diff --git a/conf/mfa-totp.schema b/conf/mfa-totp.schema index a1c29baf..89f65dca 100644 --- a/conf/mfa-totp.schema +++ b/conf/mfa-totp.schema @@ -38,9 +38,9 @@ attributetype ( MiabLDAPmfaAttributeType:2 attributetype ( MiabLDAPmfaAttributeType:3 DESC 'TOTP last token used time' NAME 'totpMruTokenTime' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORDERED 'VALUES' - EQUALITY integerMatch ) + EQUALITY caseExactIA5Match ) # The label is currently any text supplied by the user, which is used # as a reminder of where the secret is stored when logging in (where diff --git a/management/mfa.py b/management/mfa.py index 607f200f..62390bb5 100644 --- a/management/mfa.py +++ b/management/mfa.py @@ -41,7 +41,7 @@ def get_mfa_user(email, env, conn=None): user = find_mail_user(env, email, ['objectClass','totpSecret','totpMruToken','totpMruTokenTime','totpLabel'], conn) if not user: raise ValueError("User does not exist.") - strip_order_prefix(user, ['totpSecret','totpMruToken','totpLabel']) + strip_order_prefix(user, ['totpSecret','totpMruToken','totpMruTokenTime','totpLabel']) return user diff --git a/setup/migration_13.py b/setup/migration_13.py index 29c76352..6a8ae9ca 100644 --- a/setup/migration_13.py +++ b/setup/migration_13.py @@ -80,6 +80,7 @@ def add_user(env, ldapconn, search_base, users_base, domains_base, email, passwo objectClasses.append('totpUser') attrs['totpSecret'] = totp["secret"] attrs['totpMruToken'] = totp["mru_token"] + attrs['totpMruTokenTime'] = totp["mru_token_time"] attrs['totpLabel'] = totp["label"] # Add user @@ -124,10 +125,12 @@ def create_users(env, conn, ldapconn, ldap_base, ldap_users_base, ldap_domains_b totp = { "secret": [], "mru_token": [], + "mru_token_time": [], "label": [] } totp["secret"].append("{%s}%s" % (rowidx, row2[0])) totp["mru_token"].append("{%s}%s" % (rowidx, row2[1] or '')) + totp["mru_token_time"].append("{%s}%s" % (rowidx, rowidx)) totp["label"].append("{%s}%s" % (rowidx, row2[2] or '')) rowidx += 1