101 lines
3.8 KiB
Diff
101 lines
3.8 KiB
Diff
From ec802e39a5dfb252e2d18b8cb95f713724180565 Mon Sep 17 00:00:00 2001
|
|
From: Ray Strode <rstrode@redhat.com>
|
|
Date: Mon, 15 May 2023 10:48:15 -0400
|
|
Subject: [PATCH] authPrompt: Disregard smartcard status changes events if
|
|
VERIFICATION_IN_PROGRESS
|
|
|
|
commit c8bb45b41c3a13ef161103f649aa18938e028a70 introduced a new
|
|
verification state, VERIFICATION_IN_PROGRESS, to detect when the user
|
|
has already interacted with the authentication service, so the auth
|
|
prompt can rate limit the number of times the user can cancel
|
|
authentication attempts with the escape key (without also rate limiting
|
|
the number of times they hit escape to go back to the clock without
|
|
interacting with the authentication service).
|
|
|
|
That means there are now two states that represent the
|
|
user actively undergoing verification: VERIFYING and
|
|
VERIFICATION_IN_PROGRESS.
|
|
|
|
It's inappropriate to reset the smartcard service if the user is
|
|
actively conversing with it. We try to check for that by looking at the
|
|
original verification state, VERIFYING, but we unfortunately, neglected
|
|
to account for the new VERIFICATION_IN_PROGRESS state.
|
|
|
|
This commit fixes that oversight, and allows users to again pre-type
|
|
their smartcard pin at the clock before inserting their smartcard.
|
|
---
|
|
js/gdm/authPrompt.js | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/js/gdm/authPrompt.js b/js/gdm/authPrompt.js
|
|
index 4da91e096..e961f396e 100644
|
|
--- a/js/gdm/authPrompt.js
|
|
+++ b/js/gdm/authPrompt.js
|
|
@@ -327,61 +327,62 @@ var AuthPrompt = GObject.registerClass({
|
|
_onShowChoiceList(userVerifier, serviceName, promptMessage, choiceList) {
|
|
if (this._queryingService)
|
|
this.clear();
|
|
|
|
this._queryingService = serviceName;
|
|
|
|
if (this._preemptiveAnswer)
|
|
this._preemptiveAnswer = null;
|
|
|
|
this.setChoiceList(promptMessage, choiceList);
|
|
this.updateSensitivity(true);
|
|
this.emit('prompted');
|
|
}
|
|
|
|
_onCredentialManagerAuthenticated() {
|
|
if (this.verificationStatus != AuthPromptStatus.VERIFICATION_SUCCEEDED)
|
|
this.reset();
|
|
}
|
|
|
|
_onSmartcardStatusChanged() {
|
|
this.smartcardDetected = this._userVerifier.smartcardDetected;
|
|
|
|
// Most of the time we want to reset if the user inserts or removes
|
|
// a smartcard. Smartcard insertion "preempts" what the user was
|
|
// doing, and smartcard removal aborts the preemption.
|
|
// The exceptions are: 1) Don't reset on smartcard insertion if we're already verifying
|
|
// with a smartcard
|
|
// 2) Don't reset if we've already succeeded at verification and
|
|
// the user is getting logged in.
|
|
if (this._userVerifier.serviceIsDefault(GdmUtil.SMARTCARD_SERVICE_NAME) &&
|
|
- this.verificationStatus == AuthPromptStatus.VERIFYING &&
|
|
+ (this.verificationStatus === AuthPromptStatus.VERIFYING ||
|
|
+ this.verificationStatus === AuthPromptStatus.VERIFICATION_IN_PROGRESS) &&
|
|
this.smartcardDetected)
|
|
return;
|
|
|
|
if (this.verificationStatus != AuthPromptStatus.VERIFICATION_SUCCEEDED)
|
|
this.reset();
|
|
}
|
|
|
|
_onShowMessage(_userVerifier, serviceName, message, type) {
|
|
this.setMessage(serviceName, message, type);
|
|
this.emit('prompted');
|
|
}
|
|
|
|
_onVerificationFailed(userVerifier, serviceName, canRetry) {
|
|
const wasQueryingService = this._queryingService === serviceName;
|
|
|
|
if (wasQueryingService) {
|
|
this._queryingService = null;
|
|
this.clear();
|
|
}
|
|
|
|
this.updateSensitivity(canRetry);
|
|
this.setActorInDefaultButtonWell(null);
|
|
|
|
if (!canRetry)
|
|
this.verificationStatus = AuthPromptStatus.VERIFICATION_FAILED;
|
|
|
|
if (wasQueryingService)
|
|
Util.wiggle(this._entry);
|
|
}
|
|
|
|
--
|
|
2.39.1
|
|
|