From ab3214d999f0082787ac515df1ce113e203f8393 Mon Sep 17 00:00:00 2001
From: Arie Peterson <arie@greenhost.nl>
Date: Wed, 1 Nov 2023 10:31:46 +0100
Subject: [PATCH] Hide recovery link on TOTP form

---
 backend/web/static/base.js       | 6 ++++++
 backend/web/templates/login.html | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/backend/web/static/base.js b/backend/web/static/base.js
index 606f1ab7..aeae22da 100644
--- a/backend/web/static/base.js
+++ b/backend/web/static/base.js
@@ -98,6 +98,12 @@ function flow_login() {
 				// Render login form (group: password)
 				var form_html = render_form(data, group, "login");
 				$("#contentLogin_" + group).html(form_html);
+				// Hide the recovery link on the TOTP entry
+				// form. It's not really useful at that point, and
+				// you get a redirect loop if you use it.
+				if (group == 'totp') {
+					$("#recoveryLink").hide();
+				}
 			}
 
 			render_messages(data);
diff --git a/backend/web/templates/login.html b/backend/web/templates/login.html
index 6bcde578..3c623bf7 100644
--- a/backend/web/templates/login.html
+++ b/backend/web/templates/login.html
@@ -86,7 +86,7 @@
 	class="font-medium text-primary-600 mt-0 pt-2 border-t-gray-50 border-t-2 flex justify-end"
 >
 	<div id="contentHelp" class="flex flex-col text-right">
-		<a href="recovery" class="hover:text-primary-700 mb-2">Set new password</a
+		<a id="recoveryLink" href="recovery" class="hover:text-primary-700 mb-2">Set new password</a
 		><a
 			href="https://stackspin.net"
 			class="text-sm text-gray-400 hover:text-primary-500"
-- 
GitLab