This commit is contained in:
Roland Gruber 2020-01-08 20:38:26 +01:00
parent 0990d61507
commit c29be12a9e
6 changed files with 25 additions and 10 deletions

View File

@ -17,7 +17,7 @@ use \Webauthn\PublicKeyCredentialCreationOptions;
/*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2017 - 2019 Roland Gruber
Copyright (C) 2017 - 2020 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -549,6 +549,7 @@ class WebauthnProvider extends BaseProvider {
}
$row->addVerticalSpacer('2rem');
$pathPrefix = $this->config->isSelfService ? '../' : '';
$selfServiceParam = $this->config->isSelfService ? 'true' : 'false';
$row->add(new htmlImage($pathPrefix . '../graphics/webauthn.svg'), 12);
$row->addVerticalSpacer('1rem');
$registerButton = new htmlButton('register_webauthn', _('Register new key'));
@ -570,7 +571,7 @@ class WebauthnProvider extends BaseProvider {
$errorMessageDiv->addDataAttribute('button', _('Ok'));
$errorMessageDiv->addDataAttribute('title', _('Webauthn failed'));
$row->add($errorMessageDiv, 12);
$row->add(new htmlJavaScript('window.lam.webauthn.start(\'' . $pathPrefix . '\');'), 0);
$row->add(new htmlJavaScript('window.lam.webauthn.start(\'' . $pathPrefix . '\', ' . $selfServiceParam . ');'), 0);
}
/**
@ -594,7 +595,7 @@ class WebauthnProvider extends BaseProvider {
$userDn = $_SESSION['ldap']->getUserName();
}
else {
$userDn = $_SESSION['selfService_clientDN'];
$userDn = lamDecrypt($_SESSION['selfService_clientDN'], 'SelfService');
}
$hasTokens = $webauthnManager->isRegistered($userDn);
if (!$hasTokens) {

View File

@ -44,3 +44,4 @@
/nPosixGroup.inc
/nPosixUser.inc
/bindDLZXfr.inc
/webauthn.inc

View File

@ -3,7 +3,7 @@ use \LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
/*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2006 - 2019 Roland Gruber
Copyright (C) 2006 - 2020 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -452,6 +452,7 @@ class selfServiceProfile {
public $twoFactorAuthenticationClientId = '';
public $twoFactorAuthenticationSecretKey = '';
public $twoFactorAuthenticationAttribute = 'uid';
public $twoFactorAuthenticationDomain = '';
/** provider for captcha (-/google) */
public $captchaProvider = '-';
@ -512,6 +513,7 @@ class selfServiceProfile {
$this->twoFactorAuthenticationClientId = '';
$this->twoFactorAuthenticationSecretKey = '';
$this->twoFactorAuthenticationAttribute = 'uid';
$this->twoFactorAuthenticationDomain = '';
$this->captchaProvider = '-';
$this->reCaptchaSiteKey = '';
$this->reCaptchaSecretKey = '';

View File

@ -185,7 +185,10 @@ class WebauthnManager {
private function createRpEntry($isSelfService) {
$pathPrefix = $isSelfService ? '../' : '';
$icon = $pathPrefix . '../graphics/logo136.png';
if (!$isSelfService) {
if ($isSelfService) {
$domain = $_SESSION['selfServiceProfile']->twoFactorAuthenticationDomain;
}
else {
$domain = $_SESSION['config']->getTwoFactorAuthenticationDomain();
}
return new PublicKeyCredentialRpEntity(

View File

@ -1375,11 +1375,12 @@ window.lam.webauthn = window.lam.webauthn || {};
* Starts the webauthn process.
*
* @param prefix path prefix for Ajax endpoint
* @param isSelfService runs as part of self service
*/
window.lam.webauthn.start = function(prefix) {
window.lam.webauthn.start = function(prefix, isSelfService) {
jQuery(document).ready(
function() {
window.lam.webauthn.run(prefix);
window.lam.webauthn.run(prefix, isSelfService);
}
);
}
@ -1388,8 +1389,9 @@ window.lam.webauthn.start = function(prefix) {
* Checks if the user is registered and starts login/registration.
*
* @param prefix path prefix for Ajax endpoint
* @param isSelfService runs as part of self service
*/
window.lam.webauthn.run = function(prefix) {
window.lam.webauthn.run = function(prefix, isSelfService) {
jQuery('#btn_skip_webauthn').click(function () {
let form = jQuery("#2faform");
form.append('<input type="hidden" name="sig_response" value="skip"/>');
@ -1408,8 +1410,9 @@ window.lam.webauthn.run = function(prefix) {
jsonInput: '',
sec_token: token
};
const extraParam = isSelfService ? '&selfservice=true' : '';
jQuery.ajax({
url: prefix + 'misc/ajax.php?function=webauthn',
url: prefix + 'misc/ajax.php?function=webauthn' + extraParam,
method: 'POST',
data: data
})

View File

@ -202,7 +202,12 @@ class Ajax {
*/
private function manageWebauthn($isSelfService) {
include_once __DIR__ . '/../../lib/webauthn.inc';
if ($isSelfService) {
$userDN = lamDecrypt($_SESSION['selfService_clientDN'], 'SelfService');
}
else {
$userDN = $_SESSION['ldap']->getUserName();
}
$webauthnManager = new WebauthnManager();
$isRegistered = $webauthnManager->isRegistered($userDN);
if (!$isRegistered) {