multi-factor-authentication: Ensure we have permissions to delete google authenticator configuration when resetting it

theCalcaholic · theCalcaholic · commit 9f7aa2b14217 · 2019-12-17T13:42:46.000+01:00
Signed-off-by: Tobias K &lt;6317548+theCalcaholic@users.noreply.github.com&gt;
diff --git a/bin/ncp/SECURITY/multi-factor-authentication.sh b/bin/ncp/SECURITY/multi-factor-authentication.sh
@@ -136,7 +136,12 @@ setup_totp_secret() {
 
   [[ "$reset_totp_secret" == "yes" ]] \
   && [[ -f "$ssh_user_home/.google_authenticator" ]] \
-  && su "$ssh_user" -c "rm '${ssh_user_home}/.google_authenticator'"
+  && {
+    echo "Deleting google authenticator configuration"
+    su "$ssh_user" -c "chmod u+w '${ssh_user_home}/.google_authenticator'"
+    su "$ssh_user" -c "rm '${ssh_user_home}/.google_authenticator'"
+  }
+
 
   if [[ "$enable_totp_and_pw" == "yes" ]] && [[ ! -f "${ssh_user_home}/.google_authenticator" ]]
   then
diff --git a/etc/ncp-config.d/multi-factor-authentication.cfg b/etc/ncp-config.d/multi-factor-authentication.cfg
@@ -31,7 +31,7 @@
       "type": "bool"
     },
     {
-      "id": "RESET_TOTP SECRET",
+      "id": "RESET_TOTP_SECRET",
       "name": "reset-TOTP-secret",
       "value": "no",
       "type": "bool"
