diff --git a/art/themes/luciano_blocktronics/2FACONFSCR.ans b/art/themes/luciano_blocktronics/2FACONFSCR.ans new file mode 100644 index 00000000..3c256000 Binary files /dev/null and b/art/themes/luciano_blocktronics/2FACONFSCR.ans differ diff --git a/art/themes/luciano_blocktronics/2FAOTPSECREQ.ans b/art/themes/luciano_blocktronics/2FAOTPSECREQ.ans new file mode 100644 index 00000000..ce0079ac Binary files /dev/null and b/art/themes/luciano_blocktronics/2FAOTPSECREQ.ans differ diff --git a/art/themes/luciano_blocktronics/theme.hjson b/art/themes/luciano_blocktronics/theme.hjson index 0e21329c..ab49f1fa 100644 --- a/art/themes/luciano_blocktronics/theme.hjson +++ b/art/themes/luciano_blocktronics/theme.hjson @@ -385,6 +385,47 @@ } } + userTwoFactorAuthOTPConfig: { + config: { + menuInfoFormat10: "{infoText}" + infoText: { + disabled: Enabling 2-factor authentication can greatly increase account security. + } + } + mci: { + TM1: { + width: 20 + items: [ + "enabled" + "disabled" + ] + focusTextStyle: upper + styleSGR1: |08 + } + SM2: { + width: 20 + focusTextStyle: upper + styleSGR1: |08 + items: [ + // order is important: + "Time-Based - TOTP" + "HMAC-Based - HOTP" + "Google Auth" + ] + } + TM3: { + focusTextStyle: upper + styleSGR1: |00|08 + } + MT10: { + width: 31 + height: 3 + mode: preview + acceptsFocus: false + } + } + } + nodeMessage: { config: { messageFormat: "|00|08 :: |03message from |11{fromUserName} |08/ |03node |11{fromNodeId}|08 @ |11{timestamp} |08::\r\n|07 {message}" diff --git a/core/user_2fa_otp_config.js b/core/user_2fa_otp_config.js index 61ef0a0c..8ad50425 100644 --- a/core/user_2fa_otp_config.js +++ b/core/user_2fa_otp_config.js @@ -34,13 +34,14 @@ const MciViewIds = { enableToggle : 1, otpType : 2, submit : 3, + infoText : 4, customRangeStart : 10, // 10+ = customs }; const DefaultMsg = { infoText: { - disabled : 'Enabling 2-Factor Authentication via One-Time-Password (2FA/OTP) can greatly increase the security of your account.', + disabled : 'Enabling 2-factor authentication can greatly increase account security.', enabled : 'A valid email address set in user config is required to enable 2-Factor Authentication.', rfc6238_TOTP : 'Time-Based One-Time-Password (TOTP, RFC-6238).', rfc4266_HOTP : 'HMAC-Based One-Time-Password (HOTP, RFC-4266).', diff --git a/misc/menu_template.in.hjson b/misc/menu_template.in.hjson index 9409a9c9..9de82c76 100644 --- a/misc/menu_template.in.hjson +++ b/misc/menu_template.in.hjson @@ -1137,6 +1137,23 @@ value: { command: "MRC" } action: @menu:mrc } + { + value: { command: "2FA" } + action: [ + { + // + // For security reasons, only allow 2FA/OTP to be + // configured over already secure (SSL, wss://, ...) + // connections. Not doing so risks leaking secrets! + // + acs: SC + action: @menu:userTwoFactorAuthOTPConfig + } + { + action: @menu:userTwoFactorAuthOTPSecConnRequired + } + ] + } { value: 1 action: @menu:mainMenu @@ -1210,6 +1227,85 @@ } } + userTwoFactorAuthOTPConfig: { + desc: 2FA/OTP Config + module: user_2fa_otp_config + art: 2FACONFSCR + form: { + 0: { + mci: { + TM1: { + argName: enableToggle + focus: true + items: [ + // order is important here: + "disable" + "enable/reset" + ] + } + SM2: { + argName: otpType + items: [ + // order is important here: + "Time-Based - TOTP" + "HMAC-Based - HOTP" + "Google Authenticator" + ] + } + TM3: { + argName: submit + items: [ + "save" + "cancel" + ] + submit: true + } + } + + submit: { + *: [ + { + value: { submit: 0 } + action: @method:saveChanges + } + { + value: { submit: 1 } + action: @systemMethod:prevMenu + } + ] + } + + actionKeys: [ + { + keys: [ "escape" ] + action: @systemMethod:prevMenu + } + { + keys: [ "q", "shift + q" ] + action: @method:showQRCode + } + { + keys: [ "s", "shift + s" ] + action: @method:showSecret + } + { + keys: [ "b", "shift + b" ] + action: @method:showBackupCodes + } + { + keys: [ "n", "shift + n" ] + action: @method:generateNewBackupCodes + } + ] + } + } + } + + userTwoFactorAuthOTPSecConnRequired: { + desc: Insecure Warning + art: 2FAOTPSECREQ + } + nodeMessage: { desc: Node Messaging module: node_msg