mirror of
https://github.com/goauthentik/authentik.git
synced 2026-06-18 11:29:26 +03:00
Jens L.
790ae0c3d8
* unrelated: improve schema for authenticator validate device class Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix static for storybook Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix flow interface for storybook Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework storybooks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix email authenticator icon Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix accidental nested flow card Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix webauthn padding partially Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix autosubmit Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make consent stage look good Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clean Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add password stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start executor stories Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix invalid html Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix frame stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix design for device picker Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix most of the padding Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make it work Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use footer band for password recoery Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add prompt stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix table persistence Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
58 lines
2.6 KiB
Go
58 lines
2.6 KiB
Go
package flow
|
|
|
|
import (
|
|
"errors"
|
|
"strconv"
|
|
|
|
"goauthentik.io/api/v3"
|
|
)
|
|
|
|
func (fe *FlowExecutor) solveChallenge_Identification(challenge *api.ChallengeTypes, req api.ApiFlowsExecutorSolveRequest) (api.FlowChallengeResponseRequest, error) {
|
|
r := api.NewIdentificationChallengeResponseRequest(fe.getAnswer(StageIdentification))
|
|
r.SetPassword(fe.getAnswer(StagePassword))
|
|
return api.IdentificationChallengeResponseRequestAsFlowChallengeResponseRequest(r), nil
|
|
}
|
|
|
|
func (fe *FlowExecutor) solveChallenge_Password(challenge *api.ChallengeTypes, req api.ApiFlowsExecutorSolveRequest) (api.FlowChallengeResponseRequest, error) {
|
|
r := api.NewPasswordChallengeResponseRequest(fe.getAnswer(StagePassword))
|
|
return api.PasswordChallengeResponseRequestAsFlowChallengeResponseRequest(r), nil
|
|
}
|
|
|
|
func (fe *FlowExecutor) solveChallenge_UserLogin(challenge *api.ChallengeTypes, req api.ApiFlowsExecutorSolveRequest) (api.FlowChallengeResponseRequest, error) {
|
|
r := api.NewUserLoginChallengeResponseRequest(true)
|
|
return api.UserLoginChallengeResponseRequestAsFlowChallengeResponseRequest(r), nil
|
|
}
|
|
|
|
func (fe *FlowExecutor) solveChallenge_AuthenticatorValidate(challenge *api.ChallengeTypes, req api.ApiFlowsExecutorSolveRequest) (api.FlowChallengeResponseRequest, error) {
|
|
// We only support duo and code-based authenticators, check if that's allowed
|
|
var deviceChallenge *api.DeviceChallenge
|
|
inner := api.NewAuthenticatorValidationChallengeResponseRequest()
|
|
for _, devCh := range challenge.AuthenticatorValidationChallenge.DeviceChallenges {
|
|
if devCh.DeviceClass == api.DEVICECLASSESENUM_DUO {
|
|
deviceChallenge = &devCh
|
|
devId, err := strconv.ParseInt(deviceChallenge.DeviceUid, 10, 32)
|
|
if err != nil {
|
|
return api.FlowChallengeResponseRequest{}, errors.New("failed to convert duo device id to int")
|
|
}
|
|
devId32 := int32(devId)
|
|
inner.SelectedChallenge = (*api.DeviceChallengeRequest)(deviceChallenge)
|
|
inner.Duo = &devId32
|
|
}
|
|
if devCh.DeviceClass == api.DEVICECLASSESENUM_STATIC ||
|
|
devCh.DeviceClass == api.DEVICECLASSESENUM_TOTP {
|
|
// Only use code-based devices if we have a code in the entered password,
|
|
// and we haven't selected a push device yet
|
|
if deviceChallenge == nil && fe.getAnswer(StageAuthenticatorValidate) != "" {
|
|
deviceChallenge = &devCh
|
|
inner.SelectedChallenge = (*api.DeviceChallengeRequest)(deviceChallenge)
|
|
code := fe.getAnswer(StageAuthenticatorValidate)
|
|
inner.Code = &code
|
|
}
|
|
}
|
|
}
|
|
if deviceChallenge == nil {
|
|
return api.FlowChallengeResponseRequest{}, errors.New("no compatible authenticator class found")
|
|
}
|
|
return api.AuthenticatorValidationChallengeResponseRequestAsFlowChallengeResponseRequest(inner), nil
|
|
}
|