FEATURE: add ability to have multiple totp factors (#7626)

Adds a second factor landing page that centralizes a user's second factor configuration. This contains both TOTP and Backup, and also allows multiple TOTP tokens to be registered and organized by a name. Access to this page is authenticated via password, and cached for 30 minutes via a secure session.
2025-05-24 23:31:21 +08:00 · 2019-06-26 16:58:06 -07:00
parent b2a033e92b
commit 88ef5e55fe
25 changed files with 793 additions and 549 deletions
--- a/app/assets/javascripts/discourse/models/user.js.es6
+++ b/app/assets/javascripts/discourse/models/user.js.es6
@ -205,17 +205,13 @@ const User = RestModel.extend({
    return suspendedTill && moment(suspendedTill).isAfter();
  },

-  @computed("suspended_till")
-  suspendedForever: isForever,
+  @computed("suspended_till") suspendedForever: isForever,

-  @computed("silenced_till")
-  silencedForever: isForever,
+  @computed("silenced_till") silencedForever: isForever,

-  @computed("suspended_till")
-  suspendedTillDate: longDate,
+  @computed("suspended_till") suspendedTillDate: longDate,

-  @computed("silenced_till")
-  silencedTillDate: longDate,
+  @computed("silenced_till") silencedTillDate: longDate,

  changeUsername(new_username) {
    return ajax(userPath(`${this.username_lower}/preferences/username`), {
@ -366,6 +362,40 @@ const User = RestModel.extend({
    });
  },

+  createSecondFactorTotp() {
+    return ajax("/u/create_second_factor_totp.json", {
+      type: "POST"
+    });
+  },
+
+  enableSecondFactorTotp(authToken, name) {
+    return ajax("/u/enable_second_factor_totp.json", {
+      data: {
+        second_factor_token: authToken,
+        name
+      },
+      type: "POST"
+    });
+  },
+
+  disableAllSecondFactors() {
+    return ajax("/u/disable_second_factor.json", {
+      type: "PUT"
+    });
+  },
+
+  updateSecondFactor(id, name, disable, targetMethod) {
+    return ajax("/u/second_factor.json", {
+      data: {
+        second_factor_target: targetMethod,
+        name,
+        disable,
+        id
+      },
+      type: "PUT"
+    });
+  },
+
  toggleSecondFactor(authToken, authMethod, targetMethod, enable) {
    return ajax("/u/second_factor.json", {
      data: {
@ -378,12 +408,8 @@ const User = RestModel.extend({
    });
  },

-  generateSecondFactorCodes(authToken, authMethod) {
+  generateSecondFactorCodes() {
    return ajax("/u/second_factors_backup.json", {
-      data: {
-        second_factor_token: authToken,
-        second_factor_method: authMethod
-      },
      type: "PUT"
    });
  },