From 8ca2faa4684f62e441326a0238f9af53da920306 Mon Sep 17 00:00:00 2001
From: Ilya Sosnovsky <ilya.sosnovsky@flant.com>
Date: Mon, 14 Nov 2022 19:26:34 +0300
Subject: [PATCH] fixes for totp auth

---
 README.md       | 25 +++++++++++++++++--------
 openvpn-user.go | 13 +++++++++----
 2 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index 2368d62..66dde71 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,8 @@ usage: openvpn-user [<flags>] <command> [<args> ...]
 Flags:
   --help                         Show context-sensitive help (also try --help-long and --help-man).
   --db.path="./openvpn-user.db"  path do openvpn-user db
+  --debug                        Enable debug mode.
+  --version                      Show application version.
 
 Commands:
   help [<command>...]
@@ -46,9 +48,6 @@ Commands:
 
   delete --user=USER [<flags>]
     Delete user.
-    
-    flags:
-        --force  Delete from db
 
   revoke --user=USER
     Revoke user.
@@ -58,13 +57,23 @@ Commands:
 
   list [<flags>]
     List active users.
-    
-    flags:
-      --all  Show all users include revoked and delete
 
-  auth --user=USER --password=PASSWORD
+  check --user=USER
+    check user existent.
+
+  auth --user=USER [<flags>]
     Auth user.
 
   change-password --user=USER --password=PASSWORD
-    Change password.
+    Change password
+
+  update-secret --user=USER [<flags>]
+    update OTP secret
+
+  register-app --user=USER
+    register 2FA application
+
+  get-secret --user=USER
+    get OTP secret
+
 ```
diff --git a/openvpn-user.go b/openvpn-user.go
index 8a7c20d..91f23ec 100644
--- a/openvpn-user.go
+++ b/openvpn-user.go
@@ -59,10 +59,10 @@ var (
 	updateSecretCommandUserFlag   = updateSecretCommand.Flag("user", "Username.").Required().String()
 	updateSecretCommandSecretFlag = updateSecretCommand.Flag("secret", "Secret.").Default("generate").String()
 
-	registerAppCommand         = kingpin.Command("register-app", "update OTP secret")
+	registerAppCommand         = kingpin.Command("register-app", "register 2FA application")
 	registerAppCommandUserFlag = registerAppCommand.Flag("user", "Username.").Required().String()
 
-	getSecretCommand         = kingpin.Command("get-secret", "gwt OTP secret")
+	getSecretCommand         = kingpin.Command("get-secret", "get OTP secret")
 	getSecretCommandUserFlag = getSecretCommand.Flag("user", "Username.").Required().String()
 
 	debug = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool()
@@ -391,15 +391,20 @@ func authUser(username, password, totp string) {
 			trimmedToken := strings.TrimSpace(totp)
 
 			// Validate token
-			_, err := otpConfig.Authenticate(trimmedToken)
+			ok, err := otpConfig.Authenticate(trimmedToken)
 
 			if err != nil {
 				fmt.Println(err)
 				os.Exit(1)
-			} else {
+			}
+			if ok {
 				fmt.Println("Authorization successful")
 				os.Exit(0)
+			} else {
+				fmt.Println("Token mismatched")
+				os.Exit(1)
 			}
+
 		} else if len(password) > 0 && totp == "" {
 
 			err = bcrypt.CompareHashAndPassword([]byte(u.password), []byte(password))