GUACAMOLE-96: Clean up enrollment interface. Provide help text for user.

2025-09-06 21:27:40 +00:00 · 2017-11-20 15:51:06 -08:00
parent a422fdf9c2
commit 2a894c487c
5 changed files with 61 additions and 11 deletions
--- a/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java
+++ b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java
@@ -245,14 +245,14 @@ public class UserVerificationService {
            if (!key.isConfirmed()) {
                field.exposeKey(key);
                throw new GuacamoleInsufficientCredentialsException(
-                        "LOGIN.INFO_TOTP_REQUIRED", new CredentialsInfo(
+                        "TOTP.INFO_ENROLL_REQUIRED", new CredentialsInfo(
                            Collections.<Field>singletonList(field)
                        ));
            }

            // Otherwise simply request the user's authentication code
            throw new GuacamoleInsufficientCredentialsException(
-                    "LOGIN.INFO_TOTP_REQUIRED", new CredentialsInfo(
+                    "TOTP.INFO_CODE_REQUIRED", new CredentialsInfo(
                        Collections.<Field>singletonList(field)
                    ));

@@ -285,7 +285,7 @@ public class UserVerificationService {
        }

        // Provided code is not valid
-        throw new GuacamoleClientException("LOGIN.INFO_TOTP_VERIFICATION_FAILED");
+        throw new GuacamoleClientException("TOTP.INFO_VERIFICATION_FAILED");

    }

--- a/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/form/AuthenticationCodeField.java
+++ b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/form/AuthenticationCodeField.java
@@ -98,6 +98,28 @@ public class AuthenticationCodeField extends Field {
        this.key = key;
    }

+    /**
+     * Returns the number of digits used for each TOTP code. If the user's key
+     * is not being exposed to facilitate enrollment, this value will not be
+     * exposed either.
+     *
+     * @return
+     *     The number of digits used for each TOTP code, or null if the user's
+     *     key is not being exposed to facilitate enrollment.
+     *
+     * @throws GuacamoleException
+     *     If the number of digits cannot be read from guacamole.properties.
+     */
+    public Integer getDigits() throws GuacamoleException {
+
+        // Do not reveal code size unless enrollment is in progress
+        if (key == null)
+            return null;
+
+        return confService.getDigits();
+        
+    }
+
    /**
     * Returns the "otpauth" URI for the secret key used to generate TOTP codes
     * for the current user. If the secret key is not being exposed to
--- a/extensions/guacamole-auth-totp/src/main/resources/styles/totp.css
+++ b/extensions/guacamole-auth-totp/src/main/resources/styles/totp.css
@@ -17,4 +17,16 @@
 * under the License.
 */

-/* STUB */
+.totp-enroll p {
+    font-size: 0.8em;
+}
+
+.totp-qr-code {
+    text-align: center;
+}
+
+.totp-qr-code img {
+    margin: 1em;
+    border: 1px solid rgba(0,0,0,0.25);
+    box-shadow: 1px 1px 2px rgba(0,0,0,0.25);
+}
--- a/extensions/guacamole-auth-totp/src/main/resources/templates/authenticationCodeField.html
+++ b/extensions/guacamole-auth-totp/src/main/resources/templates/authenticationCodeField.html
@@ -1,13 +1,18 @@
 <div class="totp-code-field">

-    <!-- QR Code (if available) -->
-    <div class="totp-qr-code" ng-show="field.qrCode">
-        <img ng-src="{{field.qrCode}}">
+    <!-- Enroll user if necessary -->
+    <div class="totp-enroll" ng-show="field.qrCode">
+        <p translate="TOTP.HELP_ENROLL_BARCODE"></p>
+        <div class="totp-qr-code"><img ng-src="{{field.qrCode}}"></div>
+        <p translate="TOTP.HELP_ENROLL_VERIFY"
+           translate-values="{ DIGITS : field.digits }"></p>
    </div>

    <!-- Field for entry of the current TOTP code -->
    <div class="totp-code">
-        <input type="text" ng-model="model" autocorrect="off" autocapitalize="off"/>
+        <input type="text"
+               placeholder="{{'TOTP.FIELD_PLACEHOLDER_CODE' |translate}}"
+               ng-model="model" autocorrect="off" autocapitalize="off"/>
    </div>

 </div>
--- a/extensions/guacamole-auth-totp/src/main/resources/translations/en.json
+++ b/extensions/guacamole-auth-totp/src/main/resources/translations/en.json
@@ -5,9 +5,20 @@
    },

    "LOGIN" : {
-        "FIELD_HEADER_GUAC_TOTP"        : "Authentication Code",
-        "INFO_TOTP_REQUIRED"            : "Please enter your authentication code to verify your identity.",
-        "INFO_TOTP_VERIFICATION_FAILED" : "Verification failed. Please try again."
+        "FIELD_HEADER_GUAC_TOTP" : ""
+    },
+
+    "TOTP" : {
+
+        "FIELD_PLACEHOLDER_CODE" : "Authentication Code",
+
+        "INFO_CODE_REQUIRED"       : "Please enter your authentication code to verify your identity.",
+        "INFO_ENROLL_REQUIRED"     : "Multi-factor authentication has been enabled on your account.",
+        "INFO_VERIFICATION_FAILED" : "Verification failed. Please try again.",
+
+        "HELP_ENROLL_BARCODE" : "To complete the enrollment process, scan the barcode below with the two-factor authentication app on your phone or device.",
+        "HELP_ENROLL_VERIFY"  : "After scanning the barcode, enter the {DIGITS}-digit authentication code displayed to verify that enrollment was successful."
+
    }

 }