[pve-devel] [PATCH widget-toolkit] tfa: improve UX for recovery keys and when none are left
Wolfgang Bumiller
w.bumiller at proxmox.com
Tue May 16 13:22:20 CEST 2023
If we get an empty challenge, tell the user to contact an
administrator as it means no 2nd factors and no recovery
keys are available.
Currently if only 1 key was available and it had a high ID,
we'd show something like: "Recovery keys available: 9,
Warning, less than 4 keys available."
Let's start off with the warning, and then be explicit about
the IDs.
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
---
src/window/TfaWindow.js | 73 ++++++++++++++++++++++++++++++++---------
1 file changed, 57 insertions(+), 16 deletions(-)
diff --git a/src/window/TfaWindow.js b/src/window/TfaWindow.js
index 22ac50d..0e63e36 100644
--- a/src/window/TfaWindow.js
+++ b/src/window/TfaWindow.js
@@ -45,11 +45,16 @@ Ext.define('Proxmox.window.TfaLoginWindow', {
let lastTabId = me.getLastTabUsed();
let initialTab = -1, i = 0;
+ let hasAny2nd = false, hasNonRecovery2nd = false;
for (const k of ['webauthn', 'totp', 'recovery', 'u2f', 'yubico']) {
const available = !!challenge[k];
vm.set(`availableChallenge.${k}`, available);
if (available) {
+ hasAny2nd = true;
+ if (k !== 'recovery') {
+ hasNonRecovery2nd = true;
+ }
if (i === lastTabId) {
initialTab = i;
} else if (initialTab < 0) {
@@ -58,15 +63,31 @@ Ext.define('Proxmox.window.TfaLoginWindow', {
}
i++;
}
+ if (!hasAny2nd || (!hasNonRecovery2nd && !challenge.recovery.length)) {
+ // no 2nd factors available (and if recovery keys are configured they're empty)
+ me.lookup('cannotLogin').setVisible(true);
+ me.lookup('recoveryKey').setVisible(false);
+ view.down('tabpanel').setActiveTab(2); // recovery
+ return;
+ }
view.down('tabpanel').setActiveTab(initialTab);
if (challenge.recovery) {
- me.lookup('availableRecovery').update(Ext.String.htmlEncode(
- gettext('Available recovery keys: ') + view.challenge.recovery.join(', '),
- ));
- me.lookup('availableRecovery').setVisible(true);
- if (view.challenge.recovery.length <= 3) {
- me.lookup('recoveryLow').setVisible(true);
+ if (!view.challenge.recovery.length) {
+ me.lookup('recoveryEmpty').setVisible(true);
+ } else {
+ me.lookup('availableRecovery').update(Ext.String.htmlEncode(
+ gettext('Available recovery keys: ')
+ + view
+ .challenge
+ .recovery
+ .map((id) => Ext.String.format(gettext('ID {0}'), id))
+ .join(', '),
+ ));
+ me.lookup('availableRecovery').setVisible(true);
+ if (view.challenge.recovery.length <= 3) {
+ me.lookup('recoveryLow').setVisible(true);
+ }
}
}
@@ -365,19 +386,23 @@ Ext.define('Proxmox.window.TfaLoginWindow', {
items: [
{
xtype: 'box',
- reference: 'availableRecovery',
+ reference: 'cannotLogin',
hidden: true,
+ html: '<i class="fa fa-exclamation-triangle warning"></i>'
+ + Ext.String.format(
+ gettext('No secon factor left! Please contact an administrator!'),
+ 4,
+ ),
},
{
- xtype: 'textfield',
- fieldLabel: gettext('Please enter one of your single-use recovery keys'),
- labelWidth: 300,
- name: 'recoveryKey',
- disabled: true,
- reference: 'recoveryKey',
- allowBlank: false,
- regex: /^[0-9a-f]{4}(-[0-9a-f]{4}){3}$/,
- regexText: gettext('Does not look like a valid recovery key'),
+ xtype: 'box',
+ reference: 'recoveryEmpty',
+ hidden: true,
+ html: '<i class="fa fa-exclamation-triangle warning"></i>'
+ + Ext.String.format(
+ gettext('No more recovery keys left! Please generate a new set!'),
+ 4,
+ ),
},
{
xtype: 'box',
@@ -389,6 +414,22 @@ Ext.define('Proxmox.window.TfaLoginWindow', {
4,
),
},
+ {
+ xtype: 'box',
+ reference: 'availableRecovery',
+ hidden: true,
+ },
+ {
+ xtype: 'textfield',
+ fieldLabel: gettext('Please enter one of your single-use recovery keys'),
+ labelWidth: 300,
+ name: 'recoveryKey',
+ disabled: true,
+ reference: 'recoveryKey',
+ allowBlank: false,
+ regex: /^[0-9a-f]{4}(-[0-9a-f]{4}){3}$/,
+ regexText: gettext('Does not look like a valid recovery key'),
+ },
],
},
{
--
2.30.2
More information about the pve-devel
mailing list