add TOTP Secret to logins

passwall · Jul 13, 2023 · 1991194 · 1991194
1 parent 1facbd7
commit 1991194
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 35 deletions.
diff --git a/internal/app/encryption.go b/internal/app/encryption.go
@@ -44,7 +44,7 @@ func checkSecureKeyLen(length int) error {
 	return nil
 }
 
-//FallbackInsecureKey fallback method for sercure key
+// FallbackInsecureKey fallback method for sercure key
 func FallbackInsecureKey(length int) (string, error) {
 	const charset = "abcdefghijklmnopqrstuvwxyz" +
 		"ABCDEFGHIJKLMNOPQRSTUVWXYZ" +
@@ -66,7 +66,7 @@ func FallbackInsecureKey(length int) (string, error) {
 	return string(b), nil
 }
 
-//GenerateSecureKey generates a secure key width a given length
+// GenerateSecureKey generates a secure key width a given length
 func GenerateSecureKey(length int) (string, error) {
 	key := make([]byte, length)
 
@@ -191,28 +191,34 @@ func EncryptModel(rawModel interface{}) interface{} {
 
 // DecryptModel decrypts struct pointer according to struct tags
 func DecryptModel(rawModel interface{}) (interface{}, error) {
-	var err error
-	var valueByte []byte
 	num := reflect.ValueOf(rawModel).Elem().NumField()
 
 	var tagVal string
-
+	var lastErr error
 	for i := 0; i < num; i++ {
 		tagVal = reflect.TypeOf(rawModel).Elem().Field(i).Tag.Get("encrypt")
 		value := reflect.ValueOf(rawModel).Elem().Field(i).String()
 
-		if tagVal == "true" {
-			valueByte, err = base64.StdEncoding.DecodeString(value)
+		if tagVal == "true" && value != "" {
+			valueByte, err := base64.StdEncoding.DecodeString(value)
+			if err != nil {
+				logger.Errorf("Error while decoding: %s", err.Error())
+				lastErr = err
+			}
 
 			var decrypted []byte
 			decrypted, err = Decrypt(string(valueByte[:]), viper.GetString("server.passphrase"))
+			if err != nil {
+				logger.Errorf("Error while decrypting: %s", err.Error())
+				lastErr = err
+			}
 			value = string(decrypted)
 
 			reflect.ValueOf(rawModel).Elem().Field(i).SetString(value)
 		}
 	}
 
-	return rawModel, err
+	return rawModel, lastErr
 }
 
 // DecryptPayload ...

diff --git a/internal/app/login.go b/internal/app/login.go
@@ -64,6 +64,7 @@ func UpdateLogin(s storage.Store, login *model.Login, dto *model.LoginDTO, schem
 	login.Username = encModel.Username
 	login.Password = encModel.Password
 	login.Extra = encModel.Extra
+	login.TOTPSecret = encModel.TOTPSecret
 
 	updatedLogin, err := s.Logins().Update(login, schema)
 	if err != nil {

diff --git a/model/login.go b/model/login.go
@@ -6,47 +6,51 @@ import (
 
 // Login ...
 type Login struct {
-	ID        uint       `gorm:"primary_key" json:"id"`
-	CreatedAt time.Time  `json:"created_at"`
-	UpdatedAt time.Time  `json:"updated_at"`
-	DeletedAt *time.Time `json:"deleted_at"`
-	Title     string     `json:"title"`
-	URL       string     `json:"url"`
-	Username  string     `json:"username" encrypt:"true"`
-	Password  string     `json:"password" encrypt:"true"`
-	Extra     string     `json:"extra" encrypt:"true"`
+	ID         uint       `gorm:"primary_key" json:"id"`
+	CreatedAt  time.Time  `json:"created_at"`
+	UpdatedAt  time.Time  `json:"updated_at"`
+	DeletedAt  *time.Time `json:"deleted_at"`
+	Title      string     `json:"title"`
+	URL        string     `json:"url"`
+	Username   string     `json:"username" encrypt:"true"`
+	Password   string     `json:"password" encrypt:"true"`
+	TOTPSecret string     `json:"totp_secret" encrypt:"true"`
+	Extra      string     `json:"extra" encrypt:"true"`
 }
 
-//LoginDTO DTO object for Login type
+// LoginDTO DTO object for Login type
 type LoginDTO struct {
-	ID       uint   `json:"id"`
-	Title    string `json:"title"`
-	URL      string `json:"url"`
-	Username string `json:"username"`
-	Password string `json:"password"`
-	Extra    string `json:"extra"`
+	ID         uint   `json:"id"`
+	Title      string `json:"title"`
+	URL        string `json:"url"`
+	Username   string `json:"username"`
+	Password   string `json:"password"`
+	TOTPSecret string `json:"totp_secret" encrypt:"true"`
+	Extra      string `json:"extra"`
 }
 
 // ToLogin ...
 func ToLogin(loginDTO *LoginDTO) *Login {
 	return &Login{
-		Title:    loginDTO.Title,
-		URL:      loginDTO.URL,
-		Username: loginDTO.Username,
-		Password: loginDTO.Password,
-		Extra:    loginDTO.Extra,
+		Title:      loginDTO.Title,
+		URL:        loginDTO.URL,
+		Username:   loginDTO.Username,
+		Password:   loginDTO.Password,
+		Extra:      loginDTO.Extra,
+		TOTPSecret: loginDTO.TOTPSecret,
 	}
 }
 
 // ToLoginDTO ...
 func ToLoginDTO(login *Login) *LoginDTO {
 	return &LoginDTO{
-		ID:       login.ID,
-		Title:    login.Title,
-		URL:      login.URL,
-		Username: login.Username,
-		Password: login.Password,
-		Extra:    login.Extra,
+		ID:         login.ID,
+		Title:      login.Title,
+		URL:        login.URL,
+		Username:   login.Username,
+		Password:   login.Password,
+		Extra:      login.Extra,
+		TOTPSecret: login.TOTPSecret,
 	}
 }