From 53131a7a3b29aa6b1eb529efd981a6bfcdd9efb1 Mon Sep 17 00:00:00 2001
From: Xavier Henner <xavier.henner@dailymotion.com>
Date: Mon, 15 Jul 2019 17:14:40 +0200
Subject: [PATCH] correct bugs on web interface

---
 httpd.go | 13 +++++++------
 ldap.go  |  2 --
 otp.go   |  2 +-
 3 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/httpd.go b/httpd.go
index 39fa6cd..71158f9 100644
--- a/httpd.go
+++ b/httpd.go
@@ -49,7 +49,8 @@ func parseJsonQuery(r *http.Request) (*jsonInput, error) {
 }
 
 func (h *HttpServer) handler(w http.ResponseWriter, r *http.Request) {
-	fmt.Fprintf(w, "nothing here\n")
+	w.Header().Set("Content-type", "application/javascript")
+	fmt.Fprintf(w, "\n")
 }
 
 func (h *HttpServer) versionHandler(w http.ResponseWriter, r *http.Request) {
@@ -80,6 +81,8 @@ func (h *HttpServer) helpHandler(w http.ResponseWriter, r *http.Request) {
 func (h *HttpServer) ajaxHandler(w http.ResponseWriter, r *http.Request) {
 	var sslUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageAny}
 
+	w.Header().Set("Content-type", "application/json")
+
 	// deactivate if there is no https auth
 	if h.key == "" || h.cert == "" || h.certPool == nil {
 		http.Error(w, "No security, deactivated", 403)
@@ -133,7 +136,7 @@ func (h *HttpServer) ajaxHandler(w http.ResponseWriter, r *http.Request) {
 	case "stats":
 		jsonStr, err := json.Marshal(h.ovpn.Stats())
 		if err != nil {
-			fmt.Fprintf(w, "Error : %s", err)
+			http.Error(w, fmt.Sprintf("%s", err), 500)
 		}
 		fmt.Fprintf(w, "%s", jsonStr)
 
@@ -141,12 +144,10 @@ func (h *HttpServer) ajaxHandler(w http.ResponseWriter, r *http.Request) {
 		if err := h.ovpn.Kill(req.Params.Session, req.Params.Id); err != nil {
 			http.Error(w, fmt.Sprintf("%s", err), 500)
 		}
-
+		fmt.Fprintf(w, "{}")
 	default:
 		http.Error(w, "Invalid request", 500)
-
 	}
-
 	return
 }
 
@@ -184,7 +185,7 @@ func NewHTTPServer(port, key, cert, ca, minProfile, neededProfile string, s *Ope
 		server := &http.Server{
 			Addr: port,
 			TLSConfig: &tls.Config{
-				ClientAuth: tls.RequestClientCert,
+				ClientAuth: tls.RequireAndVerifyClientCert,
 				ClientCAs:  h.certPool,
 			},
 		}
diff --git a/ldap.go b/ldap.go
index c3f65f1..5ec7cf9 100644
--- a/ldap.go
+++ b/ldap.go
@@ -214,8 +214,6 @@ func (conf *ldapConfig) Auth(logins []string, pass string) (e error, userOk, pas
 		if len(ret) > 2 {
 			attributes = append(attributes, ret[2:]...)
 		}
-		log.Println(attributes)
-
 		log.Printf("User %s has a valid account on %s", logins[0], s)
 
 		userdn := sr.Entries[0].DN
diff --git a/otp.go b/otp.go
index bdddbb3..56b41b0 100644
--- a/otp.go
+++ b/otp.go
@@ -41,7 +41,7 @@ func (s *OpenVpnMgt) GenerateOTPGeneric(user string, period int, algo string, se
 	// the first code is the generic one
 	codes = append(codes, code)
 
-	for i := 1; i < 3; i++ {
+	for i := 1; i < 4; i++ {
 		code, _ = GenericTotpCode(secret, now.Add(-1*time.Second*time.Duration(period*i)), algo, digits, period)
 		codes = append(codes, code)
 	}