diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/AuthenticationFactory.php b/src/opnsense/mvc/app/library/OPNsense/Auth/AuthenticationFactory.php
index 636722a9f..a7b1ea5d5 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Auth/AuthenticationFactory.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/AuthenticationFactory.php
@@ -123,7 +123,7 @@ class AuthenticationFactory
if (!empty($connectors[$servers[$authserver]['type']])) {
$authObject = $connectors[$servers[$authserver]['type']]['classHandle']->newInstance();
}
- if ($servers[$authserver]['type'] == 'ldap') {
+ if (in_array($servers[$authserver]['type'], array('ldap', 'ldap-totp'))) {
$localUserMap = $this->fetchUserDNs();
}
diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/LDAPTOTP.php b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAPTOTP.php
new file mode 100644
index 000000000..39df63cfb
--- /dev/null
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAPTOTP.php
@@ -0,0 +1,81 @@
+setTOTPProperties($config);
+ }
+
+ /**
+ * retrieve configuration options
+ * @return array
+ */
+ public function getConfigurationOptions()
+ {
+ $options = $this->getTOTPConfigurationOptions();
+ return $options;
+ }
+}
diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/Local.php b/src/opnsense/mvc/app/library/OPNsense/Auth/Local.php
index 2c1fd853e..2c610226e 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Auth/Local.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/Local.php
@@ -147,13 +147,7 @@ class Local extends Base implements IAuthConnector
*/
public function authenticate($username, $password)
{
- if (is_a($username, 'SimpleXMLElement')) {
- // user xml section provided
- $userObject = $username;
- } else {
- // get xml section from config
- $userObject = $this->getUser($username);
- }
+ $userObject = $this->getUser($username);
if ($userObject != null) {
if (isset($userObject->disabled)) {
// disabled user
diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php b/src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php
index c82dadf82..2ce07b5f8 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php
@@ -58,11 +58,6 @@ trait TOTP
*/
private $passwordFirst = false;
- /**
- * @var string method accepting username and returning a simplexml user object
- */
- private $getUserMethod = 'getUser';
-
/**
* use graceperiod and timeWindow to calculate which moments in time we should check
* @return array timestamps
@@ -149,8 +144,7 @@ trait TOTP
*/
public function authenticate($username, $password)
{
- $getUserMethod = $this->getUserMethod;
- $userObject = $this->$getUserMethod($username);
+ $userObject = $this->getUser($username);
if ($userObject != null && !empty($userObject->otp_seed)) {
if (strlen($password) > $this->otpLength) {
// split otp token code and userpassword
@@ -166,7 +160,7 @@ trait TOTP
$otp_seed = \Base32\Base32::decode($userObject->otp_seed);
if ($this->authTOTP($otp_seed, $code)) {
// token valid, do parents auth
- return parent::authenticate($userObject, $userPassword);
+ return parent::authenticate($username, $userPassword);
}
}
}
diff --git a/src/www/system_authservers.php b/src/www/system_authservers.php
index 2fefec38d..707955fdc 100644
--- a/src/www/system_authservers.php
+++ b/src/www/system_authservers.php
@@ -71,7 +71,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['type'] = $a_server[$id]['type'];
$pconfig['name'] = $a_server[$id]['name'];
- if ($pconfig['type'] == "ldap") {
+ if (in_array($pconfig['type'], array("ldap", "ldap-totp"))) {
$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
$pconfig['ldap_host'] = $a_server[$id]['host'];
$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
@@ -115,7 +115,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig[$fieldname] = null;
}
}
- } elseif (!empty($authCNFOptions[$pconfig['type']])) {
+ }
+ if (!empty($authCNFOptions[$pconfig['type']])) {
foreach ($authCNFOptions[$pconfig['type']]['additionalFields'] as $fieldname => $field) {
$pconfig[$fieldname] = $a_server[$id][$fieldname];
}
@@ -132,7 +133,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
if (isset($pconfig['save'])) {
/* input validation */
- if ($pconfig['type'] == "ldap") {
+ if (in_array($pconfig['type'], array("ldap", "ldap-totp"))) {
$reqdfields = explode(" ", "name type ldap_host ldap_port ".
"ldap_urltype ldap_protver ldap_scope ".
"ldap_attr_user ldapauthcontainers");
@@ -171,7 +172,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$reqdfields[] = "radius_secret";
$reqdfieldsn[] = gettext("Shared Secret");
}
- } elseif (!empty($authCNFOptions[$pconfig['type']])) {
+ }
+ if (!empty($authCNFOptions[$pconfig['type']])) {
foreach ($authCNFOptions[$pconfig['type']]['additionalFields'] as $fieldname => $field) {
if (!empty($field['validate'])) {
foreach ($field['validate']($pconfig[$fieldname]) as $input_error) {
@@ -213,7 +215,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$server['name'] = $pconfig['name'];
}
- if ($server['type'] == "ldap") {
+ if (in_array($server['type'], array("ldap", "ldap-totp"))) {
if (!empty($pconfig['ldap_caref'])) {
$server['ldap_caref'] = $pconfig['ldap_caref'];
}
@@ -269,7 +271,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($config['system']['webgui'][$fieldname]);
}
}
- } elseif (!empty($authCNFOptions[$server['type']])) {
+ }
+ if (!empty($authCNFOptions[$server['type']])) {
foreach ($authCNFOptions[$server['type']]['additionalFields'] as $fieldname => $field) {
$server[$fieldname] = $pconfig[$fieldname];
}
@@ -592,7 +595,7 @@ endif; ?>
-
+
| |
@@ -601,13 +604,13 @@ endif; ?>
|
-
+
| |
|
-
+
| |
|
-
+
| |
endif; ?>
|
-
+
| |
|
-
+
| |
@@ -668,7 +671,7 @@ endif; ?>
|
-
+
| |
|
-
+
| |
|
-
+
| |
@@ -701,7 +704,7 @@ endif; ?>
|
-
+
| |
@@ -712,7 +715,7 @@ endif; ?>
|
-
+
| |
|
-
+
| |
@@ -733,7 +736,7 @@ endif; ?>
|
-
+
| |
/>
|