TOTP max invalid tries
This commit is contained in:
iranl
@@ -5,7 +5,7 @@
|
|||||||
#define NUKI_HUB_VERSION "9.09"
|
#define NUKI_HUB_VERSION "9.09"
|
||||||
#define NUKI_HUB_VERSION_INT (uint32_t)909
|
#define NUKI_HUB_VERSION_INT (uint32_t)909
|
||||||
#define NUKI_HUB_BUILD "unknownbuildnr"
|
#define NUKI_HUB_BUILD "unknownbuildnr"
|
||||||
#define NUKI_HUB_DATE "2025-02-10"
|
#define NUKI_HUB_DATE "2025-02-11"
|
||||||
|
|
||||||
#define GITHUB_LATEST_RELEASE_URL (char*)"https://github.com/technyon/nuki_hub/releases/latest"
|
#define GITHUB_LATEST_RELEASE_URL (char*)"https://github.com/technyon/nuki_hub/releases/latest"
|
||||||
#define GITHUB_OTA_MANIFEST_URL (char*)"https://raw.githubusercontent.com/technyon/nuki_hub/binary/ota/manifest.json"
|
#define GITHUB_OTA_MANIFEST_URL (char*)"https://raw.githubusercontent.com/technyon/nuki_hub/binary/ota/manifest.json"
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
#include "ImportExport.h"
|
#include "ImportExport.h"
|
||||||
|
#include "EspMillis.h"
|
||||||
#include "SPIFFS.h"
|
#include "SPIFFS.h"
|
||||||
#include "Logger.h"
|
#include "Logger.h"
|
||||||
#include "PreferencesKeys.h"
|
#include "PreferencesKeys.h"
|
||||||
@@ -268,10 +269,18 @@ int ImportExport::checkDuoApprove()
|
|||||||
|
|
||||||
bool ImportExport::checkTOTP(String* totpKey)
|
bool ImportExport::checkTOTP(String* totpKey)
|
||||||
{
|
{
|
||||||
String key(totpKey->c_str());
|
|
||||||
|
|
||||||
if(_totpEnabled)
|
if(_totpEnabled)
|
||||||
{
|
{
|
||||||
|
if((pow(_invalidCount, 5) + _lastCodeCheck) > espMillis())
|
||||||
|
{
|
||||||
|
_lastCodeCheck = espMillis();
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
_lastCodeCheck = espMillis();
|
||||||
|
|
||||||
|
String key(totpKey->c_str());
|
||||||
|
|
||||||
time_t now;
|
time_t now;
|
||||||
time(&now);
|
time(&now);
|
||||||
int totpTime = -60;
|
int totpTime = -60;
|
||||||
@@ -282,11 +291,13 @@ bool ImportExport::checkTOTP(String* totpKey)
|
|||||||
|
|
||||||
if(key.toInt() == key2.toInt())
|
if(key.toInt() == key2.toInt())
|
||||||
{
|
{
|
||||||
|
_invalidCount = 0;
|
||||||
Log->println("Successful TOTP MFA Auth");
|
Log->println("Successful TOTP MFA Auth");
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
totpTime += 30;
|
totpTime += 30;
|
||||||
}
|
}
|
||||||
|
_invalidCount++;
|
||||||
Log->println("Failed TOTP MFA Auth");
|
Log->println("Failed TOTP MFA Auth");
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
|
|||||||
@@ -27,6 +27,8 @@ public:
|
|||||||
JsonDocument _duoSessions;
|
JsonDocument _duoSessions;
|
||||||
JsonDocument _totpSessions;
|
JsonDocument _totpSessions;
|
||||||
JsonDocument _sessionsOpts;
|
JsonDocument _sessionsOpts;
|
||||||
|
int64_t _lastCodeCheck = 0;
|
||||||
|
int _invalidCount = 0;
|
||||||
private:
|
private:
|
||||||
void saveSessions();
|
void saveSessions();
|
||||||
Preferences* _preferences;
|
Preferences* _preferences;
|
||||||
|
|||||||
@@ -385,6 +385,11 @@ bool NukiNetwork::update()
|
|||||||
int64_t ts = espMillis();
|
int64_t ts = espMillis();
|
||||||
_device->update();
|
_device->update();
|
||||||
|
|
||||||
|
if(_importExport->getTOTPEnabled() && _importExport->_invalidCount > 0 && (ts - (120000 * _importExport->_invalidCount)) > _importExport->_lastCodeCheck)
|
||||||
|
{
|
||||||
|
_importExport->_invalidCount--;
|
||||||
|
}
|
||||||
|
|
||||||
if(disableNetwork || !_mqttEnabled || _device->isApOpen())
|
if(disableNetwork || !_mqttEnabled || _device->isApOpen())
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
|
|||||||
@@ -108,7 +108,7 @@ private:
|
|||||||
int _retryConfigCount = 0;
|
int _retryConfigCount = 0;
|
||||||
int _retryLockstateCount = 0;
|
int _retryLockstateCount = 0;
|
||||||
int64_t _nextRetryTs = 0;
|
int64_t _nextRetryTs = 0;
|
||||||
int64_t _invalidCount = 0;
|
int _invalidCount = 0;
|
||||||
int64_t _lastCodeCheck = 0;
|
int64_t _lastCodeCheck = 0;
|
||||||
std::vector<uint16_t> _keypadCodeIds;
|
std::vector<uint16_t> _keypadCodeIds;
|
||||||
std::vector<uint32_t> _keypadCodes;
|
std::vector<uint32_t> _keypadCodes;
|
||||||
|
|||||||
@@ -108,7 +108,7 @@ private:
|
|||||||
bool _publishAuthData = false;
|
bool _publishAuthData = false;
|
||||||
bool _clearAuthData = false;
|
bool _clearAuthData = false;
|
||||||
bool _checkKeypadCodes = false;
|
bool _checkKeypadCodes = false;
|
||||||
int64_t _invalidCount = 0;
|
int _invalidCount = 0;
|
||||||
int64_t _lastCodeCheck = 0;
|
int64_t _lastCodeCheck = 0;
|
||||||
std::vector<uint16_t> _keypadCodeIds;
|
std::vector<uint16_t> _keypadCodeIds;
|
||||||
std::vector<uint32_t> _keypadCodes;
|
std::vector<uint32_t> _keypadCodes;
|
||||||
|
|||||||
@@ -1885,6 +1885,11 @@ esp_err_t WebCfgServer::buildTOTPHtml(PsychicRequest *request, PsychicResponse*
|
|||||||
return buildConfirmHtml(request, resp, "NTP time not synced yet, TOTP not available, please wait for NTP to sync", 3, true);
|
return buildConfirmHtml(request, resp, "NTP time not synced yet, TOTP not available, please wait for NTP to sync", 3, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if((pow(_importExport->_invalidCount, 5) + _importExport->_lastCodeCheck) > espMillis())
|
||||||
|
{
|
||||||
|
return buildConfirmHtml(request, resp, "Too many invalid TOTP tries, please wait before retrying", 3, true);
|
||||||
|
}
|
||||||
|
|
||||||
PsychicStreamResponse response(resp, "text/html");
|
PsychicStreamResponse response(resp, "text/html");
|
||||||
response.beginSend();
|
response.beginSend();
|
||||||
response.print("<html><head><meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">");
|
response.print("<html><head><meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">");
|
||||||
|
|||||||
Reference in New Issue
Block a user