Remove mfa column and use mfa_secret32 instead

Author: charsbar

doc/authen_pause.schema.txt

@@ -56,7 +56,6 @@ CREATE TABLE usertable (
   `changed` int(11) DEFAULT NULL,
   changedby char(10) DEFAULT NULL,
   lastvisit datetime DEFAULT NULL,
-  mfa tinyint(1) DEFAULT 0,
   mfa_secret32 varchar(16) DEFAULT NULL,
   mfa_recovery_codes text DEFAULT NULL,
   PRIMARY KEY (`user`),

doc/schemas/authen_pause.schema.sqlite

@@ -36,7 +36,6 @@ CREATE TABLE usertable (
   changed int(11) DEFAULT NULL,
   changedby char(10) DEFAULT NULL,
   lastvisit datetime DEFAULT NULL,
-  mfa tinyint(1) DEFAULT 0,
   mfa_secret32 varchar(16) DEFAULT NULL,
   mfa_recovery_codes text DEFAULT NULL,
   PRIMARY KEY (user)

lib/pause_2017/PAUSE/Web/Controller/User/Mfa.pm

@@ -41,14 +41,12 @@ sub edit {
         $pause->{error}{invalid_code} = 1;
         return;
     }
-    my ($mfa, $secret32, $recovery_codes);
+    my ($secret32, $recovery_codes);
     if ($req->param("pause99_mfa_reset")) {
-        $mfa = 0;
         $secret32 = undef;
         $recovery_codes = undef;
         $c->flash(mfa_disabled => 1);
     } else {
-        $mfa = 1;
         $secret32 = $auth->secret32;
         $c->flash(mfa_enabled => 1);
         my @codes = _generate_recovery_codes();
@@ -57,8 +55,8 @@ sub edit {
     }
     my $dbh = $mgr->authen_connect;
     my $tbl = $PAUSE::Config->{AUTHEN_USER_TABLE};
-    my $sql = "UPDATE $tbl SET mfa = ?, mfa_secret32 = ?, mfa_recovery_codes = ?, changed = ?, changedby = ? WHERE user = ?";
-    if ($dbh->do($sql, undef, $mfa, $secret32, $recovery_codes, time, $pause->{User}{userid}, $u->{userid})) {
+    my $sql = "UPDATE $tbl SET mfa_secret32 = ?, mfa_recovery_codes = ?, changed = ?, changedby = ? WHERE user = ?";
+    if ($dbh->do($sql, undef, $secret32, $recovery_codes, time, $pause->{User}{userid}, $u->{userid})) {
       my $mailblurb = $c->render_to_string("email/user/mfa/edit", format => "email");
       my $header = {Subject => "User update for $u->{userid}"};
       my @to = $u->{secretemail};

lib/pause_2017/PAUSE/Web/Plugin/WithMFAProtection.pm

@@ -16,7 +16,7 @@ sub register {
             my $u = $c->active_user_record;
 
             # XXX: The active user record does not have mfa when an admin user is pretending someone else.
-            return 1 unless $u->{mfa};
+            return 1 unless $u->{mfa_secret32};
 
             my $otp = $c->req->body_params->param('otp');
             if (defined $otp and $otp ne '') {

lib/pause_2017/templates/user/mfa/edit.html.ep

@@ -22,7 +22,7 @@
 </div>
 % }
 
-<h3><% if (!$pause->{HiddenUser}{mfa}) { %>Enable<% } else { %>Disable<% } %> Multifactor Authentication for <%= $pause->{HiddenUser}{userid} %>
+<h3><% if (!$pause->{HiddenUser}{mfa_secret32}) { %>Enable<% } else { %>Disable<% } %> Multifactor Authentication for <%= $pause->{HiddenUser}{userid} %>
 % if (exists $pause->{UserGroups}{admin}) {
  (lastvisit <%= $pause->{HiddenUser}{lastvisit} || "before 2005-12-02" %>)
 % }
@@ -37,7 +37,7 @@ Verification Code is invalid.
 </div>
 <hr>
 % }
-% if (!$pause->{HiddenUser}{mfa}) {
+% if (!$pause->{HiddenUser}{mfa_secret32}) {
 <div>
 <p>Submit 6-digit code to enable Multifactor Authentication.</p>
 <img src="<%= $pause->{mfa_qrcode} %>">

one-off-utils/schemachange-2024-04_2.sql

@@ -1,3 +1,2 @@
-ALTER TABLE usertable ADD COLUMN mfa tinyint(1) DEFAULT 0;
 ALTER TABLE usertable ADD COLUMN mfa_secret32 varchar(16);
 ALTER TABLE usertable ADD COLUMN mfa_recovery_codes text;