Closed michielbdejong closed 10 months ago
Testing this now, trying to set up a local MFA method for usr2 on sunet-nc2.
I set up TOTP for usr2 and then logged in in a private browsing tab, but TOTP was not triggered after landing from GSS. Investigating.
will add some logging statements into https://github.com/pondersource/mfazones/blob/8a2edc40201e4f6759bc66c518f591ff56f34f4a/lib/AppInfo/Application.php#L59
I can see error_log statements getting logged:
docker logs -f sunet-nc2 | grep php:notice
I'm getting an error on https://github.com/pondersource/mfazones/blob/21ed0179b4ba05e65096ffa251f130311fee8a3a/lib/AppInfo/Application.php#L51 - no instance of the class TwoFactorManager is found in the server container apparently.
--- lib/Controller/SlaveController.php.bak 2023-05-15 12:09:59.781413663 +0200
+++ lib/Controller/SlaveController.php 2023-05-15 12:21:22.377966117 +0200
@@ -26,6 +26,7 @@
use Firebase\JWT\ExpiredException;
use Firebase\JWT\JWT;
use OC\Authentication\Token\IToken;
+use OC\Authentication\TwoFactorAuth\Manager;
use OCA\GlobalSiteSelector\GlobalSiteSelector;
use OCA\GlobalSiteSelector\TokenHandler;
use OCA\GlobalSiteSelector\UserBackend;
@@ -33,6 +34,7 @@
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\OCSController;
+use OCP\IConfig;
use OCP\ILogger;
use OCP\IRequest;
use OCP\ISession;
@@ -63,12 +65,16 @@
/** @var IURLGenerator */
private $urlGenerator;
+ private IConfig $config;
+
/** @var ICrypto */
private $crypto;
/** @var TokenHandler */
private $tokenHandler;
+ private Manager $twoFactorManager;
+
/** @var IUserManager */
private $userManager;
@@ -100,7 +106,9 @@
IUserSession $userSession,
ISession $session,
IURLGenerator $urlGenerator,
+ IConfig $config,
ICrypto $crypto,
+ Manager $twoFactorManager,
TokenHandler $tokenHandler,
IUserManager $userManager,
UserBackend $userBackend
@@ -110,7 +118,9 @@
$this->logger = $logger;
$this->userSession = $userSession;
$this->urlGenerator = $urlGenerator;
+ $this->config = $config;
$this->crypto = $crypto;
+ $this->twoFactorManager = $twoFactorManager;
$this->tokenHandler = $tokenHandler;
$this->userManager = $userManager;
$this->userBackend = $userBackend;
@@ -173,6 +183,10 @@
}
$this->userSession->createSessionToken($this->request, $uid, $uid, null, IToken::REMEMBER);
+
+ $user = $this->userManager->get($uid);
+ $this->twoFactorManager->prepareTwoFactorLogin($user, false);
+
$home = $this->urlGenerator->getAbsoluteURL($target);
return new RedirectResponse($home);
We should fix https://github.com/pondersource/nextcloud-mfa-awareness/blob/sunet-custom-with-gss/servers/sunet-nextcloud/init-nc2-gss-follower.sh#L9 before we can investigate this further
Duplicate of #72
I want to test https://github.com/pondersource/nextcloud-mfa-awareness/issues/72 myself with our new setup from https://github.com/pondersource/dev-stock/issues/50#issuecomment-1789180642