Commit ba0c2565 authored by Ad Schellevis's avatar Ad Schellevis

(auth) add totp to system_authservers.php, for https://github.com/opnsense/core/issues/449

parent e02b08ba
...@@ -32,9 +32,10 @@ require_once("auth.inc"); ...@@ -32,9 +32,10 @@ require_once("auth.inc");
$auth_server_types = array( $auth_server_types = array(
'ldap' => "LDAP", 'ldap' => gettext("LDAP"),
'radius' => "Radius", 'radius' => gettext("Radius"),
'voucher' => "Voucher" 'voucher' => gettext("Voucher"),
'totp' => gettext("Local + Timebased One Time Password")
); );
...@@ -110,9 +111,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -110,9 +111,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['simplePasswords'] = $a_server[$id]['simplePasswords']; $pconfig['simplePasswords'] = $a_server[$id]['simplePasswords'];
$pconfig['usernameLength'] = $a_server[$id]['usernameLength']; $pconfig['usernameLength'] = $a_server[$id]['usernameLength'];
$pconfig['passwordLength'] = $a_server[$id]['passwordLength']; $pconfig['passwordLength'] = $a_server[$id]['passwordLength'];
} elseif ($pconfig['type'] == 'totp') {
$pconfig['graceperiod'] = $a_server[$id]['graceperiod'];
$pconfig['timeWindow'] = $a_server[$id]['timeWindow'];
} }
} }
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$input_errors = array(); $input_errors = array();
$pconfig = $_POST; $pconfig = $_POST;
...@@ -252,6 +255,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -252,6 +255,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$server['simplePasswords'] = !empty($pconfig['simplePasswords']); $server['simplePasswords'] = !empty($pconfig['simplePasswords']);
$server['usernameLength'] = $pconfig['usernameLength']; $server['usernameLength'] = $pconfig['usernameLength'];
$server['passwordLength'] = $pconfig['passwordLength']; $server['passwordLength'] = $pconfig['passwordLength'];
} elseif ($server['type'] == 'totp') {
$server['timeWindow'] = filter_var($pconfig['timeWindow'], FILTER_SANITIZE_NUMBER_INT);
$server['graceperiod'] = filter_var($pconfig['graceperiod'], FILTER_SANITIZE_NUMBER_INT);
} }
if (isset($id) && isset($config['system']['authserver'][$id])) { if (isset($id) && isset($config['system']['authserver'][$id])) {
...@@ -347,12 +353,15 @@ $( document ).ready(function() { ...@@ -347,12 +353,15 @@ $( document ).ready(function() {
$(".auth_radius").addClass('hidden'); $(".auth_radius").addClass('hidden');
$(".auth_ldap").addClass('hidden'); $(".auth_ldap").addClass('hidden');
$(".auth_voucher").addClass('hidden'); $(".auth_voucher").addClass('hidden');
$(".auth_totp").addClass('hidden');
if ($("#type").val() == 'ldap') { if ($("#type").val() == 'ldap') {
$(".auth_ldap").removeClass('hidden'); $(".auth_ldap").removeClass('hidden');
} else if ($("#type").val() == 'radius') { } else if ($("#type").val() == 'radius') {
$(".auth_radius").removeClass('hidden'); $(".auth_radius").removeClass('hidden');
} else if ($("#type").val() == 'voucher') { } else if ($("#type").val() == 'voucher') {
$(".auth_voucher").removeClass('hidden'); $(".auth_voucher").removeClass('hidden');
} else if ($("#type").val() == 'totp') {
$(".auth_totp").removeClass('hidden');
} }
}); });
...@@ -695,6 +704,37 @@ endif; ?> ...@@ -695,6 +704,37 @@ endif; ?>
</div> </div>
</td> </td>
</tr> </tr>
<!-- TOTP -->
<tr class="auth_totp hidden">
<td><a id="help_for_totp_otpLength" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Token length");?></td>
<td>
<select name="otpLength" class="selectpicker" data-style="btn-default">
<option value="6" <?=empty($pconfig['otpLength']) || $pconfig['otpLength'] == "6" ? "selected=\"selected\"" : "";?> >6</option>
<option value="8" <?=!empty($pconfig['otpLength']) && $pconfig['otpLength'] == "8" ? "selected=\"selected\"" : "";?> >8</option>
</select>
<div class="hidden" for="help_for_totp_otpLength">
<?= gettext("Token length to use") ?>
</div>
</td>
</tr>
<tr class="auth_totp hidden">
<td><a id="help_for_totp_timeWindow" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Time window");?></td>
<td>
<input name="timeWindow" type="text" value="<?=$pconfig['timeWindow'];?>"/>
<div class="hidden" for="help_for_totp_timeWindow">
<?= gettext("The time period in which the token will be valid, default is 30 seconds (google authenticator)") ?>
</div>
</td>
</tr>
<tr class="auth_totp hidden">
<td><a id="help_for_totp_graceperiod" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Grace period");?></td>
<td>
<input name="graceperiod" type="text" value="<?=$pconfig['graceperiod'];?>"/>
<div class="hidden" for="help_for_totp_graceperiod">
<?= gettext("Time in seconds in which this server and the token may differ, default is 10 seconds. Set higher for a less secure easier match.") ?>
</div>
</td>
</tr>
<tr> <tr>
<td>&nbsp;</td> <td>&nbsp;</td>
<td> <td>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment