feat(preferences): Improve TOTP - add validation code in preferences before saving to ensure user add qr code in totp application

This commit is contained in:
smizrahi
2023-01-04 17:37:46 +01:00
parent 7d72fe1281
commit 0bd530ab64
5 changed files with 91 additions and 1 deletions
@@ -485,6 +485,8 @@
"Enable two-factor authentication using a TOTP application" = "Enable two-factor authentication using a TOTP application";
"You must enter this key into your TOTP application." = "You must enter this key into your TOTP application.";
"If you do not and you log out you will not be able to login again." = "If you do not and you log out you will not be able to login again.";
"Enter TOTP verification code :" = "Enter TOTP verification code :";
"Invalid TOTP verification code" = "Invalid TOTP verification code";
/* External Sieve scripts */
"An external Sieve script is active" = "An external Sieve script is active";
@@ -485,6 +485,8 @@
"Enable two-factor authentication using a TOTP application" = "Activer l'authentification à deux facteurs à l'aide dune application TOTP";
"You must enter this key into your TOTP application." = "Vous devez saisir cette clé dans votre application TOTP.";
"If you do not and you log out you will not be able to login again." = "À défaut de le faire, vous ne pourrez pas vous reconnecter.";
"Enter TOTP verification code :" = "Saisissez le code de vérification TOTP :";
"Invalid TOTP verification code" = "Code de vérification TOTP invalide";
/* External Sieve scripts */
"An external Sieve script is active" = "Un script Sieve externe est actif";
+67
View File
@@ -53,6 +53,10 @@
#import "UIxPreferences.h"
#if defined(MFA_CONFIG)
#include <liboath/oath.h>
#endif
static NSArray *reminderItems = nil;
static NSArray *reminderValues = nil;
@@ -1586,6 +1590,69 @@ static NSArray *reminderValues = nil;
}
}
#if defined(MFA_CONFIG)
// Check TOTP token
NSString *verificationCode;
if ([v objectForKey: @"SOGoTOTPEnabled"]
&& 1 == [[v objectForKey: @"SOGoTOTPEnabled"] intValue]
&& ![[user userDefaults] totpEnabled]) {
verificationCode = [v objectForKey: @"totpVerificationCode"];
if ([verificationCode length] == 6 && [verificationCode unsignedIntValue] > 0)
{
unsigned int code;
const char *real_secret;
char *secret;
size_t secret_len;
const auto time_step = OATH_TOTP_DEFAULT_TIME_STEP_SIZE;
const auto digits = 6;
real_secret = [[user totpKey] UTF8String];
auto result = oath_init();
auto t = time(NULL);
auto left = time_step - (t % time_step);
char otp[digits + 1];
oath_base32_decode (real_secret,
strlen(real_secret),
&secret, &secret_len);
result = oath_totp_generate2(secret,
secret_len,
t,
time_step,
OATH_TOTP_DEFAULT_START_TIME,
digits,
0,
otp);
sscanf(otp, "%u", &code);
oath_done();
free(secret);
if (code != [verificationCode unsignedIntValue])
{
results = (id <WOActionResults>) [self responseWithStatus: 485
andJSONRepresentation: [NSDictionary dictionaryWithObjectsAndKeys: @"Invalid TOTP verification code", @"message", nil]];
return results;
}
} else {
results = (id <WOActionResults>) [self responseWithStatus: 485
andJSONRepresentation: [NSDictionary dictionaryWithObjectsAndKeys: @"Invalid TOTP verification code", @"message", nil]];
return results;
}
}
[v removeObjectForKey: @"totpVerificationCode"];
#endif
[[[user userDefaults] source] setValues: v];
if ([[user userDefaults] synchronize] && [self userHasMailAccess])
@@ -258,7 +258,15 @@
</div>
<div flex="100" flex-sm="60" flex-gt-sm="50">
<var:string label:value="You must enter this key into your TOTP application."/> <b><var:string label:value="If you do not and you log out you will not be able to login again."/></b>
<md-input-container class="md-block md-input-has-value md-auto-horizontal-margin">
<label><var:string label:value="Enter TOTP verification code :"/></label>
<input type="text" ng-model="app.preferences.defaults.totpVerificationCode" name="totpVerificationCode" autocomplete="one-time-code" id="totpVerificationCode" sg-no-dirty-check="true" ng-change="app.resetTotpVerificationCode(preferencesForm)"/>
<div ng-messages="preferencesForm.totpVerificationCode.$error">
<div ng-message="invalidTotpCode"><var:string label:value="Invalid TOTP verification code"/></div>
</div>
</md-input-container>
</div>
</div>
</var:if>
@@ -456,8 +456,10 @@
});
}
if (sendForm)
if (sendForm) {
var self = this;
return this.preferences.$save().then(function(data) {
self.preferences.defaults.totpVerificationCode = ''
if (!options || !options.quick) {
$mdToast.show(
$mdToast.simple()
@@ -466,11 +468,20 @@
.hideDelay(2000));
form.$setPristine();
}
}).catch(function(e) {
if (485 == e.status) {
form.totpVerificationCode.$setValidity('invalidTotpCode', false);
}
});
}
return $q.reject('Invalid form');
};
this.resetTotpVerificationCode = function(form) {
form.totpVerificationCode.$setValidity('invalidTotpCode', true);
}
this.canChangePassword = function(form) {
if (this.passwords.newPasswordConfirmation && this.passwords.newPasswordConfirmation.length &&
this.passwords.newPassword != this.passwords.newPasswordConfirmation) {