From c8620a066d447ed6aaf6054b184fd16146574e5b Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Fri, 15 Jul 2022 16:45:28 +0200 Subject: [PATCH] yubi_otp undo authenticator selection --- data/web/inc/functions.inc.php | 9 +--- data/web/templates/base.twig | 60 ++++++--------------------- data/web/templates/modals/footer.twig | 15 +------ 3 files changed, 17 insertions(+), 67 deletions(-) diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index f705af03..ca371303 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -1630,12 +1630,8 @@ function verify_tfa_login($username, $_data) { global $WebAuthn; if ($_data['tfa_method'] != 'u2f'){ - $stmt = $pdo->prepare("SELECT `authmech` FROM `tfa` - WHERE `username` = :username AND `id` = :id AND `active` = '1'"); - $stmt->execute(array(':username' => $username, ':id' => $_data['id'])); - $row = $stmt->fetch(PDO::FETCH_ASSOC); - switch ($row["authmech"]) { + switch ($_data["tfa_method"]) { case "yubi_otp": if (!ctype_alnum($_data['token']) || strlen($_data['token']) != 44) { $_SESSION['return'][] = array( @@ -1649,10 +1645,9 @@ function verify_tfa_login($username, $_data) { $stmt = $pdo->prepare("SELECT `id`, `secret` FROM `tfa` WHERE `username` = :username AND `authmech` = 'yubi_otp' - AND `id` = :id AND `active` = '1' AND `secret` LIKE :modhex"); - $stmt->execute(array(':username' => $username, ':modhex' => '%' . $yubico_modhex_id, ':id' => $_data['id'])); + $stmt->execute(array(':username' => $username, ':modhex' => '%' . $yubico_modhex_id)); $row = $stmt->fetch(PDO::FETCH_ASSOC); $yubico_auth = explode(':', $row['secret']); $yubi = new Auth_Yubico($yubico_auth[0], $yubico_auth[1]); diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig index 482b4e24..770decde 100644 --- a/data/web/templates/base.twig +++ b/data/web/templates/base.twig @@ -183,51 +183,9 @@ function recursiveBase64StrToArrayBuffer(obj) { }); - // validate Yubi OTP tfa - $("#pending_tfa_tab_yubi_otp").click(function(){ - $(".totp-authenticator-selection").removeClass("active"); - $(".webauthn-authenticator-selection").removeClass("active"); - $("#collapseTotpTFA").collapse('hide'); - $("#collapseWebAuthnTFA").collapse('hide'); - - // select default if only one authenticator exists - if ($('.yubi-authenticator-selection').length == 1){ - $('.yubi-authenticator-selection').addClass("active"); - var id = $('.yubi-authenticator-selection').children('input').first().val(); - $("#yubi_selected_id").val(id); - $("#collapseYubiTFA").collapse('show'); - } - }); - $(".yubi-authenticator-selection").click(function(){ - $(".yubi-authenticator-selection").removeClass("active"); - $(this).addClass("active"); - - var id = $(this).children('input').first().val(); - $("#yubi_selected_id").val(id); - - $("#collapseYubiTFA").collapse('show'); - $("#collapseYubiTFA").children('input[name="token"]').focus(); - }); - if ($('.yubi-authenticator-selection').length == 1 && - $('.webauthn-authenticator-selection').length == 0){ - - // select default if only one authenticator exists - $('.yubi-authenticator-selection').addClass("active"); - - var id = $('.yubi-authenticator-selection').children('input').first().val(); - $("#yubi_selected_id").val(id); - - $("#collapseYubiTFA").collapse('show'); - } - $('#collapseYubiTFA').on('shown.bs.collapse', function() { - // autofocus - setTimeout(function() { $("#collapseYubiTFA").find('input[name="token"]').focus(); }, 200); - }); // validate Time based OTP tfa $("#pending_tfa_tab_totp").click(function(){ - $(".yubi-authenticator-selection").removeClass("active"); $(".webauthn-authenticator-selection").removeClass("active"); - $("#collapseYubiTFA").collapse('hide'); $("#collapseWebAuthnTFA").collapse('hide'); // select default if only one authenticator exists @@ -248,9 +206,9 @@ function recursiveBase64StrToArrayBuffer(obj) { $("#collapseTotpTFA").collapse('show'); }); if ($('.totp-authenticator-selection').length == 1 && - $('.yubi-authenticator-selection').length == 0 && + $('#pending_tfa_tab_yubi_otp').length == 0 && $('.webauthn-authenticator-selection').length == 0){ - + // select default if only one authenticator exists $('.totp-authenticator-selection').addClass("active"); @@ -258,18 +216,26 @@ function recursiveBase64StrToArrayBuffer(obj) { $("#totp_selected_id").val(id); $("#collapseTotpTFA").collapse('show'); + setTimeout(function() { $("#collapseTotpTFA").find('input[name="token"]').focus(); }, 1000); } - $('#collapseTotpTFA').on('shown.bs.collapse', function() { + $('#pending_tfa_tab_totp').on('shown.bs.tab', function() { // autofocus setTimeout(function() { $("#collapseTotpTFA").find('input[name="token"]').focus(); }, 200); + }); + // validate Yubi OTP tfa + if ($('.webauthn-authenticator-selection').length == 0){ + // autofocus + setTimeout(function() { $("#collapseYubiTFA").find('input[name="token"]').focus(); }, 1000); + } + $('#pending_tfa_tab_yubi_otp').on('shown.bs.tab', function() { + // autofocus + $("#collapseYubiTFA").find('input[name="token"]').focus(); }); // validate WebAuthn tfa $("#pending_tfa_tab_webauthn").click(function(){ $(".totp-authenticator-selection").removeClass("active"); - $(".yubi-authenticator-selection").removeClass("active"); $("#collapseTotpTFA").collapse('hide'); - $("#collapseYubiTFA").collapse('hide'); }); $(".webauthn-authenticator-selection").click(function(){ $(".webauthn-authenticator-selection").removeClass("active"); diff --git a/data/web/templates/modals/footer.twig b/data/web/templates/modals/footer.twig index 67cc3482..52e89e00 100644 --- a/data/web/templates/modals/footer.twig +++ b/data/web/templates/modals/footer.twig @@ -206,20 +206,9 @@
- Authenticators + Authenticate -
- {% for authenticator in pending_tfa_methods %} - {% if authenticator["authmech"] == "yubi_otp" %} - - - {{ authenticator["key_id"] }} - - - {% endif %} - {% endfor %} -
-
+
Yubicon Icon