Skip to content

Commit

Permalink
Handle user's with no password record for two factor authentication.
Browse files Browse the repository at this point in the history 
It makes sense for a system configured for LDAP authentication to also
want to use two factor authentication, and a user does not need to have
a local password defined for LDAP authentcation.  However, this is not
something that I realized when I implemented two factor authentication.
So I assumed a password record would exist.

This fixes the OTP verification for the case that a password does not
exist in the database for a user.  I.e., this fixes issue openwebwork#2494.
  • Loading branch information
@drgrice1
drgrice1 committed Aug 8, 2024
1 parent 0e92922 commit 9cc4d1d
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
3 changes: 2 additions & 1 deletion lib/WeBWorK/Authen.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -482,7 +482,8 @@ sub verify_normal_user {
# two_factor_verification_needed is deleted from the session.
my $otp_code = trim($c->param('otp_code'));
if (defined $otp_code && $otp_code ne '') {
my $password = $c->db->getPassword($user_id);
# The password record may not be defined (e.g. for LDAP authentication). So create one if it isn't.
my $password = $c->db->getPassword($user_id) // $c->db->newPassword(user_id => $user_id);
if (
WeBWorK::Utils::TOTP->new(
secret => $self->session->{otp_secret} // $password->otp_secret,
Expand Down
5 changes: 2 additions & 3 deletions lib/WeBWorK/ContentGenerator/TwoFactorAuthentication.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,11 +44,9 @@ sub pre_header_initialize ($c) {
$c->stash->{otp_qrcode} = '';
$c->stash->{authen_error} //= '';

# Note that this user has already authenticated with username and password,
# so this and the $user below should exist.
my $password = $c->db->getPassword($c->authen->{user_id});

if (!$password->otp_secret) {
if (!$password || !$password->otp_secret) {
my $totp =
WeBWorK::Utils::TOTP->new(
$c->authen->session->{otp_secret} ? (secret => $c->authen->session->{otp_secret}) : ());
Expand All @@ -61,6 +59,7 @@ sub pre_header_initialize ($c) {
GD::Barcode::QRcode->new($otp_link, { Ecc => 'L', ModuleSize => 4, Version => 0 })->plot->png;
};

# Note that this user has already authenticated so the user record should exist.
my $user = $c->db->getUser($c->authen->{user_id});

if ($ce->{twoFA}{email_sender} && (my $recipient = $user->email_address)) {
Expand Down

0 comments on commit 9cc4d1d

Please sign in to comment.