diff --git a/lib/api/2fa/u2f.js b/lib/api/2fa/u2f.js index 1812bde3..f2e9857c 100644 --- a/lib/api/2fa/u2f.js +++ b/lib/api/2fa/u2f.js @@ -30,6 +30,9 @@ module.exports = (db, server, userHandler) => { .lowercase() .length(24) .required(), + appId: Joi.string() + .empty('') + .uri(), sess: Joi.string().max(255), ip: Joi.string().ip({ version: ['ipv4', 'ipv6'], @@ -225,6 +228,9 @@ module.exports = (db, server, userHandler) => { .lowercase() .length(24) .required(), + appId: Joi.string() + .empty('') + .uri(), sess: Joi.string().max(255), ip: Joi.string().ip({ version: ['ipv4', 'ipv6'], diff --git a/lib/api/auth.js b/lib/api/auth.js index 053d9eab..82981ea6 100644 --- a/lib/api/auth.js +++ b/lib/api/auth.js @@ -80,6 +80,10 @@ module.exports = (db, server, userHandler) => { protocol: Joi.string().default('API'), scope: Joi.string().default('master'), + appId: Joi.string() + .empty('') + .uri(), + sess: Joi.string().max(255), ip: Joi.string().ip({ version: ['ipv4', 'ipv6'], @@ -106,6 +110,10 @@ module.exports = (db, server, userHandler) => { ip: result.value.ip }; + if (result.value.appId) { + meta.appId = result.value.appId; + } + userHandler.authenticate(result.value.username, result.value.password, result.value.scope, meta, (err, authData) => { if (err) { res.json({ diff --git a/lib/user-handler.js b/lib/user-handler.js index 2e918e07..9d5f130a 100644 --- a/lib/user-handler.js +++ b/lib/user-handler.js @@ -408,7 +408,7 @@ class UserHandler { if (!enabled2fa.includes('u2f') || !userData.u2f || !userData.u2f.keyHandle) { return done(null, false); } - this.generateU2fAuthRequest(userData._id, userData.u2f.keyHandle, done); + this.generateU2fAuthRequest(userData._id, userData.u2f.keyHandle, meta.appId, done); }; let authSuccess = (...args) => { @@ -730,10 +730,10 @@ class UserHandler { }); } - generateU2fAuthRequest(user, keyHandle, callback) { + generateU2fAuthRequest(user, keyHandle, appId, callback) { let authRequest; try { - authRequest = u2f.request(config.u2f.appId, keyHandle); + authRequest = u2f.request(appId || config.u2f.appId, keyHandle); } catch (E) { log.error('U2F', 'U2FFAIL request id=%s error=%s', user, E.message); } @@ -1959,10 +1959,10 @@ class UserHandler { ); } - setupU2f(user, data, callback) { + setupU2f(user, data, appId, callback) { let registrationRequest; try { - registrationRequest = u2f.request(config.u2f.appId); + registrationRequest = u2f.request(data.appId || config.u2f.appId); } catch (E) { log.error('U2F', 'U2FFAIL request id=%s error=%s', user, E.message); } @@ -2297,7 +2297,7 @@ class UserHandler { return callback(err); } - this.generateU2fAuthRequest(user, userData.u2f.keyHandle, (err, authRequest) => { + this.generateU2fAuthRequest(user, userData.u2f.keyHandle, data.appId, (err, authRequest) => { if (err) { return callback(err); } diff --git a/package.json b/package.json index 11975d95..39cd5e0d 100644 --- a/package.json +++ b/package.json @@ -54,7 +54,7 @@ "mailsplit": "4.2.0", "mobileconfig": "2.1.0", "mongo-cursor-pagination-node6": "5.0.0", - "mongodb": "3.0.10", + "mongodb": "3.1.0", "mongodb-extended-json": "1.10.0", "node-forge": "0.7.5", "nodemailer": "4.6.7", @@ -70,7 +70,7 @@ "tlds": "1.203.1", "u2f": "0.1.3", "utf7": "1.0.2", - "uuid": "3.2.1", + "uuid": "3.3.0", "wild-config": "1.3.6" }, "repository": {