diff options
Diffstat (limited to 'Bugzilla/MFA')
-rw-r--r-- | Bugzilla/MFA/Dummy.pm | 10 | ||||
-rw-r--r-- | Bugzilla/MFA/Duo.pm | 71 | ||||
-rw-r--r-- | Bugzilla/MFA/TOTP.pm | 75 |
3 files changed, 78 insertions, 78 deletions
diff --git a/Bugzilla/MFA/Dummy.pm b/Bugzilla/MFA/Dummy.pm index 03fbe76b5..0ba7a79a6 100644 --- a/Bugzilla/MFA/Dummy.pm +++ b/Bugzilla/MFA/Dummy.pm @@ -18,12 +18,12 @@ use base 'Bugzilla::MFA'; # it provides no 2fa protection at all, but prevents crashing. sub prompt { - my ($self, $vars) = @_; - my $template = Bugzilla->template; + my ($self, $vars) = @_; + my $template = Bugzilla->template; - print Bugzilla->cgi->header(); - $template->process('mfa/dummy/verify.html.tmpl', $vars) - || ThrowTemplateError($template->error()); + print Bugzilla->cgi->header(); + $template->process('mfa/dummy/verify.html.tmpl', $vars) + || ThrowTemplateError($template->error()); } 1; diff --git a/Bugzilla/MFA/Duo.pm b/Bugzilla/MFA/Duo.pm index 19590944b..6b026f55b 100644 --- a/Bugzilla/MFA/Duo.pm +++ b/Bugzilla/MFA/Duo.pm @@ -18,58 +18,57 @@ use Bugzilla::DuoWeb; use Bugzilla::Error; sub can_verify_inline { - return 0; + return 0; } sub enroll { - my ($self, $params) = @_; + my ($self, $params) = @_; - # verify that the user is enrolled with duo - my $client = Bugzilla::DuoAPI->new( - Bugzilla->params->{duo_ikey}, - Bugzilla->params->{duo_skey}, - Bugzilla->params->{duo_host} - ); - my $response = $client->json_api_call('POST', '/auth/v2/preauth', { username => $params->{username} }); + # verify that the user is enrolled with duo + my $client = Bugzilla::DuoAPI->new( + Bugzilla->params->{duo_ikey}, + Bugzilla->params->{duo_skey}, + Bugzilla->params->{duo_host} + ); + my $response = $client->json_api_call('POST', '/auth/v2/preauth', + {username => $params->{username}}); - # not enrolled - show a nice error page instead of just throwing - unless ($response->{result} eq 'auth' || $response->{result} eq 'allow') { - print Bugzilla->cgi->header(); - my $template = Bugzilla->template; - $template->process('mfa/duo/not_enrolled.html.tmpl', { email => $params->{username} }) - || ThrowTemplateError($template->error()); - exit; - } + # not enrolled - show a nice error page instead of just throwing + unless ($response->{result} eq 'auth' || $response->{result} eq 'allow') { + print Bugzilla->cgi->header(); + my $template = Bugzilla->template; + $template->process('mfa/duo/not_enrolled.html.tmpl', + {email => $params->{username}}) + || ThrowTemplateError($template->error()); + exit; + } - $self->property_set('user', $params->{username}); + $self->property_set('user', $params->{username}); } sub prompt { - my ($self, $vars) = @_; - my $template = Bugzilla->template; + my ($self, $vars) = @_; + my $template = Bugzilla->template; - $vars->{sig_request} = Bugzilla::DuoWeb::sign_request( - Bugzilla->params->{duo_ikey}, - Bugzilla->params->{duo_skey}, - Bugzilla->params->{duo_akey}, - $self->property_get('user'), - ); + $vars->{sig_request} = Bugzilla::DuoWeb::sign_request( + Bugzilla->params->{duo_ikey}, Bugzilla->params->{duo_skey}, + Bugzilla->params->{duo_akey}, $self->property_get('user'), + ); - print Bugzilla->cgi->header(); - $template->process('mfa/duo/verify.html.tmpl', $vars) - || ThrowTemplateError($template->error()); + print Bugzilla->cgi->header(); + $template->process('mfa/duo/verify.html.tmpl', $vars) + || ThrowTemplateError($template->error()); } sub check { - my ($self, $params) = @_; + my ($self, $params) = @_; - return if Bugzilla::DuoWeb::verify_response( - Bugzilla->params->{duo_ikey}, - Bugzilla->params->{duo_skey}, - Bugzilla->params->{duo_akey}, - $params->{sig_response} + return + if Bugzilla::DuoWeb::verify_response( + Bugzilla->params->{duo_ikey}, Bugzilla->params->{duo_skey}, + Bugzilla->params->{duo_akey}, $params->{sig_response} ); - ThrowUserError('mfa_bad_code'); + ThrowUserError('mfa_bad_code'); } 1; diff --git a/Bugzilla/MFA/TOTP.pm b/Bugzilla/MFA/TOTP.pm index 131dea676..2398fcbeb 100644 --- a/Bugzilla/MFA/TOTP.pm +++ b/Bugzilla/MFA/TOTP.pm @@ -21,60 +21,61 @@ use GD::Barcode::QRcode; use MIME::Base64 qw( encode_base64 ); sub can_verify_inline { - return 1; + return 1; } sub _auth { - my ($self) = @_; - return Auth::GoogleAuth->new({ - secret => $self->property_get('secret') // $self->property_get('secret.temp'), - issuer => template_var('terms')->{BugzillaTitle}, - key_id => $self->{user}->login, - }); + my ($self) = @_; + return Auth::GoogleAuth->new({ + secret => $self->property_get('secret') // $self->property_get('secret.temp'), + issuer => template_var('terms')->{BugzillaTitle}, + key_id => $self->{user}->login, + }); } sub enroll_api { - my ($self) = @_; - - # create a new secret for the user - # store it in secret.temp to avoid overwriting a valid secret - $self->property_set('secret.temp', generate_random_password(16)); - - # build the qr code - my $auth = $self->_auth(); - my $otpauth = $auth->qr_code(undef, undef, undef, 1); - my $png = GD::Barcode::QRcode->new($otpauth, { Version => 10, ModuleSize => 3 })->plot()->png(); - return { png => encode_base64($png), secret32 => $auth->secret32 }; + my ($self) = @_; + + # create a new secret for the user + # store it in secret.temp to avoid overwriting a valid secret + $self->property_set('secret.temp', generate_random_password(16)); + + # build the qr code + my $auth = $self->_auth(); + my $otpauth = $auth->qr_code(undef, undef, undef, 1); + my $png = GD::Barcode::QRcode->new($otpauth, {Version => 10, ModuleSize => 3}) + ->plot()->png(); + return {png => encode_base64($png), secret32 => $auth->secret32}; } sub enrolled { - my ($self) = @_; + my ($self) = @_; - # make the temporary secret permanent - $self->property_set('secret', $self->property_get('secret.temp')); - $self->property_delete('secret.temp'); + # make the temporary secret permanent + $self->property_set('secret', $self->property_get('secret.temp')); + $self->property_delete('secret.temp'); } sub prompt { - my ($self, $vars) = @_; - my $template = Bugzilla->template; + my ($self, $vars) = @_; + my $template = Bugzilla->template; - print Bugzilla->cgi->header(); - $template->process('mfa/totp/verify.html.tmpl', $vars) - || ThrowTemplateError($template->error()); + print Bugzilla->cgi->header(); + $template->process('mfa/totp/verify.html.tmpl', $vars) + || ThrowTemplateError($template->error()); } sub check { - my ($self, $params) = @_; - my $code = $params->{code}; - return if $self->_auth()->verify($code, 1); - - if ($params->{mfa_action} && $params->{mfa_action} eq 'enable') { - ThrowUserError('mfa_totp_bad_enrollment_code'); - } - else { - ThrowUserError('mfa_bad_code'); - } + my ($self, $params) = @_; + my $code = $params->{code}; + return if $self->_auth()->verify($code, 1); + + if ($params->{mfa_action} && $params->{mfa_action} eq 'enable') { + ThrowUserError('mfa_totp_bad_enrollment_code'); + } + else { + ThrowUserError('mfa_bad_code'); + } } 1; |