-userdir-ldap-cgi (0.3.43) UNRELEASED; urgency=medium
+userdir-ldap-cgi (0.3.43~) UNRELEASED; urgency=medium
[ Peter Palfrader ]
* html/Makefile: searchform.html also requires domains.tab
[ Tollef Fog Heen ]
* Ship a /var/cache/userdir-ldap/totp directory where ud-mailgate can
put totp secrets to be picked up.
+ * Add totp-fetch-seed.cgi for fetching totp seeds.
-- Tollef Fog Heen <tfheen@debian.org> Tue, 23 Jul 2019 23:07:19 +0200
install -m 644 html/searchform.html $(i)/var/www/userdir-ldap/
install -m 644 html/searchhelp.html $(i)/var/www/userdir-ldap/
install -m 644 html/searchresults.html $(i)/var/www/userdir-ldap/
+ install -m 644 html/fetch-totp-seed.html $(i)/var/www/userdir-ldap/
install -m 644 html/update.html $(i)/var/www/userdir-ldap/
chown www-data:www-data $(i)/var/cache/userdir-ldap/web-cookies/
chmod u=rwx,g=,o= $(i)/var/cache/userdir-ldap/web-cookies/
--- /dev/null
+#! /usr/bin/perl -T
+
+use lib '.';
+use strict;
+use warnings;
+use CGI;
+use Util;
+use Convert::Base32;
+use MIME::Base64;
+use GD::Barcode::QRcode;
+
+# Global settings...
+my %config = &Util::ReadConfigFile;
+
+my $query = new CGI;
+
+my $random_id = $query->param('id');
+$random_id =~ /^((\d+)-([a-f0-9]+))$/;
+$random_id = $1;
+my $timestamp = $2;
+
+if ($timestamp + 1800 < time()) {
+ &Util::HTMLError("Timestamp too old, please request a new seed");
+}
+
+my $filename = $config{totpticketdirectory} . "/" . $random_id;
+open(my $fh, "<", $filename) or &Util::HTMLError("TOTP seed file not found or permission denied: $! ; $filename");
+my $seed = encode_base32(pack('H*', <$fh>));
+close $fh;
+#unlink $filename;
+
+my $totpurl = "otpauth://totp/Debian?secret=$seed&issuer=Debian";
+my $totppng = "data:image/png;base64, " .
+ encode_base64(GD::Barcode::QRcode->new($totpurl,
+ { ModuleSize => 10 })->plot->png);
+
+&Util::HTMLSendHeader;
+open (F, "<", "fetch-totp-seed.html") || &Util::HTMLError($!);
+while (<F>) {
+ s/~totppng~/$totppng/g;
+ s/~totpseed~/$seed/g;
+ print;
+ }
+ close F;
+
+# fill out HTML template with QR code (inline svg/png?)
+# self-link with png link to avoid changing content-security-policy (change it back)
+
+exit 0;
--- /dev/null
+#use wml::db.d.o title="Your debian.org TOTP seed"
+
+Please scan the QR code using your phone.
+
+<img src="~totppng~">
+
+You can also manually input the following shared secret into your TOTP compatible app:
+
+~totpseed~