external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-05 00:27:25 +00:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp

Browse Source 
# Conflicts:
#	management/auth.py
#	management/mfa.py
This commit is contained in:
downtownallday 2020-09-30 09:05:03 -04:00
commit a5ebd07549
3 changed files with 24 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
management/auth.py
View File

@ -4,7 +4,7 @@ from flask import make_response
import utils import utils
from mailconfig import validate_login, get_mail_password, get_mail_user_privileges from mailconfig import validate_login, get_mail_password, get_mail_user_privileges
from mfa import get_mfa_state, validate_auth_mfa from mfa import get_hash_mfa_state, validate_auth_mfa
DEFAULT_KEY_PATH = '/var/lib/mailinabox/api.key' DEFAULT_KEY_PATH = '/var/lib/mailinabox/api.key'
DEFAULT_AUTH_REALM = 'Mail-in-a-Box Management Server' DEFAULT_AUTH_REALM = 'Mail-in-a-Box Management Server'
@ -135,7 +135,7 @@ class KeyAuthService:
# Add to the message the current MFA state, which is a list of MFA information. # Add to the message the current MFA state, which is a list of MFA information.
# Turn it into a string stably. # Turn it into a string stably.
msg += b" " + json.dumps(get_mfa_state(email, env), sort_keys=True).encode("utf8") msg += b" " + json.dumps(get_hash_mfa_state(email, env), sort_keys=True).encode("utf8")
# Make the HMAC. # Make the HMAC.
hash_key = self.key.encode('ascii') hash_key = self.key.encode('ascii')

28
management/mfa.py
View File

@ -9,8 +9,8 @@ def strip_order_prefix(rec, attributes):
`rec` is modified in-place `rec` is modified in-place
the server returns X-ORDERED values in-order so the values will be the server returns X-ORDERED values ordered so the values will be
correctly orded in the record. sorted in the record making the prefix superfluous.
For example, the function will change: For example, the function will change:
totpSecret: {0}secret1 totpSecret: {0}secret1
@ -65,10 +65,26 @@ def get_public_mfa_state(email, env):
particular MFA by label and the id of each so it may be disabled. particular MFA by label and the id of each so it may be disabled.
''' '''
user = get_mfa_user(email, env) mfa_state = get_mfa_state(email, env)
state_list = [] return [
state_list += mfa_totp.get_public_state(user) { "id": s["id"], "type": s["type"], "label": s["label"] }
return state_list for s in mfa_state
]
def get_hash_mfa_state(email, env):
'''return details about what MFA schemes are enabled for a user
ordered by the priority that the scheme will be tried, with index
zero being the first. This function may return secrets. It's
intended use is for the result to be included as part of the input
to a hashing function to generate a user api key (see
auth.py:create_user_key)
'''
mfa_state = get_mfa_state(email, env)
return [
{ "id": s["id"], "type": s["type"], "secret": s["secret"] }
for s in mfa_state
]
def enable_mfa(email, type, secret, token, label, env): def enable_mfa(email, type, secret, token, label, env):
'''enable MFA using the scheme specified in `type`. users may have '''enable MFA using the scheme specified in `type`. users may have

12
management/mfa_totp.py
View File

@ -45,18 +45,6 @@ def get_state(user):
}) })
return state_list return state_list
def get_public_state(user):
state_list = []
# totp
for idx in range(0, len(user['totpSecret'])):
state_list.append({
'id': totp_id_from_index(user, idx),
'type': 'totp',
'label': user['totpLabel'][idx]
})
return state_list
def enable(user, secret, token, label, env): def enable(user, secret, token, label, env):
validate_secret(secret) validate_secret(secret)
# Sanity check with the provide current token. # Sanity check with the provide current token.