Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

yubi_otp undo authenticator selection

Browse Source
This commit is contained in:
FreddleSpl0it 2022-07-15 16:45:28 +02:00
parent 1ca566f670
commit c8620a066d
No known key found for this signature in database
GPG Key ID: 6315227FF33D2425
3 changed files with 17 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
data/web/inc/functions.inc.php
View File

@ -1630,12 +1630,8 @@ function verify_tfa_login($username, $_data) {
global $WebAuthn; global $WebAuthn;
if ($_data['tfa_method'] != 'u2f'){ if ($_data['tfa_method'] != 'u2f'){
$stmt = $pdo->prepare("SELECT `authmech` FROM `tfa`
WHERE `username` = :username AND `id` = :id AND `active` = '1'");
$stmt->execute(array(':username' => $username, ':id' => $_data['id']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
switch ($row["authmech"]) { switch ($_data["tfa_method"]) {
case "yubi_otp": case "yubi_otp":
if (!ctype_alnum($_data['token']) || strlen($_data['token']) != 44) { if (!ctype_alnum($_data['token']) || strlen($_data['token']) != 44) {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
@ -1649,10 +1645,9 @@ function verify_tfa_login($username, $_data) {
$stmt = $pdo->prepare("SELECT `id`, `secret` FROM `tfa` $stmt = $pdo->prepare("SELECT `id`, `secret` FROM `tfa`
WHERE `username` = :username WHERE `username` = :username
AND `authmech` = 'yubi_otp' AND `authmech` = 'yubi_otp'
AND `id` = :id
AND `active` = '1' AND `active` = '1'
AND `secret` LIKE :modhex"); AND `secret` LIKE :modhex");
$stmt->execute(array(':username' => $username, ':modhex' => '%' . $yubico_modhex_id, ':id' => $_data['id'])); $stmt->execute(array(':username' => $username, ':modhex' => '%' . $yubico_modhex_id));
$row = $stmt->fetch(PDO::FETCH_ASSOC); $row = $stmt->fetch(PDO::FETCH_ASSOC);
$yubico_auth = explode(':', $row['secret']); $yubico_auth = explode(':', $row['secret']);
$yubi = new Auth_Yubico($yubico_auth[0], $yubico_auth[1]); $yubi = new Auth_Yubico($yubico_auth[0], $yubico_auth[1]);

60
data/web/templates/base.twig
View File

@ -183,51 +183,9 @@ function recursiveBase64StrToArrayBuffer(obj) {
}); });
// validate Yubi OTP tfa
$("#pending_tfa_tab_yubi_otp").click(function(){
$(".totp-authenticator-selection").removeClass("active");
$(".webauthn-authenticator-selection").removeClass("active");
$("#collapseTotpTFA").collapse('hide');
$("#collapseWebAuthnTFA").collapse('hide');
// select default if only one authenticator exists
if ($('.yubi-authenticator-selection').length == 1){
$('.yubi-authenticator-selection').addClass("active");
var id = $('.yubi-authenticator-selection').children('input').first().val();
$("#yubi_selected_id").val(id);
$("#collapseYubiTFA").collapse('show');
}
});
$(".yubi-authenticator-selection").click(function(){
$(".yubi-authenticator-selection").removeClass("active");
$(this).addClass("active");
var id = $(this).children('input').first().val();
$("#yubi_selected_id").val(id);
$("#collapseYubiTFA").collapse('show');
$("#collapseYubiTFA").children('input[name="token"]').focus();
});
if ($('.yubi-authenticator-selection').length == 1 &&
$('.webauthn-authenticator-selection').length == 0){
// select default if only one authenticator exists
$('.yubi-authenticator-selection').addClass("active");
var id = $('.yubi-authenticator-selection').children('input').first().val();
$("#yubi_selected_id").val(id);
$("#collapseYubiTFA").collapse('show');
}
$('#collapseYubiTFA').on('shown.bs.collapse', function() {
// autofocus
setTimeout(function() { $("#collapseYubiTFA").find('input[name="token"]').focus(); }, 200);
});
// validate Time based OTP tfa // validate Time based OTP tfa
$("#pending_tfa_tab_totp").click(function(){ $("#pending_tfa_tab_totp").click(function(){
$(".yubi-authenticator-selection").removeClass("active");
$(".webauthn-authenticator-selection").removeClass("active"); $(".webauthn-authenticator-selection").removeClass("active");
$("#collapseYubiTFA").collapse('hide');
$("#collapseWebAuthnTFA").collapse('hide'); $("#collapseWebAuthnTFA").collapse('hide');
// select default if only one authenticator exists // select default if only one authenticator exists
@ -248,9 +206,9 @@ function recursiveBase64StrToArrayBuffer(obj) {
$("#collapseTotpTFA").collapse('show'); $("#collapseTotpTFA").collapse('show');
}); });
if ($('.totp-authenticator-selection').length == 1 && if ($('.totp-authenticator-selection').length == 1 &&
$('.yubi-authenticator-selection').length == 0 && $('#pending_tfa_tab_yubi_otp').length == 0 &&
$('.webauthn-authenticator-selection').length == 0){ $('.webauthn-authenticator-selection').length == 0){
// select default if only one authenticator exists // select default if only one authenticator exists
$('.totp-authenticator-selection').addClass("active"); $('.totp-authenticator-selection').addClass("active");
@ -258,18 +216,26 @@ function recursiveBase64StrToArrayBuffer(obj) {
$("#totp_selected_id").val(id); $("#totp_selected_id").val(id);
$("#collapseTotpTFA").collapse('show'); $("#collapseTotpTFA").collapse('show');
setTimeout(function() { $("#collapseTotpTFA").find('input[name="token"]').focus(); }, 1000);
} }
$('#collapseTotpTFA').on('shown.bs.collapse', function() { $('#pending_tfa_tab_totp').on('shown.bs.tab', function() {
// autofocus // autofocus
setTimeout(function() { $("#collapseTotpTFA").find('input[name="token"]').focus(); }, 200); setTimeout(function() { $("#collapseTotpTFA").find('input[name="token"]').focus(); }, 200);
});
// validate Yubi OTP tfa
if ($('.webauthn-authenticator-selection').length == 0){
// autofocus
setTimeout(function() { $("#collapseYubiTFA").find('input[name="token"]').focus(); }, 1000);
}
$('#pending_tfa_tab_yubi_otp').on('shown.bs.tab', function() {
// autofocus
$("#collapseYubiTFA").find('input[name="token"]').focus();
}); });
// validate WebAuthn tfa // validate WebAuthn tfa
$("#pending_tfa_tab_webauthn").click(function(){ $("#pending_tfa_tab_webauthn").click(function(){
$(".totp-authenticator-selection").removeClass("active"); $(".totp-authenticator-selection").removeClass("active");
$(".yubi-authenticator-selection").removeClass("active");
$("#collapseTotpTFA").collapse('hide'); $("#collapseTotpTFA").collapse('hide');
$("#collapseYubiTFA").collapse('hide');
}); });
$(".webauthn-authenticator-selection").click(function(){ $(".webauthn-authenticator-selection").click(function(){
$(".webauthn-authenticator-selection").removeClass("active"); $(".webauthn-authenticator-selection").removeClass("active");

15
data/web/templates/modals/footer.twig
View File

@ -206,20 +206,9 @@
<form role="form" method="post"> <form role="form" method="post">
<legend> <legend>
<i class="bi bi-shield-fill-check"></i> <i class="bi bi-shield-fill-check"></i>
Authenticators Authenticate
</legend> </legend>
<div class="list-group"> <div class="collapse in pending-tfa-collapse" id="collapseYubiTFA">
{% for authenticator in pending_tfa_methods %}
{% if authenticator["authmech"] == "yubi_otp" %}
<a href="#" class="list-group-item yubi-authenticator-selection">
<i class="bi bi-key-fill" style="margin-right: 5px"></i>
<span>{{ authenticator["key_id"] }}</span>
<input type="hidden" value="{{ authenticator["id"] }}" />
</a>
{% endif %}
{% endfor %}
</div>
<div class="collapse pending-tfa-collapse" id="collapseYubiTFA">
<div class="form-group"> <div class="form-group">
<div class="input-group"> <div class="input-group">
<span class="input-group-addon" id="yubi-addon"><img alt="Yubicon Icon" src="/img/yubi.ico"></span> <span class="input-group-addon" id="yubi-addon"><img alt="Yubicon Icon" src="/img/yubi.ico"></span>