Fix login with multiple two-factor options

This commit is contained in:
Bernd Schoolmann 2023-09-19 14:21:46 +02:00
parent 45a633cb33
commit 50987f7626
No known key found for this signature in database
1 changed files with 12 additions and 4 deletions

View File

@ -25,21 +25,29 @@ func PerformSecondFactor(resp *TwoFactorResponse, cfg *config.Config) (TwoFactor
result, err := Fido2TwoFactor(chall, creds, cfg) result, err := Fido2TwoFactor(chall, creds, cfg)
if err != nil { if err != nil {
return WebAuthn, nil, err twofactorLog.Error("Error during FIDO2 two-factor authentication: %s", err)
} //return WebAuthn, nil, err
} else {
return WebAuthn, []byte(result), err return WebAuthn, []byte(result), err
}
} else { } else {
twofactorLog.Warn("WebAuthn is enabled for the account but goldwarden is not compiled with FIDO2 support") twofactorLog.Warn("WebAuthn is enabled for the account but goldwarden is not compiled with FIDO2 support")
} }
} }
if _, isInMap := resp.TwoFactorProviders2[Authenticator]; isInMap { if _, isInMap := resp.TwoFactorProviders2[Authenticator]; isInMap {
token, err := pinentry.GetPassword("Authenticator Second Factor", "Enter your two-factor auth code") token, err := pinentry.GetPassword("Authenticator Second Factor", "Enter your two-factor auth code")
if err != nil {
twofactorLog.Error("Error during authenticator two-factor authentication: %s", err)
} else {
return Authenticator, []byte(token), err return Authenticator, []byte(token), err
} }
}
if _, isInMap := resp.TwoFactorProviders2[Email]; isInMap { if _, isInMap := resp.TwoFactorProviders2[Email]; isInMap {
token, err := pinentry.GetPassword("Email Second Factor", "Enter your two-factor auth code") token, err := pinentry.GetPassword("Email Second Factor", "Enter your two-factor auth code")
if err == nil {
return Email, []byte(token), err return Email, []byte(token), err
} }
}
return Authenticator, []byte{}, errors.New("no second factor available") return Authenticator, []byte{}, errors.New("no second factor available")
} }