aiolabs/lamassu-server
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

add 2fa bypass

Browse source
This commit is contained in:
padreug 2025-10-28 18:47:18 +01:00
parent 8c5f78c50f
commit 9762a935cb
3 changed files with 20 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
packages/admin-ui/src/pages/Authentication/LoginState.jsx
View file

@ -83,6 +83,11 @@ const LoginState = ({ dispatch, strategy }) => {
if (!loginResponse.login) return if (!loginResponse.login) return
// Handle SKIP2FA case - directly get user data and navigate
if (loginResponse.login === 'SKIP2FA') {
return getUserData()
}
return dispatch({ return dispatch({
type: loginResponse.login, type: loginResponse.login,
payload: { payload: {

15
packages/server/lib/new-admin/graphql/modules/userManagement.js
View file

@ -10,6 +10,7 @@ const users = require('../../../users')
const sessionManager = require('../../../session-manager') const sessionManager = require('../../../session-manager')
const authErrors = require('../errors') const authErrors = require('../errors')
const credentials = require('../../../hardware-credentials') const credentials = require('../../../hardware-credentials')
const { skip2fa } = require('../../../environment-helper')
const REMEMBER_ME_AGE = 90 * T.day const REMEMBER_ME_AGE = 90 * T.day
@ -162,15 +163,25 @@ const deleteSession = (sessionID, context) => {
return sessionManager.deleteSessionById(sessionID) return sessionManager.deleteSessionById(sessionID)
} }
const login = (username, password) => { const login = (username, password, context) => {
return authenticateUser(username, password) return authenticateUser(username, password)
.then(user => { .then(user => {
// Skip 2FA if environment variable is set
if (skip2fa) {
initializeSession(context, user, false)
return 'SKIP2FA'
}
return Promise.all([ return Promise.all([
credentials.getHardwareCredentialsByUserId(user.id), credentials.getHardwareCredentialsByUserId(user.id),
user.twofa_code, user.twofa_code,
]) ])
}) })
.then(([devices, twoFASecret]) => { .then(result => {
// If we already handled skip2fa, return the result
if (result === 'SKIP2FA') return result
const [devices, twoFASecret] = result
if (!_.isEmpty(devices)) return 'FIDO' if (!_.isEmpty(devices)) return 'FIDO'
return twoFASecret ? 'INPUT2FA' : 'SETUP2FA' return twoFASecret ? 'INPUT2FA' : 'SETUP2FA'
}) })

4
packages/server/lib/new-admin/graphql/resolvers/users.resolver.js
View file

@ -124,8 +124,8 @@ const resolver = {
sessionManager.deleteSessionsByUsername(username), sessionManager.deleteSessionsByUsername(username),
changeUserRole: (...[, { confirmationCode, id, newRole }, context]) => changeUserRole: (...[, { confirmationCode, id, newRole }, context]) =>
userManagement.changeUserRole(confirmationCode, id, newRole, context), userManagement.changeUserRole(confirmationCode, id, newRole, context),
login: (...[, { username, password }]) => login: (...[, { username, password }, context]) =>
userManagement.login(username, password), userManagement.login(username, password, context),
input2FA: (...[, { username, password, rememberMe, code }, context]) => input2FA: (...[, { username, password, rememberMe, code }, context]) =>
userManagement.input2FA(username, password, rememberMe, code, context), userManagement.input2FA(username, password, rememberMe, code, context),
setup2FA: ( setup2FA: (