fixes for totp auth

2024-11-22 00:55:34 -05:00 · 2022-11-14 19:26:34 +03:00 · 2022-11-14 19:26:34 +03:00 · 8ca2faa468
commit 8ca2faa468
parent e00a826faa
2 changed files with 26 additions and 12 deletions
--- a/README.md
+++ b/README.md
@ -30,6 +30,8 @@ usage: openvpn-user [<flags>] <command> [<args> ...]
 Flags:
  --help                         Show context-sensitive help (also try --help-long and --help-man).
  --db.path="./openvpn-user.db"  path do openvpn-user db
+  --debug                        Enable debug mode.
+  --version                      Show application version.

 Commands:
  help [<command>...]
@ -47,9 +49,6 @@ Commands:
  delete --user=USER [<flags>]
    Delete user.

-    flags:
-        --force  Delete from db
-
  revoke --user=USER
    Revoke user.

@ -59,12 +58,22 @@ Commands:
  list [<flags>]
    List active users.

-    flags:
-      --all  Show all users include revoked and delete
+  check --user=USER
+    check user existent.

-  auth --user=USER --password=PASSWORD
+  auth --user=USER [<flags>]
    Auth user.

  change-password --user=USER --password=PASSWORD
-    Change password.
+    Change password
+
+  update-secret --user=USER [<flags>]
+    update OTP secret
+
+  register-app --user=USER
+    register 2FA application
+
+  get-secret --user=USER
+    get OTP secret
+
 ```
--- a/openvpn-user.go
+++ b/openvpn-user.go
@ -59,10 +59,10 @@ var (
 	updateSecretCommandUserFlag   = updateSecretCommand.Flag("user", "Username.").Required().String()
 	updateSecretCommandSecretFlag = updateSecretCommand.Flag("secret", "Secret.").Default("generate").String()

-	registerAppCommand         = kingpin.Command("register-app", "update OTP secret")
+	registerAppCommand         = kingpin.Command("register-app", "register 2FA application")
 	registerAppCommandUserFlag = registerAppCommand.Flag("user", "Username.").Required().String()

-	getSecretCommand         = kingpin.Command("get-secret", "gwt OTP secret")
+	getSecretCommand         = kingpin.Command("get-secret", "get OTP secret")
 	getSecretCommandUserFlag = getSecretCommand.Flag("user", "Username.").Required().String()

 	debug = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool()
@ -391,15 +391,20 @@ func authUser(username, password, totp string) {
 			trimmedToken := strings.TrimSpace(totp)

 			// Validate token
-			_, err := otpConfig.Authenticate(trimmedToken)
+			ok, err := otpConfig.Authenticate(trimmedToken)

 			if err != nil {
 				fmt.Println(err)
 				os.Exit(1)
-			} else {
+			}
+			if ok {
 				fmt.Println("Authorization successful")
 				os.Exit(0)
+			} else {
+				fmt.Println("Token mismatched")
+				os.Exit(1)
 			}
+
 		} else if len(password) > 0 && totp == "" {

 			err = bcrypt.CompareHashAndPassword([]byte(u.password), []byte(password))