Implement better radius support

2022-10-26 13:45:05 -05:00
parent 0d24782691
commit d63de520c9
11 changed files with 2332 additions and 2319 deletions
--- a/app/models/auth/User.model.js
+++ b/app/models/auth/User.model.js
@@ -155,6 +155,38 @@ class User extends AuthUser {
        await this.save()
    }

+    async check_credential_string(credential) {
+        // Check if the credentials are an app_password
+        const app_password_verified = Array.isArray(this.app_passwords)
+            && this.app_passwords.length > 0
+            && await this.check_app_password(credential)
+
+        // Check if the user has MFA enabled.
+        // If so, split the incoming password to fetch the MFA code
+        // e.g. normalPassword:123456
+        if ( !app_password_verified && this.mfa_enabled ) {
+            const parts = credential.split(':')
+            const mfa_code = parts.pop()
+            const actual_password = parts.join(':')
+
+            // Check the credentials
+            if ( !await this.check_password(actual_password) ) {
+                return false
+            }
+
+            // Now, check the MFA code
+            if ( !this.mfa_token.verify(mfa_code) ) {
+                return false
+            }
+
+        // If not MFA, just check the credentials
+        } else if (!app_password_verified && !await this.check_password(credential)) {
+            return false
+        }
+
+        return true
+    }
+
    async check_password(password) {
        return this.get_provider().check_user_auth(this, password)
    }