Commit 11ab787b authored by michael.simon's avatar michael.simon
Browse files

Add some yubikey checks

To prevent registration of a wrong yubikey.
parent badc6ffd
......@@ -220,7 +220,7 @@ public class TwoFaServiceImpl implements TwoFaService {
LinotpInitAuthenticatorTokenResponse response = linotpConnection.createYubicoToken(user, yubi);
if (response == null) {
if (response == null || response.getDetail() == null) {
auditor.logAction(user.getEppn(), "CREATE YUBICO TOKEN", "", "", AuditStatus.FAIL);
auditor.finishAuditTrail();
throw new TwoFaException("Token generation did not succeed!");
......
......@@ -99,8 +99,17 @@ public class TwoFaUserBean implements Serializable {
if (response.getResult().isStatus() && response.getResult().isValue()) {
if (response != null && response.getDetail() != null) {
String serial = response.getDetail().getSerial();
twoFaService.initToken(user.getId(), serial, "user-" + user.getId());
LinotpSimpleResponse checkResponse =
twoFaService.checkSpecificToken(user.getId(), serial, yubicoCode);
if (! (checkResponse.getResult().isStatus() &&
checkResponse.getResult().isValue())) {
// Token creating was successful, but check failed
twoFaService.deleteToken(user.getId(), serial, "user-" + user.getId());
messageGenerator.addResolvedWarningMessage("warn", "twofa_token_failed", true);
}
else {
twoFaService.initToken(user.getId(), serial, "user-" + user.getId());
}
}
tokenList = twoFaService.findByUserId(sessionManager.getUserId());
......@@ -119,6 +128,10 @@ public class TwoFaUserBean implements Serializable {
} catch (TwoFaException e) {
logger.warn("TwoFaException", e);
messageGenerator.addResolvedWarningMessage("warn", "twofa_token_failed", true);
PrimeFaces.current().executeScript("PF('addYubicoDlg').hide();");
createTokenResponse = null;
yubicoCode = "";
}
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment