Add 2FA/OTP authentication to menu template
This commit is contained in:
Bryan Ashby
parent
0f68f20656
commit
f02434bc23
|
|
@ -60,11 +60,20 @@
|
||||||
|
|
||||||
//
|
//
|
||||||
// SSH connections are pre-authenticated via the SSH server itself.
|
// SSH connections are pre-authenticated via the SSH server itself.
|
||||||
// Jump directly to the login sequence
|
// Jump directly to either the 2FA/OTP auth or the login sequence
|
||||||
|
// depending on user ACS.
|
||||||
//
|
//
|
||||||
sshConnected: {
|
sshConnected: {
|
||||||
art: CONNECT
|
art: CONNECT
|
||||||
next: fullLoginSequenceLoginArt
|
next: [
|
||||||
|
{
|
||||||
|
acs: AR2
|
||||||
|
next: loginTwoFactorAuthOTPLoop
|
||||||
|
}
|
||||||
|
{
|
||||||
|
next: mainMenu
|
||||||
|
}
|
||||||
|
]
|
||||||
config: { nextTimeout: 1500 }
|
config: { nextTimeout: 1500 }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -90,11 +99,6 @@
|
||||||
submit: true
|
submit: true
|
||||||
focus: true
|
focus: true
|
||||||
argName: navSelect
|
argName: navSelect
|
||||||
//
|
|
||||||
// To enable forgot password, you will need to have the web server
|
|
||||||
// enabled and mail/SMTP configured. Once that is in place, swap out
|
|
||||||
// the commented lines below as well as in the submit block
|
|
||||||
//
|
|
||||||
items: [
|
items: [
|
||||||
{
|
{
|
||||||
text: login
|
text: login
|
||||||
|
|
@ -104,10 +108,20 @@
|
||||||
text: apply
|
text: apply
|
||||||
data: apply
|
data: apply
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// To enable the forgot password option, you'll need to have
|
||||||
|
// the web server & email configured. Once that is in place,
|
||||||
|
// uncomment the section below.
|
||||||
|
//
|
||||||
|
// See docs for more information
|
||||||
|
//
|
||||||
|
/*
|
||||||
{
|
{
|
||||||
text: forgot pass
|
text: forgot pass
|
||||||
data: forgot
|
data: forgot
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
{
|
{
|
||||||
text: log off
|
text: log off
|
||||||
data: logoff
|
data: logoff
|
||||||
|
|
@ -142,7 +156,20 @@
|
||||||
|
|
||||||
login: {
|
login: {
|
||||||
art: USERLOG
|
art: USERLOG
|
||||||
|
next: [
|
||||||
|
{
|
||||||
|
//
|
||||||
|
// Users with 2FA/OTP enabled *must* go through
|
||||||
|
// an additional OTP authentication step
|
||||||
|
//
|
||||||
|
acs: AR2
|
||||||
|
next: loginTwoFactorAuthOTPLoop
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// ...everyone else can carry on as per usual
|
||||||
next: fullLoginSequenceLoginArt
|
next: fullLoginSequenceLoginArt
|
||||||
|
}
|
||||||
|
]
|
||||||
config: {
|
config: {
|
||||||
tooNodeMenu: loginAttemptTooNode
|
tooNodeMenu: loginAttemptTooNode
|
||||||
inactive: loginAttemptAccountInactive
|
inactive: loginAttemptAccountInactive
|
||||||
|
|
@ -218,6 +245,46 @@
|
||||||
next: logoff
|
next: logoff
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// Empty menu to catch us in a 2FA/OTP auth loop
|
||||||
|
// until the user either authenticates successfully
|
||||||
|
// or the system boots them.
|
||||||
|
//
|
||||||
|
loginTwoFactorAuthOTPLoop: {
|
||||||
|
next: loginTwoFactorAuthOTP
|
||||||
|
}
|
||||||
|
|
||||||
|
loginTwoFactorAuthOTP: {
|
||||||
|
art: 2FAOTP
|
||||||
|
next: fullLoginSequenceLoginArt
|
||||||
|
form: {
|
||||||
|
0: {
|
||||||
|
mci: {
|
||||||
|
ET1: {
|
||||||
|
argName: token
|
||||||
|
focus: true
|
||||||
|
submit: true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
submit: {
|
||||||
|
*: [
|
||||||
|
{
|
||||||
|
value: { token: null }
|
||||||
|
action: @systemMethod:login2FA_OTP
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
actionKeys: [
|
||||||
|
{
|
||||||
|
// no turning back at this point...
|
||||||
|
keys: [ "escape" ]
|
||||||
|
action: @systemMethod:logoff
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
forgotPassword: {
|
forgotPassword: {
|
||||||
desc: Forgot password
|
desc: Forgot password
|
||||||
prompt: forgotPasswordPrompt
|
prompt: forgotPasswordPrompt
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue