From 043c7523acd6af5288191b15f746fc360b73ab40 Mon Sep 17 00:00:00 2001
From: Byron Jones
Date: Wed, 23 Sep 2015 11:54:41 +0800
Subject: Bug 1199087 - extend 2fa protection beyond login
---
.../password/set-forgotten-password.html.tmpl | 5 +-
.../en/default/account/prefs/account.html.tmpl | 2 +
template/en/default/account/prefs/apikey.html.tmpl | 25 ++---
template/en/default/account/prefs/mfa.html.tmpl | 112 ++++++++++-----------
.../en/default/account/prefs/settings.html.tmpl | 3 +
template/en/default/global/code-error.html.tmpl | 3 +
template/en/default/global/user-error.html.tmpl | 9 +-
template/en/default/mfa/protected.html.tmpl | 12 +++
template/en/default/mfa/totp/verify.html.tmpl | 18 ++--
9 files changed, 106 insertions(+), 83 deletions(-)
create mode 100644 template/en/default/mfa/protected.html.tmpl
(limited to 'template')
diff --git a/template/en/default/account/password/set-forgotten-password.html.tmpl b/template/en/default/account/password/set-forgotten-password.html.tmpl
index a2ae517c8..cfeacbb93 100644
--- a/template/en/default/account/password/set-forgotten-password.html.tmpl
+++ b/template/en/default/account/password/set-forgotten-password.html.tmpl
@@ -36,18 +36,19 @@
(minimum [% constants.USER_PASSWORD_MIN_LENGTH FILTER none %] characters)
-
+
New Password Again:
-
+
+ [% INCLUDE mfa/protected.html.tmpl user=token_user %]
diff --git a/template/en/default/account/prefs/account.html.tmpl b/template/en/default/account/prefs/account.html.tmpl
index bfae7f071..3f838691b 100644
--- a/template/en/default/account/prefs/account.html.tmpl
+++ b/template/en/default/account/prefs/account.html.tmpl
@@ -72,6 +72,7 @@
New password:
+ [% INCLUDE "mfa/protected.html.tmpl" %]
@@ -109,6 +110,7 @@
New email address:
+ [% INCLUDE "mfa/protected.html.tmpl" %]
[% END %]
diff --git a/template/en/default/account/prefs/apikey.html.tmpl b/template/en/default/account/prefs/apikey.html.tmpl
index 8b740cf1e..926f3838b 100644
--- a/template/en/default/account/prefs/apikey.html.tmpl
+++ b/template/en/default/account/prefs/apikey.html.tmpl
@@ -14,8 +14,10 @@
API keys are used to authenticate WebService API calls. You can create more than
one API key if required. Each API key has an optional description which can help
- you record what each key is used for. Documentation on how to log in is available from
-
+ you record what each key is used for.
+
+ Documentation on how to log in is available
+
here .
@@ -33,7 +35,7 @@ here.
[% FOREACH api_key IN api_keys %]
-
+
[% api_key.api_key FILTER html %]
name="revoked_[% api_key.id FILTER html %]"
id="revoked_[% api_key.id FILTER html %]"
[% IF api_key.revoked %] checked="checked" [% END %]>
+ [% IF api_key.revoked %]
+ [% INCLUDE "mfa/protected.html.tmpl" %]
+ [% END %]
[% END %]
@@ -61,15 +66,7 @@ here.
[% IF any_revoked %]
- Hide Revoked Keys
- [%# Show the link if the browser supports JS %]
-
+ Show Revoked Keys
[% END %]
New API key
@@ -79,10 +76,10 @@ providing a description for the API key. The API key will be randomly
generated for you.
-
+
Generate a new API key with optional description
+ [% INCLUDE "mfa/protected.html.tmpl" %]
diff --git a/template/en/default/account/prefs/mfa.html.tmpl b/template/en/default/account/prefs/mfa.html.tmpl
index e3751a5b7..5aed954f9 100644
--- a/template/en/default/account/prefs/mfa.html.tmpl
+++ b/template/en/default/account/prefs/mfa.html.tmpl
@@ -33,6 +33,7 @@
Disable Two-factor Authentication
+ [% INCLUDE "mfa/protected.html.tmpl" %]
@@ -50,7 +51,7 @@
[% IF user.mfa == "TOTP" %]
Code:
-
[% END %]
@@ -79,70 +80,67 @@
Two-factor authentication is currently
disabled .
+
-
Enable Two-factor Authentication
-
-
-
System:
-
-
- Time-based One-Time Password (TOTP)
-
+
+
+ Select the two-factor system you want to use:
+
+
Time-based One-Time Password (TOTP)
+
- [%# TOTP %]
-
+ [%# TOTP %]
+
-
- Your current password is required to enable two-factor authentication.
-
-
- Current Password:
-
-
+
+ Your current password is required to enable two-factor authentication.
+
+
+ Current Password:
+
+
-
- Generating new QR code..
-
+
+ Generating new QR code..
+
-
-
-
- Scan this QR code with your
TOTP App ,
- then enter the six digit code the app generates.
-
-
Code:
-
-
+
+
+
+ Scan this QR code with your
TOTP App ,
+ then enter the six digit code the app generates.
+
+
Code:
+
+
-
- If you have problems enrolling, this may be due to an inaccurate time on your device.
- Please check that the time on your device is accurate by visiting http://time.is/ .
-
-
-
+
+ If you have problems enrolling, this may be due to an inaccurate time on your device.
+ Please check that the time on your device is accurate by visiting http://time.is/ .
+
+
diff --git a/template/en/default/account/prefs/settings.html.tmpl b/template/en/default/account/prefs/settings.html.tmpl
index 65e31359b..0147f95ef 100644
--- a/template/en/default/account/prefs/settings.html.tmpl
+++ b/template/en/default/account/prefs/settings.html.tmpl
@@ -62,6 +62,9 @@
[% END %]
+ [% IF name == "api_key_only" %]
+ [% INCLUDE "mfa/protected.html.tmpl" %]
+ [% END %]
[% ELSE %]
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index 316e98450..c4ff7e73a 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -453,6 +453,9 @@
[% ELSIF error == "token_generation_error" %]
Something is seriously wrong with the token generation system.
+ [% ELSIF error == "token_data_too_big" %]
+ The data is too large to store in a token.
+
[% ELSIF error == "cancel_token_does_not_exist" %]
The token to be cancelled does not exist.
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 1ec3202bb..7a3a536cd 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -1215,6 +1215,11 @@
[% ELSIF error == "mfa_totp_bad_code" %]
Invalid verification code.
+ [% ELSIF error == "mfa_totp_bad_enrolment_code" %]
+ Invalid verification code.
+
+ The QR code has been deleted - please generate and scan a new code.
+
[% ELSIF error == "migrate_config_created" %]
The file [% file FILTER html %] contains configuration
variables that must be set before continuing with the migration.
@@ -1468,8 +1473,8 @@
You did not enter your old password correctly.
[% ELSIF error == "old_password_required" %]
- [% title = "Old Password Required" %]
- You must enter your old password to change your email address.
+ [% title = "Password Required" %]
+ You must enter your current password to change your email address.
[% ELSIF error == "password_change_requests_not_allowed" %]
[% title = "Password Change Requests Not Allowed" %]
diff --git a/template/en/default/mfa/protected.html.tmpl b/template/en/default/mfa/protected.html.tmpl
new file mode 100644
index 000000000..da945244d
--- /dev/null
+++ b/template/en/default/mfa/protected.html.tmpl
@@ -0,0 +1,12 @@
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ #
+ # This Source Code Form is "Incompatible With Secondary Licenses", as
+ # defined by the Mozilla Public License, v. 2.0.
+ #%]
+
+[% RETURN UNLESS user.mfa %]
+
+
diff --git a/template/en/default/mfa/totp/verify.html.tmpl b/template/en/default/mfa/totp/verify.html.tmpl
index 3ff720d62..e61ee3866 100644
--- a/template/en/default/mfa/totp/verify.html.tmpl
+++ b/template/en/default/mfa/totp/verify.html.tmpl
@@ -13,17 +13,19 @@
Account Verification
+ [% reason FILTER html %] requires verification.
Please enter your verification code from your TOTP application:
-
[% INCLUDE global/footer.html.tmpl %]
--
cgit v1.2.3-24-g4f1b