Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
ai3
accountserver
Commits
9b8e1392
Commit
9b8e1392
authored
Aug 17, 2018
by
ale
Browse files
Add the "has_otp" attribute to the user type
parent
d5aabe73
Changes
3
Hide whitespace changes
Inline
Side-by-side
actions.go
View file @
9b8e1392
...
...
@@ -177,6 +177,8 @@ type PasswordRecoveryResponse struct {
// RecoverPassword lets users reset their password by providing
// secondary credentials, which we authenticate ourselves.
//
// Two-factor authentication is disabled on successful recovery.
//
// TODO: call out to auth-server for secondary authentication?
func
(
s
*
AccountService
)
RecoverPassword
(
ctx
context
.
Context
,
tx
TX
,
req
*
PasswordRecoveryRequest
)
(
*
PasswordRecoveryResponse
,
error
)
{
user
,
err
:=
getUserOrDie
(
ctx
,
tx
,
req
.
Username
)
...
...
@@ -208,6 +210,7 @@ func (s *AccountService) RecoverPassword(ctx context.Context, tx TX, req *Passwo
if
err
:=
s
.
changeUserPasswordAndUpdateEncryptionKeys
(
ctx
,
tx
,
user
,
req
.
RecoveryPassword
,
req
.
Password
);
err
!=
nil
{
return
err
}
// Disable 2FA.
return
s
.
disable2FA
(
ctx
,
tx
,
user
)
})
...
...
backend/model.go
View file @
9b8e1392
...
...
@@ -128,12 +128,11 @@ func newUser(entry *ldap.Entry) (*accountserver.User, error) {
UID
:
uidNumber
,
PasswordRecoveryHint
:
entry
.
GetAttributeValue
(
recoveryHintLDAPAttr
),
U2FRegistrations
:
decodeU2FRegistrations
(
entry
.
GetAttributeValues
(
u2fRegistrationsLDAPAttr
)),
HasOTP
:
entry
.
GetAttributeValue
(
totpSecretLDAPAttr
)
!=
""
,
}
// The user has 2FA enabled if it has a TOTP secret or U2F keys.
if
(
entry
.
GetAttributeValue
(
totpSecretLDAPAttr
)
!=
""
)
||
(
len
(
user
.
U2FRegistrations
)
>
0
)
{
user
.
Has2FA
=
true
}
user
.
Has2FA
=
(
user
.
HasOTP
||
(
len
(
user
.
U2FRegistrations
)
>
0
))
if
user
.
Lang
==
""
{
user
.
Lang
=
"en"
...
...
types.go
View file @
9b8e1392
...
...
@@ -30,13 +30,23 @@ type User struct {
// UNIX user id.
UID
int
`json:"uid"`
Has2FA
bool
`json:"has_2fa"`
HasEncryptionKeys
bool
`json:"has_encryption_keys"`
// Has2FA is true if the user has a second-factor authentication
// mechanism properly set up. In practice, this is the case if either
// HasOTP is true, or len(U2FRegistrations) > 0.
Has2FA
bool
`json:"has_2fa"`
// HasOTP is true if TOTP is set up.
HasOTP
bool
`json:"has_otp"`
// HasEncryptionKeys is true if encryption keys are properly set up for
// this user. TODO: consider disabling it.
HasEncryptionKeys
bool
`json:"has_encryption_keys"`
PasswordRecoveryHint
string
`json:"password_recovery_hint"`
AppSpecificPasswords
[]
*
AppSpecificPasswordInfo
`json:"app_specific_passwords,omitempty"`
U2FRegistrations
[]
*
u2f
.
Registration
`json:"u2f_registrations"`
U2FRegistrations
[]
*
u2f
.
Registration
`json:"u2f_registrations
,omitempty
"`
Resources
[]
*
Resource
`json:"resources,omitempty"`
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment