Merge pull request #8092 from DCSO/fix/linotp-throw2

LinOTP minor fixes
2022-01-17 20:13:16 +01:00 · 2022-01-17 20:13:16 +01:00 · f650521b3c
parent 6dc2fefb41 7644a19b7f
commit f650521b3c
3 changed files with 46 additions and 1 deletions
--- a/app/Model/Server.php
+++ b/app/Model/Server.php
@ -1388,6 +1388,7 @@ class Server extends AppModel
            'misc' => 'Security',
            'Security' => 'Security',
            'Session' => 'Security',
+            'LinOTPAuth' => 'Security',
            'SimpleBackgroundJobs' => 'SimpleBackgroundJobs'
        );

@ -7135,6 +7136,37 @@ class Server extends AppModel
                'type' => 'boolean',
                'null' => true
            ),
+            'LinOTPAuth' => array(
+                'branch' => 1,
+                'baseUrl' => array(
+                    'level' => 2,
+                    'description' => __('The default LinOTP URL.'),
+                    'value' => 'https://<your-linotp-baseUrl>',
+                    'test' => 'testForEmpty',
+                    'type' => 'string',
+                ),
+                'realm' => array(
+                    'level' => 2,
+                    'description' => __('The LinOTP realm to authenticate against.'),
+                    'value' => 'lino',
+                    'test' => 'testForEmpty',
+                    'type' => 'string',
+                ),
+                'verifyssl' => array(
+                    'level' => 2,
+                    'description' => __('Set to false to skip SSL/TLS verify'),
+                    'value' => true,
+                    'test' => 'testBoolTrue',
+                    'type' => 'boolean',
+                ),
+                'mixedauth' => array(
+                    'level' => 2,
+                    'description' => __('Set to true to enforce OTP usage'),
+                    'value' => false,
+                    'test' => 'testBoolFalse',
+                    'type' => 'boolean',
+                ),
+            ),
        );
    }

--- a/app/Plugin/LinOTPAuth/Controller/Component/Auth/LinOTPAuthenticate.php
+++ b/app/Plugin/LinOTPAuth/Controller/Component/Auth/LinOTPAuthenticate.php
@ -50,7 +50,13 @@ class LinOTPAuthenticate extends BaseAuthenticate
        $url = "$baseUrl/validate/check";

        CakeLog::debug( "Sending POST request to ${url}");
-        $results = $HttpSocket->post($url, $data);
+        try {
+            $results = $HttpSocket->post($url, $data);
+        }
+        catch (SocketException $ex) {
+            CakeLog::error("LinOTP: {$ex->getMessage()}.");
+            return false;
+        }
        if ($results->code != "200") {
            return false;
        }
--- a/app/View/Users/login.ctp
+++ b/app/View/Users/login.ctp
@ -41,6 +41,13 @@
            echo $this->Form->input('password', array('autocomplete' => 'off'));
            if (!empty(Configure::read('LinOTPAuth'))) {
                echo $this->Form->input('otp', array('autocomplete' => 'off', 'type' => 'password', 'label' => 'OTP'));
+                echo "<div class=\"clear\">";
+                echo sprintf(
+                    '%s <a href="%s/selfservice" title="LinOTP Selfservice">LinOTP Selfservice</a> %s',
+                    __('Visit'),
+                    Configure::read('LinOTPAuth.baseUrl'),
+                    __('for the One-Time-Password selfservice.')
+                );
            }
        ?>
            <div class="clear">