Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
reg-app
Regapp
Commits
5b781af2
Commit
5b781af2
authored
Jul 14, 2020
by
ls1947
Browse files
Track correct status in linotp token description field
parent
9ef6777c
Changes
10
Hide whitespace changes
Inline
Side-by-side
bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/TwoFaService.java
View file @
5b781af2
package
edu.kit.scc.webreg.service.twofa
;
import
edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse
;
import
edu.kit.scc.webreg.service.twofa.linotp.LinotpSetFieldResult
;
import
edu.kit.scc.webreg.service.twofa.linotp.LinotpSimpleResponse
;
import
edu.kit.scc.webreg.service.twofa.linotp.LinotpTokenResultList
;
...
...
@@ -24,4 +25,6 @@ public interface TwoFaService {
LinotpInitAuthenticatorTokenResponse
createYubicoToken
(
Long
userId
,
String
yubi
)
throws
TwoFaException
;
LinotpSetFieldResult
initToken
(
Long
userId
,
String
serial
)
throws
TwoFaException
;
}
bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/TwoFaServiceImpl.java
View file @
5b781af2
...
...
@@ -12,6 +12,7 @@ import edu.kit.scc.webreg.dao.UserDao;
import
edu.kit.scc.webreg.entity.UserEntity
;
import
edu.kit.scc.webreg.service.twofa.linotp.LinotpConnection
;
import
edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse
;
import
edu.kit.scc.webreg.service.twofa.linotp.LinotpSetFieldResult
;
import
edu.kit.scc.webreg.service.twofa.linotp.LinotpShowUserResponse
;
import
edu.kit.scc.webreg.service.twofa.linotp.LinotpSimpleResponse
;
import
edu.kit.scc.webreg.service.twofa.linotp.LinotpToken
;
...
...
@@ -92,6 +93,17 @@ public class TwoFaServiceImpl implements TwoFaService {
return
linotpConnection
.
checkSpecificToken
(
serial
,
token
);
}
@Override
public
LinotpSetFieldResult
initToken
(
Long
userId
,
String
serial
)
throws
TwoFaException
{
UserEntity
user
=
userDao
.
findById
(
userId
);
Map
<
String
,
String
>
configMap
=
configResolver
.
resolveConfig
(
user
);
LinotpConnection
linotpConnection
=
new
LinotpConnection
(
configMap
);
linotpConnection
.
requestAdminSession
();
return
linotpConnection
.
initToken
(
serial
);
}
@Override
public
LinotpInitAuthenticatorTokenResponse
createAuthenticatorToken
(
Long
userId
)
throws
TwoFaException
{
UserEntity
user
=
userDao
.
findById
(
userId
);
...
...
bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpConnection.java
View file @
5b781af2
...
...
@@ -3,7 +3,9 @@ package edu.kit.scc.webreg.service.twofa.linotp;
import
java.io.IOException
;
import
java.net.URI
;
import
java.net.URISyntaxException
;
import
java.text.SimpleDateFormat
;
import
java.util.ArrayList
;
import
java.util.Date
;
import
java.util.List
;
import
java.util.Map
;
...
...
@@ -166,7 +168,7 @@ public class LinotpConnection {
nvps
.
add
(
new
BasicNameValuePair
(
"genkey"
,
"1"
));
nvps
.
add
(
new
BasicNameValuePair
(
"hashlib"
,
"sha1"
));
nvps
.
add
(
new
BasicNameValuePair
(
"timeStep"
,
"30"
));
nvps
.
add
(
new
BasicNameValuePair
(
"description"
,
"
This is a description
"
));
nvps
.
add
(
new
BasicNameValuePair
(
"description"
,
"
INIT,DELABLE,BWIDM,TS "
+
formatDate
()
+
",
"
));
if
(
configMap
.
containsKey
(
"userId"
))
nvps
.
add
(
new
BasicNameValuePair
(
"user"
,
configMap
.
get
(
"userId"
)));
...
...
@@ -227,6 +229,37 @@ public class LinotpConnection {
throw
new
TwoFaException
(
e
);
}
}
public
LinotpSetFieldResult
initToken
(
String
serial
)
throws
TwoFaException
{
return
setTokenField
(
serial
,
"description"
,
"ACTIVE,DELABLE,TS "
+
formatDate
()
+
","
);
}
public
LinotpSetFieldResult
setTokenField
(
String
serial
,
String
key
,
String
value
)
throws
TwoFaException
{
try
{
HttpPost
httpPost
=
new
HttpPost
(
configMap
.
get
(
"url"
)
+
"/admin/set"
);
List
<
NameValuePair
>
nvps
=
new
ArrayList
<
NameValuePair
>();
if
(
configMap
.
containsKey
(
"realm"
))
nvps
.
add
(
new
BasicNameValuePair
(
"realm"
,
configMap
.
get
(
"realm"
)));
nvps
.
add
(
new
BasicNameValuePair
(
"session"
,
adminSession
));
nvps
.
add
(
new
BasicNameValuePair
(
"serial"
,
serial
));
nvps
.
add
(
new
BasicNameValuePair
(
key
,
value
));
httpPost
.
setEntity
(
new
UrlEncodedFormEntity
(
nvps
));
CloseableHttpResponse
response
=
httpClient
.
execute
(
targetHost
,
httpPost
,
context
);
try
{
HttpEntity
entity
=
response
.
getEntity
();
String
responseString
=
EntityUtils
.
toString
(
entity
);
logger
.
trace
(
responseString
);
return
resultParser
.
parseSetFieldResponse
(
responseString
);
}
finally
{
response
.
close
();
}
}
catch
(
ParseException
|
IOException
e
)
{
throw
new
TwoFaException
(
e
);
}
}
public
LinotpSimpleResponse
disableToken
(
String
serial
)
throws
TwoFaException
{
try
{
...
...
@@ -381,4 +414,9 @@ public class LinotpConnection {
return
null
;
}
}
protected
String
formatDate
()
{
SimpleDateFormat
formatter
=
new
SimpleDateFormat
(
"yyyy-MM-dd hh:mm"
);
return
formatter
.
format
(
new
Date
());
}
}
bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpResultParser.java
View file @
5b781af2
...
...
@@ -44,4 +44,14 @@ public class LinotpResultParser {
}
}
public
LinotpSetFieldResult
parseSetFieldResponse
(
String
responseString
)
throws
TwoFaException
{
try
{
LinotpSetFieldResult
response
=
om
.
readValue
(
responseString
,
LinotpSetFieldResult
.
class
);
return
response
;
}
catch
(
IOException
e
)
{
throw
new
TwoFaException
(
e
);
}
}
}
bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpSetFieldResponse.java
0 → 100644
View file @
5b781af2
package
edu.kit.scc.webreg.service.twofa.linotp
;
import
java.io.Serializable
;
import
com.fasterxml.jackson.annotation.JsonProperty
;
public
class
LinotpSetFieldResponse
implements
Serializable
{
private
static
final
long
serialVersionUID
=
1L
;
private
String
version
;
@JsonProperty
(
"jsonrpc"
)
private
String
jsonRpc
;
private
LinotpSetFieldResult
result
;
private
Integer
id
;
public
String
getVersion
()
{
return
version
;
}
public
void
setVersion
(
String
version
)
{
this
.
version
=
version
;
}
public
String
getJsonRpc
()
{
return
jsonRpc
;
}
public
void
setJsonRpc
(
String
jsonRpc
)
{
this
.
jsonRpc
=
jsonRpc
;
}
public
Integer
getId
()
{
return
id
;
}
public
void
setId
(
Integer
id
)
{
this
.
id
=
id
;
}
public
LinotpSetFieldResult
getResult
()
{
return
result
;
}
public
void
setResult
(
LinotpSetFieldResult
result
)
{
this
.
result
=
result
;
}
}
bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpSetFieldResult.java
0 → 100644
View file @
5b781af2
package
edu.kit.scc.webreg.service.twofa.linotp
;
import
java.util.Map
;
public
class
LinotpSetFieldResult
{
private
boolean
status
;
private
Map
<
String
,
Object
>
value
;
public
boolean
isStatus
()
{
return
status
;
}
public
void
setStatus
(
boolean
status
)
{
this
.
status
=
status
;
}
public
Map
<
String
,
Object
>
getValue
()
{
return
value
;
}
public
void
setValue
(
Map
<
String
,
Object
>
value
)
{
this
.
value
=
value
;
}
}
\ No newline at end of file
bwreg-webapp/src/main/java/edu/kit/scc/webreg/bean/TwoFaUserBean.java
View file @
5b781af2
...
...
@@ -120,7 +120,8 @@ public class TwoFaUserBean implements Serializable {
response
=
twoFaService
.
checkSpecificToken
(
user
.
getId
(),
serial
,
totpCode
);
if
(
response
.
getResult
()
!=
null
&&
response
.
getResult
().
isStatus
()
&&
response
.
getResult
().
isValue
())
{
// success, Token stays active
// success, Token stays active, set correct description
twoFaService
.
initToken
(
user
.
getId
(),
serial
);
tokenList
=
twoFaService
.
findByUserId
(
sessionManager
.
getUserId
());
if
(
tokenList
.
size
()
==
1
)
{
// this was the first token. We have to set 2fa elevation
...
...
bwreg-webapp/src/main/resources/msg/messages_de.properties
View file @
5b781af2
my_twofa
=
Zweite Faktoren
start
=
Starten
twofa_tokentype
=
Toketyp
twofa_serial
=
Serial
twofa_active
=
Aktiv
...
...
bwreg-webapp/src/main/resources/msg/messages_en.properties
View file @
5b781af2
my_twofa
=
Second factors
start
=
Start
twofa_tokentype
=
Tokentype
twofa_serial
=
Serial
twofa_active
=
Active
...
...
bwreg-webapp/src/main/webapp/user/twofa.xhtml
View file @
5b781af2
...
...
@@ -52,27 +52,31 @@
<h:graphicImage
width=
"60px"
value=
"#{resource['img/yubikey_small.png']}"
alt=
"Yubikey"
rendered=
"#{token.tokenType == 'yubico'}"
/>
</p:outputPanel>
<p:outputPanel>
<h:panelGrid
columns=
"2"
>
<p:outputLabel
for=
"@next"
value=
"#{messages.twofa_tokentype}:"
/>
<h:panelGroup>
<h:outputText
value=
"#{messages.twofa_tokentype_totp}"
rendered=
"#{token.tokenType == 'TOTP' and token.serial.startsWith('TOTP')}"
/>
<h:outputText
value=
"#{messages.twofa_tokentype_totp_hardware}"
rendered=
"#{token.tokenType == 'TOTP' and not token.serial.startsWith('TOTP')}"
/>
<h:outputText
value=
"#{messages.twofa_tokentype_tanlist}"
rendered=
"#{token.tokenType == 'HOTP'}"
/>
<h:outputText
value=
"#{messages.twofa_tokentype_yubikey}"
rendered=
"#{token.tokenType == 'yubico'}"
/>
</h:panelGroup>
<p:outputLabel
for=
"@next"
value=
"#{messages.twofa_active}:"
/>
<h:outputText
value=
"#{token.isactive ? messages.yes : messages.no}"
/>
</h:panelGrid>
<p:commandButton
action=
"#{twoFaUserBean.disableToken(token.serial)}"
value=
"Disable"
update=
"@form"
rendered=
"#{token.isactive}"
/>
<p:commandButton
action=
"#{twoFaUserBean.enableToken(token.serial)}"
value=
"Enable"
update=
"@form"
rendered=
"#{! token.isactive}"
/>
<p:commandButton
action=
"#{twoFaUserBean.deleteToken(token.serial)}"
value=
"Delete"
update=
"@form"
rendered=
"#{! token.isactive}"
>
<p:confirm
header=
"#{messages.confirm_header}"
message=
"#{messages.confirm}"
/>
</p:commandButton>
</p:outputPanel>
<h:panelGrid
columns=
"2"
>
<p:outputLabel
for=
"@next"
value=
"#{messages.twofa_tokentype}:"
/>
<h:panelGroup>
<h:outputText
value=
"#{messages.twofa_tokentype_totp}"
rendered=
"#{token.tokenType == 'TOTP' and token.serial.startsWith('TOTP')}"
/>
<h:outputText
value=
"#{messages.twofa_tokentype_totp_hardware}"
rendered=
"#{token.tokenType == 'TOTP' and not token.serial.startsWith('TOTP')}"
/>
<h:outputText
value=
"#{messages.twofa_tokentype_tanlist}"
rendered=
"#{token.tokenType == 'HOTP'}"
/>
<h:outputText
value=
"#{messages.twofa_tokentype_yubikey}"
rendered=
"#{token.tokenType == 'yubico'}"
/>
</h:panelGroup>
<p:outputLabel
for=
"@next"
value=
"#{messages.twofa_active}:"
/>
<h:outputText
value=
"#{token.isactive ? messages.yes : messages.no}"
/>
</h:panelGrid>
<p:panel
style=
"margin: 8px;"
>
<h:outputText
value=
"#{messages.twofa_token_not_init}"
style=
"color:red;"
rendered=
"#{! token.isactive and (token.tokenDesc.contains('INIT'))}"
/>
</p:panel>
<p:commandButton
action=
"#{twoFaUserBean.disableToken(token.serial)}"
value=
"#{messages.disable}"
update=
"@form"
rendered=
"#{token.isactive}"
/>
<p:commandButton
action=
"#{twoFaUserBean.enableToken(token.serial)}"
value=
"#{messages.disable}"
update=
"@form"
rendered=
"#{! token.isactive and (! token.tokenDesc.contains('INIT'))}"
/>
<p:commandButton
action=
"#{twoFaUserBean.deleteToken(token.serial)}"
value=
"#{messages.delete}"
update=
"@form"
rendered=
"#{! token.isactive}"
style=
"color:red;"
>
<p:confirm
header=
"#{messages.confirm_header}"
message=
"#{messages.confirm}"
/>
</p:commandButton>
</p:outputPanel>
</p:panelGrid>
</p:panel>
</p:dataGrid>
...
...
@@ -97,26 +101,30 @@
showEffect=
"fade"
hideEffect=
"fade"
>
<p:ajax
event=
"close"
update=
"@form"
/>
<div
class=
"panel"
style=
"width:
36
0px;"
>
<div
class=
"panel"
style=
"width:
52
0px;"
>
<h:outputText
value=
"#{messages.twofa_create_totp_token_desc}"
escape=
"false"
/>
</div>
<p:panel
id=
"totpResponsePanel"
>
<p:panel
id=
"totpResponsePanel"
style=
"height: 260px;"
>
<p:commandButton
id=
"totpStartButton"
action=
"#{twoFaUserBean.createAuthenticatorToken()}"
value=
"#{messages.start}"
update=
"totpResponsePanel"
oncomplete=
"PF('addTotpDlg').initPosition()"
rendered=
"#{empty twoFaUserBean.createTokenResponse}"
/>
<h:panelGroup
rendered=
"#{not empty twoFaUserBean.createTokenResponse}"
>
<div>
<h:outputText
value=
"#{twoFaUserBean.createTokenResponse.detail.googleurl.img}"
escape=
"false"
/>
</div>
<h:panelGrid
columns=
"2"
>
<p:outputLabel
for=
"@next"
value=
"#{messages.twofa_serial}:"
/>
<h:outputText
value=
"#{twoFaUserBean.createTokenResponse.detail.serial}"
/>
<p:outputLabel
for=
"@next"
value=
"#{messages.twofa_code}:"
/>
<p:inputText
id=
"totpText"
value=
"#{twoFaUserBean.totpCode}"
/>
</h:panelGrid>
<p:commandButton
id=
"checkTotpButton"
action=
"#{twoFaUserBean.checkAuthenticatorToken()}"
value=
"#{messages.check}"
update=
"totpResponsePanel"
/>
<p:outputPanel>
<h:outputText
value=
"#{twoFaUserBean.createTokenResponse.detail.googleurl.img}"
escape=
"false"
/>
</p:outputPanel>
<p:outputPanel>
<h:panelGrid
columns=
"2"
>
<p:outputLabel
for=
"@next"
value=
"#{messages.twofa_serial}:"
/>
<h:outputText
value=
"#{twoFaUserBean.createTokenResponse.detail.serial}"
/>
<p:outputLabel
for=
"@next"
value=
"#{messages.twofa_code}:"
/>
<p:inputText
id=
"totpText"
value=
"#{twoFaUserBean.totpCode}"
/>
</h:panelGrid>
<p:commandButton
id=
"checkTotpButton"
action=
"#{twoFaUserBean.checkAuthenticatorToken()}"
value=
"#{messages.check}"
update=
"totpResponsePanel"
/>
</p:outputPanel>
</h:panelGrid>
</h:panelGroup>
</p:panel>
</p:dialog>
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment