Add 2FA/OTP authentication to menu template

This commit is contained in:
Bryan Ashby 2019-06-15 00:07:09 -06:00
parent 0f68f20656
commit f02434bc23
No known key found for this signature in database
GPG Key ID: B49EB437951D2542
1 changed files with 75 additions and 8 deletions

View File

@ -60,11 +60,20 @@
//
// SSH connections are pre-authenticated via the SSH server itself.
// Jump directly to the login sequence
// Jump directly to either the 2FA/OTP auth or the login sequence
// depending on user ACS.
//
sshConnected: {
art: CONNECT
next: fullLoginSequenceLoginArt
next: [
{
acs: AR2
next: loginTwoFactorAuthOTPLoop
}
{
next: mainMenu
}
]
config: { nextTimeout: 1500 }
}
@ -90,11 +99,6 @@
submit: true
focus: true
argName: navSelect
//
// To enable forgot password, you will need to have the web server
// enabled and mail/SMTP configured. Once that is in place, swap out
// the commented lines below as well as in the submit block
//
items: [
{
text: login
@ -104,10 +108,20 @@
text: apply
data: apply
}
//
// To enable the forgot password option, you'll need to have
// the web server & email configured. Once that is in place,
// uncomment the section below.
//
// See docs for more information
//
/*
{
text: forgot pass
data: forgot
}
*/
{
text: log off
data: logoff
@ -142,7 +156,20 @@
login: {
art: USERLOG
next: fullLoginSequenceLoginArt
next: [
{
//
// Users with 2FA/OTP enabled *must* go through
// an additional OTP authentication step
//
acs: AR2
next: loginTwoFactorAuthOTPLoop
}
{
// ...everyone else can carry on as per usual
next: fullLoginSequenceLoginArt
}
]
config: {
tooNodeMenu: loginAttemptTooNode
inactive: loginAttemptAccountInactive
@ -218,6 +245,46 @@
next: logoff
}
//
// Empty menu to catch us in a 2FA/OTP auth loop
// until the user either authenticates successfully
// or the system boots them.
//
loginTwoFactorAuthOTPLoop: {
next: loginTwoFactorAuthOTP
}
loginTwoFactorAuthOTP: {
art: 2FAOTP
next: fullLoginSequenceLoginArt
form: {
0: {
mci: {
ET1: {
argName: token
focus: true
submit: true
}
}
submit: {
*: [
{
value: { token: null }
action: @systemMethod:login2FA_OTP
}
]
}
actionKeys: [
{
// no turning back at this point...
keys: [ "escape" ]
action: @systemMethod:logoff
}
]
}
}
}
forgotPassword: {
desc: Forgot password
prompt: forgotPasswordPrompt