diff options
| author | Byron Jones <glob@mozilla.com> | 2015-11-23 07:46:59 +0100 |
|---|---|---|
| committer | Byron Jones <glob@mozilla.com> | 2015-11-23 07:46:59 +0100 |
| commit | 14bb07ab010b0e38e6afb6d1f7976819477f396b (patch) | |
| tree | 02e0b79301396a628ba609d9bfd5d05f4b55a2ff /Bugzilla/MFA | |
| parent | 94800e1e2badeb0d10960cad12ca595e649674d6 (diff) | |
| download | bugzilla-14bb07ab010b0e38e6afb6d1f7976819477f396b.tar.gz bugzilla-14bb07ab010b0e38e6afb6d1f7976819477f396b.tar.xz | |
Bug 1225366 - allow duo authentication for users already enrolled with duo
Diffstat (limited to 'Bugzilla/MFA')
| -rw-r--r-- | Bugzilla/MFA/Duo.pm | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/Bugzilla/MFA/Duo.pm b/Bugzilla/MFA/Duo.pm index 4c9aa1184..91096689f 100644 --- a/Bugzilla/MFA/Duo.pm +++ b/Bugzilla/MFA/Duo.pm @@ -9,6 +9,7 @@ package Bugzilla::MFA::Duo; use strict; use parent 'Bugzilla::MFA'; +use Bugzilla::DuoAPI; use Bugzilla::DuoWeb; use Bugzilla::Error; @@ -19,6 +20,23 @@ sub can_verify_inline { sub enroll { my ($self, $params) = @_; + # verify that the user is enrolled with duo + my $client = Bugzilla::DuoAPI->new( + Bugzilla->params->{duo_ikey}, + Bugzilla->params->{duo_skey}, + Bugzilla->params->{duo_host} + ); + my $response = $client->json_api_call('POST', '/auth/v2/preauth', { username => $params->{username} }); + + # not enrolled - show a nice error page instead of just throwing + unless ($response->{result} eq 'auth' || $response->{result} eq 'allow') { + print Bugzilla->cgi->header(); + my $template = Bugzilla->template; + $template->process('mfa/duo/not_enrolled.html.tmpl', { email => $params->{username} }) + || ThrowTemplateError($template->error()); + exit; + } + $self->property_set('user', $params->{username}); } |