From 14a2a266a1388b195c7cdf419f6ec65c046069a6 Mon Sep 17 00:00:00 2001 From: andryyy Date: Tue, 24 Sep 2019 18:34:08 +0200 Subject: [PATCH] [Web] Improve U2F process and fix Win 1903 hassle --- data/web/inc/footer.inc.php | 65 +++++++++++++++++++++---------------- data/web/lang/lang.de.php | 4 +++ data/web/lang/lang.en.php | 4 +++ data/web/modals/footer.php | 18 ++++++++++ 4 files changed, 63 insertions(+), 28 deletions(-) diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php index 23d2a770..af087607 100644 --- a/data/web/inc/footer.inc.php +++ b/data/web/inc/footer.inc.php @@ -49,7 +49,7 @@ $(document).ready(function() { backdrop: 'static', keyboard: false }); - $('#u2f_status_auth').html('

Initializing, please wait...

'); + $('#u2f_status_auth').html('

' + lang_tfa.init_u2f + '

'); $('#ConfirmTFAModal').on('shown.bs.modal', function(){ $(this).find('input[name=token]').focus(); // If U2F @@ -111,33 +111,42 @@ $(document).ready(function() { if ($(this).val() == "u2f") { $('#U2FModal').modal('show'); $("option:selected").prop("selected", false); - $('#u2f_status_reg').html('

Initializing, please wait...

'); - $.ajax({ - type: "GET", - cache: false, - dataType: 'script', - url: "/api/v1/get/u2f-registration/", - complete: function(data){ - data; - setTimeout(function() { - console.log("Ready to register"); - $('#u2f_status_reg').html(lang_tfa.waiting_usb_register); - u2f.register(appId, registerRequests, registeredKeys, function(deviceResponse) { - var form = document.getElementById('u2f_reg_form'); - var reg = document.getElementById('u2f_register_data'); - console.log("Register callback: ", data); - if (deviceResponse.errorCode && deviceResponse.errorCode != 0) { - var u2f_return_code = document.getElementById('u2f_return_code'); - u2f_return_code.style.display = u2f_return_code.style.display === 'none' ? '' : null; - if (deviceResponse.errorCode == "4") { deviceResponse.errorCode = "4 - The presented device is not eligible for this request. For a registration request this may mean that the token is already registered, and for a sign request it may mean that the token does not know the presented key handle"; } - u2f_return_code.innerHTML = 'Error code: ' + deviceResponse.errorCode; - return; - } - reg.value = JSON.stringify(deviceResponse); - form.submit(); - }); - }, 1000); - } + $("#start_u2f_register").click(function(){ + $('#u2f_return_code').html(''); + $('#u2f_return_code').hide(); + $('#u2f_status_reg').html('

' + lang_tfa.init_u2f + '

'); + $.ajax({ + type: "GET", + cache: false, + dataType: 'script', + url: "/api/v1/get/u2f-registration/", + complete: function(data){ + data; + setTimeout(function() { + console.log("Ready to register"); + $('#u2f_status_reg').html(lang_tfa.waiting_usb_register); + u2f.register(appId, registerRequests, registeredKeys, function(deviceResponse) { + var form = document.getElementById('u2f_reg_form'); + var reg = document.getElementById('u2f_register_data'); + console.log("Register callback: ", data); + if (deviceResponse.errorCode && deviceResponse.errorCode != 0) { + var u2f_return_code = document.getElementById('u2f_return_code'); + u2f_return_code.style.display = u2f_return_code.style.display === 'none' ? '' : null; + if (deviceResponse.errorCode == "4") { + deviceResponse.errorCode = "4 - The presented device is not eligible for this request. For a registration request this may mean that the token is already registered, and for a sign request it may mean that the token does not know the presented key handle"; + } + else if (deviceResponse.errorCode == "5") { + deviceResponse.errorCode = "5 - Timeout reached before request could be satisfied."; + } + u2f_return_code.innerHTML = lang_tfa.error_code + ': ' + deviceResponse.errorCode + ' ' + lang_tfa.reload_retry; + return; + } + reg.value = JSON.stringify(deviceResponse); + form.submit(); + }); + }, 1000); + } + }); }); } if ($(this).val() == "none") { diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php index 544ea3f6..1f671b3d 100644 --- a/data/web/lang/lang.de.php +++ b/data/web/lang/lang.de.php @@ -523,6 +523,10 @@ $lang['tfa']['tfa'] = "Zwei-Faktor-Authentifizierung"; $lang['tfa']['set_tfa'] = "Konfiguriere Zwei-Faktor-Authentifizierungsmethode"; $lang['tfa']['yubi_otp'] = "Yubico OTP Authentifizierung"; $lang['tfa']['key_id'] = "Ein Name für diesen YubiKey"; +$lang['tfa']['init_u2f'] = "Initialisiere, bitte warten..."; +$lang['tfa']['start_u2f_validation'] = "Starte Validierung"; +$lang['tfa']['error_code'] = "Fehlercode"; +$lang['tfa']['reload_retry'] = "- (bei persistierendem Fehler, bitte Browserfenster neuladen)"; $lang['tfa']['key_id_totp'] = "Ein eindeutiger Name"; $lang['tfa']['api_register'] = 'mailcow verwendet die Yubico Cloud API. Ein API-Key für den Yubico Stick kann hier bezogen werden.'; $lang['tfa']['u2f'] = "U2F Authentifizierung"; diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php index 99eee6ff..ec0d2019 100644 --- a/data/web/lang/lang.en.php +++ b/data/web/lang/lang.en.php @@ -538,7 +538,11 @@ $lang['tfa']['tfa'] = "Two-factor authentication"; $lang['tfa']['set_tfa'] = "Set two-factor authentication method"; $lang['tfa']['yubi_otp'] = "Yubico OTP authentication"; $lang['tfa']['key_id'] = "An identifier for your YubiKey"; +$lang['tfa']['init_u2f'] = "Initializing, please wait..."; +$lang['tfa']['start_u2f_validation'] = "Start validation"; +$lang['tfa']['reload_retry'] = "- (reload browser if the error persists)"; $lang['tfa']['key_id_totp'] = "An identifier for your key"; +$lang['tfa']['error_code'] = "Error code"; $lang['tfa']['api_register'] = 'mailcow uses the Yubico Cloud API. Please get an API key for your key here'; $lang['tfa']['u2f'] = "U2F authentication"; $lang['tfa']['none'] = "Deactivate"; diff --git a/data/web/modals/footer.php b/data/web/modals/footer.php index b7ebaf08..2b07866d 100644 --- a/data/web/modals/footer.php +++ b/data/web/modals/footer.php @@ -49,6 +49,15 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
+
+
+ + + +

+
+
+

@@ -146,6 +155,15 @@ if (isset($_SESSION['pending_tfa_method'])): case "u2f": ?>
+
+
+ + + +

+
+
+