首页 发现 帮助
登录
mirrors
/
mailcow-dockerized
镜像自地址 https://github.com/mailcow/mailcow-dockerized
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

[Web] Improve U2F process and fix Win 1903 hassle

andryyy 6 年之前
父节点
3c133ad02a
当前提交
14a2a266a1
共有 4 个文件被更改,包括 63 次插入28 次删除
分列视图 显示文件统计
  1. 37 28
      data/web/inc/footer.inc.php
  2. 4 0
      data/web/lang/lang.de.php
  3. 4 0
      data/web/lang/lang.en.php
  4. 18 0
      data/web/modals/footer.php

+ 37 - 28
data/web/inc/footer.inc.php
查看文件 

@@ -49,7 +49,7 @@ $(document).ready(function() {
 
     backdrop: 'static',
 
     keyboard: false
 
   });
 
-  $('#u2f_status_auth').html('<p><span class="glyphicon glyphicon-refresh glyphicon-spin"></span> Initializing, please wait...</p>');
 
+  $('#u2f_status_auth').html('<p><span class="glyphicon glyphicon-refresh glyphicon-spin"></span> ' + lang_tfa.init_u2f + '</p>');
 
   $('#ConfirmTFAModal').on('shown.bs.modal', function(){
 
       $(this).find('input[name=token]').focus();
 
       // If U2F
 
@@ -111,33 +111,42 @@ $(document).ready(function() {
 
     if ($(this).val() == "u2f") {
 
       $('#U2FModal').modal('show');
 
       $("option:selected").prop("selected", false);
 
-      $('#u2f_status_reg').html('<p><span class="glyphicon glyphicon-refresh glyphicon-spin"></span> Initializing, please wait...</p>');
 
-      $.ajax({
 
-        type: "GET",
 
-        cache: false,
 
-        dataType: 'script',
 
-        url: "/api/v1/get/u2f-registration/<?= (isset($_SESSION['mailcow_cc_username'])) ? rawurlencode($_SESSION['mailcow_cc_username']) : null; ?>",
 
-        complete: function(data){
 
-          data;
 
-          setTimeout(function() {
 
-            console.log("Ready to register");
 
-            $('#u2f_status_reg').html(lang_tfa.waiting_usb_register);
 
-            u2f.register(appId, registerRequests, registeredKeys, function(deviceResponse) {
 
-              var form  = document.getElementById('u2f_reg_form');
 
-              var reg   = document.getElementById('u2f_register_data');
 
-              console.log("Register callback: ", data);
 
-              if (deviceResponse.errorCode && deviceResponse.errorCode != 0) {
 
-                var u2f_return_code = document.getElementById('u2f_return_code');
 
-                u2f_return_code.style.display = u2f_return_code.style.display === 'none' ? '' : null;
 
-                if (deviceResponse.errorCode == "4") { deviceResponse.errorCode = "4 - The presented device is not eligible for this request. For a registration request this may mean that the token is already registered, and for a sign request it may mean that the token does not know the presented key handle"; }
 
-                u2f_return_code.innerHTML = 'Error code: ' + deviceResponse.errorCode;
 
-                return;
 
-              }
 
-              reg.value = JSON.stringify(deviceResponse);
 
-              form.submit();
 
-            });
 
-          }, 1000);
 
-        }
 
+      $("#start_u2f_register").click(function(){
 
+        $('#u2f_return_code').html('');
 
+        $('#u2f_return_code').hide();
 
+        $('#u2f_status_reg').html('<p><span class="glyphicon glyphicon-refresh glyphicon-spin"></span> ' + lang_tfa.init_u2f + '</p>');
 
+        $.ajax({
 
+          type: "GET",
 
+          cache: false,
 
+          dataType: 'script',
 
+          url: "/api/v1/get/u2f-registration/<?= (isset($_SESSION['mailcow_cc_username'])) ? rawurlencode($_SESSION['mailcow_cc_username']) : null; ?>",
 
+          complete: function(data){
 
+            data;
 
+            setTimeout(function() {
 
+              console.log("Ready to register");
 
+              $('#u2f_status_reg').html(lang_tfa.waiting_usb_register);
 
+              u2f.register(appId, registerRequests, registeredKeys, function(deviceResponse) {
 
+                var form  = document.getElementById('u2f_reg_form');
 
+                var reg   = document.getElementById('u2f_register_data');
 
+                console.log("Register callback: ", data);
 
+                if (deviceResponse.errorCode && deviceResponse.errorCode != 0) {
 
+                  var u2f_return_code = document.getElementById('u2f_return_code');
 
+                  u2f_return_code.style.display = u2f_return_code.style.display === 'none' ? '' : null;
 
+                  if (deviceResponse.errorCode == "4") {
 
+                    deviceResponse.errorCode = "4 - The presented device is not eligible for this request. For a registration request this may mean that the token is already registered, and for a sign request it may mean that the token does not know the presented key handle";
 
+                  }
 
+                  else if (deviceResponse.errorCode == "5") {
 
+                    deviceResponse.errorCode = "5 - Timeout reached before request could be satisfied.";
 
+                  }
 
+                  u2f_return_code.innerHTML = lang_tfa.error_code + ': ' + deviceResponse.errorCode + ' ' + lang_tfa.reload_retry;
 
+                  return;
 
+                }
 
+                reg.value = JSON.stringify(deviceResponse);
 
+                form.submit();
 
+              });
 
+            }, 1000);
 
+          }
 
+        });
 
       });
 
     }
 
     if ($(this).val() == "none") {

+ 4 - 0
data/web/lang/lang.de.php
查看文件 

@@ -523,6 +523,10 @@ $lang['tfa']['tfa'] = "Zwei-Faktor-Authentifizierung";
 
 $lang['tfa']['set_tfa'] = "Konfiguriere Zwei-Faktor-Authentifizierungsmethode";
 
 $lang['tfa']['yubi_otp'] = "Yubico OTP Authentifizierung";
 
 $lang['tfa']['key_id'] = "Ein Name für diesen YubiKey";
 
+$lang['tfa']['init_u2f'] = "Initialisiere, bitte warten...";
 
+$lang['tfa']['start_u2f_validation'] = "Starte Validierung";
 
+$lang['tfa']['error_code'] = "Fehlercode";
 
+$lang['tfa']['reload_retry'] = "- (bei persistierendem Fehler, bitte Browserfenster neuladen)";
 
 $lang['tfa']['key_id_totp'] = "Ein eindeutiger Name";
 
 $lang['tfa']['api_register'] = 'mailcow verwendet die Yubico Cloud API. Ein API-Key für den Yubico Stick kann <a href="https://upgrade.yubico.com/getapikey/" target="_blank">hier</a> bezogen werden.';
 
 $lang['tfa']['u2f'] = "U2F Authentifizierung";

+ 4 - 0
data/web/lang/lang.en.php
查看文件 

@@ -538,7 +538,11 @@ $lang['tfa']['tfa'] = "Two-factor authentication";
 
 $lang['tfa']['set_tfa'] = "Set two-factor authentication method";
 
 $lang['tfa']['yubi_otp'] = "Yubico OTP authentication";
 
 $lang['tfa']['key_id'] = "An identifier for your YubiKey";
 
+$lang['tfa']['init_u2f'] = "Initializing, please wait...";
 
+$lang['tfa']['start_u2f_validation'] = "Start validation";
 
+$lang['tfa']['reload_retry'] = "- (reload browser if the error persists)";
 
 $lang['tfa']['key_id_totp'] = "An identifier for your key";
 
+$lang['tfa']['error_code'] = "Error code";
 
 $lang['tfa']['api_register'] = 'mailcow uses the Yubico Cloud API. Please get an API key for your key <a href="https://upgrade.yubico.com/getapikey/" target="_blank">here</a>';
 
 $lang['tfa']['u2f'] = "U2F authentication";
 
 $lang['tfa']['none'] = "Deactivate";

+ 18 - 0
data/web/modals/footer.php
查看文件 

@@ -49,6 +49,15 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 
             <input type="password" class="form-control" name="confirm_password" placeholder="<?=$lang['user']['password_now'];?>" autocomplete="off" required>

           </div>

           <hr>

+          <center>

+          <div style="cursor:pointer" id="start_u2f_register">

+            <svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" viewBox="0 0 24 24">

+            <path d="M17.81 4.47c-.08 0-.16-.02-.23-.06C15.66 3.42 14 3 12.01 3c-1.98 0-3.86.47-5.57 1.41-.24.13-.54.04-.68-.2-.13-.24-.04-.55.2-.68C7.82 2.52 9.86 2 12.01 2c2.13 0 3.99.47 6.03 1.52.25.13.34.43.21.67-.09.18-.26.28-.44.28zM3.5 9.72c-.1 0-.2-.03-.29-.09-.23-.16-.28-.47-.12-.7.99-1.4 2.25-2.5 3.75-3.27C9.98 4.04 14 4.03 17.15 5.65c1.5.77 2.76 1.86 3.75 3.25.16.22.11.54-.12.7-.23.16-.54.11-.7-.12-.9-1.26-2.04-2.25-3.39-2.94-2.87-1.47-6.54-1.47-9.4.01-1.36.7-2.5 1.7-3.4 2.96-.08.14-.23.21-.39.21zm6.25 12.07c-.13 0-.26-.05-.35-.15-.87-.87-1.34-1.43-2.01-2.64-.69-1.23-1.05-2.73-1.05-4.34 0-2.97 2.54-5.39 5.66-5.39s5.66 2.42 5.66 5.39c0 .28-.22.5-.5.5s-.5-.22-.5-.5c0-2.42-2.09-4.39-4.66-4.39-2.57 0-4.66 1.97-4.66 4.39 0 1.44.32 2.77.93 3.85.64 1.15 1.08 1.64 1.85 2.42.19.2.19.51 0 .71-.11.1-.24.15-.37.15zm7.17-1.85c-1.19 0-2.24-.3-3.1-.89-1.49-1.01-2.38-2.65-2.38-4.39 0-.28.22-.5.5-.5s.5.22.5.5c0 1.41.72 2.74 1.94 3.56.71.48 1.54.71 2.54.71.24 0 .64-.03 1.04-.1.27-.05.53.13.58.41.05.27-.13.53-.41.58-.57.11-1.07.12-1.21.12zM14.91 22c-.04 0-.09-.01-.13-.02-1.59-.44-2.63-1.03-3.72-2.1-1.4-1.39-2.17-3.24-2.17-5.22 0-1.62 1.38-2.94 3.08-2.94 1.7 0 3.08 1.32 3.08 2.94 0 1.07.93 1.94 2.08 1.94s2.08-.87 2.08-1.94c0-3.77-3.25-6.83-7.25-6.83-2.84 0-5.44 1.58-6.61 4.03-.39.81-.59 1.76-.59 2.8 0 .78.07 2.01.67 3.61.1.26-.03.55-.29.64-.26.1-.55-.04-.64-.29-.49-1.31-.73-2.61-.73-3.96 0-1.2.23-2.29.68-3.24 1.33-2.79 4.28-4.6 7.51-4.6 4.55 0 8.25 3.51 8.25 7.83 0 1.62-1.38 2.94-3.08 2.94s-3.08-1.32-3.08-2.94c0-1.07-.93-1.94-2.08-1.94s-2.08.87-2.08 1.94c0 1.71.66 3.31 1.87 4.51.95.94 1.86 1.46 3.27 1.85.27.07.42.35.35.61-.05.23-.26.38-.47.38z"></path>

+            </svg>

+            <p><?=$lang['tfa']['start_u2f_validation'];?></p>

+            <hr>

+          </div>

+          </center>

           <p id="u2f_status_reg"></p>

           <div class="alert alert-danger" style="display:none" id="u2f_return_code"></div>

           <input type="hidden" name="token" id="u2f_register_data"/>

@@ -146,6 +155,15 @@ if (isset($_SESSION['pending_tfa_method'])):
 
         case "u2f":

       ?>

         <form role="form" method="post" id="u2f_auth_form">

+          <center>

+          <div id="start_u2f_confirmation">

+            <svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" viewBox="0 0 24 24">

+            <path d="M17.81 4.47c-.08 0-.16-.02-.23-.06C15.66 3.42 14 3 12.01 3c-1.98 0-3.86.47-5.57 1.41-.24.13-.54.04-.68-.2-.13-.24-.04-.55.2-.68C7.82 2.52 9.86 2 12.01 2c2.13 0 3.99.47 6.03 1.52.25.13.34.43.21.67-.09.18-.26.28-.44.28zM3.5 9.72c-.1 0-.2-.03-.29-.09-.23-.16-.28-.47-.12-.7.99-1.4 2.25-2.5 3.75-3.27C9.98 4.04 14 4.03 17.15 5.65c1.5.77 2.76 1.86 3.75 3.25.16.22.11.54-.12.7-.23.16-.54.11-.7-.12-.9-1.26-2.04-2.25-3.39-2.94-2.87-1.47-6.54-1.47-9.4.01-1.36.7-2.5 1.7-3.4 2.96-.08.14-.23.21-.39.21zm6.25 12.07c-.13 0-.26-.05-.35-.15-.87-.87-1.34-1.43-2.01-2.64-.69-1.23-1.05-2.73-1.05-4.34 0-2.97 2.54-5.39 5.66-5.39s5.66 2.42 5.66 5.39c0 .28-.22.5-.5.5s-.5-.22-.5-.5c0-2.42-2.09-4.39-4.66-4.39-2.57 0-4.66 1.97-4.66 4.39 0 1.44.32 2.77.93 3.85.64 1.15 1.08 1.64 1.85 2.42.19.2.19.51 0 .71-.11.1-.24.15-.37.15zm7.17-1.85c-1.19 0-2.24-.3-3.1-.89-1.49-1.01-2.38-2.65-2.38-4.39 0-.28.22-.5.5-.5s.5.22.5.5c0 1.41.72 2.74 1.94 3.56.71.48 1.54.71 2.54.71.24 0 .64-.03 1.04-.1.27-.05.53.13.58.41.05.27-.13.53-.41.58-.57.11-1.07.12-1.21.12zM14.91 22c-.04 0-.09-.01-.13-.02-1.59-.44-2.63-1.03-3.72-2.1-1.4-1.39-2.17-3.24-2.17-5.22 0-1.62 1.38-2.94 3.08-2.94 1.7 0 3.08 1.32 3.08 2.94 0 1.07.93 1.94 2.08 1.94s2.08-.87 2.08-1.94c0-3.77-3.25-6.83-7.25-6.83-2.84 0-5.44 1.58-6.61 4.03-.39.81-.59 1.76-.59 2.8 0 .78.07 2.01.67 3.61.1.26-.03.55-.29.64-.26.1-.55-.04-.64-.29-.49-1.31-.73-2.61-.73-3.96 0-1.2.23-2.29.68-3.24 1.33-2.79 4.28-4.6 7.51-4.6 4.55 0 8.25 3.51 8.25 7.83 0 1.62-1.38 2.94-3.08 2.94s-3.08-1.32-3.08-2.94c0-1.07-.93-1.94-2.08-1.94s-2.08.87-2.08 1.94c0 1.71.66 3.31 1.87 4.51.95.94 1.86 1.46 3.27 1.85.27.07.42.35.35.61-.05.23-.26.38-.47.38z"></path>

+            </svg>

+            <p><?=$lang['tfa']['start_u2f_validation'];?></p>

+            <hr>

+          </div>

+          </center>

           <p id="u2f_status_auth"></p>

           <div class="alert alert-danger" style="display:none" id="u2f_return_code"></div>

           <input type="hidden" name="token" id="u2f_auth_data"/>