Sternenlabor/nuki_hub
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TOTP max invalid tries

Browse Source
This commit is contained in:
iranl
2025-02-11 21:52:33 +01:00
parent 28da937c51
commit 5d7b22448e
7 changed files with 28 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Config.h
View File

@@ -5,7 +5,7 @@
#define NUKI_HUB_VERSION "9.09"
#define NUKI_HUB_VERSION_INT (uint32_t)909
#define NUKI_HUB_BUILD "unknownbuildnr"
#define NUKI_HUB_DATE "2025-02-10"
#define NUKI_HUB_DATE "2025-02-11"
#define GITHUB_LATEST_RELEASE_URL (char*)"https://github.com/technyon/nuki_hub/releases/latest"
#define GITHUB_OTA_MANIFEST_URL (char*)"https://raw.githubusercontent.com/technyon/nuki_hub/binary/ota/manifest.json"

15
src/ImportExport.cpp
View File

@@ -1,4 +1,5 @@
#include "ImportExport.h"
#include "EspMillis.h"
#include "SPIFFS.h"
#include "Logger.h"
#include "PreferencesKeys.h"
@@ -268,10 +269,18 @@ int ImportExport::checkDuoApprove()
bool ImportExport::checkTOTP(String* totpKey)
{
String key(totpKey->c_str());
if(_totpEnabled)
{
if((pow(_invalidCount, 5) + _lastCodeCheck) > espMillis())
{
_lastCodeCheck = espMillis();
return false;
}
_lastCodeCheck = espMillis();
String key(totpKey->c_str());
time_t now;
time(&now);
int totpTime = -60;
@@ -282,11 +291,13 @@ bool ImportExport::checkTOTP(String* totpKey)
if(key.toInt() == key2.toInt())
{
_invalidCount = 0;
Log->println("Successful TOTP MFA Auth");
return true;
}
totpTime += 30;
}
_invalidCount++;
Log->println("Failed TOTP MFA Auth");
}
return false;

2
src/ImportExport.h
View File

@@ -27,6 +27,8 @@ public:
JsonDocument _duoSessions;
JsonDocument _totpSessions;
JsonDocument _sessionsOpts;
int64_t _lastCodeCheck = 0;
int _invalidCount = 0;
private:
void saveSessions();
Preferences* _preferences;

5
src/NukiNetwork.cpp
View File

@@ -385,6 +385,11 @@ bool NukiNetwork::update()
int64_t ts = espMillis();
_device->update();
if(_importExport->getTOTPEnabled() && _importExport->_invalidCount > 0 && (ts - (120000 * _importExport->_invalidCount)) > _importExport->_lastCodeCheck)
{
_importExport->_invalidCount--;
}
if(disableNetwork || !_mqttEnabled || _device->isApOpen())
{
return false;

2
src/NukiOpenerWrapper.h
View File

@@ -108,7 +108,7 @@ private:
int _retryConfigCount = 0;
int _retryLockstateCount = 0;
int64_t _nextRetryTs = 0;
int64_t _invalidCount = 0;
int _invalidCount = 0;
int64_t _lastCodeCheck = 0;
std::vector<uint16_t> _keypadCodeIds;
std::vector<uint32_t> _keypadCodes;

2
src/NukiWrapper.h
View File

@@ -108,7 +108,7 @@ private:
bool _publishAuthData = false;
bool _clearAuthData = false;
bool _checkKeypadCodes = false;
int64_t _invalidCount = 0;
int _invalidCount = 0;
int64_t _lastCodeCheck = 0;
std::vector<uint16_t> _keypadCodeIds;
std::vector<uint32_t> _keypadCodes;

5
src/WebCfgServer.cpp
View File

@@ -1885,6 +1885,11 @@ esp_err_t WebCfgServer::buildTOTPHtml(PsychicRequest *request, PsychicResponse*
return buildConfirmHtml(request, resp, "NTP time not synced yet, TOTP not available, please wait for NTP to sync", 3, true);
}
if((pow(_importExport->_invalidCount, 5) + _importExport->_lastCodeCheck) > espMillis())
{
return buildConfirmHtml(request, resp, "Too many invalid TOTP tries, please wait before retrying", 3, true);
}
PsychicStreamResponse response(resp, "text/html");
response.beginSend();
response.print("<html><head><meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">");