PAM: Support disabling qrcode rendering

examplebroker/broker.go

@@ -359,13 +359,19 @@ func getSupportedModes(sessionInfo sessionInfo, supportedUILayouts []map[string]
 
 		case "qrcode":
 			modeName := "qrcodewithtypo"
+			modeSelectionLabel := "Use a QR code"
 			modeLabel := "Enter the following code after flashing the address: "
 			if layout["code"] != "" {
 				modeName = "qrcodeandcodewithtypo"
 				modeLabel = "Scan the qrcode or enter the code in the login page"
 			}
+			if layout["content"] == "optional" {
+				modeName = "codewithtypo"
+				modeSelectionLabel = "Use a Login code"
+				modeLabel = "Enter the code in the login page"
+			}
 			allModes[modeName] = map[string]string{
-				"selection_label": "Use a QR code",
+				"selection_label": modeSelectionLabel,
 				"ui": mapToJSON(map[string]string{
 					"type":   "qrcode",
 					"label":  modeLabel,
@@ -468,7 +474,7 @@ func (b *Broker) SelectAuthenticationMode(ctx context.Context, sessionID, authen
 		// send request to sessionInfo.allModes[authenticationModeName]["phone"]
 	case "fidodevice1":
 		// start transaction with fido device
-	case "qrcodeandcodewithtypo":
+	case "qrcodeandcodewithtypo", "codewithtypo":
 		uiLayoutInfo["content"], uiLayoutInfo["code"] = qrcodeData(&sessionInfo)
 	case "qrcodewithtypo":
 		// generate the url and finish the prompt on the fly.
@@ -616,7 +622,7 @@ func (b *Broker) handleIsAuthenticated(ctx context.Context, sessionInfo sessionI
 			return AuthCancelled, "", nil
 		}
 
-	case "qrcodewithtypo", "qrcodeandcodewithtypo":
+	case "qrcodewithtypo", "qrcodeandcodewithtypo", "codewithtypo":
 		if authData["wait"] != "true" {
 			return AuthDenied, fmt.Sprintf(`{"message": "%s should have wait set to true"}`, sessionInfo.currentAuthMode), nil
 		}

pam/integration-tests/cli_test.go

@@ -48,6 +48,7 @@ func TestCLIAuthenticate(t *testing.T) {
 		"Authenticate user with qr code in a TTY session":                      {tape: "qr_code", pamUser: "user-integration-qr-code-tty-session", termEnv: "xterm-256color", sessionEnv: "tty"},
 		"Authenticate user with qr code in screen":                             {tape: "qr_code", pamUser: "user-integration-qr-code-screen", termEnv: "screen"},
 		"Authenticate user with qr code after many regenerations":              {tape: "qr_code_quick_regenerate"},
+		"Authenticate user with login code":                                    {tape: "login_code"},
 		"Authenticate user and reset password while enforcing policy":          {tape: "mandatory_password_reset"},
 		"Authenticate user with mfa and reset password while enforcing policy": {tape: "mfa_reset_pwquality_auth"},
 		"Authenticate user and offer password reset":                           {tape: "optional_password_reset_skip"},

pam/integration-tests/native_test.go

@@ -45,6 +45,7 @@ func TestNativeAuthenticate(t *testing.T) {
 		"Authenticate user with qr code in a TTY session":                      {tape: "qr_code", pamUser: "user-integration-qr-code-tty-session", termEnv: "xterm-256color", sessionEnv: "tty"},
 		"Authenticate user with qr code in screen":                             {tape: "qr_code", pamUser: "user-integration-qr-code-screen", termEnv: "screen"},
 		"Authenticate user with qr code in polkit":                             {tape: "qr_code", pamUser: "user-integration-qr-code-screen", pamServiceName: "polkit-1"},
+		"Authenticate user with login code":                                    {tape: "login_code"},
 		"Authenticate user and reset password while enforcing policy":          {tape: "mandatory_password_reset"},
 		"Authenticate user with mfa and reset password while enforcing policy": {tape: "mfa_reset_pwquality_auth"},
 		"Authenticate user and offer password reset":                           {tape: "optional_password_reset_skip"},

pam/integration-tests/testdata/TestCLIAuthenticate/golden/authenticate_user_with_login_code

@@ -0,0 +1,330 @@
+> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} disable_qrcode_rendering=t
+rue
+Username: user name
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} disable_qrcode_rendering=t
+rue
+Username: user-integration-login-code
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} disable_qrcode_rendering=t
+rue
+  Select your provider
+
+> 1. local
+  2. ExampleBroker
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} disable_qrcode_rendering=t
+rue
+Gimme your password
+>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} disable_qrcode_rendering=t
+rue
+  Select your authentication method
+
+> 1. Password authentication
+  2. Use a Login code
+  3. Send URL to [email protected]
+  4. Use your fido device foo
+  5. Use your phone +33…
+  6. Use your phone +1…
+  7. Authentication code
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} disable_qrcode_rendering=t
+rue
+Enter the code in the login page
+
+https://ubuntu.com
+1337
+
+  [ Regenerate code ]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} disable_qrcode_rendering=t
+rue
+Enter the code in the login page
+
+https://ubuntu.com
+1337
+
+  [ Regenerate code ]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} disable_qrcode_rendering=t
+rue
+Enter the code in the login page
+
+https://ubuntu.fr/
+1338
+
+  [ Regenerate code ]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} disable_qrcode_rendering=t
+rue
+Enter the code in the login page
+
+https://ubuntu.fr/
+1338
+
+PAM Authenticate() for user "user-integration-login-code" exited with success
+PAM AcctMgmt() exited with success
+>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} disable_qrcode_rendering=t
+rue
+Enter the code in the login page
+
+https://ubuntu.fr/
+1338
+
+PAM Authenticate() for user "user-integration-login-code" exited with success
+PAM AcctMgmt() exited with success
+>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+────────────────────────────────────────────────────────────────────────────────