Skip to content

Commit

Permalink
[5.3] MSTR-316: Support new DUO universal prompt auth proccess (#1230)
Browse files Browse the repository at this point in the history
* WIP: POC API integration

* ext request missing params

* WIP: amulate duo auth

* add param to the API duo_api_hostname

* Remove console.logs

* User user_id instead of username when creating a new duo user

* duo re-auth improvements

* consume redirect url from kazoo api

* DIsplay DUO alert if legacy configured

---------

Co-authored-by: Pilar Candia <[email protected]>
  • Loading branch information
masmerino13 and pcandia authored Jul 30, 2024
1 parent 3fbae78 commit 93a2c5c
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 32 deletions.
80 changes: 49 additions & 31 deletions src/apps/auth/app.js
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,14 @@ define(function(require) {
window.location = sso.login;
}
} else if (urlParams.hasOwnProperty('state') && urlParams.hasOwnProperty('code')) {
// OAuth redirect
const duoAuthState = localStorage.getItem('duoAuthState')

if (duoAuthState === urlParams.state) {
self.checkDuoAuth(urlParams.code);
return
}

// OAuth redirect
self.getNewOAuthTokenFromURLParams(urlParams, function(authData) {
// Once we set our token we refresh the page to get rid of new URL params from auth callback
self.buildCookiesFromSSOResponse(authData);
Expand Down Expand Up @@ -1259,6 +1266,21 @@ define(function(require) {
$template.find('.cancel-link').on('click', closePopup);
},

checkDuoAuth: function(duoCode) {
var self = this,
loginData = JSON.parse(localStorage.getItem('prevAuth')),
duoData = JSON.parse(localStorage.getItem('duoAuth'));

loginData.multi_factor_response = {
code: duoCode,
redirect_uri: window.location.origin
};

self.putAuth(loginData, function(data) {
// Do Auth success
});
},

checkRecoveryId: function(recoveryId, callback) {
var self = this;

Expand Down Expand Up @@ -1420,43 +1442,39 @@ define(function(require) {
});
},

handleMultiFactor: function(data, loginData, success, error) {
var self = this;
handleMultiFactor: function(data, loginData, _success, error) {
var self = this,
isDuoUniversal = data.multi_factor_request.provider_name === 'duo_universal',
isDuoLegacy = data.multi_factor_request.provider_name === 'duo';

if (data.multi_factor_request.provider_name === 'duo') {
self.showDuoDialog(data, loginData, success, error);
if (isDuoUniversal) {
self.doDuoUniversalRedirect(data, loginData);
} else if (isDuoLegacy) {
self.showDuoDialog();
} else {
error && error();
}
},

showDuoDialog: function(data, loginData, success, error) {
var self = this,
wasSuccessful = false;

require(['duo'], function() {
var template = self.getTemplate({ name: 'duo-dialog' }),
dialog = monster.ui.dialog(template, {
title: self.i18n.active().duoDialog.title,
onClose: function() {
if (!wasSuccessful) {
error && error();
}
}
});
doDuoUniversalRedirect: function(data, loginData) {
localStorage.setItem('prevAuth', JSON.stringify(loginData))
localStorage.setItem('duoAuthState', _.get(data, 'multi_factor_request.duo_state', ''))

Duo.init({
iframe: dialog.find('iframe')[0],
sig_request: data.multi_factor_request.settings.duo_sig_request,
host: data.multi_factor_request.settings.duo_api_hostname,
submit_callback: function(form) {
wasSuccessful = true;
loginData.multi_factor_response = $(form).find('[name="sig_response"]').attr('value');
dialog.dialog('close').remove();
success && success(loginData);
}
});
});
window.location.href = _.get(data, 'multi_factor_request.duo_redirect', '')
},

showDuoDialog: function() {
var self = this;

monster.ui.alert(
'warning',
self.i18n.active().duoDialog.eol.description,
null,
{
title: self.i18n.active().duoDialog.eol.title,
isPersistent: true
}
);
},

/**
Expand Down
6 changes: 5 additions & 1 deletion src/apps/auth/i18n/en-US.json
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,11 @@
"__comment": "UI-2552: Adding duo integration",
"__version": "4.1",
"duoDialog": {
"title": "Multi-factor Authentication"
"title": "Multi-factor Authentication",
"eol": {
"title": "Invalid DUO settings",
"description": "Contact your administrator to update DUO configuration"
}
},
"multiFactor": {
"error": "The information sent by the multi-factor plugin isn't valid."
Expand Down

0 comments on commit 93a2c5c

Please sign in to comment.