From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <d.csapak@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 883D5BA579
 for <pve-devel@lists.proxmox.com>; Thu, 14 Dec 2023 10:55:18 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 69EC5151CF
 for <pve-devel@lists.proxmox.com>; Thu, 14 Dec 2023 10:55:18 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-devel@lists.proxmox.com>; Thu, 14 Dec 2023 10:55:17 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id B00AF4755C
 for <pve-devel@lists.proxmox.com>; Thu, 14 Dec 2023 10:55:17 +0100 (CET)
From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Thu, 14 Dec 2023 10:55:16 +0100
Message-Id: <20231214095517.2339898-1-d.csapak@proxmox.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.130 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 POISEN_SPAM_PILL          0.1 Meta: its spam
 POISEN_SPAM_PILL_1        0.1 random spam to be learned in bayes
 POISEN_SPAM_PILL_3        0.1 random spam to be learned in bayes
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
Subject: [pve-devel] [RFC PATCH pve-manager 1/2] ui: mobile: fix totp login
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2023 09:55:18 -0000

logging in with totp on mobile was broken with these two commits:

pve-manager:
509d7a20 ("mobile ui: implement dummy message box and scrip loader")
and
pve-access-control:
cb64967 ("api: drop old verify_tfa api call")

the pve-manager one overwrote the Ext.MessageBox and Ext.Msg classes and
thus removed the Ext.MessageBox.OKCANCEL constant that represented the
buttons of popup messages (without those no buttons on message boxes
where shown).

This override did not work as intended, as we still  showed the message
box by accident, because at that point the Ext.MessageBox was already
initialized (so it was overwritten), but Ext.Msg was not (this happens
later).

and the pve-access-control removed the old tfa verify api (which is now
done via the /access/ticket api)

so to fix that, we have to adapt to the api changes and restore the
stock Ext.MessageBox and Ext.Msg classes by removing the overrides
(i couldn't find where we would need those)

we still cannot handle u2f or recovery methods though

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
 www/mobile/Login.js   | 8 ++++++--
 www/mobile/Toolkit.js | 5 -----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/www/mobile/Login.js b/www/mobile/Login.js
index 0abc2a14..06c8b3d4 100644
--- a/www/mobile/Login.js
+++ b/www/mobile/Login.js
@@ -35,8 +35,12 @@ Ext.define('PVE.Login', {
 			    message: 'Loading...',
 			});
 			Proxmox.Utils.API2Request({
-			    url: '/api2/extjs/access/tfa',
-			    params: { response: code },
+			    url: '/api2/extjs/access/ticket',
+			    params: {
+				username: ticketResponse.username,
+				'tfa-challenge': ticketResponse.ticket,
+				password: `totp:${code}`
+			    },
 			    method: 'POST',
 			    timeout: 5000, // it'll delay both success & failure
 			    success: function(resp, opts) {
diff --git a/www/mobile/Toolkit.js b/www/mobile/Toolkit.js
index c6e4e4a0..7bde24e6 100644
--- a/www/mobile/Toolkit.js
+++ b/www/mobile/Toolkit.js
@@ -7,9 +7,4 @@ Ext.Ajax.setDisableCaching(false);
 // do not send '_dc' parameter
 Ext.Ajax.disableCaching = false;
 
-Ext.MessageBox = Ext.Msg = {
-    alert: (title, message) => console.warn(title, message),
-    show: ({ title, message }) => console.warn(title, message),
-};
-
 Ext.Loader.injectScriptElement = (url) => console.warn(`surpressed loading ${url}`);
-- 
2.30.2