enable totp with basic authadmin-2fa

1 files changed, 15 insertions, 11 deletions

diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index c91b6d694..70a10e8bc 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -97,10 +97,22 @@ default_authentication_handler(Req, AuthModule) ->
             nil ->
                 throw({unauthorized, <<"Name or password is incorrect.">>});
             {ok, UserProps, _AuthCtx} ->
-                reject_if_totp(UserProps),
                 UserName = ?l2b(User),
-                Password = ?l2b(Pass),
-                case authenticate(Password, UserProps) of
+		Authenticated = case get_totp_config(UserProps) of
+	            undefined ->
+                        authenticate(?l2b(Pass), UserProps);
+		    _TOTP ->
+                        Len = couch_util:get_value(<<"length">>, UserProps, 6),
+                        case ?l2b(Pass) of
+                            <<Token:Len/binary, Password/binary>> ->
+                                PasswordRight = authenticate(Password, UserProps),
+                                verify_totp(UserProps, Token),
+                                PasswordRight;
+			   _ ->
+                               false
+                        end
+                end,
+                case Authenticated of
                     true ->
                         Req#httpd{user_ctx=#user_ctx{
                             name=UserName,
@@ -493,14 +505,6 @@ same_site() ->
     end.
 
 
-reject_if_totp(User) ->
-    case get_totp_config(User) of
-        undefined ->
-            ok;
-        _ ->
-            throw({unauthorized, <<"Name or password is incorrect.">>})
-    end.
-
 verify_totp(User, Token) when is_list(Token) ->
     verify_totp(User, ?l2b(Token));
 verify_totp(User, Token) when is_binary(Token) ->