From 0a0d0b9ea7b0f44ee3ab57803f959b5ac4478b21 Mon Sep 17 00:00:00 2001
From: iranl <iranl@users.noreply.github.com>
Date: Tue, 11 Feb 2025 17:00:56 +0100
Subject: [PATCH] No TOTP if not time synced

---
 src/NukiNetwork.cpp  |  2 +-
 src/WebCfgServer.cpp | 27 +++++++++------------------
 2 files changed, 10 insertions(+), 19 deletions(-)

diff --git a/src/NukiNetwork.cpp b/src/NukiNetwork.cpp
index a010aee..8dfd06e 100644
--- a/src/NukiNetwork.cpp
+++ b/src/NukiNetwork.cpp
@@ -1093,7 +1093,7 @@ void NukiNetwork::onMqttDataReceived(const char* topic, byte* payload, const uns
             {
                 if(_preferences->getBool(preference_cred_duo_approval, false) && (_importExport->getTOTPEnabled() || _importExport->getDuoEnabled()))
                 {
-                    if(_importExport->getTOTPEnabled() && !doc["totp"].isNull())
+                    if(timeSynced && _importExport->getTOTPEnabled() && !doc["totp"].isNull())
                     {
                         String jsonTotp = doc["totp"];
                         
diff --git a/src/WebCfgServer.cpp b/src/WebCfgServer.cpp
index 3598eb2..80bba13 100644
--- a/src/WebCfgServer.cpp
+++ b/src/WebCfgServer.cpp
@@ -629,7 +629,7 @@ void WebCfgServer::initialize()
                     _importExport->_sessionsOpts[request->client()->localIP().toString() + "approve"] = false;
                     return sendSettings(request, resp);
                 }
-                else if(request->hasParam("totpkey") && _importExport->getTOTPEnabled())
+                else if(timeSynced && request->hasParam("totpkey") && _importExport->getTOTPEnabled())
                 {
                     const PsychicWebParameter* pass = request->getParam("totpkey");
                     if(pass->value() != "")
@@ -853,7 +853,7 @@ void WebCfgServer::initialize()
                     if(!_importExport->_sessionsOpts[request->client()->localIP().toString() + "approve"])
                     {
                         bool approved = false;
-                        if(request->hasParam("totpkey") && _importExport->getTOTPEnabled())
+                        if(timeSynced && request->hasParam("totpkey") && _importExport->getTOTPEnabled())
                         {
                             const PsychicWebParameter* pass = request->getParam("totpkey");
                             if(pass->value() != "")
@@ -1880,18 +1880,15 @@ esp_err_t WebCfgServer::buildLoginHtml(PsychicRequest *request, PsychicResponse*
 
 esp_err_t WebCfgServer::buildTOTPHtml(PsychicRequest *request, PsychicResponse* resp, int type)
 {
+    if (!timeSynced)
+    {
+        return buildConfirmHtml(request, resp, "NTP time not synced yet, TOTP not available, please wait for NTP to sync", 3, true);
+    }
+    
     PsychicStreamResponse response(resp, "text/html");
     response.beginSend();
     response.print("<html><head><meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">");
     response.print("<style>form{border:3px solid #f1f1f1; max-width: 400px;}input[type=password],input[type=text]{width:100%;padding:12px 20px;margin:8px 0;display:inline-block;border:1px solid #ccc;box-sizing:border-box}button{background-color:#04aa6d;color:#fff;padding:14px 20px;margin:8px 0;border:none;cursor:pointer;width:100%}button:hover{opacity:.8}.container{padding:16px}span.password{float:right;padding-top:16px}@media screen and (max-width:300px){span.psw{display:block;float:none}}</style>");
-    /*
-    if (!timeSynced)
-    {
-        char millis[20];
-        itoa(espMillis(), millis, 10);
-        response.print((String)"<script>window.onload = function() { var startTime = Date.now(); var interval = setInterval(function() { var elapsedTime = Date.now() - startTime; document.getElementById(\"timestamp\").innerHTML = (elapsedTime / 1000).toFixed(3) + " + millis + ";}, 100);  }</script>");
-    }
-    */
     response.print("</head><body><center><h2>Nuki Hub TOTP</h2>");
 
     String typeText = "Login";
@@ -1931,12 +1928,6 @@ esp_err_t WebCfgServer::buildTOTPHtml(PsychicRequest *request, PsychicResponse*
 
     response.print("<div class=\"container\">");
     response.print("<label for=\"totpkey\"><b>TOTP</b></label><input type=\"text\" placeholder=\"Enter TOTP code\" name=\"totpkey\">");
-    /*
-    if (!timeSynced)
-    {
-        response.print("<label for=\"timestamp\"><b>Timestamp</b></label><span type=\"text\" id=\"timestamp\"></span>");
-    }
-    */
     response.print("<button type=\"submit\" ");
     if(type == 1)
     {
@@ -2136,7 +2127,7 @@ bool WebCfgServer::processLogin(PsychicRequest *request, PsychicResponse* resp)
 
 bool WebCfgServer::processTOTP(PsychicRequest *request, PsychicResponse* resp)
 {
-    if(request->hasParam("totpkey"))
+    if(timeSynced && request->hasParam("totpkey"))
     {
         const PsychicWebParameter* pass = request->getParam("totpkey");
         if(pass->value() != "")
@@ -4738,7 +4729,7 @@ esp_err_t WebCfgServer::buildCredHtml(PsychicRequest *request, PsychicResponse*
     printInputField(&response, "DUOIKEY", "Duo integration key", "*", 255, "", true, false);
     printInputField(&response, "DUOSKEY", "Duo secret key", "*", 255, "", true, false);
     printInputField(&response, "DUOUSER", "Duo user", "*", 255, "", true, false);
-    printInputField(&response, "CREDTOTP", "TOTP Secret Key (requires Form authentication)", "*", 16, "", true, false);
+    printInputField(&response, "CREDTOTP", "TOTP Secret Key", "*", 16, "", true, false);
     response.print("<tr id=\"totpgentr\" ><td><input type=\"button\" id=\"totpgen\" onclick=\"document.getElementsByName('CREDTOTP')[0].type='text'; document.getElementsByName('CREDTOTP')[0].value='");
     response.print(randomstr);
     response.print("'; document.getElementById('totpgentr').style.display='none';\" value=\"Generate new TOTP key\"></td></tr>");