Merge pull request '[SEC] Notify owner about TOTP enrollment' (#4704) from gusted/sec-more-totp into forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4704 Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-07-27 20:53:47 +00:00 · 2024-07-27 20:53:47 +00:00 · 4c40bf5d29
commit 4c40bf5d29
parent e7a12286dd a7e96aae66
6 changed files with 137 additions and 0 deletions
--- a/services/mailer/mail.go
+++ b/services/mailer/mail.go
@ -44,6 +44,7 @@ const (
 	mailAuthPrimaryMailChange  base.TplName = "auth/primary_mail_change"
 	mailAuth2faDisabled        base.TplName = "auth/2fa_disabled"
 	mailAuthRemovedSecurityKey base.TplName = "auth/removed_security_key"
+	mailAuthTOTPEnrolled       base.TplName = "auth/totp_enrolled"

 	mailNotifyCollaborator base.TplName = "notify/collaborator"

@ -696,3 +697,36 @@ func SendRemovedSecurityKey(ctx context.Context, u *user_model.User, securityKey
 	SendAsync(msg)
 	return nil
 }
+
+// SendTOTPEnrolled informs the user that they've been enrolled into TOTP.
+func SendTOTPEnrolled(ctx context.Context, u *user_model.User) error {
+	if setting.MailService == nil {
+		return nil
+	}
+	locale := translation.NewLocale(u.Language)
+
+	hasWebAuthn, err := auth_model.HasWebAuthnRegistrationsByUID(ctx, u.ID)
+	if err != nil {
+		return err
+	}
+
+	data := map[string]any{
+		"locale":      locale,
+		"HasWebAuthn": hasWebAuthn,
+		"DisplayName": u.DisplayName(),
+		"Username":    u.Name,
+		"Language":    locale.Language(),
+	}
+
+	var content bytes.Buffer
+
+	if err := bodyTemplates.ExecuteTemplate(&content, string(mailAuthTOTPEnrolled), data); err != nil {
+		return err
+	}
+
+	msg := NewMessage(u.EmailTo(), locale.TrString("mail.totp_enrolled.subject"), content.String())
+	msg.Info = fmt.Sprintf("UID: %d, enrolled into TOTP notification", u.ID)
+
+	SendAsync(msg)
+	return nil
+}