F OpenNebula#2497: two factor authentication

Signed-off-by: Jorge Lobo <jlobo@opennebula.systems>
jloboescalona2 · Jul 2, 2019 · ce516ff · ce516ff
1 parent 32232f6
commit ce516ff
Show file tree

Hide file tree

Showing 7 changed files with 96 additions and 292 deletions.
diff --git a/install.sh b/install.sh
@@ -1983,8 +1983,7 @@ SUNSTONE_ROUTES_FILES="src/sunstone/routes/oneflow.rb \
 SUNSTONE_PUBLIC_CSS_FILES="src/sunstone/public/css/app.min.css \
                 src/sunstone/public/css/opensans/opensans.woff \
                 src/sunstone/public/css/novnc-custom.css \
-                src/sunstone/public/css/spice-custom.css \
-                src/sunstone/public/css/login.css"
+                src/sunstone/public/css/spice-custom.css"
 
 SUNSTONE_PUBLIC_FONT_AWSOME="src/sunstone/public/bower_components/fontawesome/web-fonts-with-css/webfonts/fa-brands-400.eot \
                 src/sunstone/public/bower_components/fontawesome/web-fonts-with-css/webfonts/fa-brands-400.svg \
@@ -2004,8 +2003,6 @@ SUNSTONE_PUBLIC_FONT_AWSOME="src/sunstone/public/bower_components/fontawesome/we
 
 SUNSTONE_PUBLIC_IMAGES_FILES="src/sunstone/public/images/ajax-loader.gif \
                         src/sunstone/public/images/favicon.ico \
-                        src/sunstone/public/images/login_over.png \
-                        src/sunstone/public/images/login.png \
                         src/sunstone/public/images/advanced_layout.png \
                         src/sunstone/public/images/cloud_layout.png \
                         src/sunstone/public/images/vcenter_layout.png \

diff --git a/src/sunstone/models/my_totp.rb b/src/sunstone/models/my_totp.rb
@@ -15,6 +15,7 @@
 #--------------------------------------------------------------------------- #
 
 require 'rotp'
+require 'pry-byebug'
 
 class MyTotp
     def self.build(secret, issuer)
@@ -23,12 +24,17 @@ def self.build(secret, issuer)
     end
 
     def initialize(totp)
-        @totp = totp
         @five_minutes = 5 * 60
+        @totp = totp
     end
 
     def verify(token)
-        @totp.verify(token, drift_ahead: @five_minutes, drift_behind: @five_minutes)
+        #binding.pry
+        begin
+          @totp.verify(token, drift_ahead: @five_minutes, drift_behind: @five_minutes)
+        rescue Exception => e
+          raise e
+        end
     end
 
     def provisioning_uri(account_name)

diff --git a/src/sunstone/public/app/login.js b/src/sunstone/public/app/login.js
@@ -17,13 +17,26 @@
 define(function(require) {
   require('../bower_components/jquery/dist/jquery.min');
   var OpenNebulaAuth = require('opennebula/auth');
+  var showErrorAuth = false;
+  var textOpenNebulaNotRunning = "OpenNebula is not running or there was a server exception. Please check the server logs.";
+  var textInvalidUserorPassword = "Invalid username or password"; 
+  var textNoAnswerFromServer = "No answer from server. Is it running?";
+  var textTwoFactorTokenInvalid = "Two factor Token Invalid";
 
   function auth_success(req, response) {
     if (response && response.code && response.code === "two_factor_auth") {
-      $("#login_form").fadeOut("slow");
+      $("#login_form").hide();
       $("#login_spinner").hide();
       $("#two_factor_auth").fadeIn("slow");
+      if(!showErrorAuth){
+        showErrorAuth = true;
+      } else {
+        $("#error_message").text(textTwoFactorTokenInvalid);
+        $("#error_box").fadeIn("slow");
+        $("#login_spinner").hide();
+      }
     } else {
+      showErrorAuth = false;
       window.location.href = ".";
     }
   }
@@ -34,13 +47,13 @@ define(function(require) {
 
     switch (status){
     case 401:
-      $("#error_message").text("Invalid username or password");
+      $("#error_message").text(textInvalidUserorPassword);
       break;
     case 500:
-      $("#error_message").text("OpenNebula is not running or there was a server exception. Please check the server logs.");
+      $("#error_message").text(textOpenNebulaNotRunning);
       break;
     case 0:
-      $("#error_message").text("No answer from server. Is it running?");
+      $("#error_message").text(textNoAnswerFromServer);
       break;
     default:
       $("#error_message").text("Unexpected error. Status " + status + ". Check the server logs.");

diff --git a/src/sunstone/public/css/login.css b/src/sunstone/public/css/login.css
diff --git a/src/sunstone/public/scss/_login.scss b/src/sunstone/public/scss/_login.scss
@@ -1,10 +1,18 @@
 body#login{
+  display: inline-flex;
+  width: 100%;
 
   #wrapper{
     margin-left: auto;
     margin-right: auto;
     width: 900px;
     text-align: center;
+    display: inline-flex;
+    align-items: center;
+
+    &>div{
+      width: 100%;
+    }
 
     div#logo_sunstone {
       height: 200px;
@@ -32,8 +40,8 @@ body#login{
           -moz-box-shadow: 0px 0px 5px 0px rgba(0,0,0,0.75);
           box-shadow: 0px 0px 5px 0px rgba(0,0,0,0.75);
           padding: .5rem 1rem;
-          border: 1px solid rgba(0, 0, 0, 0.2);
           background-color: #F6F6F6;
+          background-image: linear-gradient(180deg, #F6F6F6 0%, rgba(0,0,0,0.2) 51%, rgba(0,0,0,0.3) 100%);
 
           &:after{
             content: "Login";
@@ -53,6 +61,16 @@ body#login{
       display: inline-block;
       padding-right: 10px;
     }
+    .error-place{
+      position: relative;
+      margin-top: 1rem;
+
+      #error_box{
+        display: block;
+        position: absolute;
+        width: 100%;
+      }
+    }
   }
 
   #footer {