github
/
halo-admin
mirror of https://github.com/halo-dev/halo-admin
1
0
Fork 0
Code Issues Releases Wiki Activity

Support MFA-TOTP Auth (halo #745) (#124)

Browse Source 
* login page add authcode-form

* halo mfa auth test

* profile page
pull/125/head
bear 5 years ago committed by GitHub
parent 3a491c4e42
commit abd29a834f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 349 additions and 11 deletions
Show Stats Download Patch File Download Diff File

16
src/api/admin.js
Unescape View File

@ -33,9 +33,9 @@ adminApi.install = data => {
}) })
} }
adminApi.login = (username, password) => { adminApi.loginPreCheck = (username, password) => {
return service({ return service({
url: `${baseUrl}/login`, url: `${baseUrl}/login/precheck`,
data: { data: {
username: username, username: username,
password: password password: password
@ -44,6 +44,18 @@ adminApi.login = (username, password) => {
}) })
} }
adminApi.login = (username, password, authcode) => {
return service({
url: `${baseUrl}/login`,
data: {
username: username,
password: password,
authcode: authcode
},
method: 'post'
})
}
adminApi.logout = () => { adminApi.logout = () => {
return service({ return service({
url: `${baseUrl}/logout`, url: `${baseUrl}/logout`,

32
src/api/user.js
Unescape View File

@ -30,4 +30,36 @@ userApi.updatePassword = (oldPassword, newPassword) => {
}) })
} }
userApi.mfaGenerate = (mfaType) => {
return service({
url: `${baseUrl}/mfa/generate`,
method: 'put',
data: {
mfaType: mfaType
}
})
}
userApi.mfaUpdate = (mfaType, mfaKey, authcode) => {
return service({
url: `${baseUrl}/mfa/update`,
method: 'put',
data: {
mfaType: mfaType,
mfaKey: mfaKey,
authcode: authcode
}
})
}
userApi.mfaCheck = (authcode) => {
return service({
url: `${baseUrl}/mfa/check`,
method: 'put',
data: {
authcode: authcode
}
})
}
export default userApi export default userApi

5
src/store/modules/user.js
Unescape View File

@ -45,11 +45,12 @@ const user = {
commit commit
}, { }, {
username, username,
password password,
authcode
}) { }) {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
adminApi adminApi
.login(username, password) .login(username, password, authcode)
.then(response => { .then(response => {
const token = response.data.data const token = response.data.data
Vue.$log.debug('Got token', token) Vue.$log.debug('Got token', token)

105
src/views/user/Login.vue
Unescape View File

@ -1,15 +1,18 @@
<template> <template>
<div class="container-wrapper"> <div class="container-wrapper">
<div class="halo-logo animated fadeInUp"> <div class="halo-logo animated fadeInUp">
<span>Halo<small v-if="apiModifyVisible">API </small></span> <span>Halo
<small v-if="apiModifyVisible">API </small>
<small v-if="authcodeVisible"></small>
</span>
</div> </div>
<div <div
v-show="!apiModifyVisible" v-show="formVisible == 'login-form'"
class="login-form animated" class="login-form animated"
> >
<a-form <a-form
layout="vertical" layout="vertical"
@keyup.enter.native="handleLogin" @keyup.enter.native="handleLoginPreCheck"
> >
<a-form-item <a-form-item
class="animated fadeInUp" class="animated fadeInUp"
@ -50,7 +53,7 @@
:loading="landing" :loading="landing"
type="primary" type="primary"
:block="true" :block="true"
@click="handleLogin" @click="handleLoginPreCheck"
>登录</a-button> >登录</a-button>
</a-form-item> </a-form-item>
@ -126,6 +129,51 @@
</a-row> </a-row>
</a-form> </a-form>
</div> </div>
<div
v-show="authcodeVisible"
class="authcode-form animated"
>
<a-form layout="vertical" @keyup.enter.native="handleLogin">
<a-form-item
class="animated fadeInUp"
:style="{'animation-delay': '0.1s'}"
>
<a-input
placeholder="两步验证码"
v-model="authcode"
:maxLength="6"
>
<a-icon
slot="prefix"
type="safety-certificate"
style="color: rgba(0,0,0,.25)"
/>
</a-input>
</a-form-item>
<a-form-item
class="animated fadeInUp"
:style="{'animation-delay': '0.3s'}"
>
<a-button
:loading="landing"
type="primary"
:block="true"
@click="handleLogin"
>验证</a-button>
</a-form-item>
<a-row>
<a
@click="toggleShowLoginForm"
class="tip animated fadeInUp"
:style="{'animation-delay': '0.4s'}"
>
<a-icon type="rollback" />
</a>
</a-row>
</a-form>
</div>
</div> </div>
</template> </template>
@ -138,7 +186,12 @@ export default {
return { return {
username: null, username: null,
password: null, password: null,
authcode: null,
needAuthCode: false,
formVisible: 'login-form', // login-form api-form authcode-form
loginVisible: true,
apiModifyVisible: false, apiModifyVisible: false,
authcodeVisible: false,
defaultApiBefore: window.location.protocol + '//', defaultApiBefore: window.location.protocol + '//',
apiUrl: window.location.host, apiUrl: window.location.host,
resetPasswordButton: false, resetPasswordButton: false,
@ -157,6 +210,13 @@ export default {
} }
}) })
}, },
watch: {
formVisible(value) {
this.loginVisible = (value === 'authcode-form')
this.apiModifyVisible = (value === 'api-form')
this.authcodeVisible = (value === 'authcode-form')
}
},
methods: { methods: {
...mapActions(['login', 'loadUser', 'loadOptions']), ...mapActions(['login', 'loadUser', 'loadOptions']),
...mapMutations({ ...mapMutations({
@ -170,6 +230,28 @@ export default {
} }
}) })
}, },
handleLoginPreCheck() {
if (!this.username) {
this.$message.warn('用户名不能为空!')
return
}
if (!this.password) {
this.$message.warn('密码不能为空!')
return
}
adminApi.loginPreCheck(this.username, this.password).then(response => {
if (response.data.data && response.data.data.needMFACode) {
this.formVisible = 'authcode-form'
this.authcode = null
this.needAuthCode = true
} else {
this.needAuthCode = false
this.handleLogin()
}
})
},
handleLogin() { handleLogin() {
if (!this.username) { if (!this.username) {
this.$message.warn('用户名不能为空!') this.$message.warn('用户名不能为空!')
@ -180,8 +262,14 @@ export default {
this.$message.warn('密码不能为空!') this.$message.warn('密码不能为空!')
return return
} }
if (this.needAuthCode && !this.authcode) {
this.$message.warn('两步验证码不能为空!')
return
}
this.landing = true this.landing = true
this.login({ username: this.username, password: this.password }) this.login({ username: this.username, password: this.password, authcode: this.authcode })
.then(response => { .then(response => {
// Go to dashboard // Go to dashboard
this.loginSuccess() this.loginSuccess()
@ -204,18 +292,23 @@ export default {
}, },
handleApiModifyOk() { handleApiModifyOk() {
this.setApiUrl(this.apiUrl) this.setApiUrl(this.apiUrl)
this.apiModifyVisible = false this.formVisible = 'login-form'
}, },
handleApiUrlRestore() { handleApiUrlRestore() {
this.restoreApiUrl() this.restoreApiUrl()
this.apiUrl = this.defaultApiUrl this.apiUrl = this.defaultApiUrl
}, },
toggleShowApiForm() { toggleShowApiForm() {
this.formVisible = this.apiModifyVisible ? 'login-form' : 'api-form'
this.apiModifyVisible = !this.apiModifyVisible this.apiModifyVisible = !this.apiModifyVisible
if (this.apiModifyVisible) { if (this.apiModifyVisible) {
this.apiUrl = this.defaultApiUrl this.apiUrl = this.defaultApiUrl
} }
}, },
toggleShowLoginForm() {
this.formVisible = 'login-form'
this.password = null
},
toggleHidden() { toggleHidden() {
this.resetPasswordButton = !this.resetPasswordButton this.resetPasswordButton = !this.resetPasswordButton
} }

202
src/views/user/Profile.vue
Unescape View File

@ -133,6 +133,67 @@
</a-form-item> </a-form-item>
</a-form> </a-form>
</a-tab-pane> </a-tab-pane>
<a-tab-pane key="3">
<span slot="tab">
<a-icon type="safety-certificate" />两步验证
</span>
<a-form-item label="两步验证:">
<a-switch
v-model="mfaParam.switch.checked"
:loading="mfaParam.switch.loading"
@change="handleMFASwitch"
/>
</a-form-item>
<a-form-item label="两步验证应用:">
<a-list
:loading="statisticsLoading"
itemLayout="horizontal"
>
<a-list-item>
<b>Authy</b> 功能丰富 专为两步验证码
<a-divider type="vertical" />
<a target="_blank" href="https://authy.com/download/">
IOS/Android/Windows/Mac/Linux
<a-icon type="link" />
</a>
<a-divider type="vertical" />
<a target="_blank" href="https://chrome.google.com/webstore/detail/authy/gaedmjdfmmahhbjefcbgaolhhanlaolb?hl=cn">
Chrome扩展
<a-icon type="link" />
</a>
</a-list-item>
<a-list-item>
<b>GoogleAuthenticator</b> 简单易用 但不支持密钥导出备份
<a-divider type="vertical" />
<a target="_blank" href="https://apps.apple.com/us/app/google-authenticator/id388497605">
IOS
<a-icon type="link" />
</a>
<a-divider type="vertical" />
<a target="_blank" href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=cn">
Android
<a-icon type="link" />
</a>
</a-list-item>
<a-list-item>
<b>MicrosoftAuthenticator</b> 使用微软全家桶的推荐
<a-divider type="vertical" />
<a target="_blank" href="https://www.microsoft.com/zh-cn/account/authenticator">
IOS/Android
<a-icon type="link" />
</a>
</a-list-item>
<a-list-item>
<b>1Password</b> 强大安全的密码管理付费应用
<a-divider type="vertical" />
<a target="_blank" href="https://1password.com/zh-cn/downloads/">
IOS/Android/Windows/Mac/Linux/ChromeOS
<a-icon type="link" />
</a>
</a-list-item>
</a-list>
</a-form-item>
</a-tab-pane>
</a-tabs> </a-tabs>
</div> </div>
</a-card> </a-card>
@ -146,6 +207,70 @@
title="选择头像" title="选择头像"
isChooseAvatar isChooseAvatar
/> />
<a-modal
:title="mfaParam.modal.title"
:visible="mfaParam.modal.visible"
@ok="handleSetMFAuth"
:confirmLoading="false"
@cancel="handleCloseMFAuthModal"
:closable="false"
:maskClosable="false"
icon="safety-certificate"
:keyboard="false"
:centered="true"
:destroyOnClose="true"
:width="300"
>
<a-form layout="inline" v-if="mfaUsed">
<a-form-item
extra="* 需要验证两步验证码"
>
<a-input
placeholder="两步验证码"
v-model="mfaParam.authcode"
:maxLength="6"
>
<a-icon
slot="prefix"
type="safety-certificate"
style="color: rgba(0,0,0,.25)"
/>
</a-input>
</a-form-item>
</a-form>
<div v-else>
<p>
1.请扫描二维码或导入 key
<img
width="235"
:src="mfaParam.qrImage"
/>
</p>
<p style="font-size: 12px;">
MFAKey:<br>{{ mfaParam.mfaKey }}
</p>
<p>
2.验证两步验证码
<a-form-item>
<a-input
placeholder="两步验证码"
v-model="mfaParam.authcode"
:maxLength="6"
>
<a-icon
slot="prefix"
type="safety-certificate"
style="color: rgba(0,0,0,.25)"
/>
</a-input>
</a-form-item>
</p>
<p style="font-size: 12px;">* 推荐使用 Authy | 微软验证器</p>
</div>
</a-modal>
</div> </div>
</template> </template>
@ -171,6 +296,21 @@ export default {
newPassword: null, newPassword: null,
confirmPassword: null confirmPassword: null
}, },
mfaParam: {
mfaKey: null,
mfaType: 'NONE',
mfaUsed: false,
authcode: null,
qrImage: null,
modal: {
title: '确认开启两步验证?',
visible: false
},
switch: {
loading: false,
checked: false
}
},
attachment: {} attachment: {}
} }
}, },
@ -178,11 +318,27 @@ export default {
passwordUpdateButtonDisabled() { passwordUpdateButtonDisabled() {
return !(this.passwordParam.oldPassword && this.passwordParam.newPassword) return !(this.passwordParam.oldPassword && this.passwordParam.newPassword)
}, },
...mapGetters(['options']) ...mapGetters(['options']),
mfaType() {
return this.mfaParam.mfaType
},
mfaUsed() {
return this.mfaParam.mfaUsed
}
}, },
created() { created() {
this.getStatistics() this.getStatistics()
}, },
watch: {
mfaType(value) {
if (value) {
this.mfaParam.mfaUsed = (value !== 'NONE')
}
},
mfaUsed(value) {
this.mfaParam.switch.checked = value
}
},
methods: { methods: {
...mapMutations({ setUser: 'SET_USER' }), ...mapMutations({ setUser: 'SET_USER' }),
getStatistics() { getStatistics() {
@ -190,6 +346,7 @@ export default {
this.user = response.data.data.user this.user = response.data.data.user
this.statistics = response.data.data this.statistics = response.data.data
this.statisticsLoading = false this.statisticsLoading = false
this.mfaParam.mfaType = this.user.mfaType && this.user.mfaType
}) })
}, },
handleUpdatePassword() { handleUpdatePassword() {
@ -240,6 +397,49 @@ export default {
handleSelectGravatar() { handleSelectGravatar() {
this.user.avatar = '//cn.gravatar.com/avatar/' + new MD5().update(this.user.email).digest('hex') + '&d=mm' this.user.avatar = '//cn.gravatar.com/avatar/' + new MD5().update(this.user.email).digest('hex') + '&d=mm'
this.attachmentDrawerVisible = false this.attachmentDrawerVisible = false
},
handleMFASwitch(useMFAuth) {
// loding
this.mfaParam.switch.loading = true
if (!useMFAuth && this.mfaUsed) {
// true -> false
// show cloes MFA modal
this.mfaParam.modal.title = '确认关闭两步验证?'
this.mfaParam.modal.visible = true
} else {
// false -> true
// show open MFA modal
this.mfaParam.modal.title = '确认开启两步验证?'
// generate MFAKey and Qr Image
userApi.mfaGenerate('TFA_TOTP').then(response => {
this.mfaParam.mfaKey = response.data.data.mfaKey
this.mfaParam.qrImage = response.data.data.qrImage
this.mfaParam.modal.visible = true
})
}
},
handleSetMFAuth() {
var mfaType = this.mfaUsed ? 'NONE' : 'TFA_TOTP'
if (mfaType === 'NONE') {
if (!this.mfaParam.authcode) {
this.$message.warn('两步验证码不能为空')
return
}
}
userApi.mfaUpdate(mfaType, this.mfaParam.mfaKey, this.mfaParam.authcode).then(response => {
this.handleCloseMFAuthModal()
this.mfaParam.mfaType = response.data.data.mfaType
this.$message.success(this.mfaUsed ? '两步验证已关闭!' : '两步验证已开启,下次登陆生效!')
})
},
handleCloseMFAuthModal() {
this.mfaParam.modal.visible = false
this.mfaParam.switch.loading = false
this.mfaParam.switch.checked = this.mfaUsed
// clean
this.mfaParam.authcode = null
this.mfaParam.qrImage = null
this.mfaParam.mfaKey = null
} }
} }
} }

Write Preview
Loading…
Cancel
Save