Support 2fa for proxy auth
This commit is contained in:
Johannes Zellner
+8
-2
@@ -15,6 +15,7 @@ const apps = require('./apps.js'),
|
|||||||
debug = require('debug')('box:proxyAuth'),
|
debug = require('debug')('box:proxyAuth'),
|
||||||
ejs = require('ejs'),
|
ejs = require('ejs'),
|
||||||
express = require('express'),
|
express = require('express'),
|
||||||
|
externalLdap = require('./externalLdap.js'),
|
||||||
hat = require('./hat.js'),
|
hat = require('./hat.js'),
|
||||||
http = require('http'),
|
http = require('http'),
|
||||||
HttpError = require('connect-lastmile').HttpError,
|
HttpError = require('connect-lastmile').HttpError,
|
||||||
@@ -170,8 +171,13 @@ async function passwordAuth(req, res, next) {
|
|||||||
if (!user.ghost && !user.appPassword && user.twoFactorAuthenticationEnabled) {
|
if (!user.ghost && !user.appPassword && user.twoFactorAuthenticationEnabled) {
|
||||||
if (!totpToken) return next(new HttpError(403, 'A totpToken must be provided'));
|
if (!totpToken) return next(new HttpError(403, 'A totpToken must be provided'));
|
||||||
|
|
||||||
let verified = speakeasy.totp.verify({ secret: user.twoFactorAuthenticationSecret, encoding: 'base32', token: req.body.totpToken, window: 2 });
|
if (user.source === 'ldap') {
|
||||||
if (!verified) return next(new HttpError(403, 'Invalid totpToken'));
|
const [error] = await safe(externalLdap.verifyPasswordAndTotpToken(user, password, totpToken));
|
||||||
|
if (error) return next(new HttpError(401, 'Invalid totpToken'));
|
||||||
|
} else {
|
||||||
|
const verified = speakeasy.totp.verify({ secret: user.twoFactorAuthenticationSecret, encoding: 'base32', token: req.body.totpToken, window: 2 });
|
||||||
|
if (!verified) return next(new HttpError(401, 'Invalid totpToken'));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
req.user = user;
|
req.user = user;
|
||||||
|
|||||||
Reference in New Issue
Block a user