mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
ad8e844af6
Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm). Fixes #1226.
226 lines
8.4 KiB
TypeScript
226 lines
8.4 KiB
TypeScript
import React, { Fragment, ReactNode, useCallback, useEffect, useState } from "react";
|
|
|
|
import { Route, Routes, useLocation, useNavigate } from "react-router-dom";
|
|
|
|
import {
|
|
AuthenticatedRoute,
|
|
FirstFactorRoute,
|
|
SecondFactorPushSubRoute,
|
|
SecondFactorRoute,
|
|
SecondFactorTOTPSubRoute,
|
|
SecondFactorU2FSubRoute,
|
|
} from "@constants/Routes";
|
|
import { useConfiguration } from "@hooks/Configuration";
|
|
import { useNotifications } from "@hooks/NotificationsContext";
|
|
import { useRedirectionURL } from "@hooks/RedirectionURL";
|
|
import { useRedirector } from "@hooks/Redirector";
|
|
import { useRequestMethod } from "@hooks/RequestMethod";
|
|
import { useAutheliaState } from "@hooks/State";
|
|
import { useUserInfo } from "@hooks/UserInfo";
|
|
import { SecondFactorMethod } from "@models/Methods";
|
|
import { checkSafeRedirection } from "@services/SafeRedirection";
|
|
import { AuthenticationLevel } from "@services/State";
|
|
import LoadingPage from "@views/LoadingPage/LoadingPage";
|
|
import AuthenticatedView from "@views/LoginPortal/AuthenticatedView/AuthenticatedView";
|
|
import FirstFactorForm from "@views/LoginPortal/FirstFactor/FirstFactorForm";
|
|
import SecondFactorForm from "@views/LoginPortal/SecondFactor/SecondFactorForm";
|
|
|
|
export interface Props {
|
|
duoSelfEnrollment: boolean;
|
|
rememberMe: boolean;
|
|
resetPassword: boolean;
|
|
}
|
|
|
|
const RedirectionErrorMessage =
|
|
"Redirection was determined to be unsafe and aborted. Ensure the redirection URL is correct.";
|
|
|
|
const LoginPortal = function (props: Props) {
|
|
const navigate = useNavigate();
|
|
const location = useLocation();
|
|
const redirectionURL = useRedirectionURL();
|
|
const requestMethod = useRequestMethod();
|
|
const { createErrorNotification } = useNotifications();
|
|
const [firstFactorDisabled, setFirstFactorDisabled] = useState(true);
|
|
const redirector = useRedirector();
|
|
|
|
const [state, fetchState, , fetchStateError] = useAutheliaState();
|
|
const [userInfo, fetchUserInfo, , fetchUserInfoError] = useUserInfo();
|
|
const [configuration, fetchConfiguration, , fetchConfigurationError] = useConfiguration();
|
|
|
|
const redirect = useCallback((url: string) => navigate(url), [navigate]);
|
|
|
|
// Fetch the state when portal is mounted.
|
|
useEffect(() => {
|
|
fetchState();
|
|
}, [fetchState]);
|
|
|
|
// Fetch preferences and configuration when user is authenticated.
|
|
useEffect(() => {
|
|
if (state && state.authentication_level >= AuthenticationLevel.OneFactor) {
|
|
fetchUserInfo();
|
|
fetchConfiguration();
|
|
}
|
|
}, [state, fetchUserInfo, fetchConfiguration]);
|
|
|
|
// Enable first factor when user is unauthenticated.
|
|
useEffect(() => {
|
|
if (state && state.authentication_level > AuthenticationLevel.Unauthenticated) {
|
|
setFirstFactorDisabled(true);
|
|
}
|
|
}, [state, setFirstFactorDisabled]);
|
|
|
|
// Display an error when state fetching fails
|
|
useEffect(() => {
|
|
if (fetchStateError) {
|
|
createErrorNotification("There was an issue fetching the current user state");
|
|
}
|
|
}, [fetchStateError, createErrorNotification]);
|
|
|
|
// Display an error when configuration fetching fails
|
|
useEffect(() => {
|
|
if (fetchConfigurationError) {
|
|
createErrorNotification("There was an issue retrieving global configuration");
|
|
}
|
|
}, [fetchConfigurationError, createErrorNotification]);
|
|
|
|
// Display an error when preferences fetching fails
|
|
useEffect(() => {
|
|
if (fetchUserInfoError) {
|
|
createErrorNotification("There was an issue retrieving user preferences");
|
|
}
|
|
}, [fetchUserInfoError, createErrorNotification]);
|
|
|
|
// Redirect to the correct stage if not enough authenticated
|
|
useEffect(() => {
|
|
(async function () {
|
|
if (!state) {
|
|
return;
|
|
}
|
|
|
|
if (
|
|
redirectionURL &&
|
|
((configuration &&
|
|
!configuration.second_factor_enabled &&
|
|
state.authentication_level >= AuthenticationLevel.OneFactor) ||
|
|
state.authentication_level === AuthenticationLevel.TwoFactor)
|
|
) {
|
|
try {
|
|
const res = await checkSafeRedirection(redirectionURL);
|
|
if (res && res.ok) {
|
|
redirector(redirectionURL);
|
|
} else {
|
|
createErrorNotification(RedirectionErrorMessage);
|
|
}
|
|
} catch (err) {
|
|
createErrorNotification(RedirectionErrorMessage);
|
|
}
|
|
return;
|
|
}
|
|
|
|
const redirectionSuffix = redirectionURL
|
|
? `?rd=${encodeURIComponent(redirectionURL)}${requestMethod ? `&rm=${requestMethod}` : ""}`
|
|
: "";
|
|
|
|
if (state.authentication_level === AuthenticationLevel.Unauthenticated) {
|
|
setFirstFactorDisabled(false);
|
|
redirect(`${FirstFactorRoute}${redirectionSuffix}`);
|
|
} else if (state.authentication_level >= AuthenticationLevel.OneFactor && userInfo && configuration) {
|
|
if (!configuration.second_factor_enabled) {
|
|
redirect(AuthenticatedRoute);
|
|
} else {
|
|
if (userInfo.method === SecondFactorMethod.U2F) {
|
|
redirect(`${SecondFactorRoute}${SecondFactorU2FSubRoute}${redirectionSuffix}`);
|
|
} else if (userInfo.method === SecondFactorMethod.MobilePush) {
|
|
redirect(`${SecondFactorRoute}${SecondFactorPushSubRoute}${redirectionSuffix}`);
|
|
} else {
|
|
redirect(`${SecondFactorRoute}${SecondFactorTOTPSubRoute}${redirectionSuffix}`);
|
|
}
|
|
}
|
|
}
|
|
})();
|
|
}, [
|
|
state,
|
|
redirectionURL,
|
|
requestMethod,
|
|
redirect,
|
|
userInfo,
|
|
setFirstFactorDisabled,
|
|
configuration,
|
|
createErrorNotification,
|
|
redirector,
|
|
]);
|
|
|
|
const handleAuthSuccess = async (redirectionURL: string | undefined) => {
|
|
if (redirectionURL) {
|
|
// Do an external redirection pushed by the server.
|
|
redirector(redirectionURL);
|
|
} else {
|
|
// Refresh state
|
|
fetchState();
|
|
}
|
|
};
|
|
|
|
const firstFactorReady =
|
|
state !== undefined &&
|
|
state.authentication_level === AuthenticationLevel.Unauthenticated &&
|
|
location.pathname === FirstFactorRoute;
|
|
|
|
return (
|
|
<Routes>
|
|
<Route
|
|
path={FirstFactorRoute}
|
|
element={
|
|
<ComponentOrLoading ready={firstFactorReady}>
|
|
<FirstFactorForm
|
|
disabled={firstFactorDisabled}
|
|
rememberMe={props.rememberMe}
|
|
resetPassword={props.resetPassword}
|
|
onAuthenticationStart={() => setFirstFactorDisabled(true)}
|
|
onAuthenticationFailure={() => setFirstFactorDisabled(false)}
|
|
onAuthenticationSuccess={handleAuthSuccess}
|
|
/>
|
|
</ComponentOrLoading>
|
|
}
|
|
/>
|
|
<Route
|
|
path={`${SecondFactorRoute}*`}
|
|
element={
|
|
state && userInfo && configuration ? (
|
|
<SecondFactorForm
|
|
authenticationLevel={state.authentication_level}
|
|
userInfo={userInfo}
|
|
configuration={configuration}
|
|
duoSelfEnrollment={props.duoSelfEnrollment}
|
|
onMethodChanged={() => fetchUserInfo()}
|
|
onAuthenticationSuccess={handleAuthSuccess}
|
|
/>
|
|
) : null
|
|
}
|
|
/>
|
|
<Route
|
|
path={AuthenticatedRoute}
|
|
element={userInfo ? <AuthenticatedView name={userInfo.display_name} /> : null}
|
|
/>
|
|
</Routes>
|
|
);
|
|
};
|
|
|
|
export default LoginPortal;
|
|
|
|
interface ComponentOrLoadingProps {
|
|
ready: boolean;
|
|
|
|
children: ReactNode;
|
|
}
|
|
|
|
function ComponentOrLoading(props: ComponentOrLoadingProps) {
|
|
return (
|
|
<Fragment>
|
|
<div className={props.ready ? "hidden" : ""}>
|
|
<LoadingPage />
|
|
</div>
|
|
{props.ready ? props.children : null}
|
|
</Fragment>
|
|
);
|
|
}
|