Add totpMruTokenTime to upgrade

2025-04-25 03:36:56 +00:00 · 2020-09-30 11:50:49 -04:00 · 2020-09-30 11:50:49 -04:00 · f6b04b314f
commit f6b04b314f
parent 100acb119b
3 changed files with 6 additions and 3 deletions
--- a/conf/mfa-totp.schema
+++ b/conf/mfa-totp.schema
@ -38,9 +38,9 @@ attributetype ( MiabLDAPmfaAttributeType:2
 attributetype ( MiabLDAPmfaAttributeType:3
 	DESC 'TOTP last token used time'
 	NAME 'totpMruTokenTime'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
 	X-ORDERED 'VALUES'
-	EQUALITY integerMatch )
+	EQUALITY caseExactIA5Match )

 # The label is currently any text supplied by the user, which is used
 # as a reminder of where the secret is stored when logging in (where
--- a/management/mfa.py
+++ b/management/mfa.py
@ -41,7 +41,7 @@ def get_mfa_user(email, env, conn=None):
 	user = find_mail_user(env, email, ['objectClass','totpSecret','totpMruToken','totpMruTokenTime','totpLabel'], conn)
 	if not user:
 		raise ValueError("User does not exist.")	
-	strip_order_prefix(user, ['totpSecret','totpMruToken','totpLabel'])
+	strip_order_prefix(user, ['totpSecret','totpMruToken','totpMruTokenTime','totpLabel'])
 	return user


--- a/setup/migration_13.py
+++ b/setup/migration_13.py
@ -80,6 +80,7 @@ def add_user(env, ldapconn, search_base, users_base, domains_base, email, passwo
 		objectClasses.append('totpUser')
 		attrs['totpSecret'] = totp["secret"]
 		attrs['totpMruToken'] = totp["mru_token"]
+		attrs['totpMruTokenTime'] = totp["mru_token_time"]
 		attrs['totpLabel'] = totp["label"]
 	
 	# Add user
@ -124,10 +125,12 @@ def create_users(env, conn, ldapconn, ldap_base, ldap_users_base, ldap_domains_b
 				totp = {
 					"secret": [],
 					"mru_token": [],
+					"mru_token_time": [],
 					"label": []
 				}
 			totp["secret"].append("{%s}%s" % (rowidx, row2[0]))
 			totp["mru_token"].append("{%s}%s" % (rowidx, row2[1] or ''))
+			totp["mru_token_time"].append("{%s}%s" % (rowidx, rowidx))
 			totp["label"].append("{%s}%s" % (rowidx, row2[2] or ''))
 			rowidx += 1