From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH widget-toolkit 7/7] add yubico otp windows & login support
Date: Tue, 9 Nov 2021 12:27:21 +0100 [thread overview]
Message-ID: <20211109112721.130935-33-w.bumiller@proxmox.com> (raw)
In-Reply-To: <20211109112721.130935-1-w.bumiller@proxmox.com>
has to be explicitly enabled since this is only supported in
PVE
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
src/Makefile | 1 +
src/panel/TfaView.js | 32 +++++++++
src/window/AddYubico.js | 148 ++++++++++++++++++++++++++++++++++++++++
src/window/TfaWindow.js | 31 ++++++++-
4 files changed, 211 insertions(+), 1 deletion(-)
create mode 100644 src/window/AddYubico.js
diff --git a/src/Makefile b/src/Makefile
index bf2eab0..d9d12e8 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -83,6 +83,7 @@ JSSRC= \
window/AddTfaRecovery.js \
window/AddTotp.js \
window/AddWebauthn.js \
+ window/AddYubico.js \
window/TfaEdit.js \
node/APT.js \
node/APTRepositories.js \
diff --git a/src/panel/TfaView.js b/src/panel/TfaView.js
index a0cb04a..712cdfe 100644
--- a/src/panel/TfaView.js
+++ b/src/panel/TfaView.js
@@ -18,11 +18,20 @@ Ext.define('pmx-tfa-entry', {
Ext.define('Proxmox.panel.TfaView', {
extend: 'Ext.grid.GridPanel',
alias: 'widget.pmxTfaView',
+ mixins: ['Proxmox.Mixin.CBind'],
title: gettext('Second Factors'),
reference: 'tfaview',
issuerName: 'Proxmox',
+ yubicoEnabled: false,
+
+ cbindData: function(initialConfig) {
+ let me = this;
+ return {
+ yubicoEnabled: me.yubicoEnabled,
+ };
+ },
store: {
type: 'diff',
@@ -116,6 +125,19 @@ Ext.define('Proxmox.panel.TfaView', {
}).show();
},
+ addYubico: function() {
+ let me = this;
+
+ Ext.create('Proxmox.window.AddYubico', {
+ isCreate: true,
+ listeners: {
+ destroy: function() {
+ me.reload();
+ },
+ },
+ }).show();
+ },
+
editItem: function() {
let me = this;
let view = me.getView();
@@ -227,6 +249,7 @@ Ext.define('Proxmox.panel.TfaView', {
tbar: [
{
text: gettext('Add'),
+ cbind: {},
menu: {
xtype: 'menu',
items: [
@@ -248,6 +271,15 @@ Ext.define('Proxmox.panel.TfaView', {
iconCls: 'fa fa-fw fa-file-text-o',
handler: 'addRecovery',
},
+ {
+ text: gettext('Yubico'),
+ itemId: 'yubico',
+ iconCls: 'fa fa-fw fa-yahoo',
+ handler: 'addYubico',
+ cbind: {
+ hidden: '{!yubicoEnabled}',
+ },
+ },
],
},
},
diff --git a/src/window/AddYubico.js b/src/window/AddYubico.js
new file mode 100644
index 0000000..22b884b
--- /dev/null
+++ b/src/window/AddYubico.js
@@ -0,0 +1,148 @@
+Ext.define('Proxmox.window.AddYubico', {
+ extend: 'Proxmox.window.Edit',
+ alias: 'widget.pmxAddYubico',
+ mixins: ['Proxmox.Mixin.CBind'],
+
+ onlineHelp: 'user_mgmt',
+
+ modal: true,
+ resizable: false,
+ title: gettext('Add a Yubico key'),
+ width: 512,
+
+ isAdd: true,
+ userid: undefined,
+ fixedUser: false,
+
+ initComponent: function() {
+ let me = this;
+ me.url = '/api2/extjs/access/tfa/';
+ me.method = 'POST';
+ me.callParent();
+ },
+
+ viewModel: {
+ data: {
+ valid: false,
+ userid: null,
+ },
+ },
+
+ controller: {
+ xclass: 'Ext.app.ViewController',
+
+ control: {
+ 'field': {
+ validitychange: function(field, valid) {
+ let me = this;
+ let viewmodel = me.getViewModel();
+ let form = me.lookup('yubico_form');
+ viewmodel.set('valid', form.isValid());
+ },
+ },
+ '#': {
+ show: function() {
+ let me = this;
+ let view = me.getView();
+
+ if (Proxmox.UserName === 'root@pam') {
+ view.lookup('password').setVisible(false);
+ view.lookup('password').setDisabled(true);
+ }
+ },
+ },
+ },
+ },
+
+ items: [
+ {
+ xtype: 'form',
+ reference: 'yubico_form',
+ layout: 'anchor',
+ border: false,
+ bodyPadding: 10,
+ fieldDefaults: {
+ anchor: '100%',
+ },
+ items: [
+ {
+ xtype: 'pmxDisplayEditField',
+ name: 'userid',
+ cbind: {
+ editable: (get) => !get('fixedUser'),
+ value: () => Proxmox.UserName,
+ },
+ fieldLabel: gettext('User'),
+ editConfig: {
+ xtype: 'pmxUserSelector',
+ allowBlank: false,
+ },
+ renderer: Ext.String.htmlEncode,
+ listeners: {
+ change: function(field, newValue, oldValue) {
+ let vm = this.up('window').getViewModel();
+ vm.set('userid', newValue);
+ },
+ },
+ },
+ {
+ xtype: 'textfield',
+ fieldLabel: gettext('Description'),
+ allowBlank: false,
+ name: 'description',
+ maxLength: 256,
+ emptyText: gettext('For example: TFA device ID, required to identify multiple factors.'),
+ },
+ {
+ xtype: 'textfield',
+ fieldLabel: gettext('Yubico OTP Key'),
+ emptyText: gettext('A currently valid Yubico OTP value'),
+ name: 'otp_value',
+ maxLength: 44,
+ enforceMaxLength: true,
+ regex: /^[a-zA-Z0-9]{44}$/,
+ regexText: '44 characters',
+ maskRe: /^[a-zA-Z0-9]$/,
+ },
+ {
+ xtype: 'textfield',
+ name: 'password',
+ reference: 'password',
+ fieldLabel: gettext('Verify Password'),
+ inputType: 'password',
+ minLength: 5,
+ allowBlank: false,
+ validateBlank: true,
+ cbind: {
+ hidden: () => Proxmox.UserName === 'root@pam',
+ disabled: () => Proxmox.UserName === 'root@pam',
+ emptyText: () =>
+ Ext.String.format(gettext("Confirm your ({0}) password"), Proxmox.UserName),
+ },
+ },
+ ],
+ },
+ ],
+
+ getValues: function(dirtyOnly) {
+ let me = this;
+
+ let values = me.callParent(arguments);
+
+ let uid = encodeURIComponent(values.userid);
+ me.url = `/api2/extjs/access/tfa/${uid}`;
+ delete values.userid;
+
+ let data = {
+ description: values.description,
+ type: "yubico",
+ value: values.otp_value,
+ };
+
+ if (values.password) {
+ data.password = values.password;
+ }
+
+ return data;
+ },
+});
diff --git a/src/window/TfaWindow.js b/src/window/TfaWindow.js
index 5026fb8..d568f9b 100644
--- a/src/window/TfaWindow.js
+++ b/src/window/TfaWindow.js
@@ -45,7 +45,7 @@ Ext.define('Proxmox.window.TfaLoginWindow', {
let lastTabId = me.getLastTabUsed();
let initialTab = -1, i = 0;
- for (const k of ['webauthn', 'totp', 'recovery', 'u2f']) {
+ for (const k of ['webauthn', 'totp', 'recovery', 'u2f', 'yubico']) {
const available = !!challenge[k];
vm.set(`availableChallenge.${k}`, available);
@@ -143,6 +143,13 @@ Ext.define('Proxmox.window.TfaLoginWindow', {
let _promise = me.finishChallenge(`totp:${code}`);
},
+ loginYubico: function() {
+ let me = this;
+
+ let code = me.lookup('yubico').getValue();
+ let _promise = me.finishChallenge(`yubico:${code}`);
+ },
+
loginWebauthn: async function() {
let me = this;
let view = me.getView();
@@ -412,6 +419,28 @@ Ext.define('Proxmox.window.TfaLoginWindow', {
},
],
},
+ {
+ xtype: 'panel',
+ title: gettext('Yubico OTP'),
+ iconCls: 'fa fa-fw fa-yahoo',
+ handler: 'loginYubico',
+ bind: {
+ disabled: '{!availableChallenge.yubico}',
+ },
+ items: [
+ {
+ xtype: 'textfield',
+ fieldLabel: gettext('Please enter your Yubico OTP code'),
+ labelWidth: 300,
+ name: 'yubico',
+ disabled: true,
+ reference: 'yubico',
+ allowBlank: false,
+ regex: /^[a-z0-9]{30,60}$/, // *should* be 44 but not sure if that's "fixed"
+ regexText: gettext('TOTP codes consist of six decimal digits'),
+ },
+ ],
+ },
],
}],
--
2.30.2
next prev parent reply other threads:[~2021-11-09 11:27 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-09 11:26 [pve-devel] [PATCH multiple 0/9] PBS-like TFA support in PVE Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 1/6] import basic skeleton Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 2/6] import pve-rs Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 3/6] move apt to /perl-apt, use PERLMOD_PRODUCT env var Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 4/6] pve: add tfa api Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 5/6] build fix: pmg-rs is not here yet Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 6/6] Add some dev tips to a README Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH access-control 01/10] use rust parser for TFA config Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH access-control 02/10] update read_user_tfa_type call Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH access-control 03/10] use PBS-like auth api call flow Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH access-control 04/10] handle yubico authentication in new path Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 05/10] move TFA api path into its own module Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 06/10] add pbs-style TFA API implementation Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 07/10] support registering yubico otp keys Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 08/10] update tfa cleanup when deleting users Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 09/10] pveum: update tfa delete command Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 10/10] set/remove 'x' for tfa keys in user.cfg in new api Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH cluster] add webauthn configuration to datacenter.cfg Wolfgang Bumiller
2021-11-10 10:12 ` [pve-devel] applied: " Thomas Lamprecht
2021-11-09 11:27 ` [pve-devel] [PATCH common] Ticket: uri-escape colons Wolfgang Bumiller
2021-11-09 12:26 ` [pve-devel] applied: " Thomas Lamprecht
2021-11-09 11:27 ` [pve-devel] [PATCH manager 1/7] www: use render_u2f_error from wtk Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH manager 2/7] www: use UserSelector " Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH manager 3/7] use u2f-api.js and qrcode.min.js " Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH manager 4/7] www: switch to new tfa login format Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH manager 5/7] www: use af-address-book-o for realms Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH manager 6/7] www: add TFA view to config Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH manager 7/7] www: redirect user TFA button to TFA view Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 1/7] add pmxUserSelector Wolfgang Bumiller
2021-11-10 8:29 ` [pve-devel] applied: " Dominik Csapak
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 2/7] add Utils used for u2f and webauthn Wolfgang Bumiller
2021-11-10 8:30 ` [pve-devel] applied: " Dominik Csapak
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 3/7] add u2f-api.js and qrcode.min.js Wolfgang Bumiller
2021-11-10 8:31 ` Dominik Csapak
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 4/7] add Proxmox.window.TfaLoginWindow Wolfgang Bumiller
2021-11-10 8:30 ` [pve-devel] applied: " Dominik Csapak
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 5/7] add totp, wa and recovery creation and tfa edit windows Wolfgang Bumiller
2021-11-10 8:30 ` [pve-devel] applied: " Dominik Csapak
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 6/7] add Proxmox.panel.TfaView Wolfgang Bumiller
2021-11-10 8:30 ` [pve-devel] applied: " Dominik Csapak
2021-11-09 11:27 ` Wolfgang Bumiller [this message]
2021-11-10 8:30 ` [pve-devel] applied: [PATCH widget-toolkit 7/7] add yubico otp windows & login support Dominik Csapak
2021-11-11 15:52 ` [pve-devel] applied-series: [PATCH multiple 0/9] PBS-like TFA support in PVE Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211109112721.130935-33-w.bumiller@proxmox.com \
--to=w.bumiller@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox