Commit 10bf35f9 authored by Dietmar Maurer's avatar Dietmar Maurer

allow to set/edit two factor authentication

parent 281d73d8
......@@ -2,6 +2,8 @@ pve-manager (3.2-17) unstable; urgency=low
* include improved Spanish translation
* allow to set/edit two factor authentication (yubico, oath)
-- Proxmox Support Team <support@proxmox.com> Fri, 18 Jul 2014 08:23:02 +0200
pve-manager (3.2-16) unstable; urgency=low
......
......@@ -285,5 +285,15 @@ Ext.define('PVE.Parser', { statics: {
return datastr;
},
parseTfaConfig: function(value) {
var res = {};
Ext.Array.each(value.split(','), function(p) {
var kva = p.split(/=/, 2);
res[kva[0]] = kva[1];
});
return res;
}
}});
......@@ -63,17 +63,22 @@ Ext.define('PVE.dc.AuthEdit', {
fieldLabel: gettext('User Attribute Name'),
allowBlank: false
});
} else if (me.authType === 'pve') {
if (me.create) throw 'unknown auth type';
me.subject = 'Proxmox VE authentication server';
} else if (me.authType === 'pam') {
if (me.create) throw 'unknown auth type';
me.subject = 'linux PAM';
} else {
throw 'unknown auth type ';
}
column1.push({
xtype: 'textfield',
name: 'comment',
fieldLabel: gettext('Comment')
});
column1.push({
xtype: 'pvecheckbox',
fieldLabel: gettext('Default'),
......@@ -81,7 +86,10 @@ Ext.define('PVE.dc.AuthEdit', {
uncheckedValue: 0
});
var column2 = [
var column2 = [];
if (me.authType === 'ldap' || me.authType === 'ad') {
column2.push([
{
xtype: 'textfield',
fieldLabel: gettext('Server'),
......@@ -109,11 +117,58 @@ Ext.define('PVE.dc.AuthEdit', {
name: 'secure',
uncheckedValue: 0
}
];
]);
}
// Two Factor Auth settings
column2.push({
xtype: 'pveKVComboBox',
name: 'tfa',
value: '',
fieldLabel: gettext('TFA'),
data: [ ['', 'none'], ['oath', 'OATH'], ['yubico', 'Yubico']],
listeners: {
change: function(f, value) {
if (!me.rendered) {
return;
}
me.down('field[name=yubico_api_id]').setVisible(value === 'yubico');
me.down('field[name=yubico_api_key]').setVisible(value === 'yubico');
me.down('field[name=yubico_url]').setVisible(value === 'yubico');
}
}
});
column2.push({
xtype: 'textfield',
name: 'yubico_api_id',
hidden: true,
fieldLabel: 'Yubico API Id'
});
column2.push({
xtype: 'textfield',
name: 'yubico_api_key',
hidden: true,
fieldLabel: 'Yubico API Key'
});
column2.push({
xtype: 'textfield',
name: 'yubico_url',
hidden: true,
fieldLabel: 'Yubico URL'
});
var ipanel = Ext.create('PVE.panel.InputPanel', {
column1: column1,
column2: column2,
columnB: [{
xtype: 'textfield',
name: 'comment',
fieldLabel: gettext('Comment')
}],
onGetValues: function(values) {
if (!values.port) {
if (!me.create) {
......@@ -126,6 +181,23 @@ Ext.define('PVE.dc.AuthEdit', {
values.type = me.authType;
}
if (values.tfa === 'oath') {
values.tfa = "type=oath";
} else if (values.tfa === 'yubico') {
values.tfa = "type=yubico";
values.tfa += ",id=" + values.yubico_api_id;
values.tfa += ",key=" + values.yubico_api_key;
if (values.yubico_url) {
values.tfa += ",url=" + values.yubico_url;
}
} else {
delete values.tfa;
}
delete values.yubico_api_id;
delete values.yubico_api_key;
delete values.yubico_url;
return values;
}
});
......@@ -150,6 +222,17 @@ Ext.define('PVE.dc.AuthEdit', {
me.close();
throw "got wrong auth type";
}
if (data.tfa) {
var tfacfg = PVE.Parser.parseTfaConfig(data.tfa);
data.tfa = tfacfg.type;
if (tfacfg.type === 'yubico') {
data.yubico_api_key = tfacfg.key;
data.yubico_api_id = tfacfg.id;
data.yubico_url = tfacfg.url;
}
}
me.setValues(data);
}
});
......
......@@ -26,10 +26,6 @@ Ext.define('PVE.dc.AuthView', {
return;
}
if (rec.data.type === 'pve' || rec.data.type === 'pam') {
return;
}
var win = Ext.create('PVE.dc.AuthEdit',{
realm: rec.data.realm,
authType: rec.data.type
......@@ -42,9 +38,6 @@ Ext.define('PVE.dc.AuthView', {
text: gettext('Edit'),
disabled: true,
selModel: sm,
enableFn: function(rec) {
return !(rec.data.type === 'pve' || rec.data.type === 'pam');
},
handler: run_editor
});
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment