From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH manager 4/7] www: switch to new tfa login format
Date: Tue, 9 Nov 2021 12:27:11 +0100 [thread overview]
Message-ID: <20211109112721.130935-23-w.bumiller@proxmox.com> (raw)
In-Reply-To: <20211109112721.130935-1-w.bumiller@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
www/manager6/window/LoginWindow.js | 131 ++++++++++++++---------------
1 file changed, 61 insertions(+), 70 deletions(-)
diff --git a/www/manager6/window/LoginWindow.js b/www/manager6/window/LoginWindow.js
index ecd198a5..4a07f75b 100644
--- a/www/manager6/window/LoginWindow.js
+++ b/www/manager6/window/LoginWindow.js
@@ -21,7 +21,7 @@ Ext.define('PVE.window.LoginWindow', {
xclass: 'Ext.app.ViewController',
- onLogon: function() {
+ onLogon: async function() {
var me = this;
var form = this.lookupReference('loginForm');
@@ -70,30 +70,70 @@ Ext.define('PVE.window.LoginWindow', {
}
sp.set(saveunField.getStateId(), saveunField.getValue());
- form.submit({
- failure: function(f, resp) {
- me.failure(resp);
- },
- success: function(f, resp) {
- view.el.unmask();
+ try {
+ // Request updated authentication mechanism:
+ creds['new-format'] = 1;
- var data = resp.result.data;
- if (Ext.isDefined(data.NeedTFA)) {
- // Store first factor login information first:
- data.LoggedOut = true;
- Proxmox.Utils.setAuthData(data);
-
- if (Ext.isDefined(data.U2FChallenge)) {
- me.perform_u2f(data);
- } else {
- me.perform_otp();
- }
+ let resp = await Proxmox.Async.api2({
+ url: '/api2/extjs/access/ticket',
+ params: creds,
+ method: 'POST',
+ });
+
+ let data = resp.result.data;
+ if (data.ticket.startsWith("PVE:!tfa!")) {
+ // Store first factor login information first:
+ data.LoggedOut = true;
+ Proxmox.Utils.setAuthData(data);
+
+ data = await me.performTFAChallenge(data);
+
+ // Fill in what we copy over from the 1st factor:
+ data.CSRFPreventionToken = Proxmox.CSRFPreventionToken;
+ data.username = Proxmox.UserName;
+ me.success(data);
+ } else if (Ext.isDefined(data.NeedTFA)) {
+ // Store first factor login information first:
+ data.LoggedOut = true;
+ Proxmox.Utils.setAuthData(data);
+
+ if (Ext.isDefined(data.U2FChallenge)) {
+ me.perform_u2f(data);
} else {
- me.success(data);
+ me.perform_otp();
}
- },
+ } else {
+ me.success(data);
+ }
+ } catch (error) {
+ me.failure(error);
+ }
+ },
+
+ /* START NEW TFA CODE (pbs copy) */
+ performTFAChallenge: async function(data) {
+ let me = this;
+
+ let userid = data.username;
+ let ticket = data.ticket;
+ let challenge = JSON.parse(decodeURIComponent(
+ ticket.split(':')[1].slice("!tfa!".length),
+ ));
+
+ let resp = await new Promise((resolve, reject) => {
+ Ext.create('Proxmox.window.TfaLoginWindow', {
+ userid,
+ ticket,
+ challenge,
+ onResolve: value => resolve(value),
+ onReject: reject,
+ }).show();
});
+
+ return resp.result.data;
},
+ /* END NEW TFA CODE (pbs copy) */
+
failure: function(resp) {
var me = this;
var view = me.getView();
@@ -151,7 +191,7 @@ Ext.define('PVE.window.LoginWindow', {
msg.close();
if (res.errorCode) {
Proxmox.Utils.authClear();
- Ext.Msg.alert(gettext('Error'), Proxmox.Utils.render_u2f_error(res.errorCode));
+ Ext.Msg.alert(gettext('Error'), PVE.Utils.render_u2f_error(res.errorCode));
return;
}
delete res.errorCode;
@@ -356,52 +396,3 @@ Ext.define('PVE.window.LoginWindow', {
],
}],
});
-Ext.define('PVE.window.TFALoginWindow', {
- extend: 'Ext.window.Window',
-
- modal: true,
- resizable: false,
- title: 'Two-Factor Authentication',
- layout: 'form',
- defaultButton: 'loginButton',
- defaultFocus: 'otpField',
-
- controller: {
- xclass: 'Ext.app.ViewController',
- login: function() {
- var me = this;
- var view = me.getView();
- view.onLogin(me.lookup('otpField').getValue());
- view.close();
- },
- cancel: function() {
- var me = this;
- var view = me.getView();
- view.onCancel();
- view.close();
- },
- },
-
- items: [
- {
- xtype: 'textfield',
- fieldLabel: gettext('Please enter your OTP verification code:'),
- name: 'otp',
- itemId: 'otpField',
- reference: 'otpField',
- allowBlank: false,
- },
- ],
-
- buttons: [
- {
- text: gettext('Login'),
- reference: 'loginButton',
- handler: 'login',
- },
- {
- text: gettext('Cancel'),
- handler: 'cancel',
- },
- ],
-});
--
2.30.2
next prev parent reply other threads:[~2021-11-09 11:28 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-09 11:26 [pve-devel] [PATCH multiple 0/9] PBS-like TFA support in PVE Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 1/6] import basic skeleton Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 2/6] import pve-rs Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 3/6] move apt to /perl-apt, use PERLMOD_PRODUCT env var Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 4/6] pve: add tfa api Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 5/6] build fix: pmg-rs is not here yet Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 6/6] Add some dev tips to a README Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH access-control 01/10] use rust parser for TFA config Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH access-control 02/10] update read_user_tfa_type call Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH access-control 03/10] use PBS-like auth api call flow Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH access-control 04/10] handle yubico authentication in new path Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 05/10] move TFA api path into its own module Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 06/10] add pbs-style TFA API implementation Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 07/10] support registering yubico otp keys Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 08/10] update tfa cleanup when deleting users Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 09/10] pveum: update tfa delete command Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 10/10] set/remove 'x' for tfa keys in user.cfg in new api Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH cluster] add webauthn configuration to datacenter.cfg Wolfgang Bumiller
2021-11-10 10:12 ` [pve-devel] applied: " Thomas Lamprecht
2021-11-09 11:27 ` [pve-devel] [PATCH common] Ticket: uri-escape colons Wolfgang Bumiller
2021-11-09 12:26 ` [pve-devel] applied: " Thomas Lamprecht
2021-11-09 11:27 ` [pve-devel] [PATCH manager 1/7] www: use render_u2f_error from wtk Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH manager 2/7] www: use UserSelector " Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH manager 3/7] use u2f-api.js and qrcode.min.js " Wolfgang Bumiller
2021-11-09 11:27 ` Wolfgang Bumiller [this message]
2021-11-09 11:27 ` [pve-devel] [PATCH manager 5/7] www: use af-address-book-o for realms Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH manager 6/7] www: add TFA view to config Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH manager 7/7] www: redirect user TFA button to TFA view Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 1/7] add pmxUserSelector Wolfgang Bumiller
2021-11-10 8:29 ` [pve-devel] applied: " Dominik Csapak
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 2/7] add Utils used for u2f and webauthn Wolfgang Bumiller
2021-11-10 8:30 ` [pve-devel] applied: " Dominik Csapak
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 3/7] add u2f-api.js and qrcode.min.js Wolfgang Bumiller
2021-11-10 8:31 ` Dominik Csapak
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 4/7] add Proxmox.window.TfaLoginWindow Wolfgang Bumiller
2021-11-10 8:30 ` [pve-devel] applied: " Dominik Csapak
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 5/7] add totp, wa and recovery creation and tfa edit windows Wolfgang Bumiller
2021-11-10 8:30 ` [pve-devel] applied: " Dominik Csapak
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 6/7] add Proxmox.panel.TfaView Wolfgang Bumiller
2021-11-10 8:30 ` [pve-devel] applied: " Dominik Csapak
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 7/7] add yubico otp windows & login support Wolfgang Bumiller
2021-11-10 8:30 ` [pve-devel] applied: " Dominik Csapak
2021-11-11 15:52 ` [pve-devel] applied-series: [PATCH multiple 0/9] PBS-like TFA support in PVE Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211109112721.130935-23-w.bumiller@proxmox.com \
--to=w.bumiller@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox