[WebAuthn] remove old u2f functions
parent
a849d03a00
commit
8316e763fa
|
@ -1140,7 +1140,6 @@ function is_valid_domain_name($domain_name) {
|
||||||
function set_tfa($_data) {
|
function set_tfa($_data) {
|
||||||
global $pdo;
|
global $pdo;
|
||||||
global $yubi;
|
global $yubi;
|
||||||
global $u2f;
|
|
||||||
global $tfa;
|
global $tfa;
|
||||||
$_data_log = $_data["tfa_method"];
|
$_data_log = $_data["tfa_method"];
|
||||||
!isset($_data_log['confirm_password']) ?: $_data_log['confirm_password'] = '*';
|
!isset($_data_log['confirm_password']) ?: $_data_log['confirm_password'] = '*';
|
||||||
|
@ -1242,35 +1241,6 @@ function set_tfa($_data) {
|
||||||
'msg' => array('object_modified', htmlspecialchars($username))
|
'msg' => array('object_modified', htmlspecialchars($username))
|
||||||
);
|
);
|
||||||
break;
|
break;
|
||||||
// u2f - deprecated, should be removed
|
|
||||||
case "u2f":
|
|
||||||
$key_id = (!isset($_data["key_id"])) ? 'unidentified' : $_data["key_id"];
|
|
||||||
try {
|
|
||||||
$reg = $u2f->doRegister(json_decode($_SESSION['regReq']), json_decode($_data['token']));
|
|
||||||
|
|
||||||
$stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username AND `authmech` != 'u2f'");
|
|
||||||
$stmt->execute(array(':username' => $username));
|
|
||||||
|
|
||||||
$stmt = $pdo->prepare("INSERT INTO `tfa` (`username`, `key_id`, `authmech`, `keyHandle`, `publicKey`, `certificate`, `counter`, `active`) VALUES (?, ?, 'u2f', ?, ?, ?, ?, '1')");
|
|
||||||
$stmt->execute(array($username, $key_id, $reg->keyHandle, $reg->publicKey, $reg->certificate, $reg->counter));
|
|
||||||
|
|
||||||
$_SESSION['return'][] = array(
|
|
||||||
'type' => 'success',
|
|
||||||
'log' => array(__FUNCTION__, $_data_log),
|
|
||||||
'msg' => array('object_modified', $username)
|
|
||||||
);
|
|
||||||
$_SESSION['regReq'] = null;
|
|
||||||
}
|
|
||||||
catch (Exception $e) {
|
|
||||||
$_SESSION['return'][] = array(
|
|
||||||
'type' => 'danger',
|
|
||||||
'log' => array(__FUNCTION__, $_data_log),
|
|
||||||
'msg' => array('u2f_verification_failed', $e->getMessage())
|
|
||||||
);
|
|
||||||
$_SESSION['regReq'] = null;
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case "totp":
|
case "totp":
|
||||||
$key_id = (!isset($_data["key_id"])) ? 'unidentified' : $_data["key_id"];
|
$key_id = (!isset($_data["key_id"])) ? 'unidentified' : $_data["key_id"];
|
||||||
if ($tfa->verifyCode($_POST['totp_secret'], $_POST['totp_confirm_token']) === true) {
|
if ($tfa->verifyCode($_POST['totp_secret'], $_POST['totp_confirm_token']) === true) {
|
||||||
|
@ -2050,13 +2020,7 @@ function rspamd_ui($action, $data = null) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// u2f - deprecated, should be removed
|
|
||||||
function get_u2f_registrations($username) {
|
|
||||||
global $pdo;
|
|
||||||
$sel = $pdo->prepare("SELECT * FROM `tfa` WHERE `authmech` = 'u2f' AND `username` = ? AND `active` = '1'");
|
|
||||||
$sel->execute(array($username));
|
|
||||||
return $sel->fetchAll(PDO::FETCH_OBJ);
|
|
||||||
}
|
|
||||||
function get_logs($application, $lines = false) {
|
function get_logs($application, $lines = false) {
|
||||||
if ($lines === false) {
|
if ($lines === false) {
|
||||||
$lines = $GLOBALS['LOG_LINES'] - 1;
|
$lines = $GLOBALS['LOG_LINES'] - 1;
|
||||||
|
|
|
@ -392,45 +392,6 @@ if (isset($_GET['query'])) {
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
switch ($category) {
|
switch ($category) {
|
||||||
// u2f - deprecated, should be removed
|
|
||||||
case "u2f-registration":
|
|
||||||
header('Content-Type: application/javascript');
|
|
||||||
if (isset($_SESSION["mailcow_cc_role"]) && $_SESSION["mailcow_cc_username"] == $object) {
|
|
||||||
list($req, $sigs) = $u2f->getRegisterData(get_u2f_registrations($object));
|
|
||||||
$_SESSION['regReq'] = json_encode($req);
|
|
||||||
$_SESSION['regSigs'] = json_encode($sigs);
|
|
||||||
echo 'var req = ' . json_encode($req) . ';';
|
|
||||||
echo 'var registeredKeys = ' . json_encode($sigs) . ';';
|
|
||||||
echo 'var appId = req.appId;';
|
|
||||||
echo 'var registerRequests = [{version: req.version, challenge: req.challenge}];';
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case "u2f-authentication":
|
|
||||||
header('Content-Type: application/javascript');
|
|
||||||
if (isset($_SESSION['pending_mailcow_cc_username']) && $_SESSION['pending_mailcow_cc_username'] == $object) {
|
|
||||||
$auth_data = $u2f->getAuthenticateData(get_u2f_registrations($object));
|
|
||||||
$challenge = $auth_data[0]->challenge;
|
|
||||||
$appId = $auth_data[0]->appId;
|
|
||||||
foreach ($auth_data as $each) {
|
|
||||||
$key = array(); // Empty array
|
|
||||||
$key['version'] = $each->version;
|
|
||||||
$key['keyHandle'] = $each->keyHandle;
|
|
||||||
$registeredKey[] = $key;
|
|
||||||
}
|
|
||||||
$_SESSION['authReq'] = json_encode($auth_data);
|
|
||||||
echo 'var appId = "' . $appId . '";';
|
|
||||||
echo 'var challenge = ' . json_encode($challenge) . ';';
|
|
||||||
echo 'var registeredKeys = ' . json_encode($registeredKey) . ';';
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
// fido2
|
// fido2
|
||||||
case "fido2-registration":
|
case "fido2-registration":
|
||||||
header('Content-Type: application/json');
|
header('Content-Type: application/json');
|
||||||
|
|
|
@ -994,6 +994,8 @@
|
||||||
"tfa": "Zwei-Faktor-Authentifizierung",
|
"tfa": "Zwei-Faktor-Authentifizierung",
|
||||||
"tfa_token_invalid": "TFA-Token ungültig!",
|
"tfa_token_invalid": "TFA-Token ungültig!",
|
||||||
"totp": "Time-based-OTP (Google Authenticator etc.)",
|
"totp": "Time-based-OTP (Google Authenticator etc.)",
|
||||||
|
"u2f_deprecated": "Es sieht so aus als wurde der Schlüssel mit der alten U2F Methode registriert. Wir werden die Zwei-Faktor-Authentifizierung deaktivieren und deinen Schlüssel löschen.",
|
||||||
|
"u2f_deprecated_important": "Bitte registriere den Schlüssel im Adminbereich mit der neuen WebAuthn Methode.",
|
||||||
"webauthn": "WebAuthn-Authentifizierung",
|
"webauthn": "WebAuthn-Authentifizierung",
|
||||||
"waiting_usb_auth": "<i>Warte auf USB-Gerät...</i><br><br>Bitte jetzt den vorgesehenen Taster des USB-Gerätes berühren.",
|
"waiting_usb_auth": "<i>Warte auf USB-Gerät...</i><br><br>Bitte jetzt den vorgesehenen Taster des USB-Gerätes berühren.",
|
||||||
"waiting_usb_register": "<i>Warte auf USB-Gerät...</i><br><br>Bitte zuerst das obere Passwortfeld ausfüllen und erst dann den vorgesehenen Taster des USB-Gerätes berühren.",
|
"waiting_usb_register": "<i>Warte auf USB-Gerät...</i><br><br>Bitte zuerst das obere Passwortfeld ausfüllen und erst dann den vorgesehenen Taster des USB-Gerätes berühren.",
|
||||||
|
|
|
@ -1001,6 +1001,8 @@
|
||||||
"tfa": "Two-factor authentication",
|
"tfa": "Two-factor authentication",
|
||||||
"tfa_token_invalid": "TFA token invalid",
|
"tfa_token_invalid": "TFA token invalid",
|
||||||
"totp": "Time-based OTP (Google Authenticator, Authy, etc.)",
|
"totp": "Time-based OTP (Google Authenticator, Authy, etc.)",
|
||||||
|
"u2f_deprecated": "It seems that your Key was registered using the deprecated U2F method. We will deactivate Two-Factor-Authenticaiton for you and delete your Key.",
|
||||||
|
"u2f_deprecated_important": "Please register your Key in the admin panel with the new WebAuthn method.",
|
||||||
"webauthn": "WebAuthn authentication",
|
"webauthn": "WebAuthn authentication",
|
||||||
"waiting_usb_auth": "<i>Waiting for USB device...</i><br><br>Please tap the button on your USB device now.",
|
"waiting_usb_auth": "<i>Waiting for USB device...</i><br><br>Please tap the button on your USB device now.",
|
||||||
"waiting_usb_register": "<i>Waiting for USB device...</i><br><br>Please enter your password above and confirm your registration by tapping the button on your USB device.",
|
"waiting_usb_register": "<i>Waiting for USB device...</i><br><br>Please enter your password above and confirm your registration by tapping the button on your USB device.",
|
||||||
|
|
|
@ -191,8 +191,8 @@
|
||||||
{# leave this here to inform users that u2f is deprecated #}
|
{# leave this here to inform users that u2f is deprecated #}
|
||||||
{% if pending_tfa_method == 'u2f' %}
|
{% if pending_tfa_method == 'u2f' %}
|
||||||
<form role="form" method="post" id="u2f_auth_form">
|
<form role="form" method="post" id="u2f_auth_form">
|
||||||
<p>It seems that your Key was registered using the deprecated U2F method. We will deactivate Two-Factor-Authenticaiton for you and delete your Key.</p>
|
<p>lang.tfa.u2f_deprecated</p>
|
||||||
<p><b>Please register your Key in the admin panel with the new WebAuthn method.</b></p>
|
<p><b>lang.tfa.u2f_deprecated_important</b></p>
|
||||||
<input type="hidden" name="token" value="destroy" />
|
<input type="hidden" name="token" value="destroy" />
|
||||||
<input type="hidden" name="tfa_method" value="u2f">
|
<input type="hidden" name="tfa_method" value="u2f">
|
||||||
<input type="hidden" name="verify_tfa_login"/><br/>
|
<input type="hidden" name="verify_tfa_login"/><br/>
|
||||||
|
|
Loading…
Reference in New Issue