diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index 3bab56bb..de1855fa 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -1739,7 +1739,7 @@ function verify_tfa_login($username, $_data) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $username, '*'), - 'msg' => array('webauthn_verification_failed', 'authenticator not found') + 'msg' => array('webauthn_authenticator_failed') ); return false; } @@ -1748,11 +1748,20 @@ function verify_tfa_login($username, $_data) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $username, '*'), - 'msg' => array('webauthn_verification_failed', 'publicKey not found') + 'msg' => array('webauthn_publickey_failed') ); return false; } + if ($process_webauthn['username'] != $_SESSION['pending_mailcow_cc_username']){ + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $username, '*'), + 'msg' => array('webauthn_username_failed') + ); + return false; + } + try { $WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $process_webauthn['publicKey'], $challenge, null, $GLOBALS['WEBAUTHN_UV_FLAG_LOGIN'], $GLOBALS['WEBAUTHN_USER_PRESENT_FLAG']); } @@ -1784,21 +1793,12 @@ function verify_tfa_login($username, $_data) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $username, '*'), - 'msg' => array('webauthn_verification_failed', 'could not determine user role') + 'msg' => array('webauthn_role_failed') ); return false; } } - if ($process_webauthn['username'] != $_SESSION['pending_mailcow_cc_username']){ - $_SESSION['return'][] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $username, '*'), - 'msg' => array('webauthn_verification_failed', 'user who requests does not match with sql entry') - ); - return false; - } - $_SESSION["mailcow_cc_username"] = $process_webauthn['username']; $_SESSION['tfa_id'] = $process_webauthn['id']; $_SESSION['authReq'] = null; diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json index f348ce6a..3d1e2d59 100644 --- a/data/web/lang/lang.de-de.json +++ b/data/web/lang/lang.de-de.json @@ -455,6 +455,9 @@ "totp_verification_failed": "TOTP-Verifizierung fehlgeschlagen", "transport_dest_exists": "Transport-Maps-Ziel \"%s\" existiert bereits", "webauthn_verification_failed": "WebAuthn-Verifizierung fehlgeschlagen: %s", + "webauthn_authenticator_failed": "Der ausgewählte Authenticator wurde nicht gefunden", + "webauthn_publickey_failed": "Zu dem ausgewählten Authenticator wurde kein Publickey hinterlegt", + "webauthn_username_failed": "Der ausgewählte Authenticator gehört zu einem anderen Konto", "unknown": "Ein unbekannter Fehler trat auf", "unknown_tfa_method": "Unbekannte TFA-Methode", "unlimited_quota_acl": "Unendliche Quota untersagt durch ACL", diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json index f7fc0577..02db0b0d 100644 --- a/data/web/lang/lang.en-gb.json +++ b/data/web/lang/lang.en-gb.json @@ -458,6 +458,9 @@ "totp_verification_failed": "TOTP verification failed", "transport_dest_exists": "Transport destination \"%s\" exists", "webauthn_verification_failed": "WebAuthn verification failed: %s", + "webauthn_authenticator_failed": "The selected authenticator was not found", + "webauthn_publickey_failed": "No public key was stored for the selected authenticator", + "webauthn_username_failed": "The selected authenticator belongs to another account", "unknown": "An unknown error occurred", "unknown_tfa_method": "Unknown TFA method", "unlimited_quota_acl": "Unlimited quota prohibited by ACL",