Added option for manditory one-time passwords

skavanagh · skavanagh · commit 8657ac92d127 · 2015-11-26T06:30:41.000-05:00
Added option for manditory one-time passwords. Closes bastillion-io#102
diff --git a/src/main/java/com/keybox/manage/action/LoginAction.java b/src/main/java/com/keybox/manage/action/LoginAction.java
@@ -44,7 +44,7 @@ public class LoginAction extends ActionSupport implements ServletRequestAware, S
     Auth auth;
     private final String AUTH_ERROR="Authentication Failed : Login credentials are invalid";
     //check if otp is enabled
-    boolean otpEnabled="true".equals(AppConfig.getProperty("enableOTP"));
+    boolean otpEnabled = ("required".equals(AppConfig.getProperty("oneTimePassword")) || "optional".equals(AppConfig.getProperty("oneTimePassword")));
 
     @Action(value = "/login",
             results = {
diff --git a/src/main/java/com/keybox/manage/action/OTPAction.java b/src/main/java/com/keybox/manage/action/OTPAction.java
@@ -19,6 +19,7 @@
 import com.google.zxing.EncodeHintType;
 import com.google.zxing.common.BitMatrix;
 import com.google.zxing.qrcode.QRCodeWriter;
+import com.keybox.common.util.AppConfig;
 import com.keybox.common.util.AuthUtil;
 import com.keybox.manage.db.AuthDB;
 import com.keybox.manage.db.UserDB;
@@ -43,6 +44,7 @@
 public class OTPAction extends ActionSupport implements ServletRequestAware, ServletResponseAware {
 
     private static Logger log = LoggerFactory.getLogger(OTPAction.class);
+    public static boolean requireOTP = "required".equals(AppConfig.getProperty("oneTimePassword"));
 
     //QR image size
     private static final int QR_IMAGE_WIDTH = 325;
@@ -130,6 +132,9 @@ public String qrImage() {
             log.error(ex.toString(), ex);
         }
 
+        if (requireOTP) {
+            AuthUtil.deleteAllSession(servletRequest.getSession());
+        }
 
         return null;
 
diff --git a/src/main/resources/KeyBoxConfig.properties b/src/main/resources/KeyBoxConfig.properties
@@ -26,8 +26,8 @@ serverAliveInterval=60
 websocketTimeout=0
 #enable SSH agent forwarding
 agentForwarding=false
-#enable two-factor authentication
-enableOTP=true
+#enable two-factor authentication with a one-time password - 'required', 'optional', or 'disabled'
+oneTimePassword=optional
 #set to false to disable key management. If false, the KeyBox public key will be appended to the authorized_keys file (instead of it being overwritten completely).
 keyManagementEnabled=true
 #set to true to generate keys when added/managed by users and enforce strong passphrases set to false to allow users to set their own public key
diff --git a/src/main/webapp/admin/two-factor_otp.jsp b/src/main/webapp/admin/two-factor_otp.jsp
@@ -106,7 +106,9 @@
                             </tr>
                         </tbody>
                     </table>
-                    <button onclick="window.location = 'menu.action'" class="btn btn-danger spacer spacer-left" style="float:left">Skip for Now</button>
+                    <s:if test="%{!@com.keybox.manage.action.OTPAction@requireOTP}">
+                        <button onclick="window.location = 'menu.action'" class="btn btn-danger spacer spacer-left" style="float:left">Skip for Now</button>
+                    </s:if>
                     <s:form action="otpSubmit" theme="simple" >
                         <s:hidden name="sharedSecret"/>
                         <s:submit cssClass="btn btn-default spacer spacer-right" value="Got It!"/>
