mirror of
				https://github.com/iv-org/invidious.git
				synced 2025-10-26 10:48:28 -05:00 
			
		
		
		
	Add support for TOTP through Crotp
This commit is contained in:
		
							parent
							
								
									c6d948fa01
								
							
						
					
					
						commit
						23a71abc11
					
				| @ -484,5 +484,15 @@ | |||||||
|     "channel_tab_releases_label": "Releases", |     "channel_tab_releases_label": "Releases", | ||||||
|     "channel_tab_playlists_label": "Playlists", |     "channel_tab_playlists_label": "Playlists", | ||||||
|     "channel_tab_community_label": "Community", |     "channel_tab_community_label": "Community", | ||||||
|     "channel_tab_channels_label": "Channels" |     "channel_tab_channels_label": "Channels", | ||||||
|  |     "setup-totp-form-header": "Setup two factor authenticiation (TOTP)", | ||||||
|  |     "setup-totp-instructions-download-auth": "Install an authenticator app (or anything that supports totp) on your device", | ||||||
|  |     "setup-totp-instructions-enter-code": "Enter the following <strong>secret</strong> code:", | ||||||
|  |     "setup-totp-instructions-validate-code": "Enter the 6 digit number on your screen. Be sure to do it under thirty seconds!", | ||||||
|  |     "setup-totp-submit-button": "Setup TOTP", | ||||||
|  |     "general-totp-empty-field": "The TOTP code is a required field", | ||||||
|  |     "general-totp-invalid-code": "The TOTP code entered is invalid", | ||||||
|  |     "general-totp-enter-code-field": "6 digit number", | ||||||
|  |     "general-totp-enter-code-header": "Two-factor authentication", | ||||||
|  |     "general-totp-verify-button": "Verifiy" | ||||||
| } | } | ||||||
|  | |||||||
							
								
								
									
										21
									
								
								shard.lock
									
									
									
									
									
								
							
							
						
						
									
										21
									
								
								shard.lock
									
									
									
									
									
								
							| @ -1,12 +1,24 @@ | |||||||
| version: 2.0 | version: 2.0 | ||||||
| shards: | shards: | ||||||
|  |   ameba: | ||||||
|  |     git: https://github.com/crystal-ameba/ameba.git | ||||||
|  |     version: 0.14.4 | ||||||
|  | 
 | ||||||
|   athena-negotiation: |   athena-negotiation: | ||||||
|     git: https://github.com/athena-framework/negotiation.git |     git: https://github.com/athena-framework/negotiation.git | ||||||
|     version: 0.1.1 |     version: 0.1.3 | ||||||
| 
 | 
 | ||||||
|   backtracer: |   backtracer: | ||||||
|     git: https://github.com/sija/backtracer.cr.git |     git: https://github.com/sija/backtracer.cr.git | ||||||
|     version: 1.2.1 |     version: 1.2.2 | ||||||
|  | 
 | ||||||
|  |   base32: | ||||||
|  |     git: https://github.com/philnash/base32.git | ||||||
|  |     version: 0.1.1+git.commit.0a21c1d90731fdefcb3f0db4913f49d3d25350ac | ||||||
|  | 
 | ||||||
|  |   crotp: | ||||||
|  |     git: https://github.com/philnash/crotp.git | ||||||
|  |     version: 1.0.0 | ||||||
| 
 | 
 | ||||||
|   db: |   db: | ||||||
|     git: https://github.com/crystal-lang/crystal-db.git |     git: https://github.com/crystal-lang/crystal-db.git | ||||||
| @ -42,12 +54,9 @@ shards: | |||||||
| 
 | 
 | ||||||
|   spectator: |   spectator: | ||||||
|     git: https://github.com/icy-arctic-fox/spectator.git |     git: https://github.com/icy-arctic-fox/spectator.git | ||||||
|     version: 0.10.4 |     version: 0.10.6 | ||||||
| 
 | 
 | ||||||
|   sqlite3: |   sqlite3: | ||||||
|     git: https://github.com/crystal-lang/crystal-sqlite3.git |     git: https://github.com/crystal-lang/crystal-sqlite3.git | ||||||
|     version: 0.18.0 |     version: 0.18.0 | ||||||
| 
 | 
 | ||||||
|   ameba: |  | ||||||
|     git: https://github.com/crystal-ameba/ameba.git |  | ||||||
|     version: 0.14.3 |  | ||||||
|  | |||||||
| @ -31,6 +31,8 @@ dependencies: | |||||||
|   athena-negotiation: |   athena-negotiation: | ||||||
|     github: athena-framework/negotiation |     github: athena-framework/negotiation | ||||||
|     version: ~> 0.1.1 |     version: ~> 0.1.1 | ||||||
|  |   crotp: | ||||||
|  |     github: philnash/crotp | ||||||
| 
 | 
 | ||||||
| development_dependencies: | development_dependencies: | ||||||
|   spectator: |   spectator: | ||||||
|  | |||||||
| @ -445,3 +445,78 @@ def parse_link_endpoint(endpoint : JSON::Any, text : String, video_id : String) | |||||||
|   end |   end | ||||||
|   return text |   return text | ||||||
| end | end | ||||||
|  | 
 | ||||||
|  | def totp_validator(env) | ||||||
|  |   locale = LOCALES[env.get("preferences").as(Preferences).locale]? | ||||||
|  |   referer = get_referer(env) | ||||||
|  | 
 | ||||||
|  |   email = env.params.body["email"]?.try &.downcase.byte_slice(0, 254) | ||||||
|  |   password = env.params.body["password"]? | ||||||
|  |   totp_code = env.params.body["totp_code"]? | ||||||
|  |   user = PG_DB.query_one?("SELECT * FROM users WHERE email = $1", email, as: User) | ||||||
|  | 
 | ||||||
|  |   if !totp_code | ||||||
|  |     return error_template(401, translate(locale, "general-totp-empty-field")) | ||||||
|  |   end | ||||||
|  | 
 | ||||||
|  |   # Verify if possible | ||||||
|  |   if token = env.params.body["csrf_token"]? | ||||||
|  |     begin | ||||||
|  |       validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale) | ||||||
|  |     rescue ex | ||||||
|  |       return error_template(400, ex) | ||||||
|  |     end | ||||||
|  |   end | ||||||
|  | 
 | ||||||
|  |   totp_instance = CrOTP::TOTP.new(user.totp_secret) | ||||||
|  |   if !totp_instance.verify(totp_code) | ||||||
|  |     return error_template(401, translate(locale, "general-totp-invalid-code")) | ||||||
|  |   end | ||||||
|  | 
 | ||||||
|  |   if Kemal.config.ssl || CONFIG.https_only | ||||||
|  |     secure = true | ||||||
|  |   else | ||||||
|  |     secure = false | ||||||
|  |   end | ||||||
|  | 
 | ||||||
|  |   # There are two routes we can go here. | ||||||
|  |   # 1. Where the user is already logged in and is | ||||||
|  |   # confirming an dangerous task. | ||||||
|  |   # 2. The user is logging in. | ||||||
|  |   # | ||||||
|  |   # This can be detected by the hidden email and password parameter | ||||||
|  | 
 | ||||||
|  |   # https://stackoverflow.com/a/574698 | ||||||
|  |   if email && password | ||||||
|  |     # The rest of the login code. | ||||||
|  |     if Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55)) | ||||||
|  |       sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32)) | ||||||
|  |       PG_DB.exec("INSERT INTO session_ids VALUES ($1, $2, $3)", sid, email, Time.utc) | ||||||
|  | 
 | ||||||
|  |       if CONFIG.domain | ||||||
|  |         env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", domain: "#{CONFIG.domain}", value: sid, expires: Time.utc + 2.years, | ||||||
|  |           secure: secure, http_only: true) | ||||||
|  |       else | ||||||
|  |         env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", value: sid, expires: Time.utc + 2.years, | ||||||
|  |           secure: secure, http_only: true) | ||||||
|  |       end | ||||||
|  |     else | ||||||
|  |       return error_template(401, "Wrong username or password") | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     # Since this user has already registered, we don't want to overwrite their preferences | ||||||
|  |     if env.request.cookies["PREFS"]? | ||||||
|  |       cookie = env.request.cookies["PREFS"] | ||||||
|  |       cookie.expires = Time.utc(1990, 1, 1) | ||||||
|  |       env.response.cookies << cookie | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     env.redirect referer | ||||||
|  |   else | ||||||
|  |     if CONFIG.domain | ||||||
|  |       env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", domain: "#{CONFIG.domain}", value: true, expires: Time.utc + 1.hours, secure: secure, http_only: true) | ||||||
|  |     else | ||||||
|  |       env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", value: true, expires: Time.utc + 1.hours, secure: secure, http_only: true) | ||||||
|  |     end | ||||||
|  |   end | ||||||
|  | end | ||||||
|  | |||||||
| @ -1,5 +1,7 @@ | |||||||
| {% skip_file if flag?(:api_only) %} | {% skip_file if flag?(:api_only) %} | ||||||
| 
 | 
 | ||||||
|  | require "crotp" | ||||||
|  | 
 | ||||||
| module Invidious::Routes::Account | module Invidious::Routes::Account | ||||||
|   extend self |   extend self | ||||||
| 
 | 
 | ||||||
| @ -351,4 +353,137 @@ module Invidious::Routes::Account | |||||||
|       return "{}" |       return "{}" | ||||||
|     end |     end | ||||||
|   end |   end | ||||||
|  | 
 | ||||||
|  |   # ------------------- | ||||||
|  |   # 2fa through OTP handling | ||||||
|  |   # ------------------- | ||||||
|  |   def setup_2fa_page(env) | ||||||
|  |     locale = env.get("preferences").as(Preferences).locale | ||||||
|  | 
 | ||||||
|  |     user = env.get? "user" | ||||||
|  |     sid = env.get? "sid" | ||||||
|  |     referer = get_referer(env) | ||||||
|  | 
 | ||||||
|  |     user = user.as(User) | ||||||
|  |     sid = sid.as(String) | ||||||
|  |     csrf_token = generate_response(sid, {":setup_2fa"}, HMAC_KEY) | ||||||
|  | 
 | ||||||
|  |     db_secret = Random::Secure.random_bytes(16).hexstring | ||||||
|  |     totp = CrOTP::TOTP.new(db_secret) | ||||||
|  |     user_secret = totp.base32_secret | ||||||
|  | 
 | ||||||
|  |     return templated "user/setup_2fa" | ||||||
|  |   end | ||||||
|  | 
 | ||||||
|  |   # Setup TOTP (post) request. | ||||||
|  |   def setup_2fa(env) | ||||||
|  |     locale = env.get("preferences").as(Preferences).locale | ||||||
|  | 
 | ||||||
|  |     user = env.get? "user" | ||||||
|  |     sid = env.get? "sid" | ||||||
|  |     referer = get_referer(env) | ||||||
|  | 
 | ||||||
|  |     if !user | ||||||
|  |       return env.redirect referer | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     user = user.as(User) | ||||||
|  |     sid = sid.as(String) | ||||||
|  |     token = env.params.body["csrf_token"]? | ||||||
|  | 
 | ||||||
|  |     begin | ||||||
|  |       validate_request(token, sid, env.request, HMAC_KEY, locale) | ||||||
|  |     rescue ex | ||||||
|  |       return error_template(400, ex) | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     totp_code = env.params.body["totp_code"]? | ||||||
|  |     db_secret = env.params.body["db_secret"] # Must exist | ||||||
|  |     if !totp_code | ||||||
|  |       return error_template(401, translate(locale, "general-totp-empty-field")) | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     totp_instance = CrOTP::TOTP.new(db_secret) | ||||||
|  |     if !totp_instance.verify(totp_code) | ||||||
|  |       return error_template(401, translate(locale, "general-totp-invalid-code")) | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     PG_DB.exec("UPDATE users SET totp_secret = $1 WHERE email = $2", db_secret.to_s, user.email) | ||||||
|  |   end | ||||||
|  | 
 | ||||||
|  |   # Validate 2fa code endpoint | ||||||
|  |   def validate_2fa(env) | ||||||
|  |     locale = env.get("preferences").as(Preferences).locale | ||||||
|  |     referer = get_referer(env) | ||||||
|  | 
 | ||||||
|  |     email = env.params.body["email"]?.try &.downcase.byte_slice(0, 254) | ||||||
|  |     password = env.params.body["password"]? | ||||||
|  |     totp_code = env.params.body["totp_code"]? | ||||||
|  |     # This endpoint is only called when the user has a totp_secret. | ||||||
|  |     user = PG_DB.query_one?("SELECT * FROM users WHERE email = $1", email, as: User).not_nil! | ||||||
|  | 
 | ||||||
|  |     if !totp_code | ||||||
|  |       return error_template(401, translate(locale, "general-totp-empty-field")) | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     totp_instance = CrOTP::TOTP.new(user.totp_secret.not_nil!) | ||||||
|  |     if !totp_instance.verify(totp_code) | ||||||
|  |       return error_template(401, translate(locale, "general-totp-invalid-code")) | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     if Kemal.config.ssl || CONFIG.https_only | ||||||
|  |       secure = true | ||||||
|  |     else | ||||||
|  |       secure = false | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     # There are two routes we can go here. | ||||||
|  |     # 1. Where the user is already logged in and is | ||||||
|  |     # confirming an dangerous task. | ||||||
|  |     # 2. The user is logging in. | ||||||
|  |     # | ||||||
|  |     # This can be detected by the hidden email and password parameter | ||||||
|  | 
 | ||||||
|  |     # https://stackoverflow.com/a/574698 | ||||||
|  |     if email && password | ||||||
|  |       # The rest of the login code. | ||||||
|  |       if Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55)) | ||||||
|  |         sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32)) | ||||||
|  |         PG_DB.exec("INSERT INTO session_ids VALUES ($1, $2, $3)", sid, email, Time.utc) | ||||||
|  | 
 | ||||||
|  |         if CONFIG.domain | ||||||
|  |           env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", domain: "#{CONFIG.domain}", value: sid, expires: Time.utc + 2.years, | ||||||
|  |             secure: secure, http_only: true) | ||||||
|  |         else | ||||||
|  |           env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", value: sid, expires: Time.utc + 2.years, | ||||||
|  |             secure: secure, http_only: true) | ||||||
|  |         end | ||||||
|  |       else | ||||||
|  |         return error_template(401, "Wrong username or password") | ||||||
|  |       end | ||||||
|  | 
 | ||||||
|  |       # Since this user has already registered, we don't want to overwrite their preferences | ||||||
|  |       if env.request.cookies["PREFS"]? | ||||||
|  |         cookie = env.request.cookies["PREFS"] | ||||||
|  |         cookie.expires = Time.utc(1990, 1, 1) | ||||||
|  |         env.response.cookies << cookie | ||||||
|  |       end | ||||||
|  | 
 | ||||||
|  |       env.redirect referer | ||||||
|  |     else | ||||||
|  |       token = env.params.body["csrf_token"] | ||||||
|  | 
 | ||||||
|  |       begin | ||||||
|  |         validate_request(token, env.get?("sid").as(String), env.request, HMAC_KEY, locale) | ||||||
|  |       rescue ex | ||||||
|  |         return error_template(400, ex) | ||||||
|  |       end | ||||||
|  | 
 | ||||||
|  |       if CONFIG.domain | ||||||
|  |         env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", domain: "#{CONFIG.domain}", value: "1", expires: Time.utc + 1.hours, secure: secure, http_only: true) | ||||||
|  |       else | ||||||
|  |         env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", value: "1", expires: Time.utc + 1.hours, secure: secure, http_only: true) | ||||||
|  |       end | ||||||
|  |     end | ||||||
|  |   end | ||||||
| end | end | ||||||
|  | |||||||
| @ -56,6 +56,12 @@ module Invidious::Routes::Login | |||||||
|       user = Invidious::Database::Users.select(email: email) |       user = Invidious::Database::Users.select(email: email) | ||||||
| 
 | 
 | ||||||
|       if user |       if user | ||||||
|  |         # If user has setup TOTP | ||||||
|  |         if user.totp_secret | ||||||
|  |           csrf_token = nil # setting this to false for compatibility reasons. | ||||||
|  |           return templated "user/validate_2fa" | ||||||
|  |         end | ||||||
|  | 
 | ||||||
|         if Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55)) |         if Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55)) | ||||||
|           sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32)) |           sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32)) | ||||||
|           Invidious::Database::SessionIDs.insert(sid, email) |           Invidious::Database::SessionIDs.insert(sid, email) | ||||||
|  | |||||||
| @ -78,6 +78,11 @@ module Invidious::Routing | |||||||
|     post "/token_ajax", Routes::Account, :token_ajax |     post "/token_ajax", Routes::Account, :token_ajax | ||||||
|     post "/subscription_ajax", Routes::Subscriptions, :toggle_subscription |     post "/subscription_ajax", Routes::Subscriptions, :toggle_subscription | ||||||
|     get "/subscription_manager", Routes::Subscriptions, :subscription_manager |     get "/subscription_manager", Routes::Subscriptions, :subscription_manager | ||||||
|  | 
 | ||||||
|  |     # 2fa routes | ||||||
|  |     Invidious::Routing.get "/setup_2fa", Routes::Account, :setup_2fa_page | ||||||
|  |     Invidious::Routing.post "/setup_2fa", Routes::Account, :setup_2fa | ||||||
|  |     Invidious::Routing.post "/validate_2fa", Routes::Account, :validate_2fa | ||||||
|   end |   end | ||||||
| 
 | 
 | ||||||
|   def register_iv_playlist_routes |   def register_iv_playlist_routes | ||||||
|  | |||||||
| @ -345,6 +345,10 @@ | |||||||
|                     <a href="/feed/history"><%= translate(locale, "Watch history") %></a> |                     <a href="/feed/history"><%= translate(locale, "Watch history") %></a> | ||||||
|                 </div> |                 </div> | ||||||
| 
 | 
 | ||||||
|  |                 <div class="pure-control-group"> | ||||||
|  |                     <a href="/setup_2fa?referer=<%= URI.encode_www_form(referer) %>"><%= translate(locale, "setup-totp-form-header") %></a> | ||||||
|  |                 </div> | ||||||
|  | 
 | ||||||
|                 <div class="pure-control-group"> |                 <div class="pure-control-group"> | ||||||
|                     <a href="/delete_account?referer=<%= URI.encode_www_form(referer) %>"><%= translate(locale, "Delete account") %></a> |                     <a href="/delete_account?referer=<%= URI.encode_www_form(referer) %>"><%= translate(locale, "Delete account") %></a> | ||||||
|                 </div> |                 </div> | ||||||
|  | |||||||
							
								
								
									
										36
									
								
								src/invidious/views/user/setup_2fa.ecr
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										36
									
								
								src/invidious/views/user/setup_2fa.ecr
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,36 @@ | |||||||
|  | <% content_for "header" do %> | ||||||
|  | <title><%= translate(locale, "setup-totp-form-header") %> - Invidious</title> | ||||||
|  | <% end %> | ||||||
|  | 
 | ||||||
|  | <div class="pure-g"> | ||||||
|  |     <div class="pure-u-1 pure-u-lg-1-5"></div> | ||||||
|  |     <div class="pure-u-1 pure-u-lg-3-5"> | ||||||
|  |         <div class="h-box"> | ||||||
|  |             <form class="pure-form pure-form-aligned" action="/setup_2fa?referer=<%= URI.encode_www_form(referer) %>" method="post"> | ||||||
|  |                 <legend><%= translate(locale, "setup-totp-form-header") %></legend> | ||||||
|  |                 <fieldset> | ||||||
|  | 
 | ||||||
|  |                 <input name="db_secret" type="hidden" value="<%= HTML.escape(db_secret) %>"> | ||||||
|  | 
 | ||||||
|  |                 <ol style="word-wrap: anywhere; white-space: break-space;"> | ||||||
|  |                     <li> <%= translate(locale, "setup-totp-instructions-download-auth") %> </li> | ||||||
|  |                     <li> <%= translate(locale, "setup-totp-instructions-enter-code") %>  | ||||||
|  |                     <code> <%=user_secret%> </code> | ||||||
|  |                     </li> | ||||||
|  |                     <li> <%= translate(locale, "setup-totp-instructions-validate-code") %> </li> | ||||||
|  |                 </ol> | ||||||
|  | 
 | ||||||
|  |                 <input required class="pure-input-1" name="totp_code" placeholder="<%= translate(locale, "general-totp-enter-code-field") %>"> | ||||||
|  | 
 | ||||||
|  |                 <input type="hidden" name="csrf_token" value="<%= URI.encode_www_form(csrf_token) %>"> | ||||||
|  | 
 | ||||||
|  |                 <button type="submit" name="action" value="setup-totp-form-header" class="pure-button pure-button-primary"> | ||||||
|  |                     <%= translate(locale, "setup-totp-submit-button") %> | ||||||
|  |                 </button> | ||||||
|  | 
 | ||||||
|  |                 </fieldset> | ||||||
|  |             </form> | ||||||
|  |         </div> | ||||||
|  |     </div> | ||||||
|  |     <div class="pure-u-1 pure-u-lg-1-5"></div> | ||||||
|  | </div> | ||||||
							
								
								
									
										37
									
								
								src/invidious/views/user/validate_2fa.ecr
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										37
									
								
								src/invidious/views/user/validate_2fa.ecr
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,37 @@ | |||||||
|  | <% content_for "header" do %> | ||||||
|  | <title><%= translate(locale, "setup-totp-form-header") %> - Invidious</title> | ||||||
|  | <% end %> | ||||||
|  | 
 | ||||||
|  | <div class="pure-g"> | ||||||
|  |     <div class="pure-u-1 pure-u-lg-1-5"></div> | ||||||
|  |     <div class="pure-u-1 pure-u-lg-3-5"> | ||||||
|  |         <div class="h-box"> | ||||||
|  |             <form class="pure-form pure-form-aligned" action="/validate_2fa?referer=<%= URI.encode_www_form(referer) %>" method="post"> | ||||||
|  |                 <legend><%= translate(locale, "general-totp-enter-code-header") %></legend> | ||||||
|  |                 <fieldset> | ||||||
|  |                  | ||||||
|  |                 <!-- Hidden fields used for sign-in authentication--> | ||||||
|  |                 <% if email %> | ||||||
|  |                     <input name="email" type="hidden" value="<%= email %>"> | ||||||
|  |                 <% end %> | ||||||
|  |                 <% if password %> | ||||||
|  |                     <input name="password" type="hidden" value="<%= HTML.escape(password) %>"> | ||||||
|  |                 <% end %> | ||||||
|  | 
 | ||||||
|  |                 <input required class="pure-input-1" name="totp_code" placeholder="<%= translate(locale, "general-totp-enter-code-field") %>"> | ||||||
|  | 
 | ||||||
|  |                 <% if csrf_token %> | ||||||
|  |                     <input type="hidden" name="csrf_token" value="<%= URI.encode_www_form(csrf_token) %>"> | ||||||
|  |                 <% end %> | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  |                 <button type="submit" name="action" class="pure-button pure-button-primary"> | ||||||
|  |                     <%= translate(locale, "general-totp-verify-button") %> | ||||||
|  |                 </button> | ||||||
|  | 
 | ||||||
|  |                 </fieldset> | ||||||
|  |             </form> | ||||||
|  |         </div> | ||||||
|  |     </div> | ||||||
|  |     <div class="pure-u-1 pure-u-lg-1-5"></div> | ||||||
|  | </div> | ||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user