diff --git a/src/apps/auth/app.js b/src/apps/auth/app.js index 5de6d8239..346f4b0a8 100644 --- a/src/apps/auth/app.js +++ b/src/apps/auth/app.js @@ -131,7 +131,14 @@ define(function(require) { window.location = sso.login; } } else if (urlParams.hasOwnProperty('state') && urlParams.hasOwnProperty('code')) { - // OAuth redirect + const duoAuthState = localStorage.getItem('duoAuthState') + + if (duoAuthState === urlParams.state) { + self.checkDuoAuth(urlParams.code); + return + } + + // OAuth redirect self.getNewOAuthTokenFromURLParams(urlParams, function(authData) { // Once we set our token we refresh the page to get rid of new URL params from auth callback self.buildCookiesFromSSOResponse(authData); @@ -1259,6 +1266,21 @@ define(function(require) { $template.find('.cancel-link').on('click', closePopup); }, + checkDuoAuth: function(duoCode) { + var self = this, + loginData = JSON.parse(localStorage.getItem('prevAuth')), + duoData = JSON.parse(localStorage.getItem('duoAuth')); + + loginData.multi_factor_response = { + code: duoCode, + redirect_uri: window.location.origin + }; + + self.putAuth(loginData, function(data) { + // Do Auth success + }); + }, + checkRecoveryId: function(recoveryId, callback) { var self = this; @@ -1420,43 +1442,39 @@ define(function(require) { }); }, - handleMultiFactor: function(data, loginData, success, error) { - var self = this; + handleMultiFactor: function(data, loginData, _success, error) { + var self = this, + isDuoUniversal = data.multi_factor_request.provider_name === 'duo_universal', + isDuoLegacy = data.multi_factor_request.provider_name === 'duo'; - if (data.multi_factor_request.provider_name === 'duo') { - self.showDuoDialog(data, loginData, success, error); + if (isDuoUniversal) { + self.doDuoUniversalRedirect(data, loginData); + } else if (isDuoLegacy) { + self.showDuoDialog(); } else { error && error(); } }, - showDuoDialog: function(data, loginData, success, error) { - var self = this, - wasSuccessful = false; - - require(['duo'], function() { - var template = self.getTemplate({ name: 'duo-dialog' }), - dialog = monster.ui.dialog(template, { - title: self.i18n.active().duoDialog.title, - onClose: function() { - if (!wasSuccessful) { - error && error(); - } - } - }); + doDuoUniversalRedirect: function(data, loginData) { + localStorage.setItem('prevAuth', JSON.stringify(loginData)) + localStorage.setItem('duoAuthState', _.get(data, 'multi_factor_request.duo_state', '')) - Duo.init({ - iframe: dialog.find('iframe')[0], - sig_request: data.multi_factor_request.settings.duo_sig_request, - host: data.multi_factor_request.settings.duo_api_hostname, - submit_callback: function(form) { - wasSuccessful = true; - loginData.multi_factor_response = $(form).find('[name="sig_response"]').attr('value'); - dialog.dialog('close').remove(); - success && success(loginData); - } - }); - }); + window.location.href = _.get(data, 'multi_factor_request.duo_redirect', '') + }, + + showDuoDialog: function() { + var self = this; + + monster.ui.alert( + 'warning', + self.i18n.active().duoDialog.eol.description, + null, + { + title: self.i18n.active().duoDialog.eol.title, + isPersistent: true + } + ); }, /** diff --git a/src/apps/auth/i18n/en-US.json b/src/apps/auth/i18n/en-US.json index b9c33f3a3..311af884c 100644 --- a/src/apps/auth/i18n/en-US.json +++ b/src/apps/auth/i18n/en-US.json @@ -131,7 +131,11 @@ "__comment": "UI-2552: Adding duo integration", "__version": "4.1", "duoDialog": { - "title": "Multi-factor Authentication" + "title": "Multi-factor Authentication", + "eol": { + "title": "Invalid DUO settings", + "description": "Contact your administrator to update DUO configuration" + } }, "multiFactor": { "error": "The information sent by the multi-factor plugin isn't valid."