From c8620a066d447ed6aaf6054b184fd16146574e5b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 15 Jul 2022 16:45:28 +0200
Subject: [PATCH] yubi_otp undo authenticator selection

---
 data/web/inc/functions.inc.php        |  9 +---
 data/web/templates/base.twig          | 60 ++++++---------------------
 data/web/templates/modals/footer.twig | 15 +------
 3 files changed, 17 insertions(+), 67 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index f705af03..ca371303 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1630,12 +1630,8 @@ function verify_tfa_login($username, $_data) {
   global $WebAuthn;
 
   if ($_data['tfa_method'] != 'u2f'){
-    $stmt = $pdo->prepare("SELECT `authmech` FROM `tfa`
-        WHERE `username` = :username AND `id` = :id AND `active` = '1'");
-    $stmt->execute(array(':username' => $username, ':id' => $_data['id']));
-    $row = $stmt->fetch(PDO::FETCH_ASSOC);
 
-    switch ($row["authmech"]) {
+    switch ($_data["tfa_method"]) {
         case "yubi_otp":
             if (!ctype_alnum($_data['token']) || strlen($_data['token']) != 44) {
                 $_SESSION['return'][] =  array(
@@ -1649,10 +1645,9 @@ function verify_tfa_login($username, $_data) {
             $stmt = $pdo->prepare("SELECT `id`, `secret` FROM `tfa`
                 WHERE `username` = :username
                 AND `authmech` = 'yubi_otp'
-                AND `id` = :id
                 AND `active` = '1'
                 AND `secret` LIKE :modhex");
-            $stmt->execute(array(':username' => $username, ':modhex' => '%' . $yubico_modhex_id, ':id' => $_data['id']));
+            $stmt->execute(array(':username' => $username, ':modhex' => '%' . $yubico_modhex_id));
             $row = $stmt->fetch(PDO::FETCH_ASSOC);
             $yubico_auth = explode(':', $row['secret']);
             $yubi = new Auth_Yubico($yubico_auth[0], $yubico_auth[1]);
diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index 482b4e24..770decde 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -183,51 +183,9 @@ function recursiveBase64StrToArrayBuffer(obj) {
     });
 
 
-    // validate Yubi OTP tfa
-    $("#pending_tfa_tab_yubi_otp").click(function(){
-      $(".totp-authenticator-selection").removeClass("active");
-      $(".webauthn-authenticator-selection").removeClass("active");
-      $("#collapseTotpTFA").collapse('hide');
-      $("#collapseWebAuthnTFA").collapse('hide');
-
-      // select default if only one authenticator exists
-      if ($('.yubi-authenticator-selection').length == 1){
-        $('.yubi-authenticator-selection').addClass("active");
-        var id = $('.yubi-authenticator-selection').children('input').first().val();
-        $("#yubi_selected_id").val(id);
-        $("#collapseYubiTFA").collapse('show');
-      }
-    });
-    $(".yubi-authenticator-selection").click(function(){
-      $(".yubi-authenticator-selection").removeClass("active");
-      $(this).addClass("active");
-
-      var id = $(this).children('input').first().val();
-      $("#yubi_selected_id").val(id);
-
-      $("#collapseYubiTFA").collapse('show');
-      $("#collapseYubiTFA").children('input[name="token"]').focus();
-    });
-    if ($('.yubi-authenticator-selection').length == 1 &&
-        $('.webauthn-authenticator-selection').length == 0){
-
-      // select default if only one authenticator exists
-      $('.yubi-authenticator-selection').addClass("active");
-
-      var id = $('.yubi-authenticator-selection').children('input').first().val();
-      $("#yubi_selected_id").val(id);
-
-      $("#collapseYubiTFA").collapse('show');
-    }
-    $('#collapseYubiTFA').on('shown.bs.collapse', function() {
-      // autofocus
-      setTimeout(function() { $("#collapseYubiTFA").find('input[name="token"]').focus(); }, 200);
-    });
     // validate Time based OTP tfa
     $("#pending_tfa_tab_totp").click(function(){
-      $(".yubi-authenticator-selection").removeClass("active");
       $(".webauthn-authenticator-selection").removeClass("active");
-      $("#collapseYubiTFA").collapse('hide');
       $("#collapseWebAuthnTFA").collapse('hide');
 
       // select default if only one authenticator exists
@@ -248,9 +206,9 @@ function recursiveBase64StrToArrayBuffer(obj) {
       $("#collapseTotpTFA").collapse('show');
     });
     if ($('.totp-authenticator-selection').length == 1 &&
-        $('.yubi-authenticator-selection').length == 0 &&
+        $('#pending_tfa_tab_yubi_otp').length == 0 &&
         $('.webauthn-authenticator-selection').length == 0){
-
+      
       // select default if only one authenticator exists
       $('.totp-authenticator-selection').addClass("active");
 
@@ -258,18 +216,26 @@ function recursiveBase64StrToArrayBuffer(obj) {
       $("#totp_selected_id").val(id);
 
       $("#collapseTotpTFA").collapse('show');
+      setTimeout(function() { $("#collapseTotpTFA").find('input[name="token"]').focus(); }, 1000);
     }
-    $('#collapseTotpTFA').on('shown.bs.collapse', function() {
+    $('#pending_tfa_tab_totp').on('shown.bs.tab', function() {
       // autofocus
       setTimeout(function() { $("#collapseTotpTFA").find('input[name="token"]').focus(); }, 200);
+    });    
+    // validate Yubi OTP tfa
+    if ($('.webauthn-authenticator-selection').length == 0){
+      // autofocus
+      setTimeout(function() { $("#collapseYubiTFA").find('input[name="token"]').focus(); }, 1000);
+    }
+    $('#pending_tfa_tab_yubi_otp').on('shown.bs.tab', function() {
+      // autofocus
+      $("#collapseYubiTFA").find('input[name="token"]').focus();
     });
     // validate WebAuthn tfa
     $("#pending_tfa_tab_webauthn").click(function(){
       $(".totp-authenticator-selection").removeClass("active");
-      $(".yubi-authenticator-selection").removeClass("active");
 
       $("#collapseTotpTFA").collapse('hide');
-      $("#collapseYubiTFA").collapse('hide');
     });
     $(".webauthn-authenticator-selection").click(function(){
       $(".webauthn-authenticator-selection").removeClass("active");
diff --git a/data/web/templates/modals/footer.twig b/data/web/templates/modals/footer.twig
index 67cc3482..52e89e00 100644
--- a/data/web/templates/modals/footer.twig
+++ b/data/web/templates/modals/footer.twig
@@ -206,20 +206,9 @@
                     <form role="form" method="post">
                       <legend>
                           <i class="bi bi-shield-fill-check"></i>
-                          Authenticators
+                          Authenticate
                       </legend>
-                      <div class="list-group">
-                        {% for authenticator in pending_tfa_methods %}
-                          {% if authenticator["authmech"] == "yubi_otp" %}
-                            <a href="#" class="list-group-item yubi-authenticator-selection">
-                              <i class="bi bi-key-fill" style="margin-right: 5px"></i>
-                              <span>{{ authenticator["key_id"] }}</span>
-                              <input type="hidden" value="{{ authenticator["id"] }}" />
-                            </a>
-                          {% endif %}
-                        {% endfor %}
-                      </div>
-                      <div class="collapse pending-tfa-collapse" id="collapseYubiTFA">
+                      <div class="collapse in pending-tfa-collapse" id="collapseYubiTFA">
                         <div class="form-group">
                           <div class="input-group">
                             <span class="input-group-addon" id="yubi-addon"><img alt="Yubicon Icon" src="/img/yubi.ico"></span>