This is roughly what will be needed for the Vault Auth, minus checking.

Note for self: Make this all a single screen later™

2 files changed, 53 insertions, 9 deletions

diff --git a/game/core.rpy b/game/core.rpy
index 4ad83eb..215a719 100644
--- a/game/core.rpy
+++ b/game/core.rpy
@@ -8,7 +8,7 @@
 init -3 python:
     renpy.add_python_directory("python-extra")
     import requests, zlib, base64, sys, copy, uuid, time, json, traceback
-    import os.path, os, shutil, subprocess, hashlib, zipfile, ssl, datetime
+    import os.path, os, shutil, subprocess, hashlib, zipfile, pbkdf2
     # non-free imports
     import _renpysteam as steam
     import discord_rpc
diff --git a/game/update.rpy b/game/update.rpy
index bd702a5..3884308 100644
--- a/game/update.rpy
+++ b/game/update.rpy
@@ -318,30 +318,74 @@ label register:
 
     ##########################################
     ## What we'll do now depends on the method
+    ## Email-Auth (the default)
     if method == 1:
-        ## Email-Auth (the default)
-        $ user = {
-	        "email": email,
-	        "confirmed": True
-        }
+        $ user = {"email": email,
+                  "confirmed": True
+                 }
         $ r = vault.put(VAULT_URL+"/vault/session", json=user)
+
         # Wait for Vault to send you an email
         if (r.status_code != 200):
             call screen notice(_("Vault returned error %d\n\nPlease try again later." % r.status_code))
             return
-        call screen notice(_("An email was sent with your API token.\n\nYou'll need it shortly, so check your email.")
+
+        $ status_update(pc=92)
+        call screen notice(_("An email was sent with your API token.\n\nYou'll need it shortly, so check your email."))
+
+        $ status_update(pc=95)
         call screen register_input("Please insert the {b}token{/b} you received on your email.")
         $ token = _return
         $ user["key"] = token
+
+        $ status_update(pc=97)
         #$ r = vault.get(VAULT_URL+"/vault/session?token=%s&email=%s" % (token, email)) # FIXME: HTTP formating for email
         # FIXME: Continue from here
-        call screen notice(_("{b}INTERNAL SERVER ERROR{/b}\n\nSeems like someone messed up on the APIs!\nThis login method seems to be temporaly unavailable, please choose another one.")
+        call screen notice(_("{b}INTERNAL SERVER ERROR{/b}\n\nSeems like someone messed up on the APIs!\nThis login method seems to be temporaly unavailable, please choose another one."))
+        # Cleanup
+        $ del user
+        $ del token
+
+    ##########################################
+    ## What we'll do now depends on the method
+    ## 2FA-Auth
     elif method == 2:
-        ## 2FA-Auth
+        call screen register_input("Please insert your {b}Password{/b}.")
+        $ password = _return
+        # We must send the password on plain-text; That's why we use SSL
+
+        $ status_update(pc=92)
+        call screen register_input("Please insert your {b}2FA code{/b}. If you do not have 2FA, leave blank.\n\n{u}TOTP setup will be emailed and required for later logins.{/u}")
+        $ code2FA = _return
+
+        $ status_update(pc=95)
+        $ data = {"mail": email,
+                  "pass": password,
+                  "2FAC": code2FA
+                 }
+        $ r = vault.post(VAULT_URL+"/user_auth", json=data)
+
+        # Wait for Vault to confirm.
+        if (r.status_code != 200):
+            call screen notice(_("Vault returned error %d\n\nPlease try again later." % r.status_code))
+            return
+
+        # Check if we have success
+        $ status_update(pc=98)
+        $ stdout("Vault result: (%d) %s" % (r.status_code, ifte(config.developer, r.text, "OK")))
+        $ auth2 = r.json()
+        $ vaultId = auth2["vaultId"]
+        $ vaultToken = auth2["token"]
+
+        $ del data
+        $ del code2FA
+        if vaultId:
+            $ status_update("Success!", 100)
 
     ############
     ## Cleanup
     $ del method
     $ del email
+    $ status_update(pc=100)
     return