Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
ai3
accountserver
Commits
9b8e1392
Commit
9b8e1392
authored
Aug 17, 2018
by
ale
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add the "has_otp" attribute to the user type
parent
d5aabe73
Pipeline
#1152
passed with stages
in 1 minute and 38 seconds
Changes
3
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
18 additions
and
6 deletions
+18
-6
actions.go
actions.go
+3
-0
backend/model.go
backend/model.go
+2
-3
types.go
types.go
+13
-3
No files found.
actions.go
View file @
9b8e1392
...
...
@@ -177,6 +177,8 @@ type PasswordRecoveryResponse struct {
// RecoverPassword lets users reset their password by providing
// secondary credentials, which we authenticate ourselves.
//
// Two-factor authentication is disabled on successful recovery.
//
// TODO: call out to auth-server for secondary authentication?
func
(
s
*
AccountService
)
RecoverPassword
(
ctx
context
.
Context
,
tx
TX
,
req
*
PasswordRecoveryRequest
)
(
*
PasswordRecoveryResponse
,
error
)
{
user
,
err
:=
getUserOrDie
(
ctx
,
tx
,
req
.
Username
)
...
...
@@ -208,6 +210,7 @@ func (s *AccountService) RecoverPassword(ctx context.Context, tx TX, req *Passwo
if
err
:=
s
.
changeUserPasswordAndUpdateEncryptionKeys
(
ctx
,
tx
,
user
,
req
.
RecoveryPassword
,
req
.
Password
);
err
!=
nil
{
return
err
}
// Disable 2FA.
return
s
.
disable2FA
(
ctx
,
tx
,
user
)
})
...
...
backend/model.go
View file @
9b8e1392
...
...
@@ -128,12 +128,11 @@ func newUser(entry *ldap.Entry) (*accountserver.User, error) {
UID
:
uidNumber
,
PasswordRecoveryHint
:
entry
.
GetAttributeValue
(
recoveryHintLDAPAttr
),
U2FRegistrations
:
decodeU2FRegistrations
(
entry
.
GetAttributeValues
(
u2fRegistrationsLDAPAttr
)),
HasOTP
:
entry
.
GetAttributeValue
(
totpSecretLDAPAttr
)
!=
""
,
}
// The user has 2FA enabled if it has a TOTP secret or U2F keys.
if
(
entry
.
GetAttributeValue
(
totpSecretLDAPAttr
)
!=
""
)
||
(
len
(
user
.
U2FRegistrations
)
>
0
)
{
user
.
Has2FA
=
true
}
user
.
Has2FA
=
(
user
.
HasOTP
||
(
len
(
user
.
U2FRegistrations
)
>
0
))
if
user
.
Lang
==
""
{
user
.
Lang
=
"en"
...
...
types.go
View file @
9b8e1392
...
...
@@ -30,13 +30,23 @@ type User struct {
// UNIX user id.
UID
int
`json:"uid"`
Has2FA
bool
`json:"has_2fa"`
HasEncryptionKeys
bool
`json:"has_encryption_keys"`
// Has2FA is true if the user has a second-factor authentication
// mechanism properly set up. In practice, this is the case if either
// HasOTP is true, or len(U2FRegistrations) > 0.
Has2FA
bool
`json:"has_2fa"`
// HasOTP is true if TOTP is set up.
HasOTP
bool
`json:"has_otp"`
// HasEncryptionKeys is true if encryption keys are properly set up for
// this user. TODO: consider disabling it.
HasEncryptionKeys
bool
`json:"has_encryption_keys"`
PasswordRecoveryHint
string
`json:"password_recovery_hint"`
AppSpecificPasswords
[]
*
AppSpecificPasswordInfo
`json:"app_specific_passwords,omitempty"`
U2FRegistrations
[]
*
u2f
.
Registration
`json:"u2f_registrations"`
U2FRegistrations
[]
*
u2f
.
Registration
`json:"u2f_registrations
,omitempty
"`
Resources
[]
*
Resource
`json:"resources,omitempty"`
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment