From 8385acd0e3cd53e2d451f06cec16a72cf2b0c430 Mon Sep 17 00:00:00 2001
From: Nicola Murino <nicola.murino@gmail.com>
Date: Sun, 4 Feb 2024 20:58:29 +0100
Subject: [PATCH] Redirect to two-factor auth page after creating the first
 admin

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
---
 internal/httpd/httpd_test.go    | 2 +-
 internal/httpd/internal_test.go | 2 ++
 internal/httpd/server.go        | 6 +++++-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/internal/httpd/httpd_test.go b/internal/httpd/httpd_test.go
index 051e0a8d..5c538101 100644
--- a/internal/httpd/httpd_test.go
+++ b/internal/httpd/httpd_test.go
@@ -18086,7 +18086,7 @@ func TestWebAdminSetupMock(t *testing.T) {
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	rr = executeRequest(req)
 	checkResponseCode(t, http.StatusFound, rr)
-	assert.Equal(t, webUsersPath, rr.Header().Get("Location"))
+	assert.Equal(t, webAdminMFAPath, rr.Header().Get("Location"))
 	// if we resubmit the form we get a bad request, an admin already exists
 	req, err = http.NewRequest(http.MethodPost, webAdminSetupPath, bytes.NewBuffer([]byte(form.Encode())))
 	assert.NoError(t, err)
diff --git a/internal/httpd/internal_test.go b/internal/httpd/internal_test.go
index 095adbfd..54a7b148 100644
--- a/internal/httpd/internal_test.go
+++ b/internal/httpd/internal_test.go
@@ -3124,6 +3124,7 @@ func TestWebAdminSetupWithInstallCode(t *testing.T) {
 	r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	server.router.ServeHTTP(rr, r)
 	assert.Equal(t, http.StatusFound, rr.Code)
+	assert.Equal(t, webAdminMFAPath, rr.Header().Get("Location"))
 
 	_, err = dataprovider.AdminExists(defaultAdminUsername)
 	assert.NoError(t, err)
@@ -3180,6 +3181,7 @@ func TestWebAdminSetupWithInstallCode(t *testing.T) {
 	r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	server.router.ServeHTTP(rr, r)
 	assert.Equal(t, http.StatusFound, rr.Code)
+	assert.Equal(t, webAdminMFAPath, rr.Header().Get("Location"))
 
 	_, err = dataprovider.AdminExists(defaultAdminUsername)
 	assert.NoError(t, err)
diff --git a/internal/httpd/server.go b/internal/httpd/server.go
index 2df3f31d..720ffa2b 100644
--- a/internal/httpd/server.go
+++ b/internal/httpd/server.go
@@ -817,7 +817,11 @@ func (s *httpdServer) loginAdmin(
 		return
 	}
 	dataprovider.UpdateAdminLastLogin(admin)
-	http.Redirect(w, r, webUsersPath, http.StatusFound)
+	redirectURL := webUsersPath
+	if errorFunc == nil {
+		redirectURL = webAdminMFAPath
+	}
+	http.Redirect(w, r, redirectURL, http.StatusFound)
 }
 
 func (s *httpdServer) logout(w http.ResponseWriter, r *http.Request) {