From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id C82737D8A2 for ; Tue, 9 Nov 2021 12:28:23 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id F000BB06C for ; Tue, 9 Nov 2021 12:27:31 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 66BE4AFDC for ; Tue, 9 Nov 2021 12:27:27 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 376404450F for ; Tue, 9 Nov 2021 12:27:27 +0100 (CET) From: Wolfgang Bumiller To: pve-devel@lists.proxmox.com Date: Tue, 9 Nov 2021 12:27:11 +0100 Message-Id: <20211109112721.130935-23-w.bumiller@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20211109112721.130935-1-w.bumiller@proxmox.com> References: <20211109112721.130935-1-w.bumiller@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.518 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH manager 4/7] www: switch to new tfa login format X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Nov 2021 11:28:23 -0000 Signed-off-by: Wolfgang Bumiller --- www/manager6/window/LoginWindow.js | 131 ++++++++++++++--------------- 1 file changed, 61 insertions(+), 70 deletions(-) diff --git a/www/manager6/window/LoginWindow.js b/www/manager6/window/LoginWindow.js index ecd198a5..4a07f75b 100644 --- a/www/manager6/window/LoginWindow.js +++ b/www/manager6/window/LoginWindow.js @@ -21,7 +21,7 @@ Ext.define('PVE.window.LoginWindow', { xclass: 'Ext.app.ViewController', - onLogon: function() { + onLogon: async function() { var me = this; var form = this.lookupReference('loginForm'); @@ -70,30 +70,70 @@ Ext.define('PVE.window.LoginWindow', { } sp.set(saveunField.getStateId(), saveunField.getValue()); - form.submit({ - failure: function(f, resp) { - me.failure(resp); - }, - success: function(f, resp) { - view.el.unmask(); + try { + // Request updated authentication mechanism: + creds['new-format'] = 1; - var data = resp.result.data; - if (Ext.isDefined(data.NeedTFA)) { - // Store first factor login information first: - data.LoggedOut = true; - Proxmox.Utils.setAuthData(data); - - if (Ext.isDefined(data.U2FChallenge)) { - me.perform_u2f(data); - } else { - me.perform_otp(); - } + let resp = await Proxmox.Async.api2({ + url: '/api2/extjs/access/ticket', + params: creds, + method: 'POST', + }); + + let data = resp.result.data; + if (data.ticket.startsWith("PVE:!tfa!")) { + // Store first factor login information first: + data.LoggedOut = true; + Proxmox.Utils.setAuthData(data); + + data = await me.performTFAChallenge(data); + + // Fill in what we copy over from the 1st factor: + data.CSRFPreventionToken = Proxmox.CSRFPreventionToken; + data.username = Proxmox.UserName; + me.success(data); + } else if (Ext.isDefined(data.NeedTFA)) { + // Store first factor login information first: + data.LoggedOut = true; + Proxmox.Utils.setAuthData(data); + + if (Ext.isDefined(data.U2FChallenge)) { + me.perform_u2f(data); } else { - me.success(data); + me.perform_otp(); } - }, + } else { + me.success(data); + } + } catch (error) { + me.failure(error); + } + }, + + /* START NEW TFA CODE (pbs copy) */ + performTFAChallenge: async function(data) { + let me = this; + + let userid = data.username; + let ticket = data.ticket; + let challenge = JSON.parse(decodeURIComponent( + ticket.split(':')[1].slice("!tfa!".length), + )); + + let resp = await new Promise((resolve, reject) => { + Ext.create('Proxmox.window.TfaLoginWindow', { + userid, + ticket, + challenge, + onResolve: value => resolve(value), + onReject: reject, + }).show(); }); + + return resp.result.data; }, + /* END NEW TFA CODE (pbs copy) */ + failure: function(resp) { var me = this; var view = me.getView(); @@ -151,7 +191,7 @@ Ext.define('PVE.window.LoginWindow', { msg.close(); if (res.errorCode) { Proxmox.Utils.authClear(); - Ext.Msg.alert(gettext('Error'), Proxmox.Utils.render_u2f_error(res.errorCode)); + Ext.Msg.alert(gettext('Error'), PVE.Utils.render_u2f_error(res.errorCode)); return; } delete res.errorCode; @@ -356,52 +396,3 @@ Ext.define('PVE.window.LoginWindow', { ], }], }); -Ext.define('PVE.window.TFALoginWindow', { - extend: 'Ext.window.Window', - - modal: true, - resizable: false, - title: 'Two-Factor Authentication', - layout: 'form', - defaultButton: 'loginButton', - defaultFocus: 'otpField', - - controller: { - xclass: 'Ext.app.ViewController', - login: function() { - var me = this; - var view = me.getView(); - view.onLogin(me.lookup('otpField').getValue()); - view.close(); - }, - cancel: function() { - var me = this; - var view = me.getView(); - view.onCancel(); - view.close(); - }, - }, - - items: [ - { - xtype: 'textfield', - fieldLabel: gettext('Please enter your OTP verification code:'), - name: 'otp', - itemId: 'otpField', - reference: 'otpField', - allowBlank: false, - }, - ], - - buttons: [ - { - text: gettext('Login'), - reference: 'loginButton', - handler: 'login', - }, - { - text: gettext('Cancel'), - handler: 'cancel', - }, - ], -}); -- 2.30.2