fix: reduce totp verification overhead

yunionio · Jun 29, 2020 · 265bbc6 · 265bbc6
1 parent 0d18266
commit 265bbc6
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 8 deletions.
diff --git a/pkg/apigateway/handler/auth.go b/pkg/apigateway/handler/auth.go
@@ -230,6 +230,9 @@ func doTenantLogin(ctx context.Context, w http.ResponseWriter, req *http.Request
 		} else {
 			otpVerified = true
 		}
+	} else {
+		// if totp disabled, then assume totp been verified
+		otpVerified = true
 	}
 
 	token, e = auth.Client().SetProject(tenantId, "", "", token)
@@ -536,6 +539,11 @@ func (h *AuthHandlers) postLoginHandler(ctx context.Context, w http.ResponseWrit
 			httperrors.GeneralServerError(w, err)
 			return
 		}
+	} else {
+		// if totp is disabled, assume totp been verified
+		totp := clientman.TokenMan.GetTotp(tid)
+		totp.MarkVerified()
+		clientman.TokenMan.SaveTotp(tid)
 	}
 
 	appsrv.Send(w, qrcode)

diff --git a/pkg/apigateway/handler/middleware.go b/pkg/apigateway/handler/middleware.go
@@ -112,15 +112,15 @@ func FetchAuthToken(f func(context.Context, http.ResponseWriter, *http.Request))
 			return
 		}
 		// 启用双因子认证
-		t := AppContextToken(ctx)
-		if isUserEnableTotp(ctx, r, t) {
-			tid := getAuthToken(r)
-			totp := clientman.TokenMan.GetTotp(tid)
-			if !totp.IsVerified() {
-				httperrors.UnauthorizedError(w, "TOTP authentication failed")
-				return
-			}
+		// t := AppContextToken(ctx)
+		// if isUserEnableTotp(ctx, r, t) {
+		tid := getAuthToken(r)
+		totp := clientman.TokenMan.GetTotp(tid)
+		if !totp.IsVerified() {
+			httperrors.UnauthorizedError(w, "TOTP authentication failed")
+			return
 		}
+		// }
 
 		f(ctx, w, r)
 	}