2017-01-27 07:08:54 +01:00
|
|
|
package Lemonldap::NG::Portal::Auth::Yubikey;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use Mouse;
|
|
|
|
use JSON;
|
2017-02-15 16:08:23 +01:00
|
|
|
use Lemonldap::NG::Common::UserAgent;
|
2017-01-27 07:08:54 +01:00
|
|
|
use HTTP::Request;
|
|
|
|
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR PE_FORMEMPTY);
|
|
|
|
|
|
|
|
our $VERSION = '2.0.0';
|
|
|
|
|
2018-02-19 22:11:43 +01:00
|
|
|
extends 'Lemonldap::NG::Portal::Main::Auth';
|
2017-01-27 07:08:54 +01:00
|
|
|
|
|
|
|
# INITIALIZATION
|
|
|
|
|
|
|
|
# Try to load Yubikey perl module
|
|
|
|
sub init {
|
|
|
|
my ($self) = @_;
|
|
|
|
eval { require Auth::Yubikey_WebClient };
|
|
|
|
if ($@) {
|
|
|
|
$self->error($@);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
unless ($self->conf->{yubikeyClientID}
|
|
|
|
and $self->conf->{yubikeySecretKey} )
|
|
|
|
{
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error(
|
|
|
|
"Missing mandatory parameters (Client ID and secret key)");
|
2017-01-27 07:08:54 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
$self->conf->{yubikeyPublicIDSize} ||= 12;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub extractFormInfo {
|
|
|
|
my ( $self, $req ) = @_;
|
|
|
|
|
|
|
|
# Get OTP
|
|
|
|
my $otp = $req->param('yubikeyOTP');
|
|
|
|
return PE_FORMEMPTY unless $otp;
|
|
|
|
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("Received Yubikey OTP $otp");
|
2017-01-27 07:08:54 +01:00
|
|
|
|
|
|
|
# Verify OTP
|
|
|
|
my $result = Auth::Yubikey_WebClient::yubikey_webclient(
|
|
|
|
$otp,
|
|
|
|
$self->conf->{yubikeyClientID},
|
|
|
|
$self->conf->{yubikeySecretKey}
|
|
|
|
);
|
|
|
|
|
|
|
|
# Store user, which is the public ID part of the OTP
|
|
|
|
$req->{user} = substr( $otp, 0, $self->conf->{yubikeyPublicIDSize} );
|
|
|
|
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub authenticate {
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub setAuthSessionInfo {
|
|
|
|
my ( $self, $req ) = @_;
|
|
|
|
$req->{sessionInfo}->{authenticationLevel} =
|
|
|
|
$self->conf->{yubikeyAuthnLevel};
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub authLogout {
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub getDisplayType {
|
|
|
|
return 'yubikeyform';
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|