updateSecretCommandSecretFlag))
 	case registerAppCommand.FullCommand():
 		wrap(openvpnUser.RegisterOtpApplication(*registerAppCommandUserFlag, *registerAppCommandTotpFlag))
+	case resetAppCommand.FullCommand():
+		wrap(openvpnUser.ResetOtpApplication(*resetAppCommandUserFlag))
 	case checkAppCommand.FullCommand():
 		appConfigured, appErr := openvpnUser.IsSecondFactorEnabled(*checkAppCommandUserFlag)
 		if appErr != nil {

src/commands.go

@@ -186,7 +186,7 @@ func (oUser *OpenvpnUser) ChangeUserPassword(username, password string) (string,
 func (oUser *OpenvpnUser) RegisterOtpSecret(username, secret string) (string, error) {
 	if oUser.userIsActive(username) {
 		if secret == "generate" {
-			randomStr := randStr(6, "alphanum")
+			randomStr := RandStr(6, "alphanum")
 
 			secret = base32.StdEncoding.EncodeToString([]byte(randomStr))
 			log.Debug("new generated secret for user %s:  %s", username, secret)
@@ -227,6 +227,24 @@ func (oUser *OpenvpnUser) RegisterOtpApplication(username, totp string) (string,
 	}
 	return "", userIsNotActiveError
 }
+func (oUser *OpenvpnUser) ResetOtpApplication(username string) (string, error) {
+	if oUser.userIsActive(username) {
+
+		appConfigured, appErr := oUser.IsSecondFactorEnabled(username)
+		if appErr != nil {
+			return "", appErr
+		}
+		if appConfigured {
+			_, err := oUser.Database.Exec("UPDATE users SET app_configured = 0 WHERE username = $2")
+			if err != nil {
+				return "", err
+			}
+			return "OTP application reset successful", nil
+		}
+		return "OTP application not configured", nil
+	}
+	return "", userIsNotActiveError
+}
 
 func (oUser *OpenvpnUser) GetUserOtpSecret(username string) (string, error) {
 	if oUser.userIsActive(username) {

src/utils.go

@@ -2,20 +2,17 @@ package src
 
 import "crypto/rand"
 
-func randStr(strSize int, randType string) string {
+func RandStr(strSize int, randType string) string {
 
 	var dictionary string
 
-	if randType == "alphanum" {
-		dictionary = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
-	}
-
-	if randType == "alpha" {
-		dictionary = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
-	}
-
-	if randType == "number" {
+	switch randType {
+	case "number":
 		dictionary = "0123456789"
+	case "alpha":
+		dictionary = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+	default:
+		dictionary = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
 	}
 
 	var bytes = make([]byte, strSize)