diff --git a/server/src/uds/core/mfas/mfa.py b/server/src/uds/core/mfas/mfa.py index 99bd9542..88e848bc 100644 --- a/server/src/uds/core/mfas/mfa.py +++ b/server/src/uds/core/mfas/mfa.py @@ -160,7 +160,7 @@ class MFA(Module): try: if data and validity: # if we have a stored code, check if it's still valid - if data[0] + datetime.timedelta(seconds=validity) < getSqlDatetime(): + if data[0] + datetime.timedelta(seconds=validity) > getSqlDatetime(): # if it's still valid, just return without sending a new one return MFA.RESULT.OK except Exception: @@ -189,8 +189,10 @@ class MFA(Module): data = self.storage.getPickle(storageKey) if data and len(data) == 2: validity = validity if validity is not None else self.validity() * 60 - if validity and data[0] + datetime.timedelta(seconds=validity) > getSqlDatetime(): + if validity > 0 and data[0] + datetime.timedelta(seconds=validity) < getSqlDatetime(): # if it is no more valid, raise an error + # Remove stored code and raise error + self.storage.remove(storageKey) raise exceptions.MFAError('MFA Code expired') # Check if the code is valid diff --git a/server/src/uds/mfas/Email/mfa.py b/server/src/uds/mfas/Email/mfa.py index 6b98dbbc..4ab15833 100644 --- a/server/src/uds/mfas/Email/mfa.py +++ b/server/src/uds/mfas/Email/mfa.py @@ -41,11 +41,11 @@ class EmailMFA(mfas.MFA): security = gui.ChoiceField( label=_('Security'), tooltip=_('Security protocol to use'), - values=[ - gui.choiceItem('tls', _('TLS')), - gui.choiceItem('ssl', _('SSL')), - gui.choiceItem('none', _('None')), - ], + values={ + 'tls': _('TLS'), + 'ssl': _('SSL'), + 'none': _('None'), + }, order=2, required=True, tab=_('SMTP Server'), diff --git a/server/src/uds/transports/HTML5RDP/html5rdp.py b/server/src/uds/transports/HTML5RDP/html5rdp.py index c9ec3258..7e22a86a 100644 --- a/server/src/uds/transports/HTML5RDP/html5rdp.py +++ b/server/src/uds/transports/HTML5RDP/html5rdp.py @@ -456,7 +456,7 @@ class HTML5RDPTransport(transports.Transport): 'create-drive-path': 'true', 'ticket-info': { 'userService': userService.uuid, - 'user': userService.user.uuid, + 'user': userService.user.uuid if userService.user else '', }, } @@ -500,12 +500,11 @@ class HTML5RDPTransport(transports.Transport): ticket = models.TicketStore.create(params, validity=self.ticketValidity.num()) - onw = '' + onw = '&o_n_w={}'.format(transport.uuid) if self.forceNewWindow.value == gui.TRUE: - onw = '&o_n_w={}' + onw = '&o_n_w={}'.format(userService.deployed_service.uuid) elif self.forceNewWindow.value == 'overwrite': onw = '&o_s_w=yes' - onw = onw.format(hash(transport.name)) path = ( self.customGEPath.value if self.useGlyptodonTunnel.isTrue() diff --git a/server/src/uds/web/views/modern.py b/server/src/uds/web/views/modern.py index 270f95ca..79eae89e 100644 --- a/server/src/uds/web/views/modern.py +++ b/server/src/uds/web/views/modern.py @@ -193,7 +193,7 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse: mfaInstance = mfaProvider.getInstance() # Get validity duration - validity = min(mfaInstance.validity(), mfaProvider.validity * 60) + validity = min(mfaInstance.validity(), mfaProvider.validity) * 60 start_time = request.session.get('mfa_start_time', time.time()) # If mfa process timed out, we need to start login again