// this either returns an object with either an null URL or a URL that goes to // the TwoFactorAuth website to log in. @Override protected MitroRPC processCommand(MitroRequestContext context) throws IOException, SQLException, MitroServletException { RPC.CheckTwoFactorRequiredRequest in = gson.fromJson(context.jsonRequest, RPC.CheckTwoFactorRequiredRequest.class); String url = null; // url stays null if 2fa isn't enabled. else, changes to 2fa login page if (context.requestor.isTwoFactorAuthEnabled()) { String token = GetMyPrivateKey.makeLoginTokenString(context.requestor, in.extensionId, in.deviceId); String signedToken; try { signedToken = TwoFactorSigningService.signToken(token); } catch (KeyczarException e) { throw new MitroServletException(e); } url = context.requestServerUrl + "/mitro-core/TwoFactorAuth?token=" + URLEncoder.encode(token, "UTF-8") + "&signature=" + URLEncoder.encode(signedToken, "UTF-8"); } RPC.CheckTwoFactorRequiredResponse out = new RPC.CheckTwoFactorRequiredResponse(); out.twoFactorUrl = url; return out; }
// this will throw an exception if the person has 2fa enabled but the // token/signature isn't provided or is incorrect or old public static boolean checkTwoFactorSecret( MitroRequestContext context, RPC.TwoFactorAuthRequest in) throws DoTwoFactorAuthException { if (context.requestor.isTwoFactorAuthEnabled()) { boolean tokenExists = !Strings.isNullOrEmpty(in.tfaToken); boolean signatureExists = !Strings.isNullOrEmpty(in.tfaSignature); if (!tokenExists || !signatureExists) { throw new DoTwoFactorAuthException(""); } RPC.LoginToken tokenInGson = gson.fromJson(in.tfaToken, RPC.LoginToken.class); boolean twoFactorVerified = tokenInGson.twoFactorAuthVerified; if (!twoFactorVerified) { throw new DoTwoFactorAuthException(""); } else if (!TwoFactorSigningService.verifySignatureAndTimestamp( in.tfaToken, in.tfaSignature, tokenInGson.timestampMs)) { throw new DoTwoFactorAuthException(""); } else { return true; } } return false; }
public CheckTwoFactorRequired(ManagerFactory mf, KeyFactory keyFactory) { super(mf, keyFactory); // Crash on startup if secrets aren't loaded TwoFactorSigningService.checkInitialized(); }