Commit 4ff0ab13 authored by michael.simon's avatar michael.simon
Browse files

correctly check for active token. #95

parent 85b5cc56
...@@ -28,6 +28,7 @@ import edu.kit.scc.webreg.service.twofa.TwoFaService; ...@@ -28,6 +28,7 @@ import edu.kit.scc.webreg.service.twofa.TwoFaService;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpGetBackupTanListResponse; import edu.kit.scc.webreg.service.twofa.linotp.LinotpGetBackupTanListResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse; import edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpSimpleResponse; import edu.kit.scc.webreg.service.twofa.linotp.LinotpSimpleResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpToken;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpTokenResultList; import edu.kit.scc.webreg.service.twofa.linotp.LinotpTokenResultList;
import edu.kit.scc.webreg.session.SessionManager; import edu.kit.scc.webreg.session.SessionManager;
import edu.kit.scc.webreg.util.FacesMessageGenerator; import edu.kit.scc.webreg.util.FacesMessageGenerator;
...@@ -114,11 +115,12 @@ public class TwoFaUserBean implements Serializable { ...@@ -114,11 +115,12 @@ public class TwoFaUserBean implements Serializable {
} }
} }
tokenList = twoFaService.findByIdentity(identity); if (! hasActiveToken()) {
if (tokenList.size() == 1) {
// this was the first token. We have to set 2fa elevation // this was the first token. We have to set 2fa elevation
sessionManager.setTwoFaElevation(Instant.now()); sessionManager.setTwoFaElevation(Instant.now());
} }
tokenList = twoFaService.findByIdentity(identity);
} }
else { else {
messageGenerator.addResolvedWarningMessage("warn", "twofa_token_failed", true); messageGenerator.addResolvedWarningMessage("warn", "twofa_token_failed", true);
...@@ -150,11 +152,12 @@ public class TwoFaUserBean implements Serializable { ...@@ -150,11 +152,12 @@ public class TwoFaUserBean implements Serializable {
} }
tokenList = twoFaService.findByIdentity(identity); if (! hasActiveToken()) {
if (tokenList.size() == 1) {
// this was the first token. We have to set 2fa elevation // this was the first token. We have to set 2fa elevation
sessionManager.setTwoFaElevation(Instant.now()); sessionManager.setTwoFaElevation(Instant.now());
} }
tokenList = twoFaService.findByIdentity(identity);
} }
else { else {
messageGenerator.addResolvedWarningMessage("warn", "twofa_token_failed", true); messageGenerator.addResolvedWarningMessage("warn", "twofa_token_failed", true);
...@@ -193,11 +196,12 @@ public class TwoFaUserBean implements Serializable { ...@@ -193,11 +196,12 @@ public class TwoFaUserBean implements Serializable {
if (response.getResult() != null && response.getResult().isStatus() && response.getResult().isValue()) { if (response.getResult() != null && response.getResult().isStatus() && response.getResult().isValue()) {
// success, Token stays active, set correct description // success, Token stays active, set correct description
twoFaService.initToken(identity, serial, "identity-" + identity.getId()); twoFaService.initToken(identity, serial, "identity-" + identity.getId());
tokenList = twoFaService.findByIdentity(identity); if (! hasActiveToken()) {
if (tokenList.size() == 1) {
// this was the first token. We have to set 2fa elevation // this was the first token. We have to set 2fa elevation
sessionManager.setTwoFaElevation(Instant.now()); sessionManager.setTwoFaElevation(Instant.now());
} }
tokenList = twoFaService.findByIdentity(identity);
PrimeFaces.current().executeScript("PF('addTotpDlg').hide();"); PrimeFaces.current().executeScript("PF('addTotpDlg').hide();");
createTokenResponse = null; createTokenResponse = null;
totpCode = ""; totpCode = "";
...@@ -330,4 +334,20 @@ public class TwoFaUserBean implements Serializable { ...@@ -330,4 +334,20 @@ public class TwoFaUserBean implements Serializable {
return backupTanList; return backupTanList;
} }
private Boolean hasActiveToken() {
for (LinotpToken token : tokenList) {
if (token.getIsactive()) {
/*
* filter token, that are not initialized
*/
if (token.getDescription() != null && token.getDescription().contains("INIT")) {
return false;
}
return true;
}
}
return false;
}
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment