2017-03-23 12:17:01 +01:00
|
|
|
package Lemonldap::NG::Portal::Main::SecondFactor;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use Mouse;
|
|
|
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
|
|
|
PE_OK
|
|
|
|
PE_NOTOKEN
|
|
|
|
PE_TOKENEXPIRED
|
|
|
|
);
|
|
|
|
|
|
|
|
our $VERSION = '2.0.0';
|
|
|
|
|
|
|
|
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
|
|
|
|
|
|
|
# INITIALIZATION
|
|
|
|
|
|
|
|
has ott => (
|
|
|
|
is => 'rw',
|
|
|
|
default => sub {
|
|
|
|
my $ott =
|
|
|
|
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
|
|
|
$ott->timeout( $_[0]->{conf}->{formTimeout} );
|
|
|
|
return $ott;
|
|
|
|
}
|
|
|
|
);
|
|
|
|
|
|
|
|
has prefix => ( is => 'rw' );
|
|
|
|
|
2018-03-09 16:51:15 +01:00
|
|
|
has logo => ( is => 'rw', default => '2f.png' );
|
2018-03-08 22:24:02 +01:00
|
|
|
|
2018-03-18 09:15:23 +01:00
|
|
|
has noRoute => ( is => 'ro' );
|
|
|
|
|
2017-03-23 12:17:01 +01:00
|
|
|
sub init {
|
|
|
|
my ($self) = @_;
|
2018-03-18 09:15:23 +01:00
|
|
|
unless ( $self->noRoute ) {
|
2018-03-20 18:19:53 +01:00
|
|
|
$self->logger->debug('Adding '.$self->prefix . '2fcheck routes');
|
2018-03-18 09:15:23 +01:00
|
|
|
$self->addUnauthRoute(
|
|
|
|
$self->prefix . '2fcheck' => '_verify',
|
|
|
|
['POST']
|
|
|
|
);
|
|
|
|
$self->addUnauthRoute(
|
|
|
|
$self->prefix . '2fcheck' => '_redirect',
|
|
|
|
['GET']
|
|
|
|
);
|
|
|
|
}
|
2017-03-23 12:17:01 +01:00
|
|
|
1;
|
|
|
|
}
|
|
|
|
|
2018-02-20 22:58:20 +01:00
|
|
|
sub _redirect {
|
|
|
|
my ( $self, $req ) = @_;
|
|
|
|
my $arg = $req->env->{QUERY_STRING};
|
|
|
|
return [
|
|
|
|
302, [ Location => $self->conf->{portal} . ( $arg ? "?$arg" : '' ) ], []
|
|
|
|
];
|
|
|
|
}
|
|
|
|
|
2017-03-23 12:17:01 +01:00
|
|
|
sub _verify {
|
|
|
|
my ( $self, $req ) = @_;
|
|
|
|
|
|
|
|
# Check token
|
|
|
|
my $token;
|
|
|
|
unless ( $token = $req->param('token') ) {
|
|
|
|
$self->userLogger->error( $self->prefix . ' 2F access without token' );
|
2018-02-20 22:58:20 +01:00
|
|
|
$req->mustRedirect(1);
|
2017-03-23 12:17:01 +01:00
|
|
|
return $self->p->do( $req, [ sub { PE_NOTOKEN } ] );
|
|
|
|
}
|
|
|
|
|
|
|
|
my $session;
|
|
|
|
unless ( $session = $self->ott->getToken($token) ) {
|
|
|
|
$self->userLogger->info('Token expired');
|
|
|
|
return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] );
|
|
|
|
}
|
|
|
|
|
|
|
|
# Launch second factor verification
|
|
|
|
my $res = $self->verify( $req, $session );
|
|
|
|
|
|
|
|
# Case error
|
|
|
|
if ($res) {
|
2018-02-20 22:58:20 +01:00
|
|
|
$req->noLoginDisplay(1);
|
2017-03-23 12:17:01 +01:00
|
|
|
return $self->p->do( $req, [ sub { $res } ] );
|
|
|
|
}
|
|
|
|
|
|
|
|
# Else restore session
|
|
|
|
$req->sessionInfo($session);
|
|
|
|
$req->id( delete $req->sessionInfo->{_2fRealSession} );
|
2017-04-17 12:57:35 +02:00
|
|
|
$req->urldc( delete $req->sessionInfo->{_2fUrldc} );
|
2017-03-23 12:17:01 +01:00
|
|
|
$self->p->rebuildCookies($req);
|
|
|
|
$req->mustRedirect(1);
|
|
|
|
$self->userLogger->notice( $self->prefix
|
|
|
|
. '2F verification for '
|
|
|
|
. $req->sessionInfo->{ $self->conf->{whatToTrace} } );
|
|
|
|
if ( my $l = $self->conf->{ $self->prefix . '2fAuthnLevel' } ) {
|
|
|
|
$self->p->updateSession( $req, { authenticationLevel => $l } );
|
|
|
|
}
|
|
|
|
return $self->p->do( $req, [ sub { PE_OK } ] );
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|
2017-03-23 13:06:53 +01:00
|
|
|
__END__
|
|
|
|
|
|
|
|
=pod
|
|
|
|
|
|
|
|
=encoding utf8
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
Lemonldap::NG::Portal::Main::SecondFactor - Base class for
|
|
|
|
L<Lemonldap::NG::Portal> second factor plugins.
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
2018-02-19 22:07:20 +01:00
|
|
|
package Lemonldap::NG::Portal::2F::MySecondFactor;
|
2017-03-23 13:06:53 +01:00
|
|
|
use Mouse;
|
2018-03-18 22:53:41 +01:00
|
|
|
# Import used constants
|
2017-03-23 13:06:53 +01:00
|
|
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
|
|
|
PE_OK
|
|
|
|
PE_BADCREDENTIALS
|
|
|
|
PE_SENDRESPONSE
|
|
|
|
);
|
|
|
|
extends 'Lemonldap::NG::Portal::Main::SecondFactor';
|
|
|
|
|
2018-03-18 22:53:41 +01:00
|
|
|
# INITIALIZATION
|
|
|
|
|
2017-03-23 13:06:53 +01:00
|
|
|
# Prefix that will be used in parameter names. The form used to enter the
|
|
|
|
# second factor must post its result to "/my2fcheck" (if "my" is the prefix).
|
|
|
|
has prefix => ( is => 'ro', default => 'my' );
|
2018-03-18 22:53:41 +01:00
|
|
|
# Optional logo
|
|
|
|
has logo => ( is => 'rw', default => 'mylogo.png' );
|
2017-03-23 13:06:53 +01:00
|
|
|
|
2018-03-18 22:53:41 +01:00
|
|
|
# Required init method
|
2017-03-23 13:06:53 +01:00
|
|
|
sub init {
|
|
|
|
my ($self) = @_;
|
|
|
|
# Insert here initialization process
|
2018-03-18 22:53:41 +01:00
|
|
|
# Required call:
|
2017-03-23 13:06:53 +01:00
|
|
|
return $self->SUPER::init();
|
|
|
|
}
|
2018-03-18 22:53:41 +01:00
|
|
|
|
|
|
|
# RUNNING METHODS
|
|
|
|
|
2017-03-23 13:06:53 +01:00
|
|
|
# Required 2nd factor send method
|
|
|
|
sub run {
|
|
|
|
my ( $self, $req, $token ) = @_;
|
|
|
|
# $token must be inserted in a hidden input in your form with the name
|
|
|
|
# "token"
|
|
|
|
...
|
2018-03-07 09:51:51 +01:00
|
|
|
# A LLNG constant must be returned. Example:
|
|
|
|
$req->response($my_psgi_response)
|
2017-03-23 13:06:53 +01:00
|
|
|
return PE_SENDRESPONSE;
|
|
|
|
}
|
2018-03-18 22:53:41 +01:00
|
|
|
# Required 2nd factor verify method
|
2017-03-23 13:06:53 +01:00
|
|
|
sub verify {
|
|
|
|
my ( $self, $req, $session ) = @_;
|
|
|
|
# Use $req->param('field') to get POST responses
|
|
|
|
...
|
2018-03-18 22:53:41 +01:00
|
|
|
if($result eq $goodResult) {
|
2017-03-23 13:06:53 +01:00
|
|
|
return PE_OK;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
return PE_BADCREDENTIALS
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
Enable your plugin in lemonldap-ng.ini, section [portal]:
|
|
|
|
|
|
|
|
=over
|
|
|
|
|
|
|
|
=item <prefix>2fActivation (required): 1, 0 or a rule
|
|
|
|
|
|
|
|
=item <prefix>2fAuthnLevel (optional): change authentication level for users
|
|
|
|
authenticated by this plugin
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
[portal]
|
2018-02-19 22:07:20 +01:00
|
|
|
customPlugins = Lemonldap::NG::Portal::2F::MyPlugin
|
2017-03-23 13:06:53 +01:00
|
|
|
my2fActivation = 1
|
|
|
|
my2fAuthnLevel = 4
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
Lemonldap::NG::Portal::Main::SecondFactor provides a simple framework to build
|
|
|
|
Lemonldap::NG second authentication factor plugin.
|
|
|
|
|
2018-03-18 22:55:28 +01:00
|
|
|
See Lemonldap::NG::Portal::Plugins::2F::* packages for examples.
|
2017-03-23 13:06:53 +01:00
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
|
|
L<http://lemonldap-ng.org>
|
|
|
|
|
|
|
|
=head2 OTHER POD FILES
|
|
|
|
|
|
|
|
=over
|
|
|
|
|
2018-02-19 22:07:20 +01:00
|
|
|
=item Writing an authentication module: L<Lemonldap::NG::Portal::Auth>
|
|
|
|
|
|
|
|
=item Writing a UserDB module: L<Lemonldap::NG::Portal::UserDB>
|
|
|
|
|
|
|
|
=item Writing a second factor module: L<Lemonldap::NG::Portal::Main::SecondFactor>
|
2017-03-23 13:06:53 +01:00
|
|
|
|
|
|
|
=item Writing an issuer module: L<Lemonldap::NG::Portal::Main::Issuer>
|
|
|
|
|
2018-03-15 21:20:03 +01:00
|
|
|
=item Writing another plugin: L<Lemonldap::NG::Portal::Main::Plugin>
|
2018-02-19 22:07:20 +01:00
|
|
|
|
2017-03-23 13:06:53 +01:00
|
|
|
=item Request object: L<Lemonldap::NG::Portal::Main::Request>
|
|
|
|
|
|
|
|
=item Adding parameters in the manager: L<Lemonldap::NG::Manager::Build>
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=head1 AUTHORS
|
|
|
|
|
|
|
|
=over
|
|
|
|
|
|
|
|
=item LemonLDAP::NG team L<http://lemonldap-ng.org/team>
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=head1 BUG REPORT
|
|
|
|
|
|
|
|
Use OW2 system to report bug or ask for features:
|
2017-11-11 14:06:23 +01:00
|
|
|
L<https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>
|
2017-03-23 13:06:53 +01:00
|
|
|
|
|
|
|
=head1 DOWNLOAD
|
|
|
|
|
|
|
|
Lemonldap::NG is available at
|
|
|
|
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
|
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE
|
|
|
|
|
|
|
|
See COPYING file for details.
|
|
|
|
|
|
|
|
This library is free software; you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2, or (at your option)
|
|
|
|
any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program. If not, see L<http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
=cut
|