Adds MFA

sdslabs · Dec 10, 2023 · 5162cbe · 5162cbe
1 parent 008e54b
commit 5162cbe
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 9 deletions.
diff --git a/api/login.go b/api/login.go
@@ -14,7 +14,7 @@ import (
 
 func HandleGetLoginFlow(c *gin.Context) {
 	log.Logger.Debug("Get Login")
-	cookie, flowID, csrf_token, err := login.InitializeLoginFlowWrapper("aal1")
+	cookie, flowID, csrf_token, err := login.InitializeLoginFlowWrapper("aal1", "")
 
 	if err != nil {
 		log.ErrorLogger("Initialize Login Failed", err)

diff --git a/api/mfa.go b/api/mfa.go
@@ -2,6 +2,7 @@ package api
 
 import (
 	"net/http"
+	"strings"
 
 	"github.com/gin-gonic/gin"
 
@@ -12,7 +13,8 @@ import (
 
 func HandleGetMFAFlow(c *gin.Context) {
 	log.Logger.Debug("Get MFA")
-	flow_cookie, flowID, csrf_token, err := login.InitializeLoginFlowWrapper("aal2")
+	cookie, _ := c.Cookie("sdslabs_session")
+	flow_cookie, flowID, csrf_token, err := login.InitializeLoginFlowWrapper("aal2", cookie)
 
 	if err != nil {
 		log.ErrorLogger("Initialize MFA Failed", err)
@@ -51,8 +53,11 @@ func HandlePostMFAFlow(c *gin.Context) {
 		})
 		return
 	}
+	session_cookie, _ := c.Cookie("sdslabs_session")
+	csrfToken := req_body.CsrfToken
+	cookie := strings.Split(flow_cookie, ";")[0] + "; " + strings.Split(session_cookie, ";")[0] + "; x-csrf-token=" + csrfToken
 
-	identity, session, err := login.SubmitLoginWithMFAWrapper(flow_cookie, req_body.FlowID, req_body.CsrfToken, req_body.TOTP)
+	identity, session, err := login.SubmitLoginWithMFAWrapper(cookie, req_body.FlowID, req_body.CsrfToken, req_body.TOTP)
 
 	if err != nil {
 		log.ErrorLogger("Kratos post MFA flow failed", err)

diff --git a/pkg/wrapper/kratos/login/login.go b/pkg/wrapper/kratos/login/login.go
@@ -8,12 +8,13 @@ import (
 	"github.com/sdslabs/nymeria/config"
 )
 
-func InitializeLoginFlowWrapper(aal string) (string, string, string, error) {
+func InitializeLoginFlowWrapper(aal string, cookie string) (string, string, string, error) {
 	refresh := false                         // bool | Refresh a login session  If set to true, this will refresh an existing login session by asking the user to sign in again. This will reset the authenticated_at time of the session. (optional)
 	returnTo := "http://127.0.0.1:4455/ping" // string | The URL to return the browser to after the flow was completed. (optional)
 
 	apiClient := client.NewAPIClient(config.KratosClientConfig)
-	resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceLoginFlowForBrowsers(context.Background()).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Execute()
+
+	resp, r, err := apiClient.V0alpha2Api.InitializeSelfServiceLoginFlowForBrowsers(context.Background()).Refresh(refresh).Aal(aal).ReturnTo(returnTo).Cookie(cookie).Execute()
 
 	if err != nil {
 		return "", "", "", err
@@ -40,7 +41,6 @@ func SubmitLoginFlowWrapper(cookie string, flowID string, csrfToken string, pass
 
 	apiClient := client.NewAPIClient(config.KratosClientConfig)
 	resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceLoginFlow(context.Background()).Flow(flowID).SubmitSelfServiceLoginFlowBody(submitDataBody).XSessionToken("").Cookie(cookie).Execute()
-
 	if err != nil {
 		return *client.NewSessionWithDefaults(), "", err
 	}
@@ -53,9 +53,10 @@ func SubmitLoginFlowWrapper(cookie string, flowID string, csrfToken string, pass
 func SubmitLoginWithMFAWrapper(cookie string, flowID string, csrfToken string, totp string) (client.Session, string, error) {
 	submitDataBody := client.SubmitSelfServiceLoginFlowBody{SubmitSelfServiceLoginFlowWithTotpMethodBody: client.NewSubmitSelfServiceLoginFlowWithTotpMethodBody("totp", totp)} // SubmitSelfServiceLoginFlowBody |
 
-	submitDataBody.SubmitSelfServiceLoginFlowWithPasswordMethodBody.SetCsrfToken(csrfToken)
+	submitDataBody.SubmitSelfServiceLoginFlowWithTotpMethodBody.SetCsrfToken(csrfToken)
 
 	apiClient := client.NewAPIClient(config.KratosClientConfig)
+
 	resp, r, err := apiClient.V0alpha2Api.SubmitSelfServiceLoginFlow(context.Background()).Flow(flowID).SubmitSelfServiceLoginFlowBody(submitDataBody).XSessionToken("").Cookie(cookie).Execute()
 
 	if err != nil {
@@ -64,5 +65,5 @@ func SubmitLoginWithMFAWrapper(cookie string, flowID string, csrfToken string, t
 
 	responseCookies := r.Header["Set-Cookie"]
 
-	return resp.Session, responseCookies[1], nil
+	return resp.Session, responseCookies[0], nil
 }
diff --git a/pkg/wrapper/kratos/settings/settings.go b/pkg/wrapper/kratos/settings/settings.go
@@ -124,7 +124,7 @@ func SubmitSettingsFlowTOTPMethod(flow_cookie string, session_cookie string, flo
 	cookie := strings.Split(flow_cookie, ";")[0] + "; " + strings.Split(session_cookie, ";")[0] + "; x-csrf-token=" + csrfToken
 	req.URL.RawQuery = q.Encode()
 	req.Header.Set("Cookie", cookie)
-	req.Header.Set("Contentp-Type", "application/json")
+	req.Header.Set("Content-Type", "application/json")
 
 	resp, err := client.Do(req)