From a7beed334fff109c3cb031a1d12e5ccfd74d0859 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Mon, 24 Jul 2017 11:48:19 -0400 Subject: [PATCH] u2f fixes and mobile filter for 2fa methods --- src/app/accounts/accountsLoginController.js | 42 ++++++++++++++++++--- src/app/constants.js | 15 +++++--- src/js/u2f-connector.js | 7 ++-- 3 files changed, 49 insertions(+), 15 deletions(-) diff --git a/src/app/accounts/accountsLoginController.js b/src/app/accounts/accountsLoginController.js index cd3a285ffa..747d6f7e47 100644 --- a/src/app/accounts/accountsLoginController.js +++ b/src/app/accounts/accountsLoginController.js @@ -66,8 +66,9 @@ angular if (twoFactorProviders && Object.keys(twoFactorProviders).length > 0) { _email = model.email; _masterPassword = model.masterPassword; - $scope.twoFactorProviders = twoFactorProviders; - $scope.twoFactorProvider = getDefaultProvider(twoFactorProviders); + + $scope.twoFactorProviders = cleanProviders(twoFactorProviders); + $scope.twoFactorProvider = getDefaultProvider($scope.twoFactorProviders); $analytics.eventTrack('Logged In To Two-step'); $state.go('frontend.login.twoFactor', { returnState: $scope.returnState }).then(function () { @@ -109,6 +110,38 @@ angular return parseInt(providerType); } + function cleanProviders(twoFactorProviders) { + if (canUseSecurityKey()) { + return twoFactorProviders; + } + + var keys = Object.keys(twoFactorProviders); + var cleanedProviders = []; + for (var i = 0; i < keys.length; i++) { + var provider = $filter('filter')(constants.twoFactorProviderInfo, { + type: keys[i], + active: true, + requiresUsb: false + }); + if (provider.length) { + cleanedProviders.push(twoFactorProviders[keys[i]]); + } + } + return cleanedProviders; + } + + // ref: https://stackoverflow.com/questions/11381673/detecting-a-mobile-browser + function canUseSecurityKey() { + var mobile = false; + (function (a) { + if (/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i.test(a) || /1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i.test(a.substr(0, 4))) { + mobile = true; + } + })(navigator.userAgent || navigator.vendor || window.opera); + + return !mobile && !navigator.userAgent.match(/iPad/i); + } + $scope.twoFactor = function (token) { if ($scope.twoFactorProvider === constants.twoFactorProvider.email || $scope.twoFactorProvider === constants.twoFactorProvider.authenticator) { @@ -221,10 +254,7 @@ angular if (data.errorCode) { console.log(data.errorCode); - - if (data.errorCode === 5) { - initU2f(challenges); - } + initU2f(challenges); return; } diff --git a/src/app/constants.js b/src/app/constants.js index 6e1c59aa06..0b729f5de6 100644 --- a/src/app/constants.js +++ b/src/app/constants.js @@ -39,7 +39,8 @@ angular.module('bit') free: true, image: 'authapp.png', displayOrder: 0, - priority: 1 + priority: 1, + requiresUsb: false }, { type: 3, @@ -49,7 +50,8 @@ angular.module('bit') active: true, image: 'yubico.png', displayOrder: 1, - priority: 3 + priority: 3, + requiresUsb: true }, { type: 2, @@ -59,7 +61,8 @@ angular.module('bit') active: true, image: 'duo.png', displayOrder: 2, - priority: 2 + priority: 2, + requiresUsb: false }, { type: 4, @@ -69,7 +72,8 @@ angular.module('bit') active: true, image: 'fido.png', displayOrder: 3, - priority: 4 + priority: 4, + requiresUsb: true }, { type: 1, @@ -80,7 +84,8 @@ angular.module('bit') free: true, image: 'gmail.png', displayOrder: 4, - priority: 0 + priority: 0, + requiresUsb: false } ], plans: { diff --git a/src/js/u2f-connector.js b/src/js/u2f-connector.js index 4e5c2e54c8..78d105942a 100644 --- a/src/js/u2f-connector.js +++ b/src/js/u2f-connector.js @@ -71,12 +71,11 @@ function initU2f(obj) { u2f.sign(obj.appId, obj.challenge, obj.keys, function (data) { if (data.errorCode) { - if (data.errorCode === 5) { - initU2f(obj); - return; + if (data.errorCode !== 5) { + error('U2F Error: ' + data.errorCode); } - error('U2F Error: ' + data.errorCode); + initU2f(obj); return; }