Allow users to rename their 2FA token

Fixes: fedora-infra#819 Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
abompard · May 12, 2022 · 221b638 · 221b638
1 parent 6181f7a
commit 221b638
Show file tree

Hide file tree

Showing 6 changed files with 1,608 additions and 2 deletions.
diff --git a/news/819.feature b/news/819.feature
@@ -0,0 +1 @@
+Allow users to rename their 2FA token
diff --git a/noggin/controller/user.py b/noggin/controller/user.py
@@ -27,6 +27,7 @@
     UserSettingsConfirmOTPForm,
     UserSettingsEmailForm,
     UserSettingsKeysForm,
+    UserSettingsOTPNameChange,
     UserSettingsOTPStatusChange,
     UserSettingsProfileForm,
 )
@@ -402,6 +403,36 @@ def user_settings_otp(ipa, username):
     )
 
 
+@bp.route('/user/<username>/settings/otp/rename/', methods=['POST'])
+@with_ipa()
+@require_self
+def user_settings_otp_rename(ipa, username):
+    form = UserSettingsOTPNameChange()
+
+    if form.validate_on_submit():
+        try:
+            ipa.otptoken_mod(
+                a_ipatokenuniqueid=form.token.data,
+                o_description=form.description.data,
+            )
+        except python_freeipa.exceptions.BadRequest as e:
+            if e.message != "no modifications to be performed":
+                flash(_('Cannot rename the token.'), 'danger')
+                current_app.logger.error(
+                    f'Something went wrong renaming an OTP token for user {username}: {e}'
+                )
+        except python_freeipa.exceptions.FreeIPAError as e:
+            flash(_('Cannot rename the token.'), 'danger')
+            current_app.logger.error(
+                f'Something went wrong renaming an OTP token for user {username}: {e}'
+            )
+
+    for field_errors in form.errors.values():
+        for error in field_errors:
+            flash(error, 'danger')
+    return redirect(url_for('.user_settings_otp', username=username))
+
+
 @bp.route('/user/<username>/settings/otp/disable/', methods=['POST'])
 @with_ipa()
 @require_self

diff --git a/noggin/form/edit_user.py b/noggin/form/edit_user.py
@@ -210,6 +210,15 @@ class UserSettingsOTPStatusChange(BaseForm):
     )
 
 
+class UserSettingsOTPNameChange(BaseForm):
+    token = HiddenField(
+        'token', validators=[DataRequired(message=_('Token must not be empty'))]
+    )
+    description = StringField(
+        validators=[Optional()],
+    )
+
+
 class UserSettingsAgreementSign(BaseForm):
     agreement = HiddenField(
         'agreement', validators=[DataRequired(message=_('Agreement must not be empty'))]

diff --git a/noggin/templates/user-settings-otp.html b/noggin/templates/user-settings-otp.html
@@ -85,7 +85,17 @@ <h5 id="pageheading">{{ _("OTP Tokens") }}</h5>
   <div class="list-group-item {{'text-muted bg-light' if token.disabled}}">
     <div class="row align-items-center">
       <div class="col">
-        <div data-role="token-description" class="font-weight-bold">{{token.description if token.description}}</div>
+        <div data-role="token-description" class="font-weight-bold otp-description">
+          {{token.description if token.description}}
+          <button class="btn btn-sm btn-outline-secondary ml-1" title="{{ _('Rename') }}"><i class="fa fa-edit"></i></button>
+        </div>
+        <div data-role="token-description" class="otp-rename-form d-none">
+          <form action="{{ url_for('.user_settings_otp_rename', username=current_user.username) }}" method="post" class="form-inline">
+            <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
+            <input type="text" class="form-control form-control-sm mr-1" name="description" value="{{token.description if token.description}}" />
+            <button type="submit" class="btn btn-sm btn-primary" name="token" value="{{ token.uniqueid }}">{{ _("Rename") }}</button>
+          </form>
+        </div>
         <div class="text-monospace">{{token.uniqueid}}</div>
       </div>
       <div class="col-auto">
@@ -129,7 +139,7 @@ <h5 id="pageheading">{{ _("OTP Tokens") }}</h5>
         $('#otp-qrcode').hide().qrcode("{{ otp_uri|safe }}");
         $('#otp-toggle').click(function() {
           $('#otp-qrcode').slideToggle("fast");
-        })
+        });
     });
   </script>
   {% endif %}
@@ -141,4 +151,14 @@ <h5 id="pageheading">{{ _("OTP Tokens") }}</h5>
     </script>
   {% endif %}
 
+  <script nonce="{{ csp_nonce() }}">
+    $(document).ready(function() {
+        $(".otp-description button").click(function() {
+          let parent = $(this).parent().parent();
+          parent.find(".otp-description").addClass("d-none");
+          parent.find(".otp-rename-form").removeClass("d-none");
+        });
+    });
+  </script>
+
 {% endblock %}