diff --git a/build.sh b/build.sh index 1e7c40e..e4af375 100755 --- a/build.sh +++ b/build.sh @@ -1,3 +1,3 @@ #!/usr/bin/env bash -env CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -ldflags='-linkmode external -extldflags "-static" -s -w' -o openvpn-user +env CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -ldflags "-linkmode external -extldflags -static -s -w" -o openvpn-user diff --git a/openvpn-user.go b/openvpn-user.go index 892a16f..35fa839 100644 --- a/openvpn-user.go +++ b/openvpn-user.go @@ -10,7 +10,7 @@ import ( ) const ( - version = "1.0.6" + version = "1.0.7" ) var ( @@ -56,6 +56,9 @@ var ( registerAppCommandUserFlag = registerAppCommand.Flag("user", "Username.").Short('u').Required().String() registerAppCommandTotpFlag = registerAppCommand.Flag("totp", "TOTP.").Short('t').Required().String() + resetAppCommand = kingpin.Command("reset-app", "register 2FA application") + resetAppCommandUserFlag = resetAppCommand.Flag("user", "Username.").Short('u').Required().String() + checkAppCommand = kingpin.Command("check-app", "check 2FA application") checkAppCommandUserFlag = checkAppCommand.Flag("user", "Username.").Short('u').Required().String() @@ -120,6 +123,8 @@ func main() { wrap(openvpnUser.RegisterOtpSecret(*updateSecretCommandUserFlag, *updateSecretCommandSecretFlag)) case registerAppCommand.FullCommand(): wrap(openvpnUser.RegisterOtpApplication(*registerAppCommandUserFlag, *registerAppCommandTotpFlag)) + case resetAppCommand.FullCommand(): + wrap(openvpnUser.ResetOtpApplication(*resetAppCommandUserFlag)) case checkAppCommand.FullCommand(): appConfigured, appErr := openvpnUser.IsSecondFactorEnabled(*checkAppCommandUserFlag) if appErr != nil { diff --git a/src/commands.go b/src/commands.go index 7b624e9..13fe583 100644 --- a/src/commands.go +++ b/src/commands.go @@ -186,7 +186,7 @@ func (oUser *OpenvpnUser) ChangeUserPassword(username, password string) (string, func (oUser *OpenvpnUser) RegisterOtpSecret(username, secret string) (string, error) { if oUser.userIsActive(username) { if secret == "generate" { - randomStr := randStr(6, "alphanum") + randomStr := RandStr(6, "alphanum") secret = base32.StdEncoding.EncodeToString([]byte(randomStr)) log.Debug("new generated secret for user %s: %s", username, secret) @@ -227,6 +227,24 @@ func (oUser *OpenvpnUser) RegisterOtpApplication(username, totp string) (string, } return "", userIsNotActiveError } +func (oUser *OpenvpnUser) ResetOtpApplication(username string) (string, error) { + if oUser.userIsActive(username) { + + appConfigured, appErr := oUser.IsSecondFactorEnabled(username) + if appErr != nil { + return "", appErr + } + if appConfigured { + _, err := oUser.Database.Exec("UPDATE users SET app_configured = 0 WHERE username = $2") + if err != nil { + return "", err + } + return "OTP application reset successful", nil + } + return "OTP application not configured", nil + } + return "", userIsNotActiveError +} func (oUser *OpenvpnUser) GetUserOtpSecret(username string) (string, error) { if oUser.userIsActive(username) { diff --git a/src/utils.go b/src/utils.go index 9ebc26f..430be7a 100644 --- a/src/utils.go +++ b/src/utils.go @@ -2,20 +2,17 @@ package src import "crypto/rand" -func randStr(strSize int, randType string) string { +func RandStr(strSize int, randType string) string { var dictionary string - if randType == "alphanum" { - dictionary = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" - } - - if randType == "alpha" { - dictionary = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" - } - - if randType == "number" { + switch randType { + case "number": dictionary = "0123456789" + case "alpha": + dictionary = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + default: + dictionary = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" } var bytes = make([]byte, strSize)