From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <w.bumiller@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id C82737D8A2
 for <pve-devel@lists.proxmox.com>; Tue,  9 Nov 2021 12:28:23 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id F000BB06C
 for <pve-devel@lists.proxmox.com>; Tue,  9 Nov 2021 12:27:31 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 66BE4AFDC
 for <pve-devel@lists.proxmox.com>; Tue,  9 Nov 2021 12:27:27 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 376404450F
 for <pve-devel@lists.proxmox.com>; Tue,  9 Nov 2021 12:27:27 +0100 (CET)
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Tue,  9 Nov 2021 12:27:11 +0100
Message-Id: <20211109112721.130935-23-w.bumiller@proxmox.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20211109112721.130935-1-w.bumiller@proxmox.com>
References: <20211109112721.130935-1-w.bumiller@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.518 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH manager 4/7] www: switch to new tfa login format
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 11:28:23 -0000

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
 www/manager6/window/LoginWindow.js | 131 ++++++++++++++---------------
 1 file changed, 61 insertions(+), 70 deletions(-)

diff --git a/www/manager6/window/LoginWindow.js b/www/manager6/window/LoginWindow.js
index ecd198a5..4a07f75b 100644
--- a/www/manager6/window/LoginWindow.js
+++ b/www/manager6/window/LoginWindow.js
@@ -21,7 +21,7 @@ Ext.define('PVE.window.LoginWindow', {
 
 	xclass: 'Ext.app.ViewController',
 
-	onLogon: function() {
+	onLogon: async function() {
 	    var me = this;
 
 	    var form = this.lookupReference('loginForm');
@@ -70,30 +70,70 @@ Ext.define('PVE.window.LoginWindow', {
 	    }
 	    sp.set(saveunField.getStateId(), saveunField.getValue());
 
-	    form.submit({
-		failure: function(f, resp) {
-		    me.failure(resp);
-		},
-		success: function(f, resp) {
-		    view.el.unmask();
+	    try {
+		// Request updated authentication mechanism:
+		creds['new-format'] = 1;
 
-		    var data = resp.result.data;
-		    if (Ext.isDefined(data.NeedTFA)) {
-			// Store first factor login information first:
-			data.LoggedOut = true;
-			Proxmox.Utils.setAuthData(data);
-
-			if (Ext.isDefined(data.U2FChallenge)) {
-			    me.perform_u2f(data);
-			} else {
-			    me.perform_otp();
-			}
+		let resp = await Proxmox.Async.api2({
+		    url: '/api2/extjs/access/ticket',
+		    params: creds,
+		    method: 'POST',
+		});
+
+		let data = resp.result.data;
+		if (data.ticket.startsWith("PVE:!tfa!")) {
+		    // Store first factor login information first:
+		    data.LoggedOut = true;
+		    Proxmox.Utils.setAuthData(data);
+
+		    data = await me.performTFAChallenge(data);
+
+		    // Fill in what we copy over from the 1st factor:
+		    data.CSRFPreventionToken = Proxmox.CSRFPreventionToken;
+		    data.username = Proxmox.UserName;
+		    me.success(data);
+		} else if (Ext.isDefined(data.NeedTFA)) {
+		    // Store first factor login information first:
+		    data.LoggedOut = true;
+		    Proxmox.Utils.setAuthData(data);
+
+		    if (Ext.isDefined(data.U2FChallenge)) {
+			me.perform_u2f(data);
 		    } else {
-			me.success(data);
+			me.perform_otp();
 		    }
-		},
+		} else {
+		    me.success(data);
+		}
+	    } catch (error) {
+		me.failure(error);
+	    }
+	},
+
+	/* START NEW TFA CODE (pbs copy) */
+	performTFAChallenge: async function(data) {
+	    let me = this;
+
+	    let userid = data.username;
+	    let ticket = data.ticket;
+	    let challenge = JSON.parse(decodeURIComponent(
+	        ticket.split(':')[1].slice("!tfa!".length),
+	    ));
+
+	    let resp = await new Promise((resolve, reject) => {
+		Ext.create('Proxmox.window.TfaLoginWindow', {
+		    userid,
+		    ticket,
+		    challenge,
+		    onResolve: value => resolve(value),
+		    onReject: reject,
+		}).show();
 	    });
+
+	    return resp.result.data;
 	},
+	/* END NEW TFA CODE (pbs copy) */
+
 	failure: function(resp) {
 	    var me = this;
 	    var view = me.getView();
@@ -151,7 +191,7 @@ Ext.define('PVE.window.LoginWindow', {
 		msg.close();
 		if (res.errorCode) {
 		    Proxmox.Utils.authClear();
-		    Ext.Msg.alert(gettext('Error'), Proxmox.Utils.render_u2f_error(res.errorCode));
+		    Ext.Msg.alert(gettext('Error'), PVE.Utils.render_u2f_error(res.errorCode));
 		    return;
 		}
 		delete res.errorCode;
@@ -356,52 +396,3 @@ Ext.define('PVE.window.LoginWindow', {
 	],
     }],
  });
-Ext.define('PVE.window.TFALoginWindow', {
-    extend: 'Ext.window.Window',
-
-    modal: true,
-    resizable: false,
-    title: 'Two-Factor Authentication',
-    layout: 'form',
-    defaultButton: 'loginButton',
-    defaultFocus: 'otpField',
-
-    controller: {
-	xclass: 'Ext.app.ViewController',
-	login: function() {
-	    var me = this;
-	    var view = me.getView();
-	    view.onLogin(me.lookup('otpField').getValue());
-	    view.close();
-	},
-	cancel: function() {
-	    var me = this;
-	    var view = me.getView();
-	    view.onCancel();
-	    view.close();
-	},
-    },
-
-    items: [
-	{
-	    xtype: 'textfield',
-	    fieldLabel: gettext('Please enter your OTP verification code:'),
-	    name: 'otp',
-	    itemId: 'otpField',
-	    reference: 'otpField',
-	    allowBlank: false,
-	},
-    ],
-
-    buttons: [
-	{
-	    text: gettext('Login'),
-	    reference: 'loginButton',
-	    handler: 'login',
-	},
-	{
-	    text: gettext('Cancel'),
-	    handler: 'cancel',
-	},
-    ],
-});
-- 
2.30.2