LinOTP: nitpicking and failsafe

Also one CodeFactor fix
2021-12-21 15:59:55 +01:00 · 2021-12-21 15:59:55 +01:00 · 12ba2981ef
parent 8964a36b39
commit 12ba2981ef
2 changed files with 15 additions and 4 deletions
--- a/app/Plugin/LinOTPAuth/Controller/Component/Auth/LinOTPAuthenticate.php
+++ b/app/Plugin/LinOTPAuth/Controller/Component/Auth/LinOTPAuthenticate.php
@ -51,6 +51,9 @@ class LinOTPAuthenticate extends BaseAuthenticate

        CakeLog::debug( "Sending POST request to ${url}");
        $results = $HttpSocket->post($url, $data);
+        if ($results->code != "200") {
+            return false;
+        }
        $response = json_decode($results->body());

        if ($response == false) {
@ -119,6 +122,15 @@ class LinOTPAuthenticate extends BaseAuthenticate
        $linOTP_verifyssl = Configure::read("LinOTPAuth.verifyssl");
        $mixedauth = Configure::read("LinOTPAuth.mixedauth");

+        if (!$linOTP_baseUrl || $linOTP_baseUrl === "") {
+            CakeLog::error("LinOTP: Please configure baseUrl.");
+            if ($mixedauth) {
+                throw new CakeException(__d('cake_dev', 'LinOTP: Missing "baseUrl" configuration - access denied!', 'authenticate()'));
+            } else {
+                return false;
+            }
+        }
+
        // If not mixed auth mode - concat password with otp
        if (!$mixedauth) {
            $password = $password . $otp;
@ -133,7 +145,6 @@ class LinOTPAuthenticate extends BaseAuthenticate
            // Enforce OTP token by Authentication Form
            if (!$otp || $otp === "") {
                throw new CakeException(__d('cake_dev', 'Missing OTP Token.', 'authenticate()'));
-                return false;
            }

            $response = $this->_linotp_verify(
--- a/app/View/Users/login.ctp
+++ b/app/View/Users/login.ctp
@ -39,7 +39,7 @@
        <?php
            echo $this->Form->input('email', array('autocomplete' => 'off', 'autofocus'));
            echo $this->Form->input('password', array('autocomplete' => 'off'));
-            if (Configure::read('LinOTPAuth') == true) {
+            if (!empty(Configure::read('LinOTPAuth'))) {
                echo $this->Form->input('otp', array('autocomplete' => 'off', 'type' => 'password', 'label' => 'OTP'));
            }
        ?>
@ -85,7 +85,7 @@ function submitLoginForm() {
    var url = $form.attr('action')
    var email = $form.find('#UserEmail').val()
    var password = $form.find('#UserPassword').val()
-    if (Configure::read('LinOTPAuth') == true) {
+    if (!empty(Configure::read('LinOTPAuth'))) {
        var otp = $form.find('#UserOtp').val()
    }
    if (!$form[0].checkValidity()) {
@ -100,7 +100,7 @@ function submitLoginForm() {
            var $tmpForm = $('#temp form#UserLoginForm')
            $tmpForm.find('#UserEmail').val(email)
            $tmpForm.find('#UserPassword').val(password)
-            if (Configure::read('LinOTPAuth') == true) {
+            if (!empty(Configure::read('LinOTPAuth'))) {
                $tmpForm.find('#UserOtp').val(otp)
            }
            $tmpForm.submit()