[Web] Some fido2 fixes, table view for fido2 keys, fix renaming keys with the same subject

master
andryyy 2020-11-17 13:38:28 +01:00
parent 2aee906704
commit 4a355f242f
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
8 changed files with 108 additions and 81 deletions

View File

@ -71,7 +71,7 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
<div class="col-sm-3 col-xs-5 text-right"><?=$lang['tfa']['tfa'];?>:</div>
<div class="col-sm-9 col-xs-7">
<p id="tfa_pretty"><?=$tfa_data['pretty'];?></p>
<div id="tfa_additional">
<div id="tfa_keys">
<?php
if (!empty($tfa_data['additional'])) {
foreach ($tfa_data['additional'] as $key_info) {
@ -112,30 +112,35 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
<div class="row">
<div class="col-sm-3 col-xs-5 text-right"><?=$lang['fido2']['known_ids'];?>:</div>
<div class="col-sm-9 col-xs-7">
<div id="tfa_additional">
<div class="table-responsive">
<table class="table table-striped table-hover table-condensed" id="fido2_keys">
<tr>
<th>ID</th>
<th style="min-width:240px;text-align: right"><?=$lang['admin']['action'];?></th>
</tr>
<?php
if (!empty($fido2_data)) {
foreach ($fido2_data as $key_info) {
?>
<tr>
<td>
<?=($_SESSION['fido2_cid'] == $key_info['cid']) ? '→ ' : NULL; ?><?=(!empty($key_info['fn']))?$key_info['fn']:$key_info['subject'];?>
</td>
<td style="min-width:240px;text-align: right">
<form style="display:inline;" method="post">
<input type="hidden" name="unset_fido2_key" value="<?=$key_info['subject'];?>" />
<p><div data-toggle="tooltip" data-placement="top" title="<?=$key_info['subject'];?>" class="label label-keys label-<?=($_SESSION['fido2_subject'] == $key_info['subject']) ? 'success' : 'default'; ?>">
<?=(!empty($key_info['fn']))?$key_info['fn']:$key_info['subject'];?>
<a href="#" class="key-action" onClick='return confirm("<?=$lang['admin']['ays'];?>")?$(this).closest("form").submit():"";'>
[<?=strtolower($lang['admin']['remove']);?>]
</a>
<a href="#" class="key-action" data-subject="<?=base64_encode($key_info['subject']);?>" data-toggle="modal" data-target="#fido2ChangeFn">
[<?=strtolower($lang['fido2']['rename']);?>]
</a>
</div></p>
<input type="hidden" name="unset_fido2_key" value="<?=$key_info['cid'];?>" />
<div class="btn-group">
<a href="#" class="btn btn-xs btn-default" data-cid="<?=$key_info['cid'];?>" data-subject="<?=base64_encode($key_info['subject']);?>" data-toggle="modal" data-target="#fido2ChangeFn"><span class="glyphicon glyphicon-pencil"></span> <?=strtolower($lang['fido2']['rename']);?></a>
<a href="#" onClick='return confirm("<?=$lang['admin']['ays'];?>")?$(this).closest("form").submit():"";' class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> <?=strtolower($lang['admin']['remove']);?></a>
</form>
</div>
</td>
</tr>
<?php
}
}
else {
echo "-";
}
?>
</table>
</div>
<br>
</div>

View File

@ -1037,11 +1037,11 @@ function fido2($_data) {
}
return $cids;
break;
case "get_pub_key":
case "get_by_b64cid":
if (!isset($_data['cid']) || empty($_data['cid'])) {
return false;
}
$stmt = $pdo->prepare("SELECT `certificateSubject`, `username`, `credentialPublicKey` FROM `fido2` WHERE TO_BASE64(`credentialId`) = :cid");
$stmt = $pdo->prepare("SELECT `certificateSubject`, `username`, `credentialPublicKey`, SHA2(`credentialId`, 256) AS `cid` FROM `fido2` WHERE TO_BASE64(`credentialId`) = :cid");
$stmt->execute(array(':cid' => $_data['cid']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (empty($row) || empty($row['credentialPublicKey']) || empty($row['username'])) {
@ -1049,7 +1049,8 @@ function fido2($_data) {
}
$data['pub_key'] = $row['credentialPublicKey'];
$data['username'] = $row['username'];
$data['key_id'] = $row['certificateSubject'];
$data['subject'] = $row['certificateSubject'];
$data['cid'] = $row['cid'];
return $data;
break;
case "get_friendly_names":
@ -1058,11 +1059,15 @@ function fido2($_data) {
$_SESSION['mailcow_cc_role'] != "admin") {
return false;
}
$stmt = $pdo->prepare("SELECT `certificateSubject`, `friendlyName` FROM `fido2` WHERE `username` = :username");
$stmt = $pdo->prepare("SELECT SHA2(`credentialId`, 256) AS `cid`, `certificateSubject`, `friendlyName` FROM `fido2` WHERE `username` = :username");
$stmt->execute(array(':username' => $username));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while($row = array_shift($rows)) {
$fns[] = array("subject" => $row['certificateSubject'], "fn" => $row['friendlyName']);
$fns[] = array(
"subject" => $row['certificateSubject'],
"fn" => $row['friendlyName'],
"cid" => $row['cid']
);
}
return $fns;
break;
@ -1077,8 +1082,11 @@ function fido2($_data) {
);
return false;
}
$stmt = $pdo->prepare("DELETE FROM `fido2` WHERE `username` = :username AND `certificateSubject` = :certificateSubject");
$stmt->execute(array(':username' => $username, ':certificateSubject' => $_data['post_data']['unset_fido2_key']));
$stmt = $pdo->prepare("DELETE FROM `fido2` WHERE `username` = :username AND SHA2(`credentialId`, 256) = :cid");
$stmt->execute(array(
':username' => $username,
':cid' => $_data['post_data']['unset_fido2_key']
));
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_data_log),
@ -1096,11 +1104,11 @@ function fido2($_data) {
);
return false;
}
$stmt = $pdo->prepare("UPDATE `fido2` SET `friendlyName` = :friendlyName WHERE `certificateSubject` = :certificateSubject AND `username` = :username");
$stmt = $pdo->prepare("UPDATE `fido2` SET `friendlyName` = :friendlyName WHERE SHA2(`credentialId`, 256) = :cid AND `username` = :username");
$stmt->execute(array(
':username' => $username,
':friendlyName' => $_data['fido2_attrs']['fido2_fn'],
':certificateSubject' => base64_decode($_data['fido2_attrs']['fido2_subject'])
':cid' => $_data['fido2_attrs']['fido2_cid']
));
$_SESSION['return'][] = array(
'type' => 'success',

View File

@ -457,7 +457,7 @@ jQuery(function($){
$('#fido2ChangeFn').on('show.bs.modal', function (e) {
rename_link = $(e.relatedTarget)
if (rename_link != null) {
$('#fido2_subject').val(rename_link.data('subject'));
$('#fido2_cid').val(rename_link.data('cid'));
$('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
}
})

View File

@ -296,6 +296,15 @@ jQuery(function($){
draw_wl_policy_mailbox_table();
draw_bl_policy_mailbox_table();
// FIDO2 friendly name modal
$('#fido2ChangeFn').on('show.bs.modal', function (e) {
rename_link = $(e.relatedTarget)
if (rename_link != null) {
$('#fido2_cid').val(rename_link.data('cid'));
$('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
}
})
// Sieve data modal
$('#userFilterModal').on('show.bs.modal', function(e) {
$('#user_sieve_filter').text(lang.loading);

View File

@ -277,7 +277,7 @@ if (isset($_GET['query'])) {
$signature = base64_decode($post->signature);
$id = base64_decode($post->id);
$challenge = $_SESSION['challenge'];
$process_fido2 = fido2(array("action" => "get_pub_key", "cid" => $post->id));
$process_fido2 = fido2(array("action" => "get_by_b64cid", "cid" => $post->id));
if ($process_fido2['pub_key'] === false) {
$return = new stdClass();
$return->success = false;
@ -296,7 +296,6 @@ if (isset($_GET['query'])) {
}
$return = new stdClass();
$return->success = true;
$_SESSION["fido2_subject"] = $process_fido2['key_id'];
$stmt = $pdo->prepare("SELECT `superadmin` FROM `admin` WHERE `username` = :username");
$stmt->execute(array(':username' => $process_fido2['username']));
$obj_props = $stmt->fetch(PDO::FETCH_ASSOC);
@ -307,6 +306,7 @@ if (isset($_GET['query'])) {
$_SESSION["mailcow_cc_role"] = "domainadmin";
}
$_SESSION["mailcow_cc_username"] = $process_fido2['username'];
$_SESSION["fido2_cid"] = $process_fido2['cid'];
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array("fido2_login"),

View File

@ -111,11 +111,11 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span></button>
<h3 class="modal-title"><?=$lang['fido2']['set_fn'];?></h3>
<p class="help-block" id="fido2_subject_desc" data-fido2-subject=""></p>
<p class="help-block" style="word-break:break-all" id="fido2_subject_desc" data-fido2-subject=""></p>
</div>
<div class="modal-body">
<form class="form-horizontal" data-cached-form="false" data-id="fido2ChangeFn" role="form" method="post" autocomplete="off">
<input type="hidden" class="form-control" name="fido2_subject" id="fido2_subject">
<input type="hidden" class="form-control" name="fido2_cid" id="fido2_cid">
<div class="form-group">
<label class="control-label col-sm-4" for="fido2_fn"><?=$lang['fido2']['fn'];?>:</label>
<div class="col-sm-8">

View File

@ -11,11 +11,11 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span></button>
<h3 class="modal-title"><?=$lang['fido2']['set_fn'];?></h3>
<p class="help-block" id="fido2_subject_desc" data-fido2-subject=""></p>
<p class="help-block" style="word-break:break-all" id="fido2_subject_desc" data-fido2-subject=""></p>
</div>
<div class="modal-body">
<form class="form-horizontal" data-cached-form="false" data-id="fido2ChangeFn" role="form" method="post" autocomplete="off">
<input type="hidden" class="form-control" name="fido2_subject" id="fido2_subject">
<input type="hidden" class="form-control" name="fido2_cid" id="fido2_cid">
<div class="form-group">
<label class="control-label col-sm-4" for="fido2_fn"><?=$lang['fido2']['fn'];?>:</label>
<div class="col-sm-8">

View File

@ -41,7 +41,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'doma
<div class="col-sm-3 col-xs-5 text-right"><?=$lang['tfa']['tfa'];?></div>
<div class="col-sm-9 col-xs-7">
<p id="tfa_pretty"><?=$tfa_data['pretty'];?></p>
<div id="tfa_additional">
<table id="tfa_keys">
<?php if (!empty($tfa_data['additional'])):
foreach ($tfa_data['additional'] as $key_info): ?>
<form style="display:inline;" method="post">
@ -50,7 +50,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'doma
</form>
<?php endforeach;
endif;?>
</div>
</table>
<br />
</div>
</div>
@ -75,30 +75,35 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'doma
<div class="row">
<div class="col-sm-3 col-xs-5 text-right"><?=$lang['fido2']['known_ids'];?>:</div>
<div class="col-sm-9 col-xs-7">
<div id="tfa_additional">
<div class="table-responsive">
<table class="table table-striped table-hover table-condensed" id="fido2_keys">
<tr>
<th>ID</th>
<th style="min-width:240px;text-align: right"><?=$lang['admin']['action'];?></th>
</tr>
<?php
if (!empty($fido2_data)) {
foreach ($fido2_data as $key_info) {
?>
<tr>
<td>
<?=($_SESSION['fido2_cid'] == $key_info['cid']) ? '→ ' : NULL; ?><?=(!empty($key_info['fn']))?$key_info['fn']:$key_info['subject'];?>
</td>
<td style="min-width:240px;text-align: right">
<form style="display:inline;" method="post">
<input type="hidden" name="unset_fido2_key" value="<?=$key_info['subject'];?>" />
<div data-toggle="tooltip" data-placement="top" title="<?=$key_info['subject'];?>" class="label label-keys label-<?=($_SESSION['fido2_subject'] == $key_info['subject']) ? 'success' : 'default'; ?>">
<?=(!empty($key_info['fn']))?$key_info['fn']:$key_info['subject'];?>
<a href="#" class="key-action" onClick='return confirm("<?=$lang['admin']['ays'];?>")?$(this).closest("form").submit():"";'>
[<?=strtolower($lang['admin']['remove']);?>]
</a>
<a href="#" class="key-action" data-subject="<?=base64_encode($key_info['subject']);?>" data-toggle="modal" data-target="#fido2ChangeFn">
[<?=strtolower($lang['fido2']['rename']);?>]
</a>
</div>
<input type="hidden" name="unset_fido2_key" value="<?=$key_info['cid'];?>" />
<div class="btn-group">
<a href="#" class="btn btn-xs btn-default" data-cid="<?=$key_info['cid'];?>" data-subject="<?=base64_encode($key_info['subject']);?>" data-toggle="modal" data-target="#fido2ChangeFn"><span class="glyphicon glyphicon-pencil"></span> <?=strtolower($lang['fido2']['rename']);?></a>
<a href="#" onClick='return confirm("<?=$lang['admin']['ays'];?>")?$(this).closest("form").submit():"";' class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> <?=strtolower($lang['admin']['remove']);?></a>
</form>
</div>
</td>
</tr>
<?php
}
}
else {
echo "-";
}
?>
</table>
</div>
<br>
</div>