From 942ddcc21273ec7f65def51ed1b505fd0a0934ae Mon Sep 17 00:00:00 2001 From: andryyy Date: Mon, 13 Apr 2020 09:36:51 +0200 Subject: [PATCH] [Web] Fix U2F authentication, fixes #3468 --- data/web/json_api.php | 76 +++++++++++++++++++++++-------------------- 1 file changed, 40 insertions(+), 36 deletions(-) diff --git a/data/web/json_api.php b/data/web/json_api.php index 8490f3e4..f122dd2b 100644 --- a/data/web/json_api.php +++ b/data/web/json_api.php @@ -235,44 +235,48 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u )); exit(); } + switch ($category) { + case "u2f-registration": + header('Content-Type: application/javascript'); + if (($_SESSION["mailcow_cc_role"] == "admin" || $_SESSION["mailcow_cc_role"] == "domainadmin") && $_SESSION["mailcow_cc_username"] == $object) { + list($req, $sigs) = $u2f->getRegisterData(get_u2f_registrations($object)); + $_SESSION['regReq'] = json_encode($req); + $_SESSION['regSigs'] = json_encode($sigs); + echo 'var req = ' . json_encode($req) . ';'; + echo 'var registeredKeys = ' . json_encode($sigs) . ';'; + echo 'var appId = req.appId;'; + echo 'var registerRequests = [{version: req.version, challenge: req.challenge}];'; + return; + } + else { + return; + } + break; + case "u2f-authentication": + header('Content-Type: application/javascript'); + if (isset($_SESSION['pending_mailcow_cc_username']) && $_SESSION['pending_mailcow_cc_username'] == $object) { + $auth_data = $u2f->getAuthenticateData(get_u2f_registrations($object)); + $challenge = $auth_data[0]->challenge; + $appId = $auth_data[0]->appId; + foreach ($auth_data as $each) { + $key = array(); // Empty array + $key['version'] = $each->version; + $key['keyHandle'] = $each->keyHandle; + $registeredKey[] = $key; + } + $_SESSION['authReq'] = json_encode($auth_data); + echo 'var appId = "' . $appId . '";'; + echo 'var challenge = ' . json_encode($challenge) . ';'; + echo 'var registeredKeys = ' . json_encode($registeredKey) . ';'; + return; + } + else { + return; + } + break; + } if (!isset($_SESSION['pending_mailcow_cc_username'])) { switch ($category) { - case "u2f-registration": - header('Content-Type: application/javascript'); - if (($_SESSION["mailcow_cc_role"] == "admin" || $_SESSION["mailcow_cc_role"] == "domainadmin") && $_SESSION["mailcow_cc_username"] == $object) { - list($req, $sigs) = $u2f->getRegisterData(get_u2f_registrations($object)); - $_SESSION['regReq'] = json_encode($req); - $_SESSION['regSigs'] = json_encode($sigs); - echo 'var req = ' . json_encode($req) . ';'; - echo 'var registeredKeys = ' . json_encode($sigs) . ';'; - echo 'var appId = req.appId;'; - echo 'var registerRequests = [{version: req.version, challenge: req.challenge}];'; - } - else { - return; - } - break; - case "u2f-authentication": - header('Content-Type: application/javascript'); - if (isset($_SESSION['pending_mailcow_cc_username']) && $_SESSION['pending_mailcow_cc_username'] == $object) { - $auth_data = $u2f->getAuthenticateData(get_u2f_registrations($object)); - $challenge = $auth_data[0]->challenge; - $appId = $auth_data[0]->appId; - foreach ($auth_data as $each) { - $key = array(); // Empty array - $key['version'] = $each->version; - $key['keyHandle'] = $each->keyHandle; - $registeredKey[] = $key; - } - $_SESSION['authReq'] = json_encode($auth_data); - echo 'var appId = "' . $appId . '";'; - echo 'var challenge = ' . json_encode($challenge) . ';'; - echo 'var registeredKeys = ' . json_encode($registeredKey) . ';'; - } - else { - return; - } - break; case "rspamd": switch ($object) { case "actions":