Commit 5b781af2 authored by ls1947's avatar ls1947
Browse files

Track correct status in linotp token description field

parent 9ef6777c
package edu.kit.scc.webreg.service.twofa;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpSetFieldResult;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpSimpleResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpTokenResultList;
......@@ -24,4 +25,6 @@ public interface TwoFaService {
LinotpInitAuthenticatorTokenResponse createYubicoToken(Long userId, String yubi) throws TwoFaException;
LinotpSetFieldResult initToken(Long userId, String serial) throws TwoFaException;
}
......@@ -12,6 +12,7 @@ import edu.kit.scc.webreg.dao.UserDao;
import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpConnection;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpSetFieldResult;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpShowUserResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpSimpleResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpToken;
......@@ -92,6 +93,17 @@ public class TwoFaServiceImpl implements TwoFaService {
return linotpConnection.checkSpecificToken(serial, token);
}
@Override
public LinotpSetFieldResult initToken(Long userId, String serial) throws TwoFaException {
UserEntity user = userDao.findById(userId);
Map<String, String> configMap = configResolver.resolveConfig(user);
LinotpConnection linotpConnection = new LinotpConnection(configMap);
linotpConnection.requestAdminSession();
return linotpConnection.initToken(serial);
}
@Override
public LinotpInitAuthenticatorTokenResponse createAuthenticatorToken(Long userId) throws TwoFaException {
UserEntity user = userDao.findById(userId);
......
......@@ -3,7 +3,9 @@ package edu.kit.scc.webreg.service.twofa.linotp;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Map;
......@@ -166,7 +168,7 @@ public class LinotpConnection {
nvps.add(new BasicNameValuePair("genkey", "1"));
nvps.add(new BasicNameValuePair("hashlib", "sha1"));
nvps.add(new BasicNameValuePair("timeStep", "30"));
nvps.add(new BasicNameValuePair("description", "This is a description"));
nvps.add(new BasicNameValuePair("description", "INIT,DELABLE,BWIDM,TS " + formatDate() + ","));
if (configMap.containsKey("userId"))
nvps.add(new BasicNameValuePair("user", configMap.get("userId")));
......@@ -227,6 +229,37 @@ public class LinotpConnection {
throw new TwoFaException(e);
}
}
public LinotpSetFieldResult initToken(String serial) throws TwoFaException {
return setTokenField(serial, "description", "ACTIVE,DELABLE,TS " + formatDate() + ",");
}
public LinotpSetFieldResult setTokenField(String serial, String key, String value) throws TwoFaException {
try {
HttpPost httpPost = new HttpPost(configMap.get("url") + "/admin/set");
List<NameValuePair> nvps = new ArrayList <NameValuePair>();
if (configMap.containsKey("realm"))
nvps.add(new BasicNameValuePair("realm", configMap.get("realm")));
nvps.add(new BasicNameValuePair("session", adminSession));
nvps.add(new BasicNameValuePair("serial", serial));
nvps.add(new BasicNameValuePair(key, value));
httpPost.setEntity(new UrlEncodedFormEntity(nvps));
CloseableHttpResponse response = httpClient.execute(targetHost, httpPost, context);
try {
HttpEntity entity = response.getEntity();
String responseString = EntityUtils.toString(entity);
logger.trace(responseString);
return resultParser.parseSetFieldResponse(responseString);
} finally {
response.close();
}
} catch (ParseException | IOException e) {
throw new TwoFaException(e);
}
}
public LinotpSimpleResponse disableToken(String serial) throws TwoFaException {
try {
......@@ -381,4 +414,9 @@ public class LinotpConnection {
return null;
}
}
protected String formatDate() {
SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd hh:mm");
return formatter.format(new Date());
}
}
......@@ -44,4 +44,14 @@ public class LinotpResultParser {
}
}
public LinotpSetFieldResult parseSetFieldResponse(String responseString) throws TwoFaException {
try {
LinotpSetFieldResult response =
om.readValue(responseString, LinotpSetFieldResult.class);
return response;
} catch (IOException e) {
throw new TwoFaException(e);
}
}
}
package edu.kit.scc.webreg.service.twofa.linotp;
import java.io.Serializable;
import com.fasterxml.jackson.annotation.JsonProperty;
public class LinotpSetFieldResponse implements Serializable {
private static final long serialVersionUID = 1L;
private String version;
@JsonProperty("jsonrpc")
private String jsonRpc;
private LinotpSetFieldResult result;
private Integer id;
public String getVersion() {
return version;
}
public void setVersion(String version) {
this.version = version;
}
public String getJsonRpc() {
return jsonRpc;
}
public void setJsonRpc(String jsonRpc) {
this.jsonRpc = jsonRpc;
}
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public LinotpSetFieldResult getResult() {
return result;
}
public void setResult(LinotpSetFieldResult result) {
this.result = result;
}
}
package edu.kit.scc.webreg.service.twofa.linotp;
import java.util.Map;
public class LinotpSetFieldResult {
private boolean status;
private Map<String, Object> value;
public boolean isStatus() {
return status;
}
public void setStatus(boolean status) {
this.status = status;
}
public Map<String, Object> getValue() {
return value;
}
public void setValue(Map<String, Object> value) {
this.value = value;
}
}
\ No newline at end of file
......@@ -120,7 +120,8 @@ public class TwoFaUserBean implements Serializable {
response = twoFaService.checkSpecificToken(user.getId(), serial, totpCode);
if (response.getResult() != null && response.getResult().isStatus() && response.getResult().isValue()) {
// success, Token stays active
// success, Token stays active, set correct description
twoFaService.initToken(user.getId(), serial);
tokenList = twoFaService.findByUserId(sessionManager.getUserId());
if (tokenList.size() == 1) {
// this was the first token. We have to set 2fa elevation
......
my_twofa=Zweite Faktoren
start=Starten
twofa_tokentype=Toketyp
twofa_serial=Serial
twofa_active=Aktiv
......
my_twofa=Second factors
start=Start
twofa_tokentype=Tokentype
twofa_serial=Serial
twofa_active=Active
......
......@@ -52,27 +52,31 @@
<h:graphicImage width="60px" value="#{resource['img/yubikey_small.png']}" alt="Yubikey" rendered="#{token.tokenType == 'yubico'}"/>
</p:outputPanel>
<p:outputPanel>
<h:panelGrid columns="2">
<p:outputLabel for="@next" value="#{messages.twofa_tokentype}:" />
<h:panelGroup>
<h:outputText value="#{messages.twofa_tokentype_totp}" rendered="#{token.tokenType == 'TOTP' and token.serial.startsWith('TOTP')}"/>
<h:outputText value="#{messages.twofa_tokentype_totp_hardware}" rendered="#{token.tokenType == 'TOTP' and not token.serial.startsWith('TOTP')}"/>
<h:outputText value="#{messages.twofa_tokentype_tanlist}" rendered="#{token.tokenType == 'HOTP'}"/>
<h:outputText value="#{messages.twofa_tokentype_yubikey}" rendered="#{token.tokenType == 'yubico'}"/>
</h:panelGroup>
<p:outputLabel for="@next" value="#{messages.twofa_active}:" />
<h:outputText value="#{token.isactive ? messages.yes : messages.no}" />
</h:panelGrid>
<p:commandButton action="#{twoFaUserBean.disableToken(token.serial)}" value="Disable"
update="@form" rendered="#{token.isactive}"/>
<p:commandButton action="#{twoFaUserBean.enableToken(token.serial)}" value="Enable"
update="@form" rendered="#{! token.isactive}"/>
<p:commandButton action="#{twoFaUserBean.deleteToken(token.serial)}" value="Delete"
update="@form" rendered="#{! token.isactive}">
<p:confirm header="#{messages.confirm_header}" message="#{messages.confirm}" />
</p:commandButton>
</p:outputPanel>
<h:panelGrid columns="2">
<p:outputLabel for="@next" value="#{messages.twofa_tokentype}:" />
<h:panelGroup>
<h:outputText value="#{messages.twofa_tokentype_totp}" rendered="#{token.tokenType == 'TOTP' and token.serial.startsWith('TOTP')}"/>
<h:outputText value="#{messages.twofa_tokentype_totp_hardware}" rendered="#{token.tokenType == 'TOTP' and not token.serial.startsWith('TOTP')}"/>
<h:outputText value="#{messages.twofa_tokentype_tanlist}" rendered="#{token.tokenType == 'HOTP'}"/>
<h:outputText value="#{messages.twofa_tokentype_yubikey}" rendered="#{token.tokenType == 'yubico'}"/>
</h:panelGroup>
<p:outputLabel for="@next" value="#{messages.twofa_active}:" />
<h:outputText value="#{token.isactive ? messages.yes : messages.no}" />
</h:panelGrid>
<p:panel style="margin: 8px;">
<h:outputText value="#{messages.twofa_token_not_init}" style="color:red;"
rendered="#{! token.isactive and (token.tokenDesc.contains('INIT'))}" />
</p:panel>
<p:commandButton action="#{twoFaUserBean.disableToken(token.serial)}" value="#{messages.disable}"
update="@form" rendered="#{token.isactive}"/>
<p:commandButton action="#{twoFaUserBean.enableToken(token.serial)}" value="#{messages.disable}"
update="@form" rendered="#{! token.isactive and (! token.tokenDesc.contains('INIT'))}"/>
<p:commandButton action="#{twoFaUserBean.deleteToken(token.serial)}" value="#{messages.delete}"
update="@form" rendered="#{! token.isactive}" style="color:red;">
<p:confirm header="#{messages.confirm_header}" message="#{messages.confirm}" />
</p:commandButton>
</p:outputPanel>
</p:panelGrid>
</p:panel>
</p:dataGrid>
......@@ -97,26 +101,30 @@
showEffect="fade" hideEffect="fade">
<p:ajax event="close" update="@form" />
<div class="panel" style="width:360px;">
<div class="panel" style="width:520px;">
<h:outputText value="#{messages.twofa_create_totp_token_desc}" escape="false" />
</div>
<p:panel id="totpResponsePanel">
<p:panel id="totpResponsePanel" style="height: 260px;">
<p:commandButton id="totpStartButton" action="#{twoFaUserBean.createAuthenticatorToken()}" value="#{messages.start}"
update="totpResponsePanel" oncomplete="PF('addTotpDlg').initPosition()" rendered="#{empty twoFaUserBean.createTokenResponse}"/>
<h:panelGroup rendered="#{not empty twoFaUserBean.createTokenResponse}">
<div>
<h:outputText value="#{twoFaUserBean.createTokenResponse.detail.googleurl.img}" escape="false" />
</div>
<h:panelGrid columns="2">
<p:outputLabel for="@next" value="#{messages.twofa_serial}:" />
<h:outputText value="#{twoFaUserBean.createTokenResponse.detail.serial}"/>
<p:outputLabel for="@next" value="#{messages.twofa_code}:" />
<p:inputText id="totpText" value="#{twoFaUserBean.totpCode}"/>
</h:panelGrid>
<p:commandButton id="checkTotpButton" action="#{twoFaUserBean.checkAuthenticatorToken()}" value="#{messages.check}"
update="totpResponsePanel" />
<p:outputPanel>
<h:outputText value="#{twoFaUserBean.createTokenResponse.detail.googleurl.img}" escape="false" />
</p:outputPanel>
<p:outputPanel>
<h:panelGrid columns="2">
<p:outputLabel for="@next" value="#{messages.twofa_serial}:" />
<h:outputText value="#{twoFaUserBean.createTokenResponse.detail.serial}"/>
<p:outputLabel for="@next" value="#{messages.twofa_code}:" />
<p:inputText id="totpText" value="#{twoFaUserBean.totpCode}"/>
</h:panelGrid>
<p:commandButton id="checkTotpButton" action="#{twoFaUserBean.checkAuthenticatorToken()}" value="#{messages.check}"
update="totpResponsePanel" />
</p:outputPanel>
</h:panelGrid>
</h:panelGroup>
</p:panel>
</p:dialog>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment