multi-factor-authentication: Ensure we have permissions to delete goo…

…gle authenticator configuration when resetting it Signed-off-by: Tobias K <[email protected]>
nextcloud · Dec 17, 2019 · 9f7aa2b · 9f7aa2b
1 parent 419ccd6
commit 9f7aa2b
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/bin/ncp/SECURITY/multi-factor-authentication.sh b/bin/ncp/SECURITY/multi-factor-authentication.sh
@@ -136,7 +136,12 @@ setup_totp_secret() {
 
   [[ "$reset_totp_secret" == "yes" ]] \
   && [[ -f "$ssh_user_home/.google_authenticator" ]] \
-  && su "$ssh_user" -c "rm '${ssh_user_home}/.google_authenticator'"
+  && {
+    echo "Deleting google authenticator configuration"
+    su "$ssh_user" -c "chmod u+w '${ssh_user_home}/.google_authenticator'"
+    su "$ssh_user" -c "rm '${ssh_user_home}/.google_authenticator'"
+  }
+
 
   if [[ "$enable_totp_and_pw" == "yes" ]] && [[ ! -f "${ssh_user_home}/.google_authenticator" ]]
   then

diff --git a/etc/ncp-config.d/multi-factor-authentication.cfg b/etc/ncp-config.d/multi-factor-authentication.cfg
@@ -31,7 +31,7 @@
       "type": "bool"
     },
     {
-      "id": "RESET_TOTP SECRET",
+      "id": "RESET_TOTP_SECRET",
       "name": "reset-TOTP-secret",
       "value": "no",
       "type": "bool"