Skip to content

Commit

Permalink
Make challenger reset on deauth, add retrial stop point, remove cooki…
Browse files Browse the repository at this point in the history 
…e on reset, extend read deadline git challenge
  • Loading branch information
@NHAS
NHAS committed Nov 29, 2024
1 parent afa44ae commit ca3b1ee
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 5 deletions.
18 changes: 16 additions & 2 deletions internal/mfaportal/resources/static/js/challenge.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,30 @@ const httpsEnabled = window.location.protocol == "https:";
const url = (httpsEnabled ? 'wss://' : 'ws://') + window.location.host + "/challenge/";

let backoff = 200;
let attempts = 0;
let challenge = localStorage.getItem("challenge");
if (challenge === null || challenge === "null") {
if (challenge === null || challenge === "null" || challenge == "") {
// oidc sets the challenge via cookie
challenge = getCookie("challenge");
if(challenge !== null) {
if(challenge !== null || challenge != "") {
localStorage.setItem("challenge", challenge)
} else {
challenge = null
}
deleteCookie("challenge")
}



function connect() {

attempts++;

if(attempts > 5) {
console.log("giving up retrying websockets connection")
return
}

let ws = new WebSocket(url);
ws.onopen = function () {
ws.send(
Expand All @@ -29,12 +41,14 @@ function connect() {
let msg = JSON.parse(e.data)
switch(msg) {
case "challenge":
attempts = 0;
ws.send(
JSON.stringify({challenge: challenge
}));
return
case "reset":
localStorage.removeItem("challenge")
deleteCookie("challenge")
window.location.href = '/'
return
}
Expand Down
6 changes: 5 additions & 1 deletion internal/router/firewall.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -291,7 +291,11 @@ func (f *Firewall) Deauthenticate(address string) error {
return fmt.Errorf("failed to parse address as netip.Addr: %s", err)
}

return f._deauthenticate(addr)
err = f._deauthenticate(addr)

f.challenger.Reset(address)

return err
}

func (f *Firewall) _deauthenticate(address netip.Addr) error {
Expand Down
4 changes: 2 additions & 2 deletions internal/router/session_manager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ func (c *Challenger) Challenge(address string) error {
return fmt.Errorf("no connection found for device: %s", address)
}

err = conn.SetWriteDeadline(time.Now().Add(2 * time.Second))
err = conn.SetWriteDeadline(time.Now().Add(40 * time.Second))
if err != nil {
conn.Close()
return err
Expand All @@ -95,7 +95,7 @@ func (c *Challenger) Challenge(address string) error {
return err
}

err = conn.SetReadDeadline(time.Now().Add(2 * time.Second))
err = conn.SetReadDeadline(time.Now().Add(40 * time.Second))
if err != nil {
conn.Close()
return err
Expand Down
2 changes: 2 additions & 0 deletions internal/router/statemachine.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,8 @@ func (f *Firewall) deviceChanges(_ string, current, previous data.Device, et dat
if err != nil {
return fmt.Errorf("cannot deauthenticate device %s: %s", current.Address, err)
}
// attempt to tell the device to reset on deauth

} else {
log.Printf("%s:%s device succeeded challenge", current.Username, current.Address)
}
Expand Down

0 comments on commit ca3b1ee

Please sign in to comment.