Telegram 2FA fixes (#4650)

Ylianst · Oct 23, 2022 · 90e271d · 90e271d
1 parent f8cccb4
commit 90e271d
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 11 deletions.
diff --git a/views/default.handlebars b/views/default.handlebars
@@ -424,8 +424,8 @@
                             <div id="manageAuthApp"><div class="p2AccountActions"><span id="authAppSetupCheck"><strong>&#x2713;</strong></span></div><span><a href=# onclick="return account_manageAuthApp()">Manage authenticator app</a><br /></span></div>
                             <div id="manageHardwareOtp"><div class="p2AccountActions"><span id="authKeySetupCheck"><strong>&#x2713;</strong></span></div><span><a href=# onclick="return account_manageHardwareOtp(0)">Manage security keys</a><br /></span></div>
                             <div id="managePushAuthDev"><div class="p2AccountActions"><span id="authPushAuthDevCheck"><strong>&#x2713;</strong></span></div><span><a href=# onclick="return account_managePushAuthDev()">Manage push authentication</a><br /></span></div>
-                            <div id="manageOtp"><div class="p2AccountActions"><span id="authCodesSetupCheck"><strong>&#x2713;</strong></span></div><span><a href=# onclick="return account_manageOtp(0)">Manage backup codes</a><br /></span></div>
                             <div id="manageMessaging1"><div class="p2AccountActions"><span id="authMessagingCheck"><strong>&#x2713;</strong></span></div><span><a href=# onclick="return account_manageMessaging()">Manage messaging</a><br /></span></div>
+                            <div id="manageOtp"><div class="p2AccountActions"><span id="authCodesSetupCheck"><strong>&#x2713;</strong></span></div><span><a href=# onclick="return account_manageOtp(0)">Manage backup codes</a><br /></span></div>
                             <div class="p2AccountActions"></div><span><a href=# onclick="return account_viewPreviousLogins()">View previous logins</a><br /></span>
                         </div>
                     </div>

diff --git a/views/login.handlebars b/views/login.handlebars
@@ -456,9 +456,9 @@
                 try { if (hardwareKeyChallenge.length > 0) { hardwareKeyChallenge = JSON.parse(hardwareKeyChallenge); } else { hardwareKeyChallenge = null; } } catch (ex) { hardwareKeyChallenge = null }
                 var twofakey = (hardwareKeyChallenge != null) && (hardwareKeyChallenge.type == 'webAuthn');
                 QV('securityKeyButton', twofakey);
-                QV('emailKeyButton', otpemail && (messageid != 2) && (messageid != 4));
-                QV('smsKeyButton', otpsms && (messageid != 2) && (messageid != 4));
-                QV('msgKeyButton', otpmsg && (messageid != 2) && (messageid != 4));
+                QV('emailKeyButton', otpemail && (messageid != 2) && (messageid != 4) && (messageid != 6));
+                QV('smsKeyButton', otpsms && (messageid != 2) && (messageid != 4) && (messageid != 6));
+                QV('msgKeyButton', otpmsg && (messageid != 2) && (messageid != 4) && (messageid != 6));
 
                 // If hardware key is an option, trigger it now
                 if (autofido && twofakey) { setTimeout(function () { useSecurityKey(1); }, 300); }
@@ -469,9 +469,9 @@
                 try { if (hardwareKeyChallenge.length > 0) { hardwareKeyChallenge = JSON.parse(hardwareKeyChallenge); } else { hardwareKeyChallenge = null; } } catch (ex) { hardwareKeyChallenge = null }
                 var twofakey = (hardwareKeyChallenge != null) && (hardwareKeyChallenge.type == 'webAuthn');
                 QV('securityKeyButton2', twofakey);
-                QV('emailKeyButton2', otpemail && (messageid != 2) && (messageid != 4));
-                QV('smsKeyButton2', otpsms && (messageid != 2) && (messageid != 4));
-                QV('msgKeyButton2', otpmsg && (messageid != 2) && (messageid != 4));
+                QV('emailKeyButton2', otpemail && (messageid != 2) && (messageid != 4) && (messageid != 6));
+                QV('smsKeyButton2', otpsms && (messageid != 2) && (messageid != 4) && (messageid != 6));
+                QV('msgKeyButton2', otpmsg && (messageid != 2) && (messageid != 4) && (messageid != 6));
 
                 // If hardware key is an option, trigger it now
                 if (autofido && twofakey) { setTimeout(function () { useSecurityKey(2); }, 300); }

diff --git a/views/login2.handlebars b/views/login2.handlebars
@@ -528,10 +528,10 @@
                 if (tokenTimeout > 0) { setTimeout(function () { Q('hwtokenInput').value = '**timeout**'; QE('tokenOkButton', true); Q('tokenOkButton').click(); }, tokenTimeout); }
                 try { if (hardwareKeyChallenge.length > 0) { hardwareKeyChallenge = JSON.parse(hardwareKeyChallenge); } else { hardwareKeyChallenge = null; } } catch (ex) { hardwareKeyChallenge = null }
                 var twofakey = (hardwareKeyChallenge != null) && (hardwareKeyChallenge.type == 'webAuthn');
-                var emailkey = otpemail && (messageid != 2) && (messageid != 4);
-                var smskey = otpsms && (messageid != 2) && (messageid != 4);
-                var msgkey = otpmsg && (messageid != 2) && (messageid != 4);
-                var pushkey = otppush && (messageid != 2) && (messageid != 4);
+                var emailkey = otpemail && (messageid != 2) && (messageid != 4) && (messageid != 6);
+                var smskey = otpsms && (messageid != 2) && (messageid != 4) && (messageid != 6);
+                var msgkey = otpmsg && (messageid != 2) && (messageid != 4) && (messageid != 6);
+                var pushkey = otppush && (messageid != 2) && (messageid != 4) && (messageid != 6);
                 QV('securityKeyButton2', twofakey);
                 QV('emailKeyButton2', emailkey);
                 QV('smsKeyButton2', smskey);