mirror of
https://github.com/bitwarden/browser.git
synced 2024-12-22 16:29:09 +01:00
[PM-5156] [PM-5216] Duo v2 removal (#9513)
* remove library and update package and webpack * update 2fa flow and remove feature flag * update request and response models * fix merge conflicts
This commit is contained in:
parent
c35bbc522c
commit
41e1d91558
9
.github/renovate.json
vendored
9
.github/renovate.json
vendored
@ -69,14 +69,7 @@
|
|||||||
"reviewers": ["team:team-admin-console-dev"]
|
"reviewers": ["team:team-admin-console-dev"]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"matchPackageNames": [
|
"matchPackageNames": ["@types/node-ipc", "node-ipc", "qrious", "regedit"],
|
||||||
"@types/duo_web_sdk",
|
|
||||||
"@types/node-ipc",
|
|
||||||
"duo_web_sdk",
|
|
||||||
"node-ipc",
|
|
||||||
"qrious",
|
|
||||||
"regedit"
|
|
||||||
],
|
|
||||||
"description": "Auth owned dependencies",
|
"description": "Auth owned dependencies",
|
||||||
"commitMessagePrefix": "[deps] Auth:",
|
"commitMessagePrefix": "[deps] Auth:",
|
||||||
"reviewers": ["team:team-auth-dev"]
|
"reviewers": ["team:team-auth-dev"]
|
||||||
|
@ -111,7 +111,7 @@
|
|||||||
</ng-container>
|
</ng-container>
|
||||||
<!-- Duo -->
|
<!-- Duo -->
|
||||||
<ng-container *ngIf="isDuoProvider">
|
<ng-container *ngIf="isDuoProvider">
|
||||||
<div *ngIf="duoFrameless" class="tw-my-4">
|
<div class="tw-my-4">
|
||||||
<p class="tw-mb-0 tw-text-center">
|
<p class="tw-mb-0 tw-text-center">
|
||||||
{{ "duoRequiredForAccount" | i18n }}
|
{{ "duoRequiredForAccount" | i18n }}
|
||||||
</p>
|
</p>
|
||||||
@ -127,17 +127,6 @@
|
|||||||
</ng-container>
|
</ng-container>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<ng-container *ngIf="!duoFrameless">
|
|
||||||
<div id="duo-frame">
|
|
||||||
<iframe
|
|
||||||
id="duo_iframe"
|
|
||||||
sandbox="allow-scripts allow-forms allow-same-origin allow-popups allow-popups-to-escape-sandbox"
|
|
||||||
></iframe>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<ng-container *ngTemplateOutlet="duoRememberMe"></ng-container>
|
|
||||||
</ng-container>
|
|
||||||
|
|
||||||
<ng-template #duoRememberMe>
|
<ng-template #duoRememberMe>
|
||||||
<div class="box">
|
<div class="box">
|
||||||
<div class="box-content">
|
<div class="box-content">
|
||||||
@ -158,7 +147,7 @@
|
|||||||
</div>
|
</div>
|
||||||
<!-- Buttons -->
|
<!-- Buttons -->
|
||||||
<div class="content no-vpad" *ngIf="selectedProviderType != null">
|
<div class="content no-vpad" *ngIf="selectedProviderType != null">
|
||||||
<ng-container *ngIf="duoFrameless && isDuoProvider">
|
<ng-container *ngIf="isDuoProvider">
|
||||||
<button
|
<button
|
||||||
*ngIf="inPopout"
|
*ngIf="inPopout"
|
||||||
bitButton
|
bitButton
|
||||||
|
@ -1,418 +0,0 @@
|
|||||||
/**
|
|
||||||
* Duo Web SDK v2
|
|
||||||
* Copyright 2017, Duo Security
|
|
||||||
*/
|
|
||||||
|
|
||||||
var Duo;
|
|
||||||
(function (root, factory) {
|
|
||||||
// Browser globals (root is window)
|
|
||||||
var d = factory();
|
|
||||||
// If the Javascript was loaded via a script tag, attempt to autoload
|
|
||||||
// the frame.
|
|
||||||
d._onReady(d.init);
|
|
||||||
// Attach Duo to the `window` object
|
|
||||||
root.Duo = Duo = d;
|
|
||||||
}(window, function () {
|
|
||||||
var DUO_MESSAGE_FORMAT = /^(?:AUTH|ENROLL)+\|[A-Za-z0-9\+\/=]+\|[A-Za-z0-9\+\/=]+$/;
|
|
||||||
var DUO_ERROR_FORMAT = /^ERR\|[\w\s\.\(\)]+$/;
|
|
||||||
var DUO_OPEN_WINDOW_FORMAT = /^DUO_OPEN_WINDOW\|/;
|
|
||||||
var VALID_OPEN_WINDOW_DOMAINS = [
|
|
||||||
'duo.com',
|
|
||||||
'duosecurity.com',
|
|
||||||
'duomobile.s3-us-west-1.amazonaws.com'
|
|
||||||
];
|
|
||||||
|
|
||||||
var iframeId = 'duo_iframe',
|
|
||||||
postAction = '',
|
|
||||||
postArgument = 'sig_response',
|
|
||||||
host,
|
|
||||||
sigRequest,
|
|
||||||
duoSig,
|
|
||||||
appSig,
|
|
||||||
iframe,
|
|
||||||
submitCallback;
|
|
||||||
|
|
||||||
function throwError(message, url) {
|
|
||||||
throw new Error(
|
|
||||||
'Duo Web SDK error: ' + message +
|
|
||||||
(url ? ('\n' + 'See ' + url + ' for more information') : '')
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
function hyphenize(str) {
|
|
||||||
return str.replace(/([a-z])([A-Z])/, '$1-$2').toLowerCase();
|
|
||||||
}
|
|
||||||
|
|
||||||
// cross-browser data attributes
|
|
||||||
function getDataAttribute(element, name) {
|
|
||||||
if ('dataset' in element) {
|
|
||||||
return element.dataset[name];
|
|
||||||
} else {
|
|
||||||
return element.getAttribute('data-' + hyphenize(name));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// cross-browser event binding/unbinding
|
|
||||||
function on(context, event, fallbackEvent, callback) {
|
|
||||||
if ('addEventListener' in window) {
|
|
||||||
context.addEventListener(event, callback, false);
|
|
||||||
} else {
|
|
||||||
context.attachEvent(fallbackEvent, callback);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function off(context, event, fallbackEvent, callback) {
|
|
||||||
if ('removeEventListener' in window) {
|
|
||||||
context.removeEventListener(event, callback, false);
|
|
||||||
} else {
|
|
||||||
context.detachEvent(fallbackEvent, callback);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function onReady(callback) {
|
|
||||||
on(document, 'DOMContentLoaded', 'onreadystatechange', callback);
|
|
||||||
}
|
|
||||||
|
|
||||||
function offReady(callback) {
|
|
||||||
off(document, 'DOMContentLoaded', 'onreadystatechange', callback);
|
|
||||||
}
|
|
||||||
|
|
||||||
function onMessage(callback) {
|
|
||||||
on(window, 'message', 'onmessage', callback);
|
|
||||||
}
|
|
||||||
|
|
||||||
function offMessage(callback) {
|
|
||||||
off(window, 'message', 'onmessage', callback);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Parse the sig_request parameter, throwing errors if the token contains
|
|
||||||
* a server error or if the token is invalid.
|
|
||||||
*
|
|
||||||
* @param {String} sig Request token
|
|
||||||
*/
|
|
||||||
function parseSigRequest(sig) {
|
|
||||||
if (!sig) {
|
|
||||||
// nothing to do
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// see if the token contains an error, throwing it if it does
|
|
||||||
if (sig.indexOf('ERR|') === 0) {
|
|
||||||
throwError(sig.split('|')[1]);
|
|
||||||
}
|
|
||||||
|
|
||||||
// validate the token
|
|
||||||
if (sig.indexOf(':') === -1 || sig.split(':').length !== 2) {
|
|
||||||
throwError(
|
|
||||||
'Duo was given a bad token. This might indicate a configuration ' +
|
|
||||||
'problem with one of Duo\'s client libraries.',
|
|
||||||
'https://www.duosecurity.com/docs/duoweb#first-steps'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
var sigParts = sig.split(':');
|
|
||||||
|
|
||||||
// hang on to the token, and the parsed duo and app sigs
|
|
||||||
sigRequest = sig;
|
|
||||||
duoSig = sigParts[0];
|
|
||||||
appSig = sigParts[1];
|
|
||||||
|
|
||||||
return {
|
|
||||||
sigRequest: sig,
|
|
||||||
duoSig: sigParts[0],
|
|
||||||
appSig: sigParts[1]
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This function is set up to run when the DOM is ready, if the iframe was
|
|
||||||
* not available during `init`.
|
|
||||||
*/
|
|
||||||
function onDOMReady() {
|
|
||||||
iframe = document.getElementById(iframeId);
|
|
||||||
|
|
||||||
if (!iframe) {
|
|
||||||
throw new Error(
|
|
||||||
'This page does not contain an iframe for Duo to use.' +
|
|
||||||
'Add an element like <iframe id="duo_iframe"></iframe> ' +
|
|
||||||
'to this page. ' +
|
|
||||||
'See https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe ' +
|
|
||||||
'for more information.'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
// we've got an iframe, away we go!
|
|
||||||
ready();
|
|
||||||
|
|
||||||
// always clean up after yourself
|
|
||||||
offReady(onDOMReady);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Validate that a MessageEvent came from the Duo service, and that it
|
|
||||||
* is a properly formatted payload.
|
|
||||||
*
|
|
||||||
* The Google Chrome sign-in page injects some JS into pages that also
|
|
||||||
* make use of postMessage, so we need to do additional validation above
|
|
||||||
* and beyond the origin.
|
|
||||||
*
|
|
||||||
* @param {MessageEvent} event Message received via postMessage
|
|
||||||
*/
|
|
||||||
function isDuoMessage(event) {
|
|
||||||
return Boolean(
|
|
||||||
event.origin === ('https://' + host) &&
|
|
||||||
typeof event.data === 'string' &&
|
|
||||||
(
|
|
||||||
event.data.match(DUO_MESSAGE_FORMAT) ||
|
|
||||||
event.data.match(DUO_ERROR_FORMAT) ||
|
|
||||||
event.data.match(DUO_OPEN_WINDOW_FORMAT)
|
|
||||||
)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Validate the request token and prepare for the iframe to become ready.
|
|
||||||
*
|
|
||||||
* All options below can be passed into an options hash to `Duo.init`, or
|
|
||||||
* specified on the iframe using `data-` attributes.
|
|
||||||
*
|
|
||||||
* Options specified using the options hash will take precedence over
|
|
||||||
* `data-` attributes.
|
|
||||||
*
|
|
||||||
* Example using options hash:
|
|
||||||
* ```javascript
|
|
||||||
* Duo.init({
|
|
||||||
* iframe: "some_other_id",
|
|
||||||
* host: "api-main.duo.test",
|
|
||||||
* sig_request: "...",
|
|
||||||
* post_action: "/auth",
|
|
||||||
* post_argument: "resp"
|
|
||||||
* });
|
|
||||||
* ```
|
|
||||||
*
|
|
||||||
* Example using `data-` attributes:
|
|
||||||
* ```
|
|
||||||
* <iframe id="duo_iframe"
|
|
||||||
* data-host="api-main.duo.test"
|
|
||||||
* data-sig-request="..."
|
|
||||||
* data-post-action="/auth"
|
|
||||||
* data-post-argument="resp"
|
|
||||||
* >
|
|
||||||
* </iframe>
|
|
||||||
* ```
|
|
||||||
*
|
|
||||||
* @param {Object} options
|
|
||||||
* @param {String} options.iframe The iframe, or id of an iframe to set up
|
|
||||||
* @param {String} options.host Hostname
|
|
||||||
* @param {String} options.sig_request Request token
|
|
||||||
* @param {String} [options.post_action=''] URL to POST back to after successful auth
|
|
||||||
* @param {String} [options.post_argument='sig_response'] Parameter name to use for response token
|
|
||||||
* @param {Function} [options.submit_callback] If provided, duo will not submit the form instead execute
|
|
||||||
* the callback function with reference to the "duo_form" form object
|
|
||||||
* submit_callback can be used to prevent the webpage from reloading.
|
|
||||||
*/
|
|
||||||
function init(options) {
|
|
||||||
if (options) {
|
|
||||||
if (options.host) {
|
|
||||||
host = options.host;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (options.sig_request) {
|
|
||||||
parseSigRequest(options.sig_request);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (options.post_action) {
|
|
||||||
postAction = options.post_action;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (options.post_argument) {
|
|
||||||
postArgument = options.post_argument;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (options.iframe) {
|
|
||||||
if (options.iframe.tagName) {
|
|
||||||
iframe = options.iframe;
|
|
||||||
} else if (typeof options.iframe === 'string') {
|
|
||||||
iframeId = options.iframe;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (typeof options.submit_callback === 'function') {
|
|
||||||
submitCallback = options.submit_callback;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// if we were given an iframe, no need to wait for the rest of the DOM
|
|
||||||
if (false && iframe) {
|
|
||||||
ready();
|
|
||||||
} else {
|
|
||||||
// try to find the iframe in the DOM
|
|
||||||
iframe = document.getElementById(iframeId);
|
|
||||||
|
|
||||||
// iframe is in the DOM, away we go!
|
|
||||||
if (iframe) {
|
|
||||||
ready();
|
|
||||||
} else {
|
|
||||||
// wait until the DOM is ready, then try again
|
|
||||||
onReady(onDOMReady);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// always clean up after yourself!
|
|
||||||
offReady(init);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This function is called when a message was received from another domain
|
|
||||||
* using the `postMessage` API. Check that the event came from the Duo
|
|
||||||
* service domain, and that the message is a properly formatted payload,
|
|
||||||
* then perform the post back to the primary service.
|
|
||||||
*
|
|
||||||
* @param event Event object (contains origin and data)
|
|
||||||
*/
|
|
||||||
function onReceivedMessage(event) {
|
|
||||||
if (isDuoMessage(event)) {
|
|
||||||
if (event.data.match(DUO_OPEN_WINDOW_FORMAT)) {
|
|
||||||
var url = event.data.substring("DUO_OPEN_WINDOW|".length);
|
|
||||||
if (isValidUrlToOpen(url)) {
|
|
||||||
// Open the URL that comes after the DUO_WINDOW_OPEN token.
|
|
||||||
window.open(url, "_self");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
// the event came from duo, do the post back
|
|
||||||
doPostBack(event.data);
|
|
||||||
|
|
||||||
// always clean up after yourself!
|
|
||||||
offMessage(onReceivedMessage);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Validate that this passed in URL is one that we will actually allow to
|
|
||||||
* be opened.
|
|
||||||
* @param url String URL that the message poster wants to open
|
|
||||||
* @returns {boolean} true if we allow this url to be opened in the window
|
|
||||||
*/
|
|
||||||
function isValidUrlToOpen(url) {
|
|
||||||
if (!url) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
var parser = document.createElement('a');
|
|
||||||
parser.href = url;
|
|
||||||
|
|
||||||
if (parser.protocol === "duotrustedendpoints:") {
|
|
||||||
return true;
|
|
||||||
} else if (parser.protocol !== "https:") {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
for (var i = 0; i < VALID_OPEN_WINDOW_DOMAINS.length; i++) {
|
|
||||||
if (parser.hostname.endsWith("." + VALID_OPEN_WINDOW_DOMAINS[i]) ||
|
|
||||||
parser.hostname === VALID_OPEN_WINDOW_DOMAINS[i]) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Point the iframe at Duo, then wait for it to postMessage back to us.
|
|
||||||
*/
|
|
||||||
function ready() {
|
|
||||||
if (!host) {
|
|
||||||
host = getDataAttribute(iframe, 'host');
|
|
||||||
|
|
||||||
if (!host) {
|
|
||||||
throwError(
|
|
||||||
'No API hostname is given for Duo to use. Be sure to pass ' +
|
|
||||||
'a `host` parameter to Duo.init, or through the `data-host` ' +
|
|
||||||
'attribute on the iframe element.',
|
|
||||||
'https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!duoSig || !appSig) {
|
|
||||||
parseSigRequest(getDataAttribute(iframe, 'sigRequest'));
|
|
||||||
|
|
||||||
if (!duoSig || !appSig) {
|
|
||||||
throwError(
|
|
||||||
'No valid signed request is given. Be sure to give the ' +
|
|
||||||
'`sig_request` parameter to Duo.init, or use the ' +
|
|
||||||
'`data-sig-request` attribute on the iframe element.',
|
|
||||||
'https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// if postAction/Argument are defaults, see if they are specified
|
|
||||||
// as data attributes on the iframe
|
|
||||||
if (postAction === '') {
|
|
||||||
postAction = getDataAttribute(iframe, 'postAction') || postAction;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (postArgument === 'sig_response') {
|
|
||||||
postArgument = getDataAttribute(iframe, 'postArgument') || postArgument;
|
|
||||||
}
|
|
||||||
|
|
||||||
// point the iframe at Duo
|
|
||||||
iframe.src = [
|
|
||||||
'https://', host, '/frame/web/v1/auth?tx=', duoSig,
|
|
||||||
'&parent=', encodeURIComponent(document.location.href),
|
|
||||||
'&v=2.6'
|
|
||||||
].join('');
|
|
||||||
|
|
||||||
// listen for the 'message' event
|
|
||||||
onMessage(onReceivedMessage);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* We received a postMessage from Duo. POST back to the primary service
|
|
||||||
* with the response token, and any additional user-supplied parameters
|
|
||||||
* given in form#duo_form.
|
|
||||||
*/
|
|
||||||
function doPostBack(response) {
|
|
||||||
// create a hidden input to contain the response token
|
|
||||||
var input = document.createElement('input');
|
|
||||||
input.type = 'hidden';
|
|
||||||
input.name = postArgument;
|
|
||||||
input.value = response + ':' + appSig;
|
|
||||||
|
|
||||||
// user may supply their own form with additional inputs
|
|
||||||
var form = document.getElementById('duo_form');
|
|
||||||
|
|
||||||
// if the form doesn't exist, create one
|
|
||||||
if (!form) {
|
|
||||||
form = document.createElement('form');
|
|
||||||
|
|
||||||
// insert the new form after the iframe
|
|
||||||
iframe.parentElement.insertBefore(form, iframe.nextSibling);
|
|
||||||
}
|
|
||||||
|
|
||||||
// make sure we are actually posting to the right place
|
|
||||||
form.method = 'POST';
|
|
||||||
form.action = postAction;
|
|
||||||
|
|
||||||
// add the response token input to the form
|
|
||||||
form.appendChild(input);
|
|
||||||
|
|
||||||
// away we go!
|
|
||||||
if (typeof submitCallback === "function") {
|
|
||||||
submitCallback.call(null, form);
|
|
||||||
} else {
|
|
||||||
form.submit();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return {
|
|
||||||
init: init,
|
|
||||||
_onReady: onReady,
|
|
||||||
_parseSigRequest: parseSigRequest,
|
|
||||||
_isDuoMessage: isDuoMessage,
|
|
||||||
_doPostBack: doPostBack
|
|
||||||
};
|
|
||||||
}));
|
|
@ -90,20 +90,12 @@
|
|||||||
|
|
||||||
<!-- Duo -->
|
<!-- Duo -->
|
||||||
<ng-container *ngIf="isDuoProvider">
|
<ng-container *ngIf="isDuoProvider">
|
||||||
<ng-container *ngIf="duoFrameless">
|
<div>
|
||||||
<div>
|
<span *ngIf="selectedProviderType === providerType.OrganizationDuo" class="tw-mb-0">
|
||||||
<span *ngIf="selectedProviderType === providerType.OrganizationDuo" class="tw-mb-0">
|
{{ "duoRequiredByOrgForAccount" | i18n }}
|
||||||
{{ "duoRequiredByOrgForAccount" | i18n }}
|
</span>
|
||||||
</span>
|
{{ "launchDuoAndFollowStepsToFinishLoggingIn" | i18n }}
|
||||||
{{ "launchDuoAndFollowStepsToFinishLoggingIn" | i18n }}
|
</div>
|
||||||
</div>
|
|
||||||
</ng-container>
|
|
||||||
<ng-container id="duo-frame" *ngIf="!duoFrameless">
|
|
||||||
<iframe
|
|
||||||
id="duo_iframe"
|
|
||||||
sandbox="allow-scripts allow-forms allow-same-origin allow-popups allow-popups-to-escape-sandbox"
|
|
||||||
></iframe>
|
|
||||||
</ng-container>
|
|
||||||
</ng-container>
|
</ng-container>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -148,10 +140,7 @@
|
|||||||
|
|
||||||
<!-- Submit Buttons -->
|
<!-- Submit Buttons -->
|
||||||
<div class="buttons with-rows">
|
<div class="buttons with-rows">
|
||||||
<div
|
<div class="buttons-row" *ngIf="selectedProviderType != null && isDuoProvider">
|
||||||
class="buttons-row"
|
|
||||||
*ngIf="duoFrameless && selectedProviderType != null && isDuoProvider"
|
|
||||||
>
|
|
||||||
<button
|
<button
|
||||||
(click)="launchDuoFrameless()"
|
(click)="launchDuoFrameless()"
|
||||||
type="button"
|
type="button"
|
||||||
|
@ -59,8 +59,8 @@ export class TwoFactorDuoComponent extends TwoFactorBaseComponent {
|
|||||||
|
|
||||||
protected async enable() {
|
protected async enable() {
|
||||||
const request = await this.buildRequestModel(UpdateTwoFactorDuoRequest);
|
const request = await this.buildRequestModel(UpdateTwoFactorDuoRequest);
|
||||||
request.integrationKey = this.clientId;
|
request.clientId = this.clientId;
|
||||||
request.secretKey = this.clientSecret;
|
request.clientSecret = this.clientSecret;
|
||||||
request.host = this.host;
|
request.host = this.host;
|
||||||
|
|
||||||
return super.enable(async () => {
|
return super.enable(async () => {
|
||||||
@ -78,8 +78,8 @@ export class TwoFactorDuoComponent extends TwoFactorBaseComponent {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private processResponse(response: TwoFactorDuoResponse) {
|
private processResponse(response: TwoFactorDuoResponse) {
|
||||||
this.clientId = response.integrationKey;
|
this.clientId = response.clientId;
|
||||||
this.clientSecret = response.secretKey;
|
this.clientSecret = response.clientSecret;
|
||||||
this.host = response.host;
|
this.host = response.host;
|
||||||
this.enabled = response.enabled;
|
this.enabled = response.enabled;
|
||||||
}
|
}
|
||||||
|
@ -54,25 +54,14 @@
|
|||||||
</ng-container>
|
</ng-container>
|
||||||
<!-- Duo -->
|
<!-- Duo -->
|
||||||
<ng-container *ngIf="isDuoProvider">
|
<ng-container *ngIf="isDuoProvider">
|
||||||
<ng-container *ngIf="duoFrameless">
|
<p
|
||||||
<p
|
bitTypography="body1"
|
||||||
bitTypography="body1"
|
*ngIf="selectedProviderType === providerType.OrganizationDuo"
|
||||||
*ngIf="selectedProviderType === providerType.OrganizationDuo"
|
class="tw-mb-0"
|
||||||
class="tw-mb-0"
|
>
|
||||||
>
|
{{ "duoRequiredByOrgForAccount" | i18n }}
|
||||||
{{ "duoRequiredByOrgForAccount" | i18n }}
|
</p>
|
||||||
</p>
|
<p bitTypography="body1">{{ "launchDuoAndFollowStepsToFinishLoggingIn" | i18n }}</p>
|
||||||
<p bitTypography="body1">{{ "launchDuoAndFollowStepsToFinishLoggingIn" | i18n }}</p>
|
|
||||||
</ng-container>
|
|
||||||
|
|
||||||
<ng-container *ngIf="!duoFrameless">
|
|
||||||
<div id="duo-frame" class="tw-mb-3">
|
|
||||||
<iframe
|
|
||||||
id="duo_iframe"
|
|
||||||
sandbox="allow-scripts allow-forms allow-same-origin allow-popups allow-popups-to-escape-sandbox"
|
|
||||||
></iframe>
|
|
||||||
</div>
|
|
||||||
</ng-container>
|
|
||||||
</ng-container>
|
</ng-container>
|
||||||
<bit-form-control *ngIf="selectedProviderType != null">
|
<bit-form-control *ngIf="selectedProviderType != null">
|
||||||
<bit-label>{{ "rememberMe" | i18n }}</bit-label>
|
<bit-label>{{ "rememberMe" | i18n }}</bit-label>
|
||||||
@ -107,7 +96,7 @@
|
|||||||
buttonType="primary"
|
buttonType="primary"
|
||||||
bitButton
|
bitButton
|
||||||
bitFormButton
|
bitFormButton
|
||||||
*ngIf="duoFrameless && isDuoProvider"
|
*ngIf="isDuoProvider"
|
||||||
>
|
>
|
||||||
<span> {{ "launchDuo" | i18n }} </span>
|
<span> {{ "launchDuo" | i18n }} </span>
|
||||||
</button>
|
</button>
|
||||||
|
@ -1,17 +0,0 @@
|
|||||||
<!doctype html>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<meta charset="utf-8" />
|
|
||||||
<meta
|
|
||||||
name="viewport"
|
|
||||||
content="initial-scale=1, maximum-scale=1, user-scalable=no, width=device-width"
|
|
||||||
/>
|
|
||||||
<meta
|
|
||||||
http-equiv="Content-Security-Policy"
|
|
||||||
content="default-src 'self'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com;"
|
|
||||||
/>
|
|
||||||
<title>Bitwarden Duo Connector</title>
|
|
||||||
</head>
|
|
||||||
|
|
||||||
<body></body>
|
|
||||||
</html>
|
|
@ -1,18 +0,0 @@
|
|||||||
html,
|
|
||||||
body {
|
|
||||||
margin: 0;
|
|
||||||
padding: 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
body {
|
|
||||||
background: #efeff4 url("../images/loading.svg") 0 0 no-repeat;
|
|
||||||
}
|
|
||||||
|
|
||||||
iframe {
|
|
||||||
display: block;
|
|
||||||
width: 100%;
|
|
||||||
height: 400px;
|
|
||||||
border: none;
|
|
||||||
margin: 0;
|
|
||||||
padding: 0;
|
|
||||||
}
|
|
@ -1,47 +0,0 @@
|
|||||||
import * as DuoWebSDK from "duo_web_sdk";
|
|
||||||
|
|
||||||
import { getQsParam } from "./common";
|
|
||||||
|
|
||||||
require("./duo.scss");
|
|
||||||
|
|
||||||
document.addEventListener("DOMContentLoaded", () => {
|
|
||||||
const frameElement = document.createElement("iframe");
|
|
||||||
frameElement.setAttribute("id", "duo_iframe");
|
|
||||||
setFrameHeight();
|
|
||||||
document.body.appendChild(frameElement);
|
|
||||||
|
|
||||||
const hostParam = getQsParam("host");
|
|
||||||
const requestParam = getQsParam("request");
|
|
||||||
|
|
||||||
const hostUrl = new URL("https://" + hostParam);
|
|
||||||
if (
|
|
||||||
!hostUrl.hostname.endsWith(".duosecurity.com") &&
|
|
||||||
!hostUrl.hostname.endsWith(".duofederal.com")
|
|
||||||
) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
DuoWebSDK.init({
|
|
||||||
iframe: "duo_iframe",
|
|
||||||
host: hostUrl.hostname,
|
|
||||||
sig_request: requestParam,
|
|
||||||
submit_callback: (form: any) => {
|
|
||||||
invokeCSCode(form.elements.sig_response.value);
|
|
||||||
},
|
|
||||||
});
|
|
||||||
|
|
||||||
window.onresize = setFrameHeight;
|
|
||||||
|
|
||||||
function setFrameHeight() {
|
|
||||||
frameElement.style.height = window.innerHeight + "px";
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
function invokeCSCode(data: string) {
|
|
||||||
try {
|
|
||||||
(window as any).invokeCSharpAction(data);
|
|
||||||
} catch (err) {
|
|
||||||
// eslint-disable-next-line
|
|
||||||
console.log(err);
|
|
||||||
}
|
|
||||||
}
|
|
@ -91,11 +91,6 @@ const plugins = [
|
|||||||
chunks: ["theme_head", "app/polyfills", "app/vendor", "app/main"],
|
chunks: ["theme_head", "app/polyfills", "app/vendor", "app/main"],
|
||||||
}),
|
}),
|
||||||
new HtmlWebpackInjector(),
|
new HtmlWebpackInjector(),
|
||||||
new HtmlWebpackPlugin({
|
|
||||||
template: "./src/connectors/duo.html",
|
|
||||||
filename: "duo-connector.html",
|
|
||||||
chunks: ["connectors/duo"],
|
|
||||||
}),
|
|
||||||
new HtmlWebpackPlugin({
|
new HtmlWebpackPlugin({
|
||||||
template: "./src/connectors/webauthn.html",
|
template: "./src/connectors/webauthn.html",
|
||||||
filename: "webauthn-connector.html",
|
filename: "webauthn-connector.html",
|
||||||
@ -324,7 +319,6 @@ const webpackConfig = {
|
|||||||
"app/main": "./src/main.ts",
|
"app/main": "./src/main.ts",
|
||||||
"connectors/webauthn": "./src/connectors/webauthn.ts",
|
"connectors/webauthn": "./src/connectors/webauthn.ts",
|
||||||
"connectors/webauthn-fallback": "./src/connectors/webauthn-fallback.ts",
|
"connectors/webauthn-fallback": "./src/connectors/webauthn-fallback.ts",
|
||||||
"connectors/duo": "./src/connectors/duo.ts",
|
|
||||||
"connectors/sso": "./src/connectors/sso.ts",
|
"connectors/sso": "./src/connectors/sso.ts",
|
||||||
"connectors/captcha": "./src/connectors/captcha.ts",
|
"connectors/captcha": "./src/connectors/captcha.ts",
|
||||||
"connectors/duo-redirect": "./src/connectors/duo-redirect.ts",
|
"connectors/duo-redirect": "./src/connectors/duo-redirect.ts",
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
import { Directive, Inject, OnDestroy, OnInit } from "@angular/core";
|
import { Directive, Inject, OnDestroy, OnInit } from "@angular/core";
|
||||||
import { ActivatedRoute, NavigationExtras, Router } from "@angular/router";
|
import { ActivatedRoute, NavigationExtras, Router } from "@angular/router";
|
||||||
import * as DuoWebSDK from "duo_web_sdk";
|
|
||||||
import { firstValueFrom } from "rxjs";
|
import { firstValueFrom } from "rxjs";
|
||||||
import { first } from "rxjs/operators";
|
import { first } from "rxjs/operators";
|
||||||
|
|
||||||
@ -53,7 +52,6 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
|
|||||||
emailPromise: Promise<any>;
|
emailPromise: Promise<any>;
|
||||||
orgIdentifier: string = null;
|
orgIdentifier: string = null;
|
||||||
|
|
||||||
duoFrameless = false;
|
|
||||||
duoFramelessUrl: string = null;
|
duoFramelessUrl: string = null;
|
||||||
duoResultListenerInitialized = false;
|
duoResultListenerInitialized = false;
|
||||||
|
|
||||||
@ -177,42 +175,14 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
|
|||||||
break;
|
break;
|
||||||
case TwoFactorProviderType.Duo:
|
case TwoFactorProviderType.Duo:
|
||||||
case TwoFactorProviderType.OrganizationDuo:
|
case TwoFactorProviderType.OrganizationDuo:
|
||||||
// 2 Duo 2FA flows available
|
// Setup listener for duo-redirect.ts connector to send back the code
|
||||||
// 1. Duo Web SDK (iframe) - existing, to be deprecated
|
if (!this.duoResultListenerInitialized) {
|
||||||
// 2. Duo Frameless (new tab) - new
|
// setup client specific duo result listener
|
||||||
|
this.setupDuoResultListener();
|
||||||
// AuthUrl only exists for new Duo Frameless flow
|
this.duoResultListenerInitialized = true;
|
||||||
if (providerData.AuthUrl) {
|
|
||||||
this.duoFrameless = true;
|
|
||||||
// Setup listener for duo-redirect.ts connector to send back the code
|
|
||||||
|
|
||||||
if (!this.duoResultListenerInitialized) {
|
|
||||||
// setup client specific duo result listener
|
|
||||||
this.setupDuoResultListener();
|
|
||||||
this.duoResultListenerInitialized = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
// flow must be launched by user so they can choose to remember the device or not.
|
|
||||||
this.duoFramelessUrl = providerData.AuthUrl;
|
|
||||||
} else {
|
|
||||||
// Duo Web SDK (iframe) flow
|
|
||||||
// TODO: remove when we remove the "duo-redirect" feature flag
|
|
||||||
setTimeout(() => {
|
|
||||||
DuoWebSDK.init({
|
|
||||||
iframe: undefined,
|
|
||||||
host: providerData.Host,
|
|
||||||
sig_request: providerData.Signature,
|
|
||||||
submit_callback: async (f: HTMLFormElement) => {
|
|
||||||
const sig = f.querySelector('input[name="sig_response"]') as HTMLInputElement;
|
|
||||||
if (sig != null) {
|
|
||||||
this.token = sig.value;
|
|
||||||
await this.submit();
|
|
||||||
}
|
|
||||||
},
|
|
||||||
});
|
|
||||||
}, 0);
|
|
||||||
}
|
}
|
||||||
|
// flow must be launched by user so they can choose to remember the device or not.
|
||||||
|
this.duoFramelessUrl = providerData.AuthUrl;
|
||||||
break;
|
break;
|
||||||
case TwoFactorProviderType.Email:
|
case TwoFactorProviderType.Email:
|
||||||
this.twoFactorEmail = providerData.Email;
|
this.twoFactorEmail = providerData.Email;
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
import { SecretVerificationRequest } from "./secret-verification.request";
|
import { SecretVerificationRequest } from "./secret-verification.request";
|
||||||
|
|
||||||
export class UpdateTwoFactorDuoRequest extends SecretVerificationRequest {
|
export class UpdateTwoFactorDuoRequest extends SecretVerificationRequest {
|
||||||
integrationKey: string;
|
clientId: string;
|
||||||
secretKey: string;
|
clientSecret: string;
|
||||||
host: string;
|
host: string;
|
||||||
}
|
}
|
||||||
|
@ -3,14 +3,14 @@ import { BaseResponse } from "../../../models/response/base.response";
|
|||||||
export class TwoFactorDuoResponse extends BaseResponse {
|
export class TwoFactorDuoResponse extends BaseResponse {
|
||||||
enabled: boolean;
|
enabled: boolean;
|
||||||
host: string;
|
host: string;
|
||||||
secretKey: string;
|
clientSecret: string;
|
||||||
integrationKey: string;
|
clientId: string;
|
||||||
|
|
||||||
constructor(response: any) {
|
constructor(response: any) {
|
||||||
super(response);
|
super(response);
|
||||||
this.enabled = this.getResponseProperty("Enabled");
|
this.enabled = this.getResponseProperty("Enabled");
|
||||||
this.host = this.getResponseProperty("Host");
|
this.host = this.getResponseProperty("Host");
|
||||||
this.secretKey = this.getResponseProperty("SecretKey");
|
this.clientSecret = this.getResponseProperty("ClientSecret");
|
||||||
this.integrationKey = this.getResponseProperty("IntegrationKey");
|
this.clientId = this.getResponseProperty("ClientId");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
13
package-lock.json
generated
13
package-lock.json
generated
@ -39,7 +39,6 @@
|
|||||||
"chalk": "4.1.2",
|
"chalk": "4.1.2",
|
||||||
"commander": "11.1.0",
|
"commander": "11.1.0",
|
||||||
"core-js": "3.36.1",
|
"core-js": "3.36.1",
|
||||||
"duo_web_sdk": "github:duosecurity/duo_web_sdk",
|
|
||||||
"form-data": "4.0.0",
|
"form-data": "4.0.0",
|
||||||
"https-proxy-agent": "7.0.2",
|
"https-proxy-agent": "7.0.2",
|
||||||
"inquirer": "8.2.6",
|
"inquirer": "8.2.6",
|
||||||
@ -97,7 +96,6 @@
|
|||||||
"@storybook/testing-library": "0.2.2",
|
"@storybook/testing-library": "0.2.2",
|
||||||
"@types/argon2-browser": "1.18.1",
|
"@types/argon2-browser": "1.18.1",
|
||||||
"@types/chrome": "0.0.262",
|
"@types/chrome": "0.0.262",
|
||||||
"@types/duo_web_sdk": "2.7.1",
|
|
||||||
"@types/firefox-webext-browser": "111.0.5",
|
"@types/firefox-webext-browser": "111.0.5",
|
||||||
"@types/inquirer": "8.2.10",
|
"@types/inquirer": "8.2.10",
|
||||||
"@types/jest": "29.5.12",
|
"@types/jest": "29.5.12",
|
||||||
@ -11352,12 +11350,6 @@
|
|||||||
"dev": true,
|
"dev": true,
|
||||||
"license": "MIT"
|
"license": "MIT"
|
||||||
},
|
},
|
||||||
"node_modules/@types/duo_web_sdk": {
|
|
||||||
"version": "2.7.1",
|
|
||||||
"resolved": "https://registry.npmjs.org/@types/duo_web_sdk/-/duo_web_sdk-2.7.1.tgz",
|
|
||||||
"integrity": "sha512-DePanZjFww36yGSxXwC8B3AsjrrDuPxEcufeh4gTqVsUMpCYByxjX4PERiYZdW0typzKSt9E4I14PPp+PrSIQA==",
|
|
||||||
"dev": true
|
|
||||||
},
|
|
||||||
"node_modules/@types/ejs": {
|
"node_modules/@types/ejs": {
|
||||||
"version": "3.1.5",
|
"version": "3.1.5",
|
||||||
"resolved": "https://registry.npmjs.org/@types/ejs/-/ejs-3.1.5.tgz",
|
"resolved": "https://registry.npmjs.org/@types/ejs/-/ejs-3.1.5.tgz",
|
||||||
@ -18249,11 +18241,6 @@
|
|||||||
"node": ">=12"
|
"node": ">=12"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/duo_web_sdk": {
|
|
||||||
"version": "2.7.0",
|
|
||||||
"resolved": "git+ssh://git@github.com/duosecurity/duo_web_sdk.git#29cad7338eff2cd909a361ecdd525458862938be",
|
|
||||||
"license": "SEE LICENSE IN LICENSE"
|
|
||||||
},
|
|
||||||
"node_modules/duplexer": {
|
"node_modules/duplexer": {
|
||||||
"version": "0.1.2",
|
"version": "0.1.2",
|
||||||
"resolved": "https://registry.npmjs.org/duplexer/-/duplexer-0.1.2.tgz",
|
"resolved": "https://registry.npmjs.org/duplexer/-/duplexer-0.1.2.tgz",
|
||||||
|
@ -58,7 +58,6 @@
|
|||||||
"@storybook/testing-library": "0.2.2",
|
"@storybook/testing-library": "0.2.2",
|
||||||
"@types/argon2-browser": "1.18.1",
|
"@types/argon2-browser": "1.18.1",
|
||||||
"@types/chrome": "0.0.262",
|
"@types/chrome": "0.0.262",
|
||||||
"@types/duo_web_sdk": "2.7.1",
|
|
||||||
"@types/firefox-webext-browser": "111.0.5",
|
"@types/firefox-webext-browser": "111.0.5",
|
||||||
"@types/inquirer": "8.2.10",
|
"@types/inquirer": "8.2.10",
|
||||||
"@types/jest": "29.5.12",
|
"@types/jest": "29.5.12",
|
||||||
@ -176,7 +175,6 @@
|
|||||||
"chalk": "4.1.2",
|
"chalk": "4.1.2",
|
||||||
"commander": "11.1.0",
|
"commander": "11.1.0",
|
||||||
"core-js": "3.36.1",
|
"core-js": "3.36.1",
|
||||||
"duo_web_sdk": "github:duosecurity/duo_web_sdk",
|
|
||||||
"form-data": "4.0.0",
|
"form-data": "4.0.0",
|
||||||
"https-proxy-agent": "7.0.2",
|
"https-proxy-agent": "7.0.2",
|
||||||
"inquirer": "8.2.6",
|
"inquirer": "8.2.6",
|
||||||
|
Loading…
Reference in New Issue
Block a user