2019-06-13 03:57:45 +00:00
|
|
|
/* jslint node: true */
|
|
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
// ENiGMA½
|
2022-06-05 20:04:25 +00:00
|
|
|
const Config = require('./config.js').get;
|
|
|
|
|
const getServer = require('./listening_server.js').getServer;
|
|
|
|
|
const webServerPackageName = require('./servers/content/web.js').moduleInfo.packageName;
|
2019-06-13 03:57:45 +00:00
|
|
|
const {
|
|
|
|
|
createToken,
|
2019-06-14 02:51:35 +00:00
|
|
|
deleteToken,
|
2019-06-13 03:57:45 +00:00
|
|
|
getTokenInfo,
|
|
|
|
|
WellKnownTokenTypes,
|
2022-06-05 20:04:25 +00:00
|
|
|
} = require('./user_temp_token.js');
|
|
|
|
|
const { prepareOTP, createBackupCodes, otpFromType } = require('./user_2fa_otp.js');
|
|
|
|
|
const { sendMail } = require('./email.js');
|
|
|
|
|
const UserProps = require('./user_property.js');
|
|
|
|
|
const Log = require('./logger.js').log;
|
|
|
|
|
const { getConnectionByUserId } = require('./client_connections.js');
|
2019-06-13 03:57:45 +00:00
|
|
|
|
|
|
|
|
// deps
|
2022-06-05 20:04:25 +00:00
|
|
|
const async = require('async');
|
|
|
|
|
const fs = require('fs-extra');
|
|
|
|
|
const _ = require('lodash');
|
|
|
|
|
const url = require('url');
|
|
|
|
|
const querystring = require('querystring');
|
2019-06-13 03:57:45 +00:00
|
|
|
|
|
|
|
|
function getWebServer() {
|
|
|
|
|
return getServer(webServerPackageName);
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-05 20:04:25 +00:00
|
|
|
const DefaultEmailTextTemplate = `%USERNAME%:
|
2019-06-13 03:57:45 +00:00
|
|
|
You have requested to enable 2-Factor Authentication via One-Time-Password
|
|
|
|
|
for your account on %BOARDNAME%.
|
|
|
|
|
|
|
|
|
|
* If this was not you, please ignore this email and change your password.
|
|
|
|
|
* Otherwise, please follow the link below:
|
|
|
|
|
|
|
|
|
|
%REGISTER_URL%
|
|
|
|
|
`;
|
|
|
|
|
|
2022-06-05 20:04:25 +00:00
|
|
|
module.exports = class User2FA_OTPWebRegister {
|
2019-06-13 03:57:45 +00:00
|
|
|
static startup(cb) {
|
|
|
|
|
return User2FA_OTPWebRegister.registerRoutes(cb);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static sendRegisterEmail(user, otpType, cb) {
|
|
|
|
|
async.waterfall(
|
|
|
|
|
[
|
2022-06-05 20:04:25 +00:00
|
|
|
callback => {
|
2019-06-13 03:57:45 +00:00
|
|
|
return createToken(
|
|
|
|
|
user.userId,
|
|
|
|
|
WellKnownTokenTypes.AuthFactor2OTPRegister,
|
2022-06-05 20:04:25 +00:00
|
|
|
{ bits: 128 },
|
2019-06-13 03:57:45 +00:00
|
|
|
callback
|
|
|
|
|
);
|
|
|
|
|
},
|
|
|
|
|
(token, callback) => {
|
|
|
|
|
const config = Config();
|
2022-06-05 20:04:25 +00:00
|
|
|
const txtTemplateFile = _.get(
|
|
|
|
|
config,
|
|
|
|
|
'users.twoFactorAuth.otp.registerEmailText'
|
|
|
|
|
);
|
|
|
|
|
const htmlTemplateFile = _.get(
|
|
|
|
|
config,
|
|
|
|
|
'users.twoFactorAuth.otp.registerEmailHtml'
|
|
|
|
|
);
|
2019-06-13 03:57:45 +00:00
|
|
|
|
|
|
|
|
fs.readFile(txtTemplateFile, 'utf8', (err, textTemplate) => {
|
|
|
|
|
textTemplate = textTemplate || DefaultEmailTextTemplate;
|
|
|
|
|
fs.readFile(htmlTemplateFile, 'utf8', (err, htmlTemplate) => {
|
2022-06-05 20:04:25 +00:00
|
|
|
htmlTemplate = htmlTemplate || null; // be explicit for waterfall
|
2019-06-13 03:57:45 +00:00
|
|
|
return callback(null, token, textTemplate, htmlTemplate);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
},
|
|
|
|
|
(token, textTemplate, htmlTemplate, callback) => {
|
|
|
|
|
const webServer = getWebServer();
|
|
|
|
|
const registerUrl = webServer.instance.buildUrl(
|
2019-06-14 01:47:04 +00:00
|
|
|
`/enable_2fa_otp?token=${token}&otpType=${otpType}`
|
2019-06-13 03:57:45 +00:00
|
|
|
);
|
|
|
|
|
|
2022-06-05 20:04:25 +00:00
|
|
|
const replaceTokens = s => {
|
2019-06-13 03:57:45 +00:00
|
|
|
return s
|
2022-06-05 20:04:25 +00:00
|
|
|
.replace(/%BOARDNAME%/g, Config().general.boardName)
|
|
|
|
|
.replace(/%USERNAME%/g, user.username)
|
|
|
|
|
.replace(/%TOKEN%/g, token)
|
|
|
|
|
.replace(/%REGISTER_URL%/g, registerUrl);
|
2019-06-13 03:57:45 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
textTemplate = replaceTokens(textTemplate);
|
2022-06-05 20:04:25 +00:00
|
|
|
if (htmlTemplate) {
|
2019-06-13 03:57:45 +00:00
|
|
|
htmlTemplate = replaceTokens(htmlTemplate);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const message = {
|
2022-06-05 20:04:25 +00:00
|
|
|
to: `${
|
|
|
|
|
user.getProperty(UserProps.RealName) || user.username
|
|
|
|
|
} <${user.getProperty(UserProps.EmailAddress)}>`,
|
2019-06-13 03:57:45 +00:00
|
|
|
// from will be filled in
|
2022-06-05 20:04:25 +00:00
|
|
|
subject: '2-Factor Authentication Registration',
|
|
|
|
|
text: textTemplate,
|
|
|
|
|
html: htmlTemplate,
|
2019-06-13 03:57:45 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
sendMail(message, (err, info) => {
|
2022-06-05 20:04:25 +00:00
|
|
|
if (err) {
|
|
|
|
|
Log.warn(
|
|
|
|
|
{ error: err.message },
|
|
|
|
|
'Failed sending 2FA/OTP register email'
|
|
|
|
|
);
|
2019-06-13 03:57:45 +00:00
|
|
|
} else {
|
2022-06-05 20:04:25 +00:00
|
|
|
Log.info(
|
|
|
|
|
{ info },
|
|
|
|
|
'Successfully sent 2FA/OTP register email'
|
|
|
|
|
);
|
2019-06-13 03:57:45 +00:00
|
|
|
}
|
|
|
|
|
return callback(err);
|
|
|
|
|
});
|
2022-06-05 20:04:25 +00:00
|
|
|
},
|
2019-06-13 03:57:45 +00:00
|
|
|
],
|
|
|
|
|
err => {
|
|
|
|
|
return cb(err);
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static fileNotFound(webServer, resp) {
|
|
|
|
|
return webServer.instance.fileNotFound(resp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static accessDenied(webServer, resp) {
|
|
|
|
|
return webServer.instance.accessDenied(resp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static routeRegisterGet(req, resp) {
|
2022-06-05 20:04:25 +00:00
|
|
|
const webServer = getWebServer(); // must be valid, we just got a req!
|
2019-06-13 03:57:45 +00:00
|
|
|
|
2022-06-05 20:04:25 +00:00
|
|
|
const urlParts = url.parse(req.url, true);
|
|
|
|
|
const token = urlParts.query && urlParts.query.token;
|
|
|
|
|
const otpType = urlParts.query && urlParts.query.otpType;
|
2019-06-13 03:57:45 +00:00
|
|
|
|
2022-06-05 20:04:25 +00:00
|
|
|
if (!token || !otpType) {
|
2019-06-13 03:57:45 +00:00
|
|
|
return User2FA_OTPWebRegister.accessDenied(webServer, resp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
getTokenInfo(token, (err, tokenInfo) => {
|
2022-06-05 20:04:25 +00:00
|
|
|
if (err) {
|
2019-06-13 03:57:45 +00:00
|
|
|
// assume expired
|
2019-06-14 01:47:04 +00:00
|
|
|
return webServer.instance.respondWithError(
|
|
|
|
|
resp,
|
|
|
|
|
410,
|
2022-06-05 20:04:25 +00:00
|
|
|
'Invalid or expired registration link.',
|
|
|
|
|
'Expired Link'
|
2019-06-14 01:47:04 +00:00
|
|
|
);
|
2019-06-13 03:57:45 +00:00
|
|
|
}
|
|
|
|
|
|
2022-06-05 20:04:25 +00:00
|
|
|
if (tokenInfo.tokenType !== WellKnownTokenTypes.AuthFactor2OTPRegister) {
|
2019-06-13 03:57:45 +00:00
|
|
|
return User2FA_OTPWebRegister.accessDenied(webServer, resp);
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-14 01:47:04 +00:00
|
|
|
const prepareOptions = {
|
2022-06-05 20:04:25 +00:00
|
|
|
qrType: 'data',
|
|
|
|
|
cellSize: 8,
|
|
|
|
|
username: tokenInfo.user.username,
|
2019-06-14 01:47:04 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
prepareOTP(otpType, prepareOptions, (err, otpInfo) => {
|
2022-06-05 20:04:25 +00:00
|
|
|
if (err) {
|
|
|
|
|
Log.error({ error: err.message }, 'Failed to prepare OTP');
|
2019-06-14 01:47:04 +00:00
|
|
|
return User2FA_OTPWebRegister.accessDenied(webServer, resp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const postUrl = webServer.instance.buildUrl('/enable_2fa_otp');
|
|
|
|
|
const config = Config();
|
|
|
|
|
return webServer.instance.routeTemplateFilePage(
|
|
|
|
|
_.get(config, 'users.twoFactorAuth.otp.registerPageTemplate'),
|
|
|
|
|
(templateData, next) => {
|
|
|
|
|
const finalPage = templateData
|
2022-06-05 20:04:25 +00:00
|
|
|
.replace(/%BOARDNAME%/g, config.general.boardName)
|
|
|
|
|
.replace(/%USERNAME%/g, tokenInfo.user.username)
|
|
|
|
|
.replace(/%TOKEN%/g, token)
|
|
|
|
|
.replace(/%OTP_TYPE%/g, otpType)
|
|
|
|
|
.replace(/%POST_URL%/g, postUrl)
|
|
|
|
|
.replace(/%QR_IMG_DATA%/g, otpInfo.qr || '')
|
|
|
|
|
.replace(/%SECRET%/g, otpInfo.secret);
|
2019-06-14 01:47:04 +00:00
|
|
|
return next(null, finalPage);
|
|
|
|
|
},
|
|
|
|
|
resp
|
|
|
|
|
);
|
|
|
|
|
});
|
2019-06-13 03:57:45 +00:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static routeRegisterPost(req, resp) {
|
2022-06-05 20:04:25 +00:00
|
|
|
const webServer = getWebServer(); // must be valid, we just got a req!
|
2019-06-13 03:57:45 +00:00
|
|
|
|
|
|
|
|
const badRequest = () => {
|
2022-06-05 20:04:25 +00:00
|
|
|
return webServer.instance.respondWithError(
|
|
|
|
|
resp,
|
|
|
|
|
400,
|
|
|
|
|
'Bad Request.',
|
|
|
|
|
'Bad Request'
|
|
|
|
|
);
|
2019-06-13 03:57:45 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
let bodyData = '';
|
|
|
|
|
req.on('data', data => {
|
|
|
|
|
bodyData += data;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
req.on('end', () => {
|
|
|
|
|
const formData = querystring.parse(bodyData);
|
|
|
|
|
|
2022-06-05 20:04:25 +00:00
|
|
|
if (
|
|
|
|
|
!formData.token ||
|
|
|
|
|
!formData.otpType ||
|
|
|
|
|
!formData.otp ||
|
|
|
|
|
!formData.secret
|
|
|
|
|
) {
|
2019-06-14 01:47:04 +00:00
|
|
|
return badRequest();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const otp = otpFromType(formData.otpType);
|
2022-06-05 20:04:25 +00:00
|
|
|
if (!otp) {
|
2019-06-13 03:57:45 +00:00
|
|
|
return badRequest();
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-05 20:04:25 +00:00
|
|
|
const valid = otp.verify({ token: formData.otp, secret: formData.secret });
|
|
|
|
|
if (!valid) {
|
2019-06-14 01:47:04 +00:00
|
|
|
return User2FA_OTPWebRegister.accessDenied(webServer, resp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
getTokenInfo(formData.token, (err, tokenInfo) => {
|
2022-06-05 20:04:25 +00:00
|
|
|
if (err) {
|
2019-06-14 01:47:04 +00:00
|
|
|
return User2FA_OTPWebRegister.accessDenied(webServer, resp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const backupCodes = createBackupCodes();
|
|
|
|
|
|
|
|
|
|
const props = {
|
2022-06-05 20:04:25 +00:00
|
|
|
[UserProps.AuthFactor2OTP]: formData.otpType,
|
|
|
|
|
[UserProps.AuthFactor2OTPSecret]: formData.secret,
|
|
|
|
|
[UserProps.AuthFactor2OTPBackupCodes]: JSON.stringify(backupCodes),
|
2019-06-14 01:47:04 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
tokenInfo.user.persistProperties(props, err => {
|
2022-06-05 20:04:25 +00:00
|
|
|
if (err) {
|
|
|
|
|
return webServer.instance.respondWithError(
|
|
|
|
|
resp,
|
|
|
|
|
500,
|
|
|
|
|
'Internal Server Error',
|
|
|
|
|
'Internal Server Error'
|
|
|
|
|
);
|
2019-06-14 01:47:04 +00:00
|
|
|
}
|
2019-06-14 02:51:35 +00:00
|
|
|
|
2019-06-14 04:54:56 +00:00
|
|
|
//
|
|
|
|
|
// User may be online still - find account & update it if so
|
|
|
|
|
//
|
|
|
|
|
const clientConn = getConnectionByUserId(tokenInfo.user.userId);
|
2022-06-05 20:04:25 +00:00
|
|
|
if (clientConn && clientConn.user) {
|
2019-06-14 04:54:56 +00:00
|
|
|
// just update live props, we've already persisted them.
|
|
|
|
|
_.each(props, (v, n) => {
|
|
|
|
|
clientConn.user.setProperty(n, v);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-14 02:51:35 +00:00
|
|
|
// we can now remove the token - no need to wait
|
|
|
|
|
deleteToken(formData.token, err => {
|
2022-06-05 20:04:25 +00:00
|
|
|
if (err) {
|
|
|
|
|
Log.error(
|
|
|
|
|
{ error: err.message, token: formData.token },
|
|
|
|
|
'Failed to delete temporary token'
|
|
|
|
|
);
|
2019-06-14 02:51:35 +00:00
|
|
|
}
|
|
|
|
|
});
|
2019-06-14 01:47:04 +00:00
|
|
|
|
|
|
|
|
// :TODO: use a html template here too, if provided
|
|
|
|
|
resp.writeHead(200);
|
|
|
|
|
return resp.end(
|
|
|
|
|
`2-Factor Authentication via One-Time-Password has been enabled for this account. Please write down your backup codes and store them in safe place:
|
|
|
|
|
|
|
|
|
|
${backupCodes}
|
|
|
|
|
`
|
|
|
|
|
);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
2019-06-13 03:57:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static registerRoutes(cb) {
|
|
|
|
|
const webServer = getWebServer();
|
2022-06-05 20:04:25 +00:00
|
|
|
if (!webServer || !webServer.instance.isEnabled()) {
|
|
|
|
|
return cb(null); // no webserver enabled
|
2019-06-13 03:57:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[
|
|
|
|
|
{
|
2022-06-05 20:04:25 +00:00
|
|
|
method: 'GET',
|
|
|
|
|
path: '^\\/enable_2fa_otp\\?token\\=[a-f0-9]+&otpType\\=[a-zA-Z0-9_]+$',
|
|
|
|
|
handler: User2FA_OTPWebRegister.routeRegisterGet,
|
2019-06-13 03:57:45 +00:00
|
|
|
},
|
|
|
|
|
{
|
2022-06-05 20:04:25 +00:00
|
|
|
method: 'POST',
|
|
|
|
|
path: '^\\/enable_2fa_otp$',
|
|
|
|
|
handler: User2FA_OTPWebRegister.routeRegisterPost,
|
|
|
|
|
},
|
2019-06-13 03:57:45 +00:00
|
|
|
].forEach(r => {
|
|
|
|
|
webServer.instance.addRoute(r);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
return cb(null);
|
|
|
|
|
}
|
|
|
|
|
};
|
