Kyle Isom
a80242ae3e
- Introduced `web/templates/` for HTMX-fragmented pages (`dashboard`, `accounts`, `account_detail`, `error_fragment`, etc.). - Implemented UI routes for account CRUD, audit log display, and login/logout with CSRF protection. - Added `internal/ui/` package for handlers, CSRF manager, session validation, and token issuance. - Updated documentation to include new UI features and templates directory structure. - Security: Double-submit CSRF cookies, constant-time HMAC validation, login password/Argon2id re-verification at all steps to prevent bypass.
19 lines
857 B
HTML
19 lines
857 B
HTML
{{define "totp_step"}}
|
|
<form id="login-form" method="POST" action="/login"
|
|
hx-post="/login" hx-target="#login-form" hx-swap="outerHTML">
|
|
{{if .Error}}<div class="alert alert-error" role="alert">{{.Error}}</div>{{end}}
|
|
<input type="hidden" name="username" value="{{.Username}}">
|
|
<input type="hidden" name="password" value="{{.Password}}">
|
|
<input type="hidden" name="totp_step" value="1">
|
|
<div class="form-group">
|
|
<label for="totp_code">Authenticator Code</label>
|
|
<input class="form-control" type="text" id="totp_code" name="totp_code"
|
|
autocomplete="one-time-code" inputmode="numeric" pattern="[0-9]{6}"
|
|
maxlength="6" required autofocus placeholder="6-digit code">
|
|
</div>
|
|
<div class="form-actions">
|
|
<button class="btn btn-primary" type="submit" style="width:100%">Verify</button>
|
|
</div>
|
|
</form>
|
|
{{end}}
|