mirror of
https://github.com/inverse-inc/sogo.git
synced 2026-07-02 23:34:21 +00:00
feat(preferences): Improve TOTP - add validation code in preferences before saving to ensure user add qr code in totp application
This commit is contained in:
@@ -485,6 +485,8 @@
|
||||
"Enable two-factor authentication using a TOTP application" = "Enable two-factor authentication using a TOTP application";
|
||||
"You must enter this key into your TOTP application." = "You must enter this key into your TOTP application.";
|
||||
"If you do not and you log out you will not be able to login again." = "If you do not and you log out you will not be able to login again.";
|
||||
"Enter TOTP verification code :" = "Enter TOTP verification code :";
|
||||
"Invalid TOTP verification code" = "Invalid TOTP verification code";
|
||||
|
||||
/* External Sieve scripts */
|
||||
"An external Sieve script is active" = "An external Sieve script is active";
|
||||
|
||||
@@ -485,6 +485,8 @@
|
||||
"Enable two-factor authentication using a TOTP application" = "Activer l'authentification à deux facteurs à l'aide d’une application TOTP";
|
||||
"You must enter this key into your TOTP application." = "Vous devez saisir cette clé dans votre application TOTP.";
|
||||
"If you do not and you log out you will not be able to login again." = "À défaut de le faire, vous ne pourrez pas vous reconnecter.";
|
||||
"Enter TOTP verification code :" = "Saisissez le code de vérification TOTP :";
|
||||
"Invalid TOTP verification code" = "Code de vérification TOTP invalide";
|
||||
|
||||
/* External Sieve scripts */
|
||||
"An external Sieve script is active" = "Un script Sieve externe est actif";
|
||||
|
||||
@@ -53,6 +53,10 @@
|
||||
|
||||
#import "UIxPreferences.h"
|
||||
|
||||
#if defined(MFA_CONFIG)
|
||||
#include <liboath/oath.h>
|
||||
#endif
|
||||
|
||||
static NSArray *reminderItems = nil;
|
||||
static NSArray *reminderValues = nil;
|
||||
|
||||
@@ -1586,6 +1590,69 @@ static NSArray *reminderValues = nil;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#if defined(MFA_CONFIG)
|
||||
// Check TOTP token
|
||||
NSString *verificationCode;
|
||||
|
||||
if ([v objectForKey: @"SOGoTOTPEnabled"]
|
||||
&& 1 == [[v objectForKey: @"SOGoTOTPEnabled"] intValue]
|
||||
&& ![[user userDefaults] totpEnabled]) {
|
||||
|
||||
verificationCode = [v objectForKey: @"totpVerificationCode"];
|
||||
|
||||
if ([verificationCode length] == 6 && [verificationCode unsignedIntValue] > 0)
|
||||
{
|
||||
unsigned int code;
|
||||
const char *real_secret;
|
||||
char *secret;
|
||||
|
||||
size_t secret_len;
|
||||
|
||||
const auto time_step = OATH_TOTP_DEFAULT_TIME_STEP_SIZE;
|
||||
const auto digits = 6;
|
||||
|
||||
real_secret = [[user totpKey] UTF8String];
|
||||
|
||||
auto result = oath_init();
|
||||
auto t = time(NULL);
|
||||
auto left = time_step - (t % time_step);
|
||||
|
||||
char otp[digits + 1];
|
||||
|
||||
oath_base32_decode (real_secret,
|
||||
strlen(real_secret),
|
||||
&secret, &secret_len);
|
||||
|
||||
result = oath_totp_generate2(secret,
|
||||
secret_len,
|
||||
t,
|
||||
time_step,
|
||||
OATH_TOTP_DEFAULT_START_TIME,
|
||||
digits,
|
||||
0,
|
||||
otp);
|
||||
|
||||
sscanf(otp, "%u", &code);
|
||||
|
||||
oath_done();
|
||||
free(secret);
|
||||
|
||||
if (code != [verificationCode unsignedIntValue])
|
||||
{
|
||||
results = (id <WOActionResults>) [self responseWithStatus: 485
|
||||
andJSONRepresentation: [NSDictionary dictionaryWithObjectsAndKeys: @"Invalid TOTP verification code", @"message", nil]];
|
||||
return results;
|
||||
}
|
||||
} else {
|
||||
results = (id <WOActionResults>) [self responseWithStatus: 485
|
||||
andJSONRepresentation: [NSDictionary dictionaryWithObjectsAndKeys: @"Invalid TOTP verification code", @"message", nil]];
|
||||
return results;
|
||||
}
|
||||
}
|
||||
[v removeObjectForKey: @"totpVerificationCode"];
|
||||
#endif
|
||||
|
||||
[[[user userDefaults] source] setValues: v];
|
||||
|
||||
if ([[user userDefaults] synchronize] && [self userHasMailAccess])
|
||||
|
||||
@@ -258,7 +258,15 @@
|
||||
</div>
|
||||
<div flex="100" flex-sm="60" flex-gt-sm="50">
|
||||
<var:string label:value="You must enter this key into your TOTP application."/> <b><var:string label:value="If you do not and you log out you will not be able to login again."/></b>
|
||||
<md-input-container class="md-block md-input-has-value md-auto-horizontal-margin">
|
||||
<label><var:string label:value="Enter TOTP verification code :"/></label>
|
||||
<input type="text" ng-model="app.preferences.defaults.totpVerificationCode" name="totpVerificationCode" autocomplete="one-time-code" id="totpVerificationCode" sg-no-dirty-check="true" ng-change="app.resetTotpVerificationCode(preferencesForm)"/>
|
||||
<div ng-messages="preferencesForm.totpVerificationCode.$error">
|
||||
<div ng-message="invalidTotpCode"><var:string label:value="Invalid TOTP verification code"/></div>
|
||||
</div>
|
||||
</md-input-container>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</var:if>
|
||||
|
||||
|
||||
@@ -456,8 +456,10 @@
|
||||
});
|
||||
}
|
||||
|
||||
if (sendForm)
|
||||
if (sendForm) {
|
||||
var self = this;
|
||||
return this.preferences.$save().then(function(data) {
|
||||
self.preferences.defaults.totpVerificationCode = ''
|
||||
if (!options || !options.quick) {
|
||||
$mdToast.show(
|
||||
$mdToast.simple()
|
||||
@@ -466,11 +468,20 @@
|
||||
.hideDelay(2000));
|
||||
form.$setPristine();
|
||||
}
|
||||
}).catch(function(e) {
|
||||
if (485 == e.status) {
|
||||
form.totpVerificationCode.$setValidity('invalidTotpCode', false);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
return $q.reject('Invalid form');
|
||||
};
|
||||
|
||||
this.resetTotpVerificationCode = function(form) {
|
||||
form.totpVerificationCode.$setValidity('invalidTotpCode', true);
|
||||
}
|
||||
|
||||
this.canChangePassword = function(form) {
|
||||
if (this.passwords.newPasswordConfirmation && this.passwords.newPasswordConfirmation.length &&
|
||||
this.passwords.newPassword != this.passwords.newPasswordConfirmation) {
|
||||
|
||||
Reference in New Issue
Block a user