Add some yubikey checks

To prevent registration of a wrong yubikey.

Add some yubikey checks
To prevent registration of a wrong yubikey.
11ab787b · michael.simon · badc6ffd · 11ab787b · 11ab787b
Commit 11ab787b authored Aug 26, 2020 by michael.simon
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/TwoFaServiceImpl.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/TwoFaServiceImpl.java
@@ -220,7 +220,7 @@ public class TwoFaServiceImpl implements TwoFaService {
 		
 		LinotpInitAuthenticatorTokenResponse response = linotpConnection.createYubicoToken(user, yubi);
 		
-		if (response == null) {
+		if (response == null || response.getDetail() == null) {
 			auditor.logAction(user.getEppn(), "CREATE YUBICO TOKEN", "", "", AuditStatus.FAIL);
 			auditor.finishAuditTrail();
 			throw new TwoFaException("Token generation did not succeed!");

--- a/bwreg-webapp/src/main/java/edu/kit/scc/webreg/bean/TwoFaUserBean.java
+++ b/bwreg-webapp/src/main/java/edu/kit/scc/webreg/bean/TwoFaUserBean.java
@@ -99,8 +99,17 @@ public class TwoFaUserBean implements Serializable {
 				if (response.getResult().isStatus() && response.getResult().isValue()) {
 					if (response != null && response.getDetail() != null) {
 						String serial = response.getDetail().getSerial();
-						twoFaService.initToken(user.getId(), serial, "user-" + user.getId());
-						
+						LinotpSimpleResponse checkResponse = 
+								twoFaService.checkSpecificToken(user.getId(), serial, yubicoCode);
+						if (! (checkResponse.getResult().isStatus() && 
+								checkResponse.getResult().isValue())) {
+							// Token creating was successful, but check failed
+							twoFaService.deleteToken(user.getId(), serial, "user-" + user.getId());
+							messageGenerator.addResolvedWarningMessage("warn", "twofa_token_failed", true);
+						}
+						else {
+							twoFaService.initToken(user.getId(), serial, "user-" + user.getId());
+						}
 					}
 					
 					tokenList = twoFaService.findByUserId(sessionManager.getUserId());
@@ -119,6 +128,10 @@ public class TwoFaUserBean implements Serializable {
 				
 			} catch (TwoFaException e) {
 				logger.warn("TwoFaException", e);
+				messageGenerator.addResolvedWarningMessage("warn", "twofa_token_failed", true);
+				PrimeFaces.current().executeScript("PF('addYubicoDlg').hide();");
+				createTokenResponse = null;
+				yubicoCode = "";
 			}
 		}
 	}