From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id DBD8781F01 for ; Fri, 26 Nov 2021 14:55:48 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 569E31932B for ; Fri, 26 Nov 2021 14:55:48 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id CAB6F191EB for ; Fri, 26 Nov 2021 14:55:40 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id A4B9644CA1 for ; Fri, 26 Nov 2021 14:55:40 +0100 (CET) From: Wolfgang Bumiller To: pmg-devel@lists.proxmox.com Date: Fri, 26 Nov 2021 14:55:11 +0100 Message-Id: <20211126135524.117846-8-w.bumiller@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20211126135524.117846-1-w.bumiller@proxmox.com> References: <20211126135524.117846-1-w.bumiller@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.444 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [html.tt] Subject: [pmg-devel] [PATCH gui] add TFA components X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Nov 2021 13:55:48 -0000 Signed-off-by: Wolfgang Bumiller --- js/LoginView.js | 61 +++++++++++++++++++++++++++++++++----------- js/Makefile | 1 + js/UserManagement.js | 8 ++++-- js/UserSelector.js | 13 ++++++++++ pmg-index.html.tt | 1 + 5 files changed, 67 insertions(+), 17 deletions(-) create mode 100644 js/UserSelector.js diff --git a/js/LoginView.js b/js/LoginView.js index 7ad695c..63f4099 100644 --- a/js/LoginView.js +++ b/js/LoginView.js @@ -44,7 +44,7 @@ Ext.define('PMG.LoginView', { me.submitForm(); }, - submitForm: function() { + submitForm: async function() { let me = this; let view = me.getView(); let loginForm = me.lookupReference('loginForm'); @@ -67,23 +67,54 @@ Ext.define('PMG.LoginView', { sp.set(saveunField.getStateId(), saveunField.getValue()); } - loginForm.submit({ - success: function(form, action) { - // save login data and create cookie - PMG.Utils.updateLoginData(action.result.data); - PMG.app.changeView(view.targetview); - }, - failure: function(form, action) { - loginForm.unmask(); - Ext.MessageBox.alert( - gettext('Error'), - gettext('Login failed. Please try again'), - ); - }, - }); + let creds = loginForm.getValues(); + + try { + let resp = await Proxmox.Async.api2({ + url: '/api2/extjs/access/ticket', + params: creds, + method: 'POST', + }); + + let data = resp.result.data; + if (data.ticket.startsWith('PMG:!tfa!')) { + data = await me.performTFAChallenge(data); + } + PMG.Utils.updateLoginData(data); + PMG.app.changeView(view.targetview); + } catch (error) { + Proxmox.Utils.authClear(); + loginForm.unmask(); + Ext.MessageBox.alert( + gettext('Error'), + gettext('Login failed. Please try again'), + ); + } } }, + performTFAChallenge: async function(data) { + let me = this; + + let userid = data.username; + let ticket = data.ticket; + let challenge = JSON.parse(decodeURIComponent( + ticket.split(':')[1].slice("!tfa!".length), + )); + + let resp = await new Promise((resolve, reject) => { + Ext.create('Proxmox.window.TfaLoginWindow', { + userid, + ticket, + challenge, + onResolve: value => resolve(value), + onReject: reject, + }).show(); + }); + + return resp.result.data; + }, + openQuarantineLinkWindow: function() { let me = this; me.lookup('loginwindow').setVisible(false); diff --git a/js/Makefile b/js/Makefile index 672f61e..f4b7630 100644 --- a/js/Makefile +++ b/js/Makefile @@ -73,6 +73,7 @@ JSSRC= \ FetchmailEdit.js \ FetchmailView.js \ UserManagement.js \ + UserSelector.js \ ViewMailHeaders.js \ PostfixQShape.js \ PostfixMailQueue.js \ diff --git a/js/UserManagement.js b/js/UserManagement.js index 85e41e5..d81a4cc 100644 --- a/js/UserManagement.js +++ b/js/UserManagement.js @@ -27,7 +27,11 @@ Ext.define('PMG.UserManagement', { itemId: 'pop', iconCls: 'fa fa-reply-all', }, + { + xtype: 'pmxTfaView', + title: 'Two Factor', + itemId: 'tfa', + iconCls: 'fa fa-key', + }, ], }); - - diff --git a/js/UserSelector.js b/js/UserSelector.js new file mode 100644 index 0000000..8fb31d7 --- /dev/null +++ b/js/UserSelector.js @@ -0,0 +1,13 @@ +Ext.define('pmx-users', { + extend: 'Ext.data.Model', + fields: [ + 'userid', 'firstname', 'lastname', 'email', 'comment', + { type: 'boolean', name: 'enable' }, + { type: 'date', dateFormat: 'timestamp', name: 'expire' }, + ], + proxy: { + type: 'proxmox', + url: "/api2/json/access/users", + }, + idProperty: 'userid', +}); diff --git a/pmg-index.html.tt b/pmg-index.html.tt index 4a29ba2..4e9f1af 100644 --- a/pmg-index.html.tt +++ b/pmg-index.html.tt @@ -24,6 +24,7 @@ [% ELSE %] + [% END %]