AAIT#35643 OTP/2 factor authentication ook kunnen wissen

svn path=/Website/trunk/; revision=28562
2016-03-21 16:16:41 +00:00
parent 9d6ac19cc9
commit 508479e585
5 changed files with 57 additions and 3 deletions
--- a/APPL/PRS/pchange_save.asp
+++ b/APPL/PRS/pchange_save.asp
@@ -68,6 +68,14 @@ if (!clearpassword)
 // alle oude fac_session opruimen gebeurt door een trigger op PRS_PERSLID
 shared.trackaction("PRSLOG", theUser_key, L("lcl_pwd_success"));
 setpassword(theUser_key, newPassword);
+if (clearpassword) // Eventuele OTP ook wissen
+{
+    var sql = "UPDATE prs_perslid"
+            + "   SET prs_perslid_otpsecret = NULL"
+            + "     , prs_perslid_otpcounter = NULL"
+            + " WHERE prs_perslid_key = " + user_key;
+    Oracle.Execute(sql);
+}
 deleteSessionCookie("fcltid"); // Die is nu toch ongeldig

 Session.Contents.Remove("must_reset_password");
--- a/APPL/PRS/prs.inc
+++ b/APPL/PRS/prs.inc
@@ -448,6 +448,8 @@ prs =
      result.writeself= prs_key==user_key && xfunc.canWrite("WEB_PROFIL");

      result.writesys = user.checkAutorisation("WEB_PRSSYS", true)!=null;
+      if (result.writesys)
+          result.writetab = user.checkAutorisation("WEB_FACTAB", true)!=null;

      return result;
  },
--- a/APPL/PRS/prs_perslid_otp.asp
+++ b/APPL/PRS/prs_perslid_otp.asp
@@ -41,6 +41,18 @@ var otpresult = otpcodes(otpsecret);
            pp.width(pw - ww);
            setTimeout("updateProgress("+(ppos+1)+")", 1000 * <%=otpresult.otpstep%> / pw);
        }
+        function clear_otp()
+        {
+            if (confirm(L("lcl_R_U_sure")))
+            {
+                var data = { };
+                <% protectRequest.dataToken("data"); %>
+                $.post("prs_perslid_otp_clear.asp",
+                       data,
+                       FcltCallbackClose,
+                       "json");
+            }
+        }
        function new_otp()
        {
            window.location.href = "prs_perslid_otp_new.asp";
@@ -88,8 +100,9 @@ if (user.checkAutorisation("WEB_FACFAC", true))

 }

-    var buttons =  [ { icon: "page_refresh.png", title: L("lcl_new_otp"), action: "new_otp()" },
-                      {title: L("lcl_cancel"), icon: "cancel.png", action: "gen_cancel()" }
+    var buttons =  [ { title: L("lcl_clear_otp"), action: "clear_otp()" },
+                     { title: L("lcl_new_otp"), action: "new_otp()" },
+                     { title: L("lcl_cancel"), icon: "cancel.png", action: "gen_cancel()" }
                   ];
    CreateButtons(buttons);

--- a/APPL/PRS/prs_perslid_otp_clear.asp
+++ b/APPL/PRS/prs_perslid_otp_clear.asp
@@ -0,0 +1,31 @@
+<%@language = "javascript" %>
+<% /*
+    $Revision$
+    $Id$
+
+    File:           prs_perslid_otp_clear.asp
+    Description:    Wissen OTP-code
+    Parameters:
+    Context:        Vanuit prs_perslid_otp.asp
+    Note:
+*/
+var JSON_Result = true;
+%>
+
+<!--#include file="../Shared/common.inc"-->
+<!--#include file="../Shared/login.inc"-->
+<!-- #include file="../Shared/json2.js" -->
+<%
+protectRequest.validateToken();
+
+var sql = "UPDATE prs_perslid"
+        + "   SET prs_perslid_otpsecret = NULL"
+        + "     , prs_perslid_otpcounter = NULL"
+        + " WHERE prs_perslid_key = " + user_key;
+Oracle.Execute(sql);
+
+var result = { success: user_key > 0, message: L("lcl_otp_cleared") };
+
+Response.Write(JSON.stringify(result));
+Response.End;
+%>
--- a/APPL/Shared/Login.inc
+++ b/APPL/Shared/Login.inc
@@ -398,7 +398,7 @@ function testpassword(prs_key, wachtwoord, pmobile)

 function setpassword(prs_key, wachtwoord)
 {
-    if (S("prs_password_hash_factor") == 0) // Old style
+    if (S("prs_password_hash_factor") == 0 || !wachtwoord) // Old style
    {
        var sql = "BEGIN prs.setpassword(" + prs_key + ", " + safe.quoted_sql(wachtwoord) + "); END;";
        Oracle.Execute(sql);