jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

external ldap: ensure dashboard login does totp check

Browse Source
This commit is contained in:
Girish Ramakrishnan
2024-01-08 11:55:35 +01:00
parent 6cdb448f62
commit 5b7667fa4d
5 changed files with 18 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/users.js
View File

@@ -360,11 +360,8 @@ async function verify(userId, password, identifier, options) {
return user;
}
const skipTotpCheck = !!options.skipTotpCheck;
const totpToken = options.totpToken || null;
if (user.source === 'ldap') {
await externalLdap.verifyPassword(user.username, password, totpToken);
await externalLdap.verifyPassword(user.username, password, options);
} else {
const saltBinary = Buffer.from(user.salt, 'hex');
const [error, derivedKey] = await safe(pbkdf2Async(password, saltBinary, CRYPTO_ITERATIONS, CRYPTO_KEY_LENGTH, CRYPTO_DIGEST));
@@ -373,9 +370,9 @@ async function verify(userId, password, identifier, options) {
const derivedKeyHex = Buffer.from(derivedKey, 'binary').toString('hex');
if (derivedKeyHex !== user.password) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'Username and password does not match');
if (!skipTotpCheck && user.twoFactorAuthenticationEnabled) {
if (!totpToken) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'A totpToken must be provided');
const verified = speakeasy.totp.verify({ secret: user.twoFactorAuthenticationSecret, encoding: 'base32', token: totpToken, window: 2 });
if (!options.skipTotpCheck && user.twoFactorAuthenticationEnabled) {
if (!options.totpToken) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'A totpToken must be provided');
const verified = speakeasy.totp.verify({ secret: user.twoFactorAuthenticationSecret, encoding: 'base32', token: options.totpToken, window: 2 });
if (!verified) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'Invalid totpToken');
}
}