Refactor authentication result handling in register.go

Revised code in register.go to distinguish successful and failed 2FA authentication outcomes. Removed an unnecessary blank line and renamed a variable to better reflect its functionality. Adjusted the function processAuthResult, adding authCompleteWithFail as an extra parameter and differentiating actions based on outcome. This helps to handle the 2FA redirection more appropriately based on whether authentication was successful or failed. Signed-off-by: Christian Roessner <c@roessner.co>
croessner · May 7, 2024 · 1f52aec · 1f52aec
1 parent 486d0cb
commit 1f52aec
Showing 1 changed file with 41 additions and 11 deletions.
diff --git a/server/core/register.go b/server/core/register.go
@@ -97,7 +97,6 @@ func loginGET2FAHandler(ctx *gin.Context) {
 	languagePassive := createLanguagePassive(ctx, global.TwoFAv1Root+viper.GetString("login_2fa_page"), config.DefaultLanguageTags, languageCurrentName)
 
 	totpSecret, _, _ := getSessionTOTPSecret(ctx)
-
 	if totpSecret == "" {
 		sessionCleaner(ctx)
 		displayLoginpage(ctx, languageCurrentName, languagePassive)
@@ -239,14 +238,20 @@ func getSessionTOTPSecret(ctx *gin.Context) (string, string, string) {
 // Page '/2fa/v1/register/post'
 func loginPOST2FAHandler(ctx *gin.Context) {
 	var (
-		authCompleteOK bool
-		err            error
-		guid           = ctx.GetString(global.CtxGUIDKey)
+		authCompleteWithOK   bool
+		authCompleteWithFail bool
+		err                  error
+		guid                 = ctx.GetString(global.CtxGUIDKey)
 	)
 
 	authResult := processTOTPSecret(ctx)
+
 	if authResult == global.AuthResultOK {
-		authCompleteOK = true
+		authCompleteWithOK = true
+	}
+
+	if authResult == global.AuthResultFail {
+		authCompleteWithFail = true
 	}
 
 	auth := &Authentication{
@@ -284,9 +289,20 @@ func loginPOST2FAHandler(ctx *gin.Context) {
 
 	if authResult == global.AuthResultUnset {
 		authResult = auth.handlePassword(ctx)
+
+		// User does not have a TOTP secret
+		if _, found := auth.getTOTPSecretOk(); !found {
+			if authResult == global.AuthResultOK {
+				authCompleteWithOK = true
+			}
+
+			if authResult == global.AuthResultFail {
+				authCompleteWithFail = true
+			}
+		}
 	}
 
-	processAuthResult(ctx, authResult, auth, authCompleteOK)
+	processAuthResult(ctx, authResult, auth, authCompleteWithOK, authCompleteWithFail)
 }
 
 // processTOTPSecret retrieves the TOTP secret and code from the session and the POST form, respectively.
@@ -331,17 +347,31 @@ func processTOTPSecret(ctx *gin.Context) global.AuthResult {
 // ctx: The Gin context.
 // authResult: The result of the authentication.
 // auth: The Authentication object.
-func processAuthResult(ctx *gin.Context, authResult global.AuthResult, auth *Authentication, authCompleteOK bool) {
+func processAuthResult(ctx *gin.Context, authResult global.AuthResult, auth *Authentication, authCompleteWithOK bool, authCompleteWithFail bool) {
 	if authResult == global.AuthResultOK {
-		if !authCompleteOK {
+		if !authCompleteWithOK {
+			if err := saveSessionData(ctx, authResult, auth); err != nil {
+				handleErr(ctx, err)
+
+				return
+			}
+		}
+
+		processTwoFARedirect(ctx, authCompleteWithOK)
+	} else if authResult == global.AuthResultFail {
+		if !authCompleteWithFail {
 			if err := saveSessionData(ctx, authResult, auth); err != nil {
 				handleErr(ctx, err)
 
 				return
 			}
+
+			processTwoFARedirect(ctx, authCompleteWithFail)
+
+			return
 		}
 
-		processTwoFARedirect(ctx, authCompleteOK)
+		handleAuthFailureAndRedirect(ctx, auth)
 	} else {
 		handleAuthFailureAndRedirect(ctx, auth)
 	}
@@ -353,11 +383,11 @@ func processAuthResult(ctx *gin.Context, authResult global.AuthResult, auth *Aut
 // It sets the `targetURI` to the appropriate URL based on the authentication complete status.
 // It redirects the context to the `targetURI` with the HTTP status of `http.StatusFound`.
 // It logs the redirect information with the `guid`, username, authentication status, and URI path.
-func processTwoFARedirect(ctx *gin.Context, authCompleteOK bool) {
+func processTwoFARedirect(ctx *gin.Context, authComplete bool) {
 	guid := ctx.GetString(global.CtxGUIDKey)
 
 	targetURI := global.TwoFAv1Root + viper.GetString("login_2fa_post_page")
-	if !authCompleteOK {
+	if !authComplete {
 		targetURI = global.TwoFAv1Root + viper.GetString("login_2fa_page")
 	}