[FIX] SSO not working with 2FA (TOTP) (#2978)

* Update AuthenticationWebView.js * Updated loginTOTP * Added validation * Update rocketchat.js * Update rocketchat.js * Update rocketchat.js * Update rocketchat.js * Fix resolve * Remove incognito * Fix totp being requested on webview Co-authored-by: Diego Mello <diegolmello@gmail.com>
2021-03-22 13:26:44 -04:00 · 2021-03-22 13:26:44 -04:00 · 8bc8a07e72
parent d7562f7b79
commit 8bc8a07e72
2 changed files with 25 additions and 13 deletions
--- a/app/lib/rocketchat.js
+++ b/app/lib/rocketchat.js
@ -465,18 +465,30 @@ const RocketChat = {
 				if (e.data?.error && (e.data.error === 'totp-required' || e.data.error === 'totp-invalid')) {
 					const { details } = e.data;
 					try {
-						reduxStore.dispatch(setUser({ username: params.user || params.username }));
-						const code = await twoFactor({ method: details?.method || 'totp', invalid: e.data.error === 'totp-invalid' });
+						const code = await twoFactor({ method: details?.method || 'totp', invalid: details?.error === 'totp-invalid' });

-						// Force normalized params for 2FA starting RC 3.9.0.
-						const serverVersion = reduxStore.getState().server.version;
-						if (compareServerVersion(serverVersion, '3.9.0', methods.greaterThanOrEqualTo)) {
-							const user = params.user ?? params.username;
-							const password = params.password ?? params.ldapPass ?? params.crowdPassword;
-							params = { user, password };
+						if (loginEmailPassword) {
+							reduxStore.dispatch(setUser({ username: params.user || params.username }));
+
+							// Force normalized params for 2FA starting RC 3.9.0.
+							const serverVersion = reduxStore.getState().server.version;
+							if (compareServerVersion(serverVersion, '3.9.0', methods.greaterThanOrEqualTo)) {
+								const user = params.user ?? params.username;
+								const password = params.password ?? params.ldapPass ?? params.crowdPassword;
+								params = { user, password };
+							}
+
+							return resolve(this.loginTOTP({ ...params, code: code?.twoFactorCode }, loginEmailPassword));
 						}

-						return resolve(this.loginTOTP({ ...params, code: code?.twoFactorCode }, loginEmailPassword));
+						return resolve(this.loginTOTP({
+							totp: {
+								login: {
+									...params
+								},
+								code: code?.twoFactorCode
+							}
+						}));
 					} catch {
 						// twoFactor was canceled
 						return reject();
@ -511,7 +523,7 @@ const RocketChat = {
 	},

 	async loginOAuthOrSso(params) {
-		const result = await this.login(params);
+		const result = await this.loginTOTP(params);
 		reduxStore.dispatch(loginRequest({ resume: result.token }));
 	},

--- a/app/views/AuthenticationWebView.js
+++ b/app/views/AuthenticationWebView.js
@ -71,7 +71,7 @@ class AuthenticationWebView extends React.PureComponent {
 		navigation.pop();
 	}

-	login = async(params) => {
+	login = (params) => {
 		const { logging } = this.state;
 		if (logging) {
 			return;
@ -80,7 +80,7 @@ class AuthenticationWebView extends React.PureComponent {
 		this.setState({ logging: true });

 		try {
-			await RocketChat.loginOAuthOrSso(params);
+			RocketChat.loginOAuthOrSso(params);
 		} catch (e) {
 			console.warn(e);
 		}
@ -89,7 +89,7 @@ class AuthenticationWebView extends React.PureComponent {
 	}

 	// eslint-disable-next-line react/sort-comp
-	debouncedLogin = debounce(params => this.login(params), 3000);
+	debouncedLogin = debounce(params => this.login(params), 3000, true);

 	tryLogin = debounce(async() => {
 		const { Accounts_Iframe_api_url, Accounts_Iframe_api_method } = this.props;