From 14bb07ab010b0e38e6afb6d1f7976819477f396b Mon Sep 17 00:00:00 2001 From: Byron Jones Date: Mon, 23 Nov 2015 14:46:59 +0800 Subject: Bug 1225366 - allow duo authentication for users already enrolled with duo --- Bugzilla/MFA/Duo.pm | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'Bugzilla/MFA') diff --git a/Bugzilla/MFA/Duo.pm b/Bugzilla/MFA/Duo.pm index 4c9aa1184..91096689f 100644 --- a/Bugzilla/MFA/Duo.pm +++ b/Bugzilla/MFA/Duo.pm @@ -9,6 +9,7 @@ package Bugzilla::MFA::Duo; use strict; use parent 'Bugzilla::MFA'; +use Bugzilla::DuoAPI; use Bugzilla::DuoWeb; use Bugzilla::Error; @@ -19,6 +20,23 @@ sub can_verify_inline { sub enroll { my ($self, $params) = @_; + # verify that the user is enrolled with duo + my $client = Bugzilla::DuoAPI->new( + Bugzilla->params->{duo_ikey}, + Bugzilla->params->{duo_skey}, + Bugzilla->params->{duo_host} + ); + my $response = $client->json_api_call('POST', '/auth/v2/preauth', { username => $params->{username} }); + + # not enrolled - show a nice error page instead of just throwing + unless ($response->{result} eq 'auth' || $response->{result} eq 'allow') { + print Bugzilla->cgi->header(); + my $template = Bugzilla->template; + $template->process('mfa/duo/not_enrolled.html.tmpl', { email => $params->{username} }) + || ThrowTemplateError($template->error()); + exit; + } + $self->property_set('user', $params->{username}); } -- cgit v1.2.3-24-g4f1b