B #6385: fix time to live (2FA sunstone) (#2805)

2025-03-22 18:50:08 +03:00 · 2023-11-07 18:34:26 +01:00 · 2023-11-07 18:34:26 +01:00 · 450443e19d
commit 450443e19d
parent 9f6b8a1891
2 changed files with 28 additions and 31 deletions
--- a/src/sunstone/models/OpenNebula2FA/sunstone_optp.rb
+++ b/src/sunstone/models/OpenNebula2FA/sunstone_optp.rb
@ -26,13 +26,10 @@ class SunstoneOPTP

    def initialize(totp)
        @totp = totp
-        @five_minutes = 5 * 60
    end

    def verify(token)
-        @totp.verify(token,
-                     :drift_ahead => @five_minutes,
-                     :drift_behind => @five_minutes)
+        @totp.verify(token)
    end

    def provisioning_uri(account_name)
--- a/src/sunstone/sunstone-server.rb
+++ b/src/sunstone/sunstone-server.rb
@ -480,6 +480,33 @@ helpers do
        session[:remember]     = params[:remember]
        session[:display_name] = user[DISPLAY_NAME_XPATH] || user['NAME']

+        begin
+            http_authorization_header = request.env['HTTP_AUTHORIZATION']
+        rescue StandardError => e
+            logger.error { 'Authorization header not received' }
+        else
+            begin
+                if RUBY_VERSION > '2.0.0'
+                    auth = http_authorization_header.match(/(?<basic>\w+) (?<pass>(\w|\W)+)/)
+                    type, pass = auth[:basic], auth[:pass]
+                else
+                    type, pass = http_authorization_header.split(' ')
+                end
+            rescue StandardError => e
+                logger.error { 'Invalid authorization header format' }
+            else
+                if type && type.downcase == 'basic'
+                    session[:auth] = pass
+                else
+                    logger.info { 'Unauthorized login attempt or invalid authorization header' }
+                    return [401, '']
+                end
+            end
+        end
+
+        #get firedge JWT
+        session[:fireedge_token] = get_fireedge_token(two_factor_auth_token)
+
        csrftoken_plain = Time.now.to_f.to_s + SecureRandom.base64
        session[:csrftoken] = Digest::SHA256.hexdigest(csrftoken_plain)

@ -564,33 +591,6 @@ helpers do
        session[:federation_mode] = active_zone_configuration['FEDERATION/MODE'].upcase
        session[:mode] = $conf[:mode]

-        begin
-            http_authorization_header = request.env['HTTP_AUTHORIZATION']
-        rescue StandardError => e
-            logger.error { 'Authorization header not received' }
-        else
-            begin
-                if RUBY_VERSION > '2.0.0'
-                    auth = http_authorization_header.match(/(?<basic>\w+) (?<pass>(\w|\W)+)/)
-                    type, pass = auth[:basic], auth[:pass]
-                else
-                    type, pass = http_authorization_header.split(' ')
-                end
-            rescue StandardError => e
-                logger.error { 'Invalid authorization header format' }
-            else
-                if type && type.downcase == 'basic'
-                    session[:auth] = pass
-                else
-                    logger.info { 'Unauthorized login attempt or invalid authorization header' }
-                    return [401, '']
-                end
-            end
-        end
-
-        #get firedge JWT
-        session[:fireedge_token] = get_fireedge_token(two_factor_auth_token)
-
        [204, ""]
    end