Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
ai3
accountserver
Commits
050a535b
Commit
050a535b
authored
Jul 01, 2018
by
ale
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Properly set the Has2FA bit when U2F is enabled
parent
4770ce8c
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
23 additions
and
7 deletions
+23
-7
backend/model.go
backend/model.go
+23
-7
No files found.
backend/model.go
View file @
050a535b
...
...
@@ -99,14 +99,26 @@ func newLDAPBackendWithConn(conn ldapConn, base string) (*backend, error) {
}
func
newUser
(
entry
*
ldap
.
Entry
)
(
*
accountserver
.
User
,
error
)
{
// Note that some user-level attributes related to
// authentication are stored on the uid= object, while others
// are on the email= object. We set the latter in the GetUser
// function later.
//
// The case of password recovery attributes is more complex:
// the current schema has those on email=, but we'd like to
// move them to uid=, so we currently have to support both.
user
:=
&
accountserver
.
User
{
Name
:
entry
.
GetAttributeValue
(
"uid"
),
Lang
:
entry
.
GetAttributeValue
(
preferredLanguageLDAPAttr
),
Has2FA
:
(
entry
.
GetAttributeValue
(
totpSecretLDAPAttr
)
!=
""
),
//HasEncryptionKeys: (len(entry.GetAttributeValues("storageEncryptionKey")) > 0),
//PasswordRecoveryHint: entry.GetAttributeValue("recoverQuestion"),
U2FRegistrations
:
decodeU2FRegistrations
(
entry
.
GetAttributeValues
(
u2fRegistrationsLDAPAttr
)),
Name
:
entry
.
GetAttributeValue
(
"uid"
),
Lang
:
entry
.
GetAttributeValue
(
preferredLanguageLDAPAttr
),
PasswordRecoveryHint
:
entry
.
GetAttributeValue
(
recoveryHintLDAPAttr
),
U2FRegistrations
:
decodeU2FRegistrations
(
entry
.
GetAttributeValues
(
u2fRegistrationsLDAPAttr
)),
}
// The user has 2FA enabled if it has a TOTP secret or U2F keys.
if
(
entry
.
GetAttributeValue
(
totpSecretLDAPAttr
)
!=
""
)
||
(
len
(
user
.
U2FRegistrations
)
>
0
)
{
user
.
Has2FA
=
true
}
if
user
.
Lang
==
""
{
user
.
Lang
=
"en"
}
...
...
@@ -231,7 +243,9 @@ func (tx *backendTX) GetUser(ctx context.Context, username string) (*accountserv
// object, a shortcoming of the legacy A/I database model. Set
// them on the main User object.
if
isObjectClass
(
entry
,
"virtualMailUser"
)
{
user
.
PasswordRecoveryHint
=
entry
.
GetAttributeValue
(
recoveryHintLDAPAttr
)
if
s
:=
entry
.
GetAttributeValue
(
recoveryHintLDAPAttr
);
s
!=
""
{
user
.
PasswordRecoveryHint
=
s
}
user
.
AppSpecificPasswords
=
getASPInfo
(
decodeAppSpecificPasswords
(
entry
.
GetAttributeValues
(
aspLDAPAttr
)))
user
.
HasEncryptionKeys
=
(
entry
.
GetAttributeValue
(
storagePublicKeyLDAPAttr
)
!=
""
)
}
...
...
@@ -277,6 +291,8 @@ func (tx *backendTX) GetUserRecoveryEncryptedPassword(ctx context.Context, user
}
func
(
tx
*
backendTX
)
SetPasswordRecoveryHint
(
ctx
context
.
Context
,
user
*
accountserver
.
User
,
hint
,
response
string
)
error
{
// Write the password recovery attributes on the uid= object,
// as per the new schema.
dn
:=
tx
.
getUserDN
(
user
)
tx
.
setAttr
(
dn
,
recoveryHintLDAPAttr
,
hint
)
tx
.
setAttr
(
dn
,
recoveryResponseLDAPAttr
,
response
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment