From 8bc8a07e72c8fb6975ecad0103dce892c6d3d5fa Mon Sep 17 00:00:00 2001 From: Gerzon Z Date: Mon, 22 Mar 2021 13:26:44 -0400 Subject: [PATCH] [FIX] SSO not working with 2FA (TOTP) (#2978) * Update AuthenticationWebView.js * Updated loginTOTP * Added validation * Update rocketchat.js * Update rocketchat.js * Update rocketchat.js * Update rocketchat.js * Fix resolve * Remove incognito * Fix totp being requested on webview Co-authored-by: Diego Mello --- app/lib/rocketchat.js | 32 ++++++++++++++++++++---------- app/views/AuthenticationWebView.js | 6 +++--- 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/app/lib/rocketchat.js b/app/lib/rocketchat.js index a6e9137ae..d559ab726 100644 --- a/app/lib/rocketchat.js +++ b/app/lib/rocketchat.js @@ -465,18 +465,30 @@ const RocketChat = { if (e.data?.error && (e.data.error === 'totp-required' || e.data.error === 'totp-invalid')) { const { details } = e.data; try { - reduxStore.dispatch(setUser({ username: params.user || params.username })); - const code = await twoFactor({ method: details?.method || 'totp', invalid: e.data.error === 'totp-invalid' }); + const code = await twoFactor({ method: details?.method || 'totp', invalid: details?.error === 'totp-invalid' }); - // Force normalized params for 2FA starting RC 3.9.0. - const serverVersion = reduxStore.getState().server.version; - if (compareServerVersion(serverVersion, '3.9.0', methods.greaterThanOrEqualTo)) { - const user = params.user ?? params.username; - const password = params.password ?? params.ldapPass ?? params.crowdPassword; - params = { user, password }; + if (loginEmailPassword) { + reduxStore.dispatch(setUser({ username: params.user || params.username })); + + // Force normalized params for 2FA starting RC 3.9.0. + const serverVersion = reduxStore.getState().server.version; + if (compareServerVersion(serverVersion, '3.9.0', methods.greaterThanOrEqualTo)) { + const user = params.user ?? params.username; + const password = params.password ?? params.ldapPass ?? params.crowdPassword; + params = { user, password }; + } + + return resolve(this.loginTOTP({ ...params, code: code?.twoFactorCode }, loginEmailPassword)); } - return resolve(this.loginTOTP({ ...params, code: code?.twoFactorCode }, loginEmailPassword)); + return resolve(this.loginTOTP({ + totp: { + login: { + ...params + }, + code: code?.twoFactorCode + } + })); } catch { // twoFactor was canceled return reject(); @@ -511,7 +523,7 @@ const RocketChat = { }, async loginOAuthOrSso(params) { - const result = await this.login(params); + const result = await this.loginTOTP(params); reduxStore.dispatch(loginRequest({ resume: result.token })); }, diff --git a/app/views/AuthenticationWebView.js b/app/views/AuthenticationWebView.js index e3f22ac75..24e0639ae 100644 --- a/app/views/AuthenticationWebView.js +++ b/app/views/AuthenticationWebView.js @@ -71,7 +71,7 @@ class AuthenticationWebView extends React.PureComponent { navigation.pop(); } - login = async(params) => { + login = (params) => { const { logging } = this.state; if (logging) { return; @@ -80,7 +80,7 @@ class AuthenticationWebView extends React.PureComponent { this.setState({ logging: true }); try { - await RocketChat.loginOAuthOrSso(params); + RocketChat.loginOAuthOrSso(params); } catch (e) { console.warn(e); } @@ -89,7 +89,7 @@ class AuthenticationWebView extends React.PureComponent { } // eslint-disable-next-line react/sort-comp - debouncedLogin = debounce(params => this.login(params), 3000); + debouncedLogin = debounce(params => this.login(params), 3000, true); tryLogin = debounce(async() => { const { Accounts_Iframe_api_url, Accounts_Iframe_api_method } = this.props;