jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add support for LDAP cn=...+totptoken=.. support

Browse Source
This commit is contained in:
Johannes Zellner
2022-08-02 14:02:35 +02:00
parent afc70ac332
commit a2a60ff426
4 changed files with 53 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/routes/accesscontrol.js
View File

@@ -43,8 +43,13 @@ async function passwordAuth(req, res, next) {
if (!user.ghost && !user.appPassword && user.twoFactorAuthenticationEnabled) {
if (!totpToken) return next(new HttpError(401, 'A totpToken must be provided'));
const verified = speakeasy.totp.verify({ secret: user.twoFactorAuthenticationSecret, encoding: 'base32', token: totpToken, window: 2 });
if (!verified) return next(new HttpError(401, 'Invalid totpToken'));
if (user.source === 'ldap') {
const [error] = await safe(externalLdap.verifyPasswordAndTotpToken(user, password, totpToken));
if (error) return next(new HttpError(401, 'Invalid totpToken'));
} else {
const verified = speakeasy.totp.verify({ secret: user.twoFactorAuthenticationSecret, encoding: 'base32', token: totpToken, window: 2 });
if (!verified) return next(new HttpError(401, 'Invalid totpToken'));
}
}
req.user = user;