scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 02:02:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Duo Passcode Prepend (#18342)

Browse Source 
* prepends passcode= for duo totp mfa method

* adds changelog entry
This commit is contained in:
Jordan Reimer
2022-12-13 14:50:11 -07:00
committed by GitHub
parent cf0bf66f35
commit 2c5a63bcea
4 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/18342.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:improvement
ui: Prepends "passcode=" if not provided in user input for duo totp mfa method authentication
```

12
ui/app/adapters/cluster.js
View File

@@ -133,7 +133,17 @@ export default ApplicationAdapter.extend({
data: { data: {
mfa_request_id, mfa_request_id,
mfa_payload: mfa_constraints.reduce((obj, { selectedMethod, passcode }) => { mfa_payload: mfa_constraints.reduce((obj, { selectedMethod, passcode }) => {
obj[selectedMethod.id] = passcode ? [passcode] : []; let payload = [];
if (passcode) {
// duo requires passcode= prepended to the actual passcode
// this isn't a great UX so we add it behind the scenes to fulfill the requirement
// check if user added passcode= to avoid duplication
payload =
selectedMethod.type === 'duo' && !passcode.includes('passcode=')
? [`passcode=${passcode}`]
: [passcode];
}
obj[selectedMethod.id] = payload;
return obj; return obj;
}, {}), }, {}),
}, },

5
ui/mirage/handlers/mfa-login.js
View File

@@ -31,7 +31,8 @@ export const validationHandler = (schema, req) => {
// validate totp passcode // validate totp passcode
const passcode = mfa_payload[constraintId][0]; const passcode = mfa_payload[constraintId][0];
if (method.uses_passcode) { if (method.uses_passcode) {
if (passcode !== 'test') { const expectedPasscode = method.type === 'duo' ? 'passcode=test' : 'test';
if (passcode !== expectedPasscode) {
const error = const error =
{ {
used: 'code already used; new code is available in 30 seconds', used: 'code already used; new code is available in 30 seconds',
@@ -92,6 +93,8 @@ export default function (server) {
[mfa_constraints, methods] = generator([m('okta'), m('totp')], [m('totp')]); // 2 constraints 1 passcode/1 non-passcode 1 non-passcode [mfa_constraints, methods] = generator([m('okta'), m('totp')], [m('totp')]); // 2 constraints 1 passcode/1 non-passcode 1 non-passcode
} else if (user === 'mfa-j') { } else if (user === 'mfa-j') {
[mfa_constraints, methods] = generator([m('pingid')]); // use to test push failures [mfa_constraints, methods] = generator([m('pingid')]); // use to test push failures
} else if (user === 'mfa-k') {
[mfa_constraints, methods] = generator([m('duo', true)]); // test duo passcode and prepending passcode= to user input
} }
const mfa_request_id = crypto.randomUUID(); const mfa_request_id = crypto.randomUUID();
const mfa_requirement = { const mfa_requirement = {

2
ui/tests/integration/components/mfa-form-test.js
View File

@@ -101,7 +101,7 @@ module('Integration | Component | mfa-form', function (hooks) {
const json = JSON.parse(req.requestBody); const json = JSON.parse(req.requestBody);
const payload = { const payload = {
mfa_request_id: 'test-mfa-id', mfa_request_id: 'test-mfa-id',
mfa_payload: { [oktaConstraint.id]: [], [duoConstraint.id]: ['test-code'] }, mfa_payload: { [oktaConstraint.id]: [], [duoConstraint.id]: ['passcode=test-code'] },
}; };
assert.deepEqual(json, payload, 'Correct mfa payload passed to validate endpoint'); assert.deepEqual(json, payload, 'Correct mfa payload passed to validate endpoint');
return {}; return {};