Ground work for 2FA Push. mydnshost/mydnshost-api#35

mydnshost · Mar 10, 2019 · c2a9bf1 · c2a9bf1
1 parent f2206c4
commit c2a9bf1
Show file tree

Hide file tree

Showing 7 changed files with 61 additions and 2 deletions.
diff --git a/mydnshost-php-api b/mydnshost-php-api
diff --git a/public/index.php b/public/index.php
@@ -84,7 +84,7 @@
 		}
 	} else {
 		$hadLoginDetails = session::exists('logindata');
-		session::clear(['DisplayEngine::Flash', 'wantedPage', 'lastlogin']);
+		session::clear(['DisplayEngine::Flash', 'wantedPage', 'lastlogin', '2fa_push']);
 
 		if ($hadLoginDetails) {
 			setWantedPage($displayEngine, $_SERVER['REQUEST_URI']);

diff --git a/src/routes/NotAuthedRoutes.php b/src/routes/NotAuthedRoutes.php
@@ -20,9 +20,32 @@ public function addRoutes($router, $displayEngine, $api) {
 					}
 				}
 
+				if (session::exists('2fa_push')) {
+					$displayEngine->setVar('twofactor_push', session::get('2fa_push'));
+				}
+
 				$displayEngine->display('2fa.tpl');
 			});
 
+			$router->get('/2fa_push.json', function() use ($displayEngine, $api) {
+				if (session::exists('lastlogin')) {
+					$lastAttempt = session::get('lastlogin');
+
+					$user = $lastAttempt['user'];
+					$pass = $lastAttempt['pass'];
+
+					$result = $api->doAuth2FAPush($user, $pass);
+
+					if (isset($result['pushcode'])) {
+						header('Content-Type: application/json');
+						echo json_encode(['pushcode' => $result['pushcode']]);
+						return TRUE;
+					}
+				}
+
+				return FALSE;
+			});
+
 			$router->post('/login', function() use ($displayEngine, $api) {
 				$lastAttempt = session::exists('lastlogin') ? session::get('lastlogin') : [];
 				session::remove('lastlogin');
@@ -83,6 +106,12 @@ public function addRoutes($router, $displayEngine, $api) {
 
 					session::setCurrentUser(null);
 					if (isset($lr['login_error']) && $lr['login_error'] == '2fa_required' && isset($_POST['user']) && isset($_POST['pass'])) {
+						if (isset($lr['2fa_push'])) {
+							session::set('2fa_push', true);
+						} else {
+							session::remove('2fa_push');
+						}
+
 						session::set('lastlogin', $_POST);
 						header('Location: ' . $displayEngine->getURL('/2fa'));
 					} else {

diff --git a/src/routes/UserRoutes.php b/src/routes/UserRoutes.php
@@ -325,6 +325,8 @@ public function addRoutes($router, $displayEngine, $api) {
 
 				if (array_key_exists('error', $apiresult)) {
 					$result = ['error', 'There was an error verifying the key: ' . $apiresult['error']];
+				} else if (array_key_exists('info', $apiresult)) {
+					$result = ['info', $apiresult['info']];
 				} else {
 					$result = ['success', 'Key verified.'];
 				}

diff --git a/templates/default/2fa.tpl b/templates/default/2fa.tpl
@@ -2,8 +2,18 @@
 {% block contenttop %}{% endblock %}
 <form class="form-signin small" method="post" action="{{ url('/login') }}">
   <h1 class="form-signin-heading">2FA Required</h1>
+
+  {% if twofactor_push %}
+    <div id="2fapush">
+      Waiting for 2FA Push...
+      <br><br>
+      You can manually enter a code instead.
+    </div>
+  {% endif %}
+
   <label for="input2FAKey" class="sr-only">2FA Code</label>
   <input type="text" name="2fakey" id="input2FAKey" class="form-control" placeholder="2FA Code" autofocus autocomplete="off">
+
   <div class="form-check">
     <label class="form-check-label">
       <input type="checkbox" name="savedevice" id="savedevice" class="form-check-input"">

diff --git a/templates/default/assets/2fa.js b/templates/default/assets/2fa.js
@@ -6,4 +6,19 @@ $(function() {
 			$("#devicename").hide();
 		}
 	});
+
+	if ($('#2fapush').length > 0) {
+		$.ajax({
+		  url: '{{ url('/2fa_push.json') }}',
+		}).done(function(data) {
+			if (data['pushcode'] !== undefined) {
+				$('#2fapush').text('2FA push ok.');
+				$('#input2FAKey').val(data['pushcode']);
+			} else {
+				$('#2fapush').text('2FA Push failed, please enter a code manually.');
+			}
+		}).fail(function(data) {
+		  $('#2fapush').text('2FA Push failed, please enter a code manually.');
+		});
+	}
 });
diff --git a/templates/default/profile/2fakeys.tpl b/templates/default/profile/2fakeys.tpl
@@ -98,6 +98,9 @@ You will only be able to see the key and associated QR code for any keys that ha
 		{% if 'yubikeyotp' in twoFactorKeyTypes %}
 			<option value="yubikeyotp" data-needsecret>Yubikey OTP</option>
 		{% endif %}
+		{% if 'authy' in twoFactorKeyTypes %}
+			<option value="authy" data-needsecret>Authy Push</option>
+		{% endif %}
 	</select>
 	<input class="form-control col-3 mb-2 mr-sm-2 mb-sm-0" type="text" name="description" value="" placeholder="Key description...">
 	<input class="form-control col-3 mb-2 mr-sm-2 mb-sm-0" type="text" name="secret" value="" placeholder="Key data">