Server partially supports hardware login keys.

2025-03-09 15:40:18 +00:00 · 2019-02-07 20:06:01 -08:00 · 2019-02-07 20:06:01 -08:00 · 198e949628
commit 198e949628
parent 3910eba2eb
47 changed files with 307 additions and 109 deletions
--- a/views/default-min.handlebars
+++ b/views/default-min.handlebars
--- a/views/default-mobile-min.handlebars
+++ b/views/default-mobile-min.handlebars
--- a/views/default.handlebars
+++ b/views/default.handlebars
@ -252,6 +252,7 @@
                            <span id="otpAuth" style="display:none"><a onclick="account_addOtp()" style="cursor:pointer">Add 2-step login</a><br /></span>
                            <span id="otpAuthRemove" style="display:none"><a onclick="account_removeOtp()" style="cursor:pointer">Remove 2-step login</a><br /></span>
                            <span id="manageOtp" style="display:none"><a onclick="account_manageOtp(0)" style="cursor:pointer">Manage one time passwords</a><br /></span>
+                            <span id="manageHardwareOtp" style="display:none"><a onclick="account_manageHardwareOtp(0)" style="cursor:pointer">Manage hardware login keys</a><br /></span>
                            <a onclick="account_showChangeEmail()" style="cursor:pointer">Change email address</a><br />
                            <a onclick="account_showChangePassword()" style="cursor:pointer">Change password</a><br />
                            <a onclick="account_showDeleteAccount()" style="cursor:pointer">Delete account</a><br />
@ -1172,6 +1173,7 @@
            QV('otpAuth', ((features & 4096) != 0) && (userinfo.otpsecret != 1));
            QV('otpAuthRemove', ((features & 4096) != 0) && (userinfo.otpsecret == 1));
            QV('manageOtp', ((features & 4096) != 0) && (userinfo.otpsecret == 1));
+            QV('manageHardwareOtp', ((features & 0x5000) != 0)); // Requires 2-step login + YubiKey support
        }

        function onMessage(server, message) {
@ -1438,6 +1440,55 @@
                    setDialogMode(2, "Manage One Time Passwords", 8, null, x, 'otpauth-manage');
                    break;
                }
+                case 'otp-hkey-get': {
+                    if (xxdialogMode && (xxdialogTag != 'otpauth-hardware-manage')) return;
+                    var start = "<div style='border-radius:6px;border: 2px solid #CCC;background-color:#BBB;width:100%;margin-top:8px'><div style='padding:8px;font-family:Arial, Helvetica, sans-serif;font-size:16px;font-weight:bold'><table style=width:100%;text-align:left>";
+                    var end =  "</table></div></div>";
+                    var x = "<a href='https://www.yubico.com/' rel='noreferrer noopener' target='_blank'>Hardware keys</a> are used as secondary login authentication.";
+                    x += "";
+                    if (message.keys && message.keys.length > 0) {
+                        for (var i in message.keys) {
+                            var key = message.keys[i];
+                            x += start + '<tr style=margin:5px><td style=width:30px><img src="images/hardware-key-24.png"><td style=width:250px>' + key.name + "<td><input type=button value='Remove' onclick=account_removehkey(" + key.i + ")></input>" + end;
+                        }
+                    } else {
+                        x += start + '<tr style=text-align:center><td>No Hardware Keys Configured' + end;
+                    }
+                    x += "<br />";
+                    x += "<div><input type=button value='Close' onclick=setDialogMode(0) style=float:right></input>";
+                    //x += "<input type=button value='Add YubiKey' onclick='account_addYubiKey();'></input>";
+                    if (window.u2f) {
+                        x += "<input type=button value='Add Key' onclick='account_addhkey();'></input>";
+                    } else {
+                        x += "No hardware key support on this browser.";
+                    }
+                    x += "</div><br />";
+                    setDialogMode(2, "Manage Hardware Login Keys", 8, null, x, 'otpauth-hardware-manage');
+                    break;
+                }
+                case 'otp-hkey-setup-request': {
+                    if (xxdialogMode && (xxdialogTag != 'otpauth-hardware-manage')) return;
+                    var x = "Press the key button now.<br /><br /><div style=width:100%;text-align:center><img src='images/hardware-keypress-120.png' /></div><input id=dp1keyname style=display:none value=" + message.name + " />";
+                    setDialogMode(2, "Add Hardware Login Key", 2, null, x);
+                    window.u2f.register(message.request.appId, [message.request], [], function (registrationResponse) {
+                        if (registrationResponse.errorCode == 0) {
+                            meshserver.send({ action: 'otp-hkey-setup-response', request: message.request, response: registrationResponse, name: Q('dp1keyname').value });
+                            setDialogMode(2, "Add Hardware Login Key", 0, null, '<br />Checking...<br /><br /><br />', 'otpauth-hardware-manage');
+                        } else {
+                            setDialogMode(0);
+                        }
+                    });
+                    break;
+                }
+                case 'otp-hkey-setup-response': {
+                    if (xxdialogMode && (xxdialogTag != 'otpauth-hardware-manage')) return;
+                    if (message.result == true) {
+                        meshserver.send({ action: 'otp-hkey-get' }); // Success, ask for the full list of keys.
+                    } else {
+                        setDialogMode(2, "Add Hardware Login Key", 1, null, '<br />ERROR: Unable to add key.<br /><br />', 'otpauth-hardware-manage');
+                    }
+                    break;
+                }
                case 'event': {
                    if (!message.event.nolog) {
                        events.unshift(message.event);
@ -5174,8 +5225,8 @@
        // Called then user presses the "Change Core" button
        function p15uploadCore(e) {
            if (xxdialogMode) return;
-            if (e.shiftKey == true) { meshserver.send({ action: 'uploadagentcore', nodeid: consoleNode._id, path:'*' }); } // Upload default core
-            else if (e.altKey == true) { meshserver.send({ action: 'uploadagentcore', nodeid: consoleNode._id }); } // Clear the core
+            if (e.shiftKey == true) { meshserver.send({ action: 'uploadagentcore', nodeid: consoleNode._id, type: 'default' }); } // Upload default core
+            else if (e.altKey == true) { meshserver.send({ action: 'uploadagentcore', nodeid: consoleNode._id, type: 'clear' }); } // Clear the core
            else if (e.ctrlKey == true) { p15uploadCore2(); } // Upload the core from a file
            else { setDialogMode(2, "Change Mesh Agent Core", 3, p15uploadCoreEx, '<select id=d3coreMode style=float:right;width:260px><option value=1>Upload default server core</option><option value=2>Clear the core</option><option value=6>Upload recovery core</option><option value=3>Upload a core file</option><option value=4>Soft disconnect agent</option><option value=5>Hard disconnect agent</option></select><div>Change Core</div>'); }
        }
@ -5250,6 +5301,49 @@
            meshserver.send({ action: 'otpauth-getpasswords', subaction: action });
        }

+        function account_manageHardwareOtp() {
+            if ((xxdialogMode == 2) && (xxdialogTag == 'otpauth-hardware-manage')) { dialogclose(0); }
+            if (xxdialogMode || ((features & 4096) == 0)) return;
+            meshserver.send({ action: 'otp-hkey-get' });
+        }
+
+        function account_addhkey() {
+            var x = "Type in the name of the key to add.<br /><br />";
+            x += addHtmlValue('Key Name', '<input id=dp1keyname style=width:230px maxlength=20 autocomplete=off onchange=account_addhkeyValidate() onkeyup=account_addhkeyValidate() />');
+            setDialogMode(2, "Add Hardware Login Key", 3, account_addhkeyEx, x);
+            account_addhkeyValidate();
+        }
+
+        function account_addhkeyValidate() {
+            QE('idx_dlgOkButton', (Q('dp1keyname').value.length > 0));
+        }
+
+        function account_addhkeyEx() {
+            meshserver.send({ action: 'otp-hkey-setup-request', name: Q('dp1keyname').value });
+        }
+
+        function account_addYubiKey() {
+            if (xxdialogMode && (xxdialogTag != 'otpauth-hardware-manage')) return;
+            var x = "Type in a name for the key and press button on the key to register the new hardware key.<br /><br />";
+            x += addHtmlValue('Key Name', '<input id=dp1keyname style=width:230px maxlength=20 autocomplete=off onchange=account_addYubiKeyValidate() onkeyup=account_addYubiKeyValidate() />');
+            x += addHtmlValue('Key Token', '<input id=dp1keytoken style=width:230px maxlength=2048 autocomplete=off onchange=account_addYubiKeyValidate() onkeyup=account_addYubiKeyValidate() />');
+            setDialogMode(2, "Add Yubikey", 3, account_addYubiKeyEx, x);
+            account_addYubiKeyValidate();
+        }
+
+        function account_addYubiKeyValidate() {
+            QE('idx_dlgOkButton', (Q('dp1keyname').value.length > 0) && (Q('dp1keytoken').value.length > 0));
+        }
+
+        function account_addYubiKeyEx() {
+            meshserver.send({ action: 'otp-hkey-yubikey-add', name: Q('dp1keyname').value, otp: Q('dp1keytoken').value });
+        }
+
+        function account_removehkey(index) {
+            meshserver.send({ action: 'otp-hkey-remove', index: index });
+            meshserver.send({ action: 'otp-hkey-get' });
+        }
+
        function account_showVerifyEmail() {
            if (xxdialogMode || (userinfo.emailVerified == true) || (serverinfo.emailcheck != true)) return;
            var x = "Click ok to send a verification mail to:<br /><div style=padding:8px><b>" + EscapeHtml(userinfo.email) + "</b></div>Please wait a few minute to receive the verification.";