webauthn
This commit is contained in:
Roland Gruber
parent
0990d61507
commit
c29be12a9e
|
|
@ -17,7 +17,7 @@ use \Webauthn\PublicKeyCredentialCreationOptions;
|
|||
|
||||
/*
|
||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||
Copyright (C) 2017 - 2019 Roland Gruber
|
||||
Copyright (C) 2017 - 2020 Roland Gruber
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -549,6 +549,7 @@ class WebauthnProvider extends BaseProvider {
|
|||
}
|
||||
$row->addVerticalSpacer('2rem');
|
||||
$pathPrefix = $this->config->isSelfService ? '../' : '';
|
||||
$selfServiceParam = $this->config->isSelfService ? 'true' : 'false';
|
||||
$row->add(new htmlImage($pathPrefix . '../graphics/webauthn.svg'), 12);
|
||||
$row->addVerticalSpacer('1rem');
|
||||
$registerButton = new htmlButton('register_webauthn', _('Register new key'));
|
||||
|
|
@ -570,7 +571,7 @@ class WebauthnProvider extends BaseProvider {
|
|||
$errorMessageDiv->addDataAttribute('button', _('Ok'));
|
||||
$errorMessageDiv->addDataAttribute('title', _('Webauthn failed'));
|
||||
$row->add($errorMessageDiv, 12);
|
||||
$row->add(new htmlJavaScript('window.lam.webauthn.start(\'' . $pathPrefix . '\');'), 0);
|
||||
$row->add(new htmlJavaScript('window.lam.webauthn.start(\'' . $pathPrefix . '\', ' . $selfServiceParam . ');'), 0);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -594,7 +595,7 @@ class WebauthnProvider extends BaseProvider {
|
|||
$userDn = $_SESSION['ldap']->getUserName();
|
||||
}
|
||||
else {
|
||||
$userDn = $_SESSION['selfService_clientDN'];
|
||||
$userDn = lamDecrypt($_SESSION['selfService_clientDN'], 'SelfService');
|
||||
}
|
||||
$hasTokens = $webauthnManager->isRegistered($userDn);
|
||||
if (!$hasTokens) {
|
||||
|
|
|
|||
|
|
@ -44,3 +44,4 @@
|
|||
/nPosixGroup.inc
|
||||
/nPosixUser.inc
|
||||
/bindDLZXfr.inc
|
||||
/webauthn.inc
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ use \LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
|
|||
/*
|
||||
|
||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||
Copyright (C) 2006 - 2019 Roland Gruber
|
||||
Copyright (C) 2006 - 2020 Roland Gruber
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -452,6 +452,7 @@ class selfServiceProfile {
|
|||
public $twoFactorAuthenticationClientId = '';
|
||||
public $twoFactorAuthenticationSecretKey = '';
|
||||
public $twoFactorAuthenticationAttribute = 'uid';
|
||||
public $twoFactorAuthenticationDomain = '';
|
||||
|
||||
/** provider for captcha (-/google) */
|
||||
public $captchaProvider = '-';
|
||||
|
|
@ -512,6 +513,7 @@ class selfServiceProfile {
|
|||
$this->twoFactorAuthenticationClientId = '';
|
||||
$this->twoFactorAuthenticationSecretKey = '';
|
||||
$this->twoFactorAuthenticationAttribute = 'uid';
|
||||
$this->twoFactorAuthenticationDomain = '';
|
||||
$this->captchaProvider = '-';
|
||||
$this->reCaptchaSiteKey = '';
|
||||
$this->reCaptchaSecretKey = '';
|
||||
|
|
|
|||
|
|
@ -185,7 +185,10 @@ class WebauthnManager {
|
|||
private function createRpEntry($isSelfService) {
|
||||
$pathPrefix = $isSelfService ? '../' : '';
|
||||
$icon = $pathPrefix . '../graphics/logo136.png';
|
||||
if (!$isSelfService) {
|
||||
if ($isSelfService) {
|
||||
$domain = $_SESSION['selfServiceProfile']->twoFactorAuthenticationDomain;
|
||||
}
|
||||
else {
|
||||
$domain = $_SESSION['config']->getTwoFactorAuthenticationDomain();
|
||||
}
|
||||
return new PublicKeyCredentialRpEntity(
|
||||
|
|
|
|||
|
|
@ -1375,11 +1375,12 @@ window.lam.webauthn = window.lam.webauthn || {};
|
|||
* Starts the webauthn process.
|
||||
*
|
||||
* @param prefix path prefix for Ajax endpoint
|
||||
* @param isSelfService runs as part of self service
|
||||
*/
|
||||
window.lam.webauthn.start = function(prefix) {
|
||||
window.lam.webauthn.start = function(prefix, isSelfService) {
|
||||
jQuery(document).ready(
|
||||
function() {
|
||||
window.lam.webauthn.run(prefix);
|
||||
window.lam.webauthn.run(prefix, isSelfService);
|
||||
}
|
||||
);
|
||||
}
|
||||
|
|
@ -1388,8 +1389,9 @@ window.lam.webauthn.start = function(prefix) {
|
|||
* Checks if the user is registered and starts login/registration.
|
||||
*
|
||||
* @param prefix path prefix for Ajax endpoint
|
||||
* @param isSelfService runs as part of self service
|
||||
*/
|
||||
window.lam.webauthn.run = function(prefix) {
|
||||
window.lam.webauthn.run = function(prefix, isSelfService) {
|
||||
jQuery('#btn_skip_webauthn').click(function () {
|
||||
let form = jQuery("#2faform");
|
||||
form.append('<input type="hidden" name="sig_response" value="skip"/>');
|
||||
|
|
@ -1408,8 +1410,9 @@ window.lam.webauthn.run = function(prefix) {
|
|||
jsonInput: '',
|
||||
sec_token: token
|
||||
};
|
||||
const extraParam = isSelfService ? '&selfservice=true' : '';
|
||||
jQuery.ajax({
|
||||
url: prefix + 'misc/ajax.php?function=webauthn',
|
||||
url: prefix + 'misc/ajax.php?function=webauthn' + extraParam,
|
||||
method: 'POST',
|
||||
data: data
|
||||
})
|
||||
|
|
|
|||
|
|
@ -202,7 +202,12 @@ class Ajax {
|
|||
*/
|
||||
private function manageWebauthn($isSelfService) {
|
||||
include_once __DIR__ . '/../../lib/webauthn.inc';
|
||||
$userDN = $_SESSION['ldap']->getUserName();
|
||||
if ($isSelfService) {
|
||||
$userDN = lamDecrypt($_SESSION['selfService_clientDN'], 'SelfService');
|
||||
}
|
||||
else {
|
||||
$userDN = $_SESSION['ldap']->getUserName();
|
||||
}
|
||||
$webauthnManager = new WebauthnManager();
|
||||
$isRegistered = $webauthnManager->isRegistered($userDN);
|
||||
if (!$isRegistered) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue