[pve-devel] [PATCH v2 widget-toolkit] add helpers required for u2f authentication

[Dominik Csapak]

On 4/2/19 12:22 PM, Wolfgang Bumiller wrote:
> With u2f having a ticket doesn't mean we're logged in yet,
> so we need to be able to distinguish between the two.
> 
> Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
> ---
>   Utils.js | 15 +++++++++++++++
>   1 file changed, 15 insertions(+)
> 
> diff --git a/Utils.js b/Utils.js
> index f1935ec..93ccc01 100644
> --- a/Utils.js
> +++ b/Utils.js
> @@ -179,11 +179,26 @@ Ext.define('Proxmox.Utils', { utilities: {
>   	return min < width ? width : min;
>       },
>   
> +    setAuthData: function(data) {
> +	Proxmox.CSRFPreventionToken = data.CSRFPreventionToken;
> +	Proxmox.UserName = data.username;
> +	Proxmox.LoggedOut = data.LoggedOut;

i am not sure if 'loggedOut' is the right name for this, as it
suggests the user logged out

what about 'awaitSecondFactor' or 'halfLoggedIn' ?

> +	// creates a session cookie (expire = null)
> +	// that way the cookie gets deleted after the browser window is closed
> +	Ext.util.Cookies.set(Proxmox.Setup.auth_cookie_name, data.ticket, null, '/', null, true);
> +    },
> +
>       authOK: function() {
> +	if (Proxmox.LoggedOut) {
> +	    return undefined;
> +	}
>   	return (Proxmox.UserName !== '') && Ext.util.Cookies.get(Proxmox.Setup.auth_cookie_name);
>       },
>   
>       authClear: function() {
> +	if (Proxmox.LoggedOut) {
> +	    return undefined;
> +	}

are you sure this is correct? you call this when the signing fails
(without resetting LoggedOut)

>   	Ext.util.Cookies.clear(Proxmox.Setup.auth_cookie_name);
>       },
>   
>