Commit a805f41b authored by ls1947's avatar ls1947
Browse files

make adding 2fa from registration more flowlike

parent efc6a7ca
......@@ -15,7 +15,9 @@ import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.faces.application.FacesMessage;
import javax.faces.bean.ManagedBean;
......@@ -212,7 +214,10 @@ public class RegisterServiceBean implements Serializable {
LinotpTokenResultList tokenList = twoFaService.findByUserId(user.getId());
if (tokenList.size() == 0) {
accessAllowed = false;
messageGenerator.addResolvedErrorMessage("reqs", "error", "twofa_mandatory", true);
Map<String, Object> rendererContext = new HashMap<String, Object>();
rendererContext.put("service", service);
messageGenerator.addResolvedMessage("reqs", FacesMessage.SEVERITY_ERROR, "error",
"twofa_mandatory", true, rendererContext);
}
} catch (TwoFaException e) {
logger.warn("There is a problem communicating with twofa server" + e.getMessage());
......
......@@ -58,6 +58,8 @@ public class TwoFaUserBean implements Serializable {
private String totpCode, yubicoCode;
private String defaultButton;
private Long returnServiceId;
public void preRenderView(ComponentSystemEvent ev) {
defaultButton = "yubicoStartButton";
......@@ -236,4 +238,15 @@ public class TwoFaUserBean implements Serializable {
this.yubicoCode = yubicoCode;
}
public Long getReturnServiceId() {
return returnServiceId;
}
public void setReturnServiceId(Long returnServiceId) {
// make this not overwriteable. Ajax requests would overwrite this parameter
if (returnServiceId != null) {
this.returnServiceId = returnServiceId;
}
}
}
......@@ -10,6 +10,8 @@
******************************************************************************/
package edu.kit.scc.webreg.util;
import java.util.Map;
import javax.enterprise.context.ApplicationScoped;
import javax.faces.application.FacesMessage;
import javax.faces.application.FacesMessage.Severity;
......@@ -79,6 +81,18 @@ public class FacesMessageGenerator {
public void addInfoMessage(String messageText, String detail) {
addInfoMessage(null, messageText, detail);
}
public void addResolvedMessage(String msgName, Severity severity, String messageText, String detail, boolean resolveDetail, Map<String, Object> rendererContext) {
FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(true);
if (resolveDetail)
FacesContext.getCurrentInstance().addMessage(msgName,
new FacesMessage(severity, resourceHelper.resolveMessage(messageText, rendererContext),
resourceHelper.resolveMessage(detail, rendererContext)));
else
FacesContext.getCurrentInstance().addMessage(msgName,
new FacesMessage(severity, resourceHelper.resolveMessage(messageText, rendererContext),
detail));
}
public void addResolvedMessage(String msgName, Severity severity, String messageText, String detail, boolean resolveDetail) {
FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(true);
......
......@@ -11,16 +11,44 @@
package edu.kit.scc.webreg.util;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import javax.enterprise.context.ApplicationScoped;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import javax.inject.Named;
import edu.kit.scc.webreg.service.mail.TemplateRenderer;
@Named
@ApplicationScoped
public class ResourceBundleHelper {
@Inject
private TemplateRenderer renderer;
public String resolveMessage(String key, Map<String, Object> rendererContext) {
FacesContext facesContext = FacesContext.getCurrentInstance();
if (facesContext == null || facesContext.getViewRoot() == null || facesContext.getViewRoot().getLocale() == null)
return "???" + key + "???";
Locale locale = facesContext.getViewRoot().getLocale();
ResourceBundle bundle = ResourceBundle.getBundle("edu.kit.scc.webreg.res.DbMessageBundle", locale);
if (bundle == null)
return "???" + key + "???";
try {
String template = bundle.getString(key);
String body = renderer.evaluate(template, rendererContext);
return body;
} catch (Exception e) {
return "???" + key + "???";
}
}
public String resolveMessage(String key) {
FacesContext facesContext = FacesContext.getCurrentInstance();
......
......@@ -7,8 +7,10 @@ twofa_tokentype_totp=Smartphone App
twofa_create_new_token=Hier k\u00F6nnen Sie ein neues Token erstellen.
twofa_create_new_totp=Neues Smartphone Token
twofa_create_totp_token=Ein neues Smartphone Token erstellen
twofa_create_totp_token_desc=<div>Hier k\u00F6nnen Sie Ihr Smartphone als Token registrieren. Dazu ben\u00F6tigen Sie eine passende App gem\u00E4\u00DF RFC 6238 (z.B. Google Authenticator, Microsoft Authenticator, FreeOTP oder Sophos Authenticator).</div>\n\n<div>\n<a href\='https\://play.google.com/store/apps/details?id\=com.google.android.apps.authenticator2&hl\=en&pcampaignid\=pcampaignidMKT-Other-global-all-co-prtnr-py-PartBadge-Mar2515-1'><img alt\='Get it on Google Play' src\='../resources/img/en_badge_web_generic.png'/></a>\n</div>\n<a href\='https\://apps.apple.com/us/app/google-authenticator/id388497605'><img alt\='Download on Apple Store' src\='../resources/img/link_badge_appstore_large.png'/></a>\n</div>\n\n<div>\nWenn Sie auf Starten klicken, wird das Token erstellt und ein QR-Code angezeigt. Diesen m\u00FCssen Sie mit der App auf dem Smartphone erfassen.</div>
twofa_create_totp_token_desc=<div style\="margin-bottom\: 16px;">Hier k\u00F6nnen Sie Ihr Smartphone als Token registrieren. Dazu ben\u00F6tigen Sie eine passende App gem\u00E4\u00DF RFC 6238 (z.B. Google Authenticator, Microsoft Authenticator, FreeOTP oder Sophos Authenticator).</div>\n\n<div style\="margin-bottom\: 16px;">\n<a href\='https\://play.google.com/store/apps/details?id\=com.google.android.apps.authenticator2&hl\=en&pcampaignid\=pcampaignidMKT-Other-global-all-co-prtnr-py-PartBadge-Mar2515-1'><img alt\='Get it on Google Play' src\='../resources/img/en_badge_web_generic.png'/></a>\n\n<a href\='https\://apps.apple.com/us/app/google-authenticator/id388497605'><img alt\='Download on Apple Store' src\='../resources/img/link_badge_appstore_large.png'/></a>\n</div>\n\n<div style\="margin-bottom\: 16px;">\nWenn Sie auf Starten klicken, wird das Token erstellt und ein QR-Code angezeigt. Diesen m\u00FCssen Sie mit der App auf dem Smartphone erfassen.</div>
twofa_create_new_yubico=Neues Yubikey Token
twofa_mandatory=F\u00FCr diesen Dienst ist es notwendig einen zweiten Faktor einzurichten. Bitte richten Sie sich <a href\="../user/twofa.xhtml?retsid\=$service.id">hier</a> einen zweiten Faktor ein.
twofa_back_to_register=Zur\u00FCck zum Registriervorgang
check=Pr\u00FCfen
twofa_elevated_since_recently=Mit 2FA eben
logged_in_since_recently=Eingeloggt seit eben
......@@ -31,6 +33,7 @@ ssh_pub_key_command=SSH Key f\u00FCr benannte Kommandos
ssh_pub_key_interactiv=SSH Key f\u00FCr eine interaktive Shell
ssh_pub_key_list=List der SSH Keys
add_ssh_pub_key_desc=<div>Hier k\u00F6nnen Sie einen SSH Pub Key erstellen. Dies ist der \u00F6ffentliche Teil Ihres SSH Schl\u00FCssels. Der private Teil des Schl\u00FCssels sollte nur Ihnen bekannt sein.<div>\n\n<ul style\="color\:red">\n<li>Geben Sie nie Ihren private Schl\u00FCssel preis</li>\n<li>Sch\u00FCtzen Sie Ihren privaten Schl\u00FCssel mit einem sicheren Passwort</li>\n</ul>\n\n<div>Das Format des SSH Keys ist das selbe wie eine Zeile aus der Datei .ssh/authorized_keys.</div>
ssh-pub-key-missing=Sie haben noch keinen SSH Pub Key angelegt
set_ssh_pub_key_for=SSH Key freischalten\:
ssh_pub_key_selected=Ausgew\u00E4hlter SSH Key
ssh_pub_key_usage_type=Benutzungsart
......
......@@ -8,10 +8,12 @@ twofa_create_new_token=Create a new token here.
twofa_create_new_totp=New smartphone token
twofa_create_new_yubico=New yubikey token
twofa_create_totp_token=Create new smartphone token
twofa_create_totp_token_desc=<div>Here you can register your smartphone as a token. For this you need a suitable app according to RFC 6238 (e.g. Google Authenticator, Microsoft Authenticator, FreeOTP or Sophos Authenticator).</div>\n\n<div>\n<a href\='https\://play.google.com/store/apps/details?id\=com.google.android.apps.authenticator2&hl\=en&pcampaignid\=pcampaignidMKT-Other-global-all-co-prtnr-py-PartBadge-Mar2515-1'><img alt\='Get it on Google Play' src\='../resources/img/en_badge_web_generic.png'/></a>\n</div>\n<a href\='https\://apps.apple.com/us/app/google-authenticator/id388497605'><img alt\='Download on Apple Store' src\='../resources/img/link_badge_appstore_large.png'/></a>\n</div>\n\n<div>When you click Start, the token is created and a QR Code is displayed. You must scan this code with the app on your smartphone.</div>
twofa_create_totp_token_desc=<div style\="margin-bottom\: 16px;">Here you can register your smartphone as a token. For this you need a suitable app according to RFC 6238 (e.g. Google Authenticator, Microsoft Authenticator, FreeOTP or Sophos Authenticator).</div>\n\n<div style\="margin-bottom\: 16px;">\n<a href\='https\://play.google.com/store/apps/details?id\=com.google.android.apps.authenticator2&hl\=en&pcampaignid\=pcampaignidMKT-Other-global-all-co-prtnr-py-PartBadge-Mar2515-1'><img alt\='Get it on Google Play' src\='../resources/img/en_badge_web_generic.png'/></a>\n\n<a href\='https\://apps.apple.com/us/app/google-authenticator/id388497605'><img alt\='Download on Apple Store' src\='../resources/img/link_badge_appstore_large.png'/></a>\n</div>\n\n<div style\="margin-bottom\: 16px;">When you click Start, the token is created and a QR Code is displayed. You must scan this code with the app on your smartphone.</div>
twofa_login_text=To perform the requested action, a second factor must be entered. Please enter any second factor from the list below to continue.
twofa_login=Login with second factor
twofa_code=Current code
twofa_mandatory=For this service it is necessary to set up a second factor. Please set up a second factor <a href\="../user/twofa.xhtml?retsid\=$service.id">here</a>.
twofa_back_to_register=Back to registration
check=Check
twofa_elevated_since_recently=With 2FA recently
logged_in_since_recently=Logged in recently
......@@ -27,6 +29,7 @@ set_ssh_pub_key=Set SSH Key
key_blacklisted=This SSH key was already used in the system. It cannot be used again.
ssh_pub_key_list=List of ssh keys
add_ssh_pub_key_desc=<div>You can create an SSH Pub Key here. This is the public part of your SSH key. The private part of the key should only be known to you.</div>\n\n<ul style\="color\:red">\n<li>Never give away your private key</li>\n<li>Protect your private key with a secure password</li>\n</ul>\n\n<div>The format of the SSH Key field ist the same as a single line from your .ssh/authorized_keys file.</div>
ssh-pub-key-missing=You have not yet created an SSH Pub Key
add_ssh_pub_key=Add SSH Key
ssh_key_type=Key type
accept_tou=I have read and accepted the terms of use.
......
......@@ -30,7 +30,7 @@
<h:panelGroup rendered="#{registerServiceBean.errorState}">
<div class="panel">
<p:panel header="#{messages.error}">
<p:messages id="messageErrorState" for="errorState" showDetail="true" />
<p:messages id="messageErrorState" for="errorState" showDetail="true" escape="false" />
</p:panel>
</div>
</h:panelGroup>
......@@ -43,7 +43,7 @@
</h:panelGroup>
<h:panelGroup rendered="#{! registerServiceBean.accessAllowed}">
<h:outputText value="#{messages.requirements_unsatisfied}" />
<p:messages id="messageBoxReqs" for="reqs" showDetail="true" />
<p:messages id="messageBoxReqs" for="reqs" showDetail="true" escape="false" />
</h:panelGroup>
</p:panel>
</div>
......@@ -52,7 +52,7 @@
<h3>Um sich für den Dienst zu registrieren, müssen Sie den folgenden Nutzungsbedingungen
zustimmen.</h3>
<p:messages id="messageBox" for="need_check" showDetail="true" />
<p:messages id="messageBox" for="need_check" showDetail="true" escape="false" />
<div style="margin: 16px 0;">
<ui:repeat var="policyHolder" value="#{registerServiceBean.policyHolderList}">
......
......@@ -15,6 +15,7 @@
<f:view>
<f:metadata>
<f:viewParam name="retsid" value="#{twoFaUserBean.returnServiceId}"/>
<f:event type="javax.faces.event.PreRenderViewEvent"
listener="#{twoFaUserBean.preRenderView}" />
</f:metadata>
......@@ -77,11 +78,18 @@
</p:dataGrid>
<p:panel rendered="#{! twoFaUserBean.readOnly}">
<div>
<div style="margin-bottom: 16px;">
<h:outputText value="#{messages.twofa_create_new_token}" />
</div>
<p:commandButton id="openAddTotpDialog" oncomplete="PF('addTotpDlg').show();" value="#{messages.twofa_create_new_totp}"></p:commandButton>
<p:commandButton id="openAddYubicoDialog" oncomplete="PF('addYubicoDlg').show();" value="#{messages.twofa_create_new_yubico}"></p:commandButton>
<p:outputPanel style="margin-bottom: 16px;">
<p:commandButton id="openAddTotpDialog" oncomplete="PF('addTotpDlg').show();" value="#{messages.twofa_create_new_totp}"></p:commandButton>
<p:commandButton id="openAddYubicoDialog" oncomplete="PF('addYubicoDlg').show();" value="#{messages.twofa_create_new_yubico}"></p:commandButton>
</p:outputPanel>
<p:outputPanel rendered="#{not empty twoFaUserBean.returnServiceId}">
<p:link href="../user/register-service.xhtml" value="#{messages.twofa_back_to_register}">
<f:param name="serviceId" value="#{twoFaUserBean.returnServiceId}"/>
</p:link>
</p:outputPanel>
</p:panel>
<p:dialog header="#{messages.twofa_create_totp_token}"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment