diff options
author | Robert Newson <rnewson@apache.org> | 2020-03-23 00:15:30 +0000 |
---|---|---|
committer | Robert Newson <rnewson@apache.org> | 2020-03-23 00:21:06 +0000 |
commit | 6c20d26c26c6e77b5c73a0e4c4a20f932069011a (patch) | |
tree | b34023817a07d52e20b89519fc54ffdf5870ea10 | |
parent | d639dee946ed1f5da57b4a460187eb7c8d21608c (diff) | |
download | couchdb-admin-2fa.tar.gz |
enable totp with basic authadmin-2fa
-rw-r--r-- | src/couch/src/couch_httpd_auth.erl | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl index c91b6d694..70a10e8bc 100644 --- a/src/couch/src/couch_httpd_auth.erl +++ b/src/couch/src/couch_httpd_auth.erl @@ -97,10 +97,22 @@ default_authentication_handler(Req, AuthModule) -> nil -> throw({unauthorized, <<"Name or password is incorrect.">>}); {ok, UserProps, _AuthCtx} -> - reject_if_totp(UserProps), UserName = ?l2b(User), - Password = ?l2b(Pass), - case authenticate(Password, UserProps) of + Authenticated = case get_totp_config(UserProps) of + undefined -> + authenticate(?l2b(Pass), UserProps); + _TOTP -> + Len = couch_util:get_value(<<"length">>, UserProps, 6), + case ?l2b(Pass) of + <<Token:Len/binary, Password/binary>> -> + PasswordRight = authenticate(Password, UserProps), + verify_totp(UserProps, Token), + PasswordRight; + _ -> + false + end + end, + case Authenticated of true -> Req#httpd{user_ctx=#user_ctx{ name=UserName, @@ -493,14 +505,6 @@ same_site() -> end. -reject_if_totp(User) -> - case get_totp_config(User) of - undefined -> - ok; - _ -> - throw({unauthorized, <<"Name or password is incorrect.">>}) - end. - verify_totp(User, Token) when is_list(Token) -> verify_totp(User, ?l2b(Token)); verify_totp(User, Token) when is_binary(Token) -> |