diff --git a/lam/lib/2factor.inc b/lam/lib/2factor.inc
index 75a20681..053a472c 100644
--- a/lam/lib/2factor.inc
+++ b/lam/lib/2factor.inc
@@ -270,10 +270,7 @@ class TwoFactorProviderService {
private function getConfigSelfService(&$profile) {
$config = new TwoFactorConfiguration();
$config->twoFactorAuthentication = $profile->twoFactorAuthentication;
- $config->twoFactorAuthenticationCaption = $profile->twoFactorAuthenticationCaption;
$config->twoFactorAuthenticationInsecure = $profile->twoFactorAuthenticationInsecure;
- $config->twoFactorAuthenticationLabel = $profile->twoFactorAuthenticationLabel;
- $config->twoFactorAuthenticationOptional = $profile->twoFactorAuthenticationOptional;
$config->twoFactorAuthenticationURL = $profile->twoFactorAuthenticationURL;
return $config;
}
@@ -287,10 +284,7 @@ class TwoFactorProviderService {
private function getConfigAdmin($conf) {
$config = new TwoFactorConfiguration();
$config->twoFactorAuthentication = $conf->getTwoFactorAuthentication();
- $config->twoFactorAuthenticationCaption = $conf->getTwoFactorAuthenticationCaption();
$config->twoFactorAuthenticationInsecure = $conf->getTwoFactorAuthenticationInsecure();
- $config->twoFactorAuthenticationLabel = $conf->getTwoFactorAuthenticationLabel();
- $config->twoFactorAuthenticationOptional = $conf->getTwoFactorAuthenticationOptional();
$config->twoFactorAuthenticationURL = $conf->getTwoFactorAuthenticationURL();
return $config;
}
@@ -306,7 +300,4 @@ class TwoFactorConfiguration {
public $twoFactorAuthentication = null;
public $twoFactorAuthenticationURL = null;
public $twoFactorAuthenticationInsecure = false;
- public $twoFactorAuthenticationLabel = null;
- public $twoFactorAuthenticationOptional = false;
- public $twoFactorAuthenticationCaption = '';
}
diff --git a/lam/templates/login.php b/lam/templates/login.php
index 2d8d8b40..78ccc312 100644
--- a/lam/templates/login.php
+++ b/lam/templates/login.php
@@ -326,6 +326,14 @@ function display_LoginPage($config_object, $cfgMain) {
StatusMessage("INFO", _("Your settings were successfully saved."), htmlspecialchars($_GET['selfserviceSaveOk']));
echo "
";
}
+ if (isset($_GET['2factor']) && ($_GET['2factor'] == 'error')) {
+ StatusMessage('ERROR', _("Unable to start 2-factor authentication."));
+ echo "
";
+ }
+ elseif (isset($_GET['2factor']) && ($_GET['2factor'] == 'noToken')) {
+ StatusMessage('ERROR', _("Unable to start 2-factor authentication because no tokens were found."));
+ echo "
";
+ }
if (!empty($config_object)) {
?>
diff --git a/lam/templates/login2Factor.php b/lam/templates/login2Factor.php
new file mode 100644
index 00000000..f3d63932
--- /dev/null
+++ b/lam/templates/login2Factor.php
@@ -0,0 +1,241 @@
+decrypt_login();
+$password = $credentials[1];
+$user = $_SESSION['user2factor'];
+if (get_preg($user, 'dn')) {
+ $user = extractRDNValue($user);
+}
+
+// get serials
+try {
+ $service = new TwoFactorProviderService($config);
+ $provider = $service->getProvider();
+ $serials = $provider->getSerials($user, $password);
+}
+catch (\Exception $e) {
+ logNewMessage(LOG_ERR, 'Unable to get 2-factor serials for ' . $user . ' ' . $e->getMessage());
+ metaRefresh("login.php?2factor=error");
+ die();
+}
+
+$twoFactorLabel = empty($config->getTwoFactorAuthenticationLabel()) ? _('PIN+Token') : $config->getTwoFactorAuthenticationLabel();
+
+if (sizeof($serials) == 0) {
+ if ($config->getTwoFactorAuthenticationOptional()) {
+ unset($_SESSION['2factorRequired']);
+ unset($_SESSION['user2factor']);
+ metaRefresh("main.php");
+ die();
+ }
+ else {
+ metaRefresh("login.php?2factor=noToken");
+ die();
+ }
+}
+
+if (isset($_POST['logout'])) {
+ // destroy session
+ session_destroy();
+ unset($_SESSION);
+ // redirect to login page
+ metaRefresh("login.php");
+ exit();
+}
+
+if (isset($_POST['submit'])) {
+ $twoFactorInput = $_POST['2factor'];
+ $serial = $_POST['serial'];
+ if (empty($twoFactorInput) || !in_array($serial, $serials)) {
+ $errorMessage = _(sprintf('Please enter "%s".', $twoFactorLabel));
+ }
+ else {
+ $twoFactorValid = false;
+ try {
+ $twoFactorValid = $provider->verify2ndFactor($user, $password, $serial, $twoFactorInput);
+ }
+ catch (\Exception $e) {
+ logNewMessage(LOG_WARNING, '2-factor verification failed: ' . $e->getMessage());
+ }
+ if ($twoFactorValid) {
+ unset($_SESSION['2factorRequired']);
+ unset($_SESSION['user2factor']);
+ metaRefresh("main.php");
+ die();
+ }
+ else {
+ $errorMessage = _(sprintf('Verification failed.', $twoFactorLabel));
+ }
+ }
+}
+
+?>
+
+
+
+ LDAP Account Manager + | ++ | +