Fixed HTML5 window opening & MFA

2022-07-06 13:17:35 +02:00 · 2022-07-06 13:17:35 +02:00 · fcdf599e18
commit fcdf599e18
parent 05b6bebf36
4 changed files with 13 additions and 12 deletions
--- a/server/src/uds/core/mfas/mfa.py
+++ b/server/src/uds/core/mfas/mfa.py
@ -160,7 +160,7 @@ class MFA(Module):
        try:
            if data and validity:
                # if we have a stored code, check if it's still valid
-                if data[0] + datetime.timedelta(seconds=validity) < getSqlDatetime():
+                if data[0] + datetime.timedelta(seconds=validity) > getSqlDatetime():
                    # if it's still valid, just return without sending a new one
                    return MFA.RESULT.OK
        except Exception:
@ -189,8 +189,10 @@ class MFA(Module):
            data = self.storage.getPickle(storageKey)
            if data and len(data) == 2:
                validity = validity if validity is not None else self.validity() * 60
-                if validity and data[0] + datetime.timedelta(seconds=validity) > getSqlDatetime():
+                if validity > 0 and data[0] + datetime.timedelta(seconds=validity) < getSqlDatetime():
                    # if it is no more valid, raise an error
+                    # Remove stored code and raise error
+                    self.storage.remove(storageKey)
                    raise exceptions.MFAError('MFA Code expired')

                # Check if the code is valid
--- a/server/src/uds/mfas/Email/mfa.py
+++ b/server/src/uds/mfas/Email/mfa.py
@ -41,11 +41,11 @@ class EmailMFA(mfas.MFA):
    security = gui.ChoiceField(
        label=_('Security'),
        tooltip=_('Security protocol to use'),
-        values=[
-            gui.choiceItem('tls', _('TLS')),
-            gui.choiceItem('ssl', _('SSL')),
-            gui.choiceItem('none', _('None')),
-        ],
+        values={
+            'tls': _('TLS'),
+            'ssl': _('SSL'),
+            'none': _('None'),
+        },
        order=2,
        required=True,
        tab=_('SMTP Server'),
--- a/server/src/uds/transports/HTML5RDP/html5rdp.py
+++ b/server/src/uds/transports/HTML5RDP/html5rdp.py
@ -456,7 +456,7 @@ class HTML5RDPTransport(transports.Transport):
            'create-drive-path': 'true',
            'ticket-info': {
                'userService': userService.uuid,
-                'user': userService.user.uuid,
+                'user': userService.user.uuid if userService.user else '',
            },
        }

@ -500,12 +500,11 @@ class HTML5RDPTransport(transports.Transport):

        ticket = models.TicketStore.create(params, validity=self.ticketValidity.num())

-        onw = ''
+        onw = '&o_n_w={}'.format(transport.uuid)
        if self.forceNewWindow.value == gui.TRUE:
-            onw = '&o_n_w={}'
+            onw = '&o_n_w={}'.format(userService.deployed_service.uuid)
        elif self.forceNewWindow.value == 'overwrite':
            onw = '&o_s_w=yes'
-        onw = onw.format(hash(transport.name))
        path = (
            self.customGEPath.value
            if self.useGlyptodonTunnel.isTrue()
--- a/server/src/uds/web/views/modern.py
+++ b/server/src/uds/web/views/modern.py
@ -193,7 +193,7 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
    mfaInstance = mfaProvider.getInstance()

    # Get validity duration
-    validity = min(mfaInstance.validity(), mfaProvider.validity * 60)
+    validity = min(mfaInstance.validity(), mfaProvider.validity) * 60
    start_time = request.session.get('mfa_start_time', time.time())

    # If mfa process timed out, we need to start login again