kyle/mcias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0b37fde1557ab508081c4b1886f860747e6b4f01
mcias/web/templates/profile.html
Kyle Isom 37afc68287 Add TOTP enrollment to web UI 
- Profile page TOTP section with enrollment flow:
  password re-auth → QR code + manual entry → 6-digit confirm
- Server-side QR code generation (go-qrcode, data: URI PNG)
- Admin "Remove TOTP" button on account detail page
- Enrollment nonces: sync.Map with 5-minute TTL, single-use
- Template fragments: totp_section.html, totp_enroll_qr.html
- Handler: handlers_totp.go (enroll start, confirm, admin remove)

Security: Password re-auth before secret generation (SEC-01).
Lockout checked before Argon2. CSRF on all endpoints. Single-use
enrollment nonces with expiry. TOTP counter replay prevention
(CRIT-01). Self-removal not permitted (admin only).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-16 17:39:45 -07:00

33 lines
1.2 KiB
HTML
Raw Blame History

{{define "profile"}}{{template "base" .}}{{end}}
{{define "title"}}Profile — MCIAS{{end}}
{{define "content"}}
<div class="page-header">
<h1>Profile</h1>
</div>
<div class="card">
<h2 style="font-size:1rem;font-weight:600;margin-bottom:1rem">Two-Factor Authentication (TOTP)</h2>
{{template "totp_section" .}}
</div>
{{if .WebAuthnEnabled}}
<div class="card">
<h2 style="font-size:1rem;font-weight:600;margin-bottom:1rem">Passkeys</h2>
<p class="text-muted text-small" style="margin-bottom:.75rem">
Passkeys let you sign in without a password using your device's biometrics or a security key.
</p>
{{template "webauthn_credentials" .}}
<h3 style="font-size:.9rem;font-weight:600;margin:1rem 0 .5rem">Add a Passkey</h3>
{{template "webauthn_enroll" .}}
</div>
<script src="/static/webauthn.js"></script>
{{end}}
<div class="card">
<h2 style="font-size:1rem;font-weight:600;margin-bottom:1rem">Change Password</h2>
<p class="text-muted text-small" style="margin-bottom:.75rem">
Enter your current password and choose a new one. Other active sessions will be revoked.
</p>
<div id="password-change-section">
{{template "password_change_form" .}}
</div>
</div>
{{end}}
Reference in New Issue View Git Blame Copy Permalink