diff --git a/README.md b/README.md index b4c66c4..e53d335 100644 --- a/README.md +++ b/README.md @@ -681,12 +681,12 @@ To enable this feature simply turn on `authboss.Config.Modules.TwoFactorEmailAuthRequired` and new routes and middlewares will be installed when you set up one of the 2fa modules. -When enabled, the routes for setting up and removing 2fa on an account are -protected by a middleware that will redirect to `/2fa/{totp,sms}/email/verify` -where Page `twofactor_verify` is displayed. The user is prompted to authorize -the addition of 2fa to their account. The data for this page contains `email` -and a `url` for the POST. The url is required because this page is shared -between all 2fa types. +When enabled, the routes for setting up 2fa on an account are protected by a +middleware that will redirect to `/2fa/{totp,sms}/email/verify` where +Page `twofactor_verify` is displayed. The user is prompted to authorize the +addition of 2fa to their account. The data for this page contains `email` and +a `url` for the POST. The url is required because this page is shared between +all 2fa types. Once they POST to the url, a token is stored in their session and an e-mail is sent with that token. When they click the link that goes to diff --git a/otp/twofactor/sms2fa/sms.go b/otp/twofactor/sms2fa/sms.go index 0da7fa5..e429dae 100644 --- a/otp/twofactor/sms2fa/sms.go +++ b/otp/twofactor/sms2fa/sms.go @@ -126,8 +126,8 @@ func (s *SMS) Setup() error { s.Authboss.Core.Router.Post("/2fa/sms/confirm", verified(confirm.Post)) remove := &SMSValidator{SMS: s, Page: PageSMSRemove} - s.Authboss.Core.Router.Get("/2fa/sms/remove", verified(remove.Get)) - s.Authboss.Core.Router.Post("/2fa/sms/remove", verified(remove.Post)) + s.Authboss.Core.Router.Get("/2fa/sms/remove", middleware(remove.Get)) + s.Authboss.Core.Router.Post("/2fa/sms/remove", middleware(remove.Post)) validate := &SMSValidator{SMS: s, Page: PageSMSValidate} s.Authboss.Core.Router.Get("/2fa/sms/validate", s.Core.ErrorHandler.Wrap(validate.Get)) diff --git a/otp/twofactor/totp2fa/totp.go b/otp/twofactor/totp2fa/totp.go index 9ee74cc..8d3f5c5 100644 --- a/otp/twofactor/totp2fa/totp.go +++ b/otp/twofactor/totp2fa/totp.go @@ -95,8 +95,8 @@ func (t *TOTP) Setup() error { t.Authboss.Core.Router.Get("/2fa/totp/confirm", verified(t.GetConfirm)) t.Authboss.Core.Router.Post("/2fa/totp/confirm", verified(t.PostConfirm)) - t.Authboss.Core.Router.Get("/2fa/totp/remove", verified(t.GetRemove)) - t.Authboss.Core.Router.Post("/2fa/totp/remove", verified(t.PostRemove)) + t.Authboss.Core.Router.Get("/2fa/totp/remove", middleware(t.GetRemove)) + t.Authboss.Core.Router.Post("/2fa/totp/remove", middleware(t.PostRemove)) t.Authboss.Core.Router.Get("/2fa/totp/validate", t.Core.ErrorHandler.Wrap(t.GetValidate)) t.Authboss.Core.Router.Post("/2fa/totp/validate", t.Core.ErrorHandler.Wrap(t.PostValidate)) diff --git a/otp/twofactor/twofactor_verify_test.go b/otp/twofactor/twofactor_verify_test.go index 1623206..7aab570 100644 --- a/otp/twofactor/twofactor_verify_test.go +++ b/otp/twofactor/twofactor_verify_test.go @@ -174,7 +174,7 @@ func TestEmailVerifyPostStart(t *testing.T) { t.Error("subject wrong:", mail.Subject) } - urlRgx := regexp.MustCompile(`^http://localhost:8080/auth/2fa/totp/email/verify/end\?token=[\-_a-zA-Z0-9=%]+$`) + urlRgx := regexp.MustCompile(`^http://localhost:8080/auth/2fa/totp/email/verify/end\?token=[_a-zA-Z0-9=%]+$`) data := h.renderer.Data if !urlRgx.MatchString(data[DataVerifyURL].(string)) {