From 39d98e8248f340408cc824f50c98c92d6405aa92 Mon Sep 17 00:00:00 2001 From: paulr Date: Tue, 7 Dec 2010 03:04:52 +1100 Subject: [PATCH] Added a user OTK retrieval url. Fixed admin to have both user and admin OTK url's presented --- authserver/www/admin.php | 7 ++-- authserver/www/index.php | 68 ++++++++++++++++++++++++++++++++++++++- authserver/www/user_actions.php | 11 ++++++- 3 files changed, 81 insertions(+), 5 deletions(-) diff --git a/authserver/www/admin.php b/authserver/www/admin.php index 5f2364d..bc61744 100644 --- a/authserver/www/admin.php +++ b/authserver/www/admin.php @@ -35,9 +35,10 @@ On this page, you create users and manage their tokens and passwords. A few note
  • Passwords are *ONLY* for this page, if you assign a password to a user they can login here and edit anyone, including you
  • OTK/One-Time-Keys are the QRcode for provisioning a GA token, it can only be viewed once -and once viewed is deleted. If you need a new one, you need to delete the user and re-create. +and once viewed is deleted. If you need a new one, you need to re-create a key.
  • TOTP tokens are time based tokens that change every 30 seconds, HOTP tokens are event tokens that change everytime they are used or generated +
  • In the OTK, the "Get (User URL)" link is a link you can send to a user to retrieve their key Get"; + else if($user["otk"]!="") $otk = "Get (admin) Get (User URL)"; else $otk = "Already Claimed"; if($user["hastoken"]) $hastoken = "Yes Re-Create (HOTP) Re-Create (TOTP) Delete"; @@ -101,7 +102,7 @@ foreach($users as $user) { } ?>
    -
    Create User(s) - Enter a comma seperated list of names:
    +
    Create User(s) - Enter a comma seperated list of usernames:
    getUsers(); + $realname = ""; + $otk = ""; + foreach($users as $user) { + if($user["username"] == $username) { + $realname = $user["realname"]; + $otk = $user["otk"]; + } + } + + if($realname == "") $realname = $username; + if($otk == "") { ?> -

    Welcome to the GAAS User Self Admin Site

    +Hello , we're sorry, but your One Time Key has already been picked up or you +dont currently have a token. If you believe this in error, please contact the site admin immediately +as it could mean your key has been compromised. + + + +Hello , we're sorry, but your One Time Key ID is not +the correct one, the URL you have been sent may be in error, please check with the site admin + + + +Hello , welcome to the One Time Key retreival site. Here is your
    +One Time Key. Do not save this anywhere as it will compromise your account
    +
  • Point your phones camera at the screen +
  • Watch the display until it locks onto the code +
  • Once the code has been scanned, the phone should return to the Google Authenticator with a 6 digit number presented, or a "get code" button.

    +
    + +Once you have the key, you may try logging into the user site here + + + +Hello , welcome to the One Time Key retreival site. Before we present
    +your key, you must have your phone ready to accept it as the key will only be presented once.
    +If your phone is not ready to accept the key, the key needs to be regenerated, so only proceed
    +if you phone is on, you have clicked on "scan account barcode" and the phone is ready to
    +scan, please proceed.
    +
    +If you are ready to proceed, click here. + + + +

    Welcome to the GAAS User Site

    Login Failure"; diff --git a/authserver/www/user_actions.php b/authserver/www/user_actions.php index 6b763b6..35b1f8a 100644 --- a/authserver/www/user_actions.php +++ b/authserver/www/user_actions.php @@ -16,6 +16,15 @@ if(isset($_SESSION["user_loggedin"])) if($_SESSION["user_loggedin"]) { if(isset($_REQUEST["action"])) { error_log("action set: ".$_REQUEST["action"]); switch($_REQUEST["action"]) { + case "actuallygettoken": + $otkid = $_REQUEST["otkid"]; + $username = $_REQUEST["username"]; + error_log("requesting otk, $otk"); + $otk_img = $myAC->getOtkPng($username,$otkid); + header("Content-type: image/png"); + echo $otk_img; + exit(0); + break; case "login": error_log("being login"); $username = $_REQUEST["username"]; @@ -34,7 +43,7 @@ if(isset($_REQUEST["action"])) { case "logout": $_SESSION["user_loggedin"] = false; $_SESSION["username"] = ""; - header("Location: admin.php"); + header("Location: index.php?message=".urlencode("logged out")); exit(0); break; -- 1.7.0.4