2019-04-24 21:52:08 +00:00
|
|
|
package handlers
|
|
|
|
|
|
|
|
import (
|
2021-08-11 01:04:35 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/middlewares"
|
2021-11-29 03:09:14 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/regulation"
|
2019-04-24 21:52:08 +00:00
|
|
|
)
|
|
|
|
|
2022-04-08 04:13:47 +00:00
|
|
|
// TimeBasedOneTimePasswordPOST validate the TOTP passcode provided by the user.
|
|
|
|
func TimeBasedOneTimePasswordPOST(ctx *middlewares.AutheliaCtx) {
|
2022-10-20 02:16:36 +00:00
|
|
|
bodyJSON := bodySignTOTPRequest{}
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2022-07-26 05:43:39 +00:00
|
|
|
if err := ctx.ParseBody(&bodyJSON); err != nil {
|
2021-12-01 12:11:29 +00:00
|
|
|
ctx.Logger.Errorf(logFmtErrParseRequestBody, regulation.AuthTypeTOTP, err)
|
2021-11-29 03:09:14 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
respondUnauthorized(ctx, messageMFAValidationFailed)
|
2021-11-29 03:09:14 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
return
|
|
|
|
}
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
userSession := ctx.GetSession()
|
2020-05-05 19:35:32 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
config, err := ctx.Providers.StorageProvider.LoadTOTPConfiguration(ctx, userSession.Username)
|
|
|
|
if err != nil {
|
|
|
|
ctx.Logger.Errorf("Failed to load TOTP configuration: %+v", err)
|
2021-11-29 03:09:14 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
respondUnauthorized(ctx, messageMFAValidationFailed)
|
2021-11-29 03:09:14 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
return
|
|
|
|
}
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2022-07-26 05:43:39 +00:00
|
|
|
isValid, err := ctx.Providers.TOTP.Validate(bodyJSON.Token, config)
|
2021-12-01 12:11:29 +00:00
|
|
|
if err != nil {
|
|
|
|
ctx.Logger.Errorf("Failed to perform TOTP verification: %+v", err)
|
2021-11-29 03:09:14 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
respondUnauthorized(ctx, messageMFAValidationFailed)
|
2021-11-29 03:09:14 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
return
|
|
|
|
}
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
if !isValid {
|
|
|
|
_ = markAuthenticationAttempt(ctx, false, nil, userSession.Username, regulation.AuthTypeTOTP, nil)
|
2021-11-29 03:09:14 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
respondUnauthorized(ctx, messageMFAValidationFailed)
|
2021-11-29 03:09:14 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
return
|
|
|
|
}
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
if err = markAuthenticationAttempt(ctx, true, nil, userSession.Username, regulation.AuthTypeTOTP, nil); err != nil {
|
|
|
|
respondUnauthorized(ctx, messageMFAValidationFailed)
|
|
|
|
return
|
|
|
|
}
|
2021-11-29 03:09:14 +00:00
|
|
|
|
2023-01-12 10:57:44 +00:00
|
|
|
if err = ctx.RegenerateSession(); err != nil {
|
2021-12-01 12:11:29 +00:00
|
|
|
ctx.Logger.Errorf(logFmtErrSessionRegenerate, regulation.AuthTypeTOTP, userSession.Username, err)
|
2021-11-29 03:09:14 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
respondUnauthorized(ctx, messageMFAValidationFailed)
|
2020-02-29 23:13:33 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
return
|
|
|
|
}
|
2020-02-29 23:13:33 +00:00
|
|
|
|
2022-03-03 11:20:43 +00:00
|
|
|
config.UpdateSignInInfo(ctx.Clock.Now())
|
|
|
|
|
|
|
|
if err = ctx.Providers.StorageProvider.UpdateTOTPConfigurationSignIn(ctx, config.ID, config.LastUsedAt); err != nil {
|
|
|
|
ctx.Logger.Errorf("Unable to save %s device sign in metadata for user '%s': %v", regulation.AuthTypeTOTP, userSession.Username, err)
|
|
|
|
|
|
|
|
respondUnauthorized(ctx, messageMFAValidationFailed)
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-04-01 11:18:58 +00:00
|
|
|
userSession.SetTwoFactorTOTP(ctx.Clock.Now())
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
if err = ctx.SaveSession(userSession); err != nil {
|
|
|
|
ctx.Logger.Errorf(logFmtErrSessionSave, "authentication time", regulation.AuthTypeTOTP, userSession.Username, err)
|
2021-11-29 03:09:14 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
respondUnauthorized(ctx, messageMFAValidationFailed)
|
2021-11-29 03:09:14 +00:00
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
return
|
|
|
|
}
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2022-07-26 05:43:39 +00:00
|
|
|
if bodyJSON.Workflow == workflowOpenIDConnect {
|
2022-10-20 02:16:36 +00:00
|
|
|
handleOIDCWorkflowResponse(ctx, bodyJSON.TargetURL, bodyJSON.WorkflowID)
|
2021-12-01 12:11:29 +00:00
|
|
|
} else {
|
2022-07-26 05:43:39 +00:00
|
|
|
Handle2FAResponse(ctx, bodyJSON.TargetURL)
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
|
|
|
}
|