将Duo Web 2因子身份验证与ColdFusion集成
我正在尝试将Duo Web 2FA与我的ColdFusion应用程序集成。我的Coldfusion Server是运行Lucee 4.5.2.018 final的Windows Server 2012。我正在按照described here的GitHub方法进行操作。我收到以下错误消息,我不知道这是什么意思,或者从哪里开始进行故障排除:
invalid call of the function listGetAt, second Argument (posNumber) is
invalid, invalid string list index [2]
The error occurred in C:\inetpub\wwwroot\serviceticket\test.cfm: line 82
80: <cfset request_sig = DuoWeb.signRequest(IKEY, SKEY, AKEY, USER)>
81:
82: <cfset valid_app_sig = ListGetAt(request_sig, 2, ":")>
83:
84:
这是我的测试页代码:
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>2FA</title>
<script src="Scripts/Duo-Web-v2.js"></script>
<script src="Scripts/Duo-Web.js"></script>
</head>
<body>
<cfset IKEY = "DIGF6DVQMHS39JKMHTR3">
<cfset WRONG_IKEY = "DIXXXXXXXXXXXXXXXXXY">
<cfset SKEY = "HIDDEN">
<cfset AKEY = "8mIeduVeTBLqY0zcAKaCaZzhEXTZIPTQRstb0PYd">
<cfset USER = "testuser">
<!--- Dummy response signatures --->
<cfset INVALID_RESPONSE = "AUTH|INVALID|SIG">
<cfset EXPIRED_RESPONSE = "AUTH|dGVzdHVzZXJ8RElYWFhYWFhYWFhYWFhYWFhYWFh8MTMwMDE1Nzg3NA==|cb8f4d60ec7c261394cd5ee5a17e46ca7440d702">
<cfset FUTURE_RESPONSE = "AUTH|dGVzdHVzZXJ8RElYWFhYWFhYWFhYWFhYWFhYWFh8MTYxNTcyNzI0Mw==|d20ad0d1e62d84b00a3e74ec201a5917e77b6aef">
<cfset WRONG_PARAMS_RESPONSE = "AUTH|dGVzdHVzZXJ8RElYWFhYWFhYWFhYWFhYWFhYWFh8MTYxNTcyNzI0M3xpbnZhbGlkZXh0cmFkYXRh|6cdbec0fbfa0d3f335c76b0786a4a18eac6cdca7">
<cfset WRONG_PARAMS_APP = "APP|dGVzdHVzZXJ8RElYWFhYWFhYWFhYWFhYWFhYWFh8MTYxNTcyNzI0M3xpbnZhbGlkZXh0cmFkYXRh|7c2065ea122d028b03ef0295a4b4c5521823b9b5">
<h2>Test signRequest()</h2>
<cfset DuoWeb = CreateObject("component", "cfcs.DuoWeb")>
<br>
<cfdump var="#DuoWeb#" ><hr>
<cfset request_sig = DuoWeb.signRequest(IKEY, SKEY, AKEY, USER)>
<cfdump var="#request_sig#" label="request_sig" /><hr>
<cfif NOT Len(request_sig)>
<p>FAIL request_sig was NULL</p>
<cfelse>
<p>PASS request_sig was not NULL</p>
</cfif>
<cfset request_sig = DuoWeb.signRequest(IKEY, SKEY, AKEY, "")>
<cfif request_sig IS DuoWeb.ERR_USER>
<p>PASS request_sig is ERR_USER</p>
<cfelse>
<p>FAIL request_sig is not ERR_USER it is: <cfoutput>#request_sig#</cfoutput></p>
</cfif>
<cfset request_sig = DuoWeb.signRequest(IKEY, SKEY, AKEY, "in|valid")>
<cfif request_sig IS DuoWeb.ERR_USER>
<p>PASS request_sig is ERR_USER</p>
<cfelse>
<p>FAIL request_sig is not ERR_USER it is: <cfoutput>#request_sig#</cfoutput></p>
</cfif>
<cfset request_sig = DuoWeb.signRequest("invalid", SKEY, AKEY, USER)>
<cfif request_sig IS DuoWEb.ERR_IKEY>
<p>PASS request_sig is ERR_IKEY</p>
<cfelse>
<p>FAIL request_sig is not ERR_IKEY it is:<cfoutput>#request_sig#</cfoutput></p>
</cfif>
<cfset request_sig = DuoWeb.signRequest(IKEY, "invalid", AKEY, USER)>
<cfif request_sig IS DuoWeb.ERR_SKEY>
<p>PASS request_sig is ERR_SKEY</p>
<cfelsE>
<p>FAIL request_sig is not ERR_SKEY it is: <cfoutput>#request_sig#</cfoutput></p>
</cfif>
<cfset request_sig = DuoWeb.signRequest(IKEY, SKEY, "invalid", USER)>
<cfif request_sig IS DuoWeb.ERR_AKEY>
<p>PASS request_sig is ERR_AKEY</p>
<cfelse>
<p>FAIL request_sig is not ERR_AKEY</p>
</cfif>
<h2>Test verifyResponse()</h2>
<cfset request_sig = DuoWeb.signRequest(IKEY, SKEY, AKEY, USER)>
<cfset valid_app_sig = ListGetAt(request_sig, 2, ":")>
<cfset future_user = DuoWeb.verifyResponse(IKEY, SKEY, AKEY, FUTURE_RESPONSE & ":" & valid_app_sig)>
<cfif future_user IS USER>
<p>PASS future_user</p>
<cfelse>
<p>FAIL future_user is: <cfoutput>#future_user#</cfoutput></p>
</cfif>
<cfset request_sig = DuoWeb.signRequest(IKEY, SKEY, "1234567890123456789012345678901234567890", USER)>
<cfset invalid_app_sig = ListGetAt(request_sig, 2, ":")>
<cfset invalid_user = DuoWeb.verifyResponse(IKEY, SKEY, AKEY, INVALID_RESPONSE & ":" & valid_app_sig)>
<cfif NOT Len(invalid_user)>
<p>PASS invalid_user</p>
<cfelse>
<p>FAIL invalid_user</p>
</cfif>
<cfset expired_user = DuoWeb.verifyResponse(IKEY, SKEY, AKEY, EXPIRED_RESPONSE & ":" & valid_app_sig)>
<cfif NOT Len(expired_user)>
<p>PASS expired_user</p>
<cfelse>
<p>FAIL expired_user</p>
</cfif>
<cfset future_user = DuoWeb.verifyResponse(IKEY, SKEY, AKEY, FUTURE_RESPONSE & ":" & invalid_app_sig)>
<cfif NOT Len(future_user)>
<p>PASS future_user invalid_app_sig</p>
<cfelse>
<p>FAIL future_user invalid_app_sig</p>
</cfif>
<cfset future_user = DuoWeb.verifyResponse(IKEY, SKEY, AKEY, WRONG_PARAMS_RESPONSE & ":" & valid_app_sig)>
<cfif NOT Len(future_user)>
<p>PASS future_user invalid_response_format</p>
<cfelse>
<p>FAIL future_user invalid_response_format</p>
</cfif>
<cfset future_user = DuoWeb.verifyResponse(IKEY, SKEY, AKEY, FUTURE_RESPONSE & ":" & WRONG_PARAMS_APP)>
<cfif NOT Len(future_user)>
<p>PASS future_user invalid_app_format</p>
<cfelse>
<p>FAIL future_user invalid_app_format</p>
</cfif>
<cfset future_user = DuoWeb.verifyResponse(WRONG_IKEY, SKEY, AKEY, FUTURE_RESPONSE & ":" & valid_app_sig)>
<cfif NOT Len(future_user)>
<p>PASS future_user wrong_ikey</p>
<cfelse>
<p>FAIL future_user wrong_ikey</p>
</cfif>
<h2>Test hmacSign</h2>
<!--- test from rfc 2202 --->
<cfset result = DuoWeb.hmacSign("Jefe", "what do ya want for nothing?")>
<cfif result IS NOT "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79">
<p>FAIL hmac result was <cfoutput>#result#</cfoutput></p>
<cfelse>
<p>PASS hmac working properly</p>
</cfif>
</body>
</html>
此实现的文档不多,但看起来很简单。此时,我只是想使此测试页正常工作,然后将其完整集成。
有人可以帮助我检测我在做什么错吗?这是我的错误的屏幕截图:
在我的CFC中将cftry / cfcatch替换为:
<cfset duo_sig = signVals(arguments.sKey, arguments.username, arguments.iKey, variables.DUO_PREFIX, variables.DUO_EXPIRE)>
<cfset app_sig = signVals(arguments.aKey, arguments.username, arguments.iKey, variables.APP_PREFIX, variables.APP_EXPIRE)>
这是它引发的错误:
1 个答案:
答案 0 :(得分:2)
cfifs太多了,您不需要它们(我了解您是从他们的测试页上获取的,但在这种情况下没有帮助)。
只需在创建对象后立即执行<cfdump var="#DuoWeb#" >,并希望它将揭示signRequest方法的签名。
如果可行,请一次分配request_sig并执行<cfdump var="#request_sig#" >
<h2>Test signRequest()</h2>
<cfset DuoWeb = CreateObject("component", "cfcs.DuoWeb")>
<cfdump var="#DuoWeb#" label="DuoWeb Object" />
<hr />
<cfset request_sig = DuoWeb.signRequest(IKEY, SKEY, AKEY, USER)>
<cfdump var="#request_sig#" label="request_sig" />
如果request_sig看起来不像其中包含:的字符串,则ListGetAt(request_sig, 2, ":")将引发错误。
希望对您有所帮助。
更新
cftry/cfcatch中有一个DuoWeb.cfc部分,因此您看不到真正的问题。
打开DuoWeb.cfc并暂时删除cftry/cfcatch,然后再次运行测试页。它应该在出现问题的地方抛出错误并提供更多信息。
在DuoWeb.cfc中替换为:
<cftry>
<cfset duo_sig = signVals(arguments.sKey, arguments.username, arguments.iKey, variables.DUO_PREFIX, variables.DUO_EXPIRE)>
<cfset app_sig = signVals(arguments.aKey, arguments.username, arguments.iKey, variables.APP_PREFIX, variables.APP_EXPIRE)>
<cfcatch>
<cfreturn this.ERR_UNKNOWN>
</cfcatch>
</cftry>
与此:
<cfset duo_sig = signVals(arguments.sKey, arguments.username, arguments.iKey, variables.DUO_PREFIX, variables.DUO_EXPIRE)>
<cfset app_sig = signVals(arguments.aKey, arguments.username, arguments.iKey, variables.APP_PREFIX, variables.APP_EXPIRE)>
更新2
我已经尝试使用Lucee,但它不能按原样工作。看起来Lucee不喜欢"cookie"的{{1}}方法这一节中的DuoWeb.cfc一词。
在signVals中进行以下更改:
DuoWeb.cfc对此(我的建议是 <cfset var cookie = arguments.prefix & "|" & ToBase64(value)>
<cfset var sig = hmacSign(arguments.key, cookie)>
<cfreturn cookie & "|" & sig>
):
cookie__应该可以解决问题。
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?