lemonldap-ng/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/REST.pm

package Lemonldap::NG::Portal::2F::REST;

use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
  PE_BADOTP
  PE_ERROR
  PE_FORMEMPTY
  PE_OK
  PE_SENDRESPONSE
);

our $VERSION = '2.0.10';

extends qw(
  Lemonldap::NG::Portal::Main::SecondFactor
  Lemonldap::NG::Portal::Lib::REST
);

# INITIALIZATION

has prefix    => ( is => 'rw', default => 'rest' );
has initAttrs => ( is => 'rw', default => sub { {} } );
has vrfyAttrs => ( is => 'rw', default => sub { {} } );

sub init {
    my ($self) = @_;
    unless ( $self->conf->{rest2fVerifyUrl} ) {
        $self->logger->error('Missing REST verification URL');
        return 0;
    }
    $self->prefix( $self->conf->{sfPrefix} )
      if ( $self->conf->{sfPrefix} );
    foreach my $k ( keys %{ $self->conf->{rest2fInitArgs} } ) {
        my $attr = $self->conf->{rest2fInitArgs}->{$k};
        $attr =~ s/^$//;
        unless ( $attr =~ /^\w+$/ ) {
            $self->logger->error(
                "2F REST: $k key must point to a single attribute or macro");
            return 0;
        }
        $self->initAttrs->{$k} = $attr;
    }
    foreach my $k ( keys %{ $self->conf->{rest2fVerifyArgs} } ) {
        my $attr = $self->conf->{rest2fVerifyArgs}->{$k};
        $attr =~ s/^$//;
        unless ( $attr =~ /^\w+$/ ) {
            $self->logger->error(
                "2F REST: $k key must point to a single attribute or macro");
            return 0;
        }
        $self->vrfyAttrs->{$k} = $attr;
    }
    return $self->SUPER::init();
}

sub run {
    my ( $self, $req, $token ) = @_;

    my $checkLogins = $req->param('checkLogins');
    $self->logger->debug("REST2F: checkLogins set") if $checkLogins;

    my $stayconnected = $req->param('stayconnected');
    $self->logger->debug("REST2F: stayconnected set") if $stayconnected;

    if ( $self->conf->{rest2fInitUrl} ) {

        # Prepare args
        my $args = {};
        foreach my $k ( keys %{ $self->{initAttrs} } ) {
            $args->{$k} = $req->sessionInfo->{ $self->{initAttrs}->{$k} };
        }

        # Launch REST request
        $self->logger->debug('Call REST init URL');
        my $res =
          eval { $self->restCall( $self->conf->{rest2fInitUrl}, $args ); };
        if ($@) {
            $self->logger->error("REST 2F error: $@");
            return PE_ERROR;
        }
        unless ( $res->{result} ) {
            $self->logger->error("REST 2F initialization has failed");
            return PE_ERROR;
        }
    }
    else {
        $self->logger->debug('No init URL, skipping initialization');
    }

    # Prepare form
    my $tmp = $self->p->sendHtml(
        $req,
        'ext2fcheck',
        params => {
            MAIN_LOGO => $self->conf->{portalMainLogo},
            SKIN      => $self->p->getSkin($req),
            TOKEN     => $token,
            PREFIX    => $self->prefix,
            TARGET    => '/'
              . $self->prefix
              . '2fcheck?skin='
              . $self->p->getSkin($req),
            LEGEND        => 'enterRest2fCode',
            CHECKLOGINS   => $checkLogins,
            STAYCONNECTED => $stayconnected
        }
    );
    $self->logger->debug("Prepare external REST verification");

    $req->response($tmp);
    return PE_SENDRESPONSE;
}

sub verify {
    my ( $self, $req, $session ) = @_;
    my $code;
    unless ( $code = $req->param('code') ) {
        $self->userLogger->error('External REST 2F: no code');
        return PE_FORMEMPTY;
    }

    # Prepare args
    my $args = {};
    foreach my $k ( keys %{ $self->{vrfyAttrs} } ) {
        $args->{$k} = (
              $k eq 'code'
            ? $code
            : $session->{ $self->{vrfyAttrs}->{$k} }
        );
    }

    # Launch REST request
    $self->logger->debug('Call REST vrfy URL');
    my $res =
      eval { $self->restCall( $self->conf->{rest2fVerifyUrl}, $args ); };
    if ($@) {
        $self->logger->error("REST 2F error: $@");
        return PE_ERROR;
    }

    # Result
    unless ( $res->{result} ) {
        $self->userLogger->warn( 'REST Second factor failed for '
              . $session->{ $self->conf->{whatToTrace} } );
        return PE_BADOTP;
    }
    return PE_OK;
}

1;
REST external 2F skeleton (#1379) 2018-02-23 09:11:19 +01:00			`package Lemonldap::NG::Portal::2F::REST;`

			`use strict;`
			`use Mouse;`
			`use Lemonldap::NG::Portal::Main::Constants qw(`
Change portal error code on 2F failure (#2008) 2019-11-13 11:46:30 +01:00			`PE_BADOTP`
REST external 2F skeleton (#1379) 2018-02-23 09:11:19 +01:00			`PE_ERROR`
			`PE_FORMEMPTY`
			`PE_OK`
			`PE_SENDRESPONSE`
			`);`

Update version & tidy (#2366) 2020-10-31 23:43:08 +01:00			`our $VERSION = '2.0.10';`
REST external 2F skeleton (#1379) 2018-02-23 09:11:19 +01:00
Update version & tidy (#2366) 2020-10-31 23:43:08 +01:00			`extends qw(`
			`Lemonldap::NG::Portal::Main::SecondFactor`
			`Lemonldap::NG::Portal::Lib::REST`
			`);`
REST external 2F skeleton (#1379) 2018-02-23 09:11:19 +01:00
			`# INITIALIZATION`

Update version & tidy (#2366) 2020-10-31 23:43:08 +01:00			`has prefix => ( is => 'rw', default => 'rest' );`
Just in case... (#1398) 2018-03-19 16:58:26 +01:00			`has initAttrs => ( is => 'rw', default => sub { {} } );`
			`has vrfyAttrs => ( is => 'rw', default => sub { {} } );`
REST external 2F skeleton (#1379) 2018-02-23 09:11:19 +01:00
			`sub init {`
			`my ($self) = @_;`
			`unless ( $self->conf->{rest2fVerifyUrl} ) {`
			`$self->logger->error('Missing REST verification URL');`
			`return 0;`
			`}`
Allow multi instanciation of 2F modules (#1860) This commit adds a manager interface to declare multiple instances of a single 2F module, in a manner similar to Combination. An additional portal code reads the `sfExtra` variable to load the declared modules. An empty rules means the module will be always active. 2019-07-18 22:41:24 +02:00			`$self->prefix( $self->conf->{sfPrefix} )`
Add labels and logos to all 2F providers (#1873) 2019-08-01 17:27:14 +02:00			`if ( $self->conf->{sfPrefix} );`
REST external 2F skeleton (#1379) 2018-02-23 09:11:19 +01:00			`foreach my $k ( keys %{ $self->conf->{rest2fInitArgs} } ) {`
			`my $attr = $self->conf->{rest2fInitArgs}->{$k};`
			`$attr =~ s/^$//;`
			`unless ( $attr =~ /^\w+$/ ) {`
			`$self->logger->error(`
			`"2F REST: $k key must point to a single attribute or macro");`
			`return 0;`
			`}`
			`$self->initAttrs->{$k} = $attr;`
			`}`
			`foreach my $k ( keys %{ $self->conf->{rest2fVerifyArgs} } ) {`
			`my $attr = $self->conf->{rest2fVerifyArgs}->{$k};`
			`$attr =~ s/^$//;`
			`unless ( $attr =~ /^\w+$/ ) {`
			`$self->logger->error(`
			`"2F REST: $k key must point to a single attribute or macro");`
			`return 0;`
			`}`
			`$self->vrfyAttrs->{$k} = $attr;`
			`}`
Fix an error in REST2F (#1398) 2018-03-19 17:34:21 +01:00			`return $self->SUPER::init();`
REST external 2F skeleton (#1379) 2018-02-23 09:11:19 +01:00			`}`

			`sub run {`
			`my ( $self, $req, $token ) = @_;`
Tidy 2018-06-21 21:35:16 +02:00
WIP - Propage display logins history to ext and REST 2F (#1442) 2018-06-12 22:49:49 +02:00			`my $checkLogins = $req->param('checkLogins');`
Submit 2FA with StayConnected plugin (#2366) 2020-10-31 23:01:11 +01:00			`$self->logger->debug("REST2F: checkLogins set") if $checkLogins;`

			`my $stayconnected = $req->param('stayconnected');`
			`$self->logger->debug("REST2F: stayconnected set") if $stayconnected;`
REST external 2F skeleton (#1379) 2018-02-23 09:11:19 +01:00
			`if ( $self->conf->{rest2fInitUrl} ) {`

			`# Prepare args`
Just in case... (#1398) 2018-03-19 16:58:26 +01:00			`my $args = {};`
REST external 2F skeleton (#1379) 2018-02-23 09:11:19 +01:00			`foreach my $k ( keys %{ $self->{initAttrs} } ) {`
			`$args->{$k} = $req->sessionInfo->{ $self->{initAttrs}->{$k} };`
			`}`

			`# Launch REST request`
			`$self->logger->debug('Call REST init URL');`
			`my $res =`
			`eval { $self->restCall( $self->conf->{rest2fInitUrl}, $args ); };`
			`if ($@) {`
			`$self->logger->error("REST 2F error: $@");`
			`return PE_ERROR;`
			`}`
			`unless ( $res->{result} ) {`
			`$self->logger->error("REST 2F initialization has failed");`
			`return PE_ERROR;`
			`}`
			`}`
			`else {`
			`$self->logger->debug('No init URL, skipping initialization');`
			`}`

			`# Prepare form`
			`my $tmp = $self->p->sendHtml(`
			`$req,`
			`'ext2fcheck',`
			`params => {`
Pass skin parameter in 2F flows (#1915) 2019-09-03 11:56:48 +02:00			`MAIN_LOGO => $self->conf->{portalMainLogo},`
			`SKIN => $self->p->getSkin($req),`
			`TOKEN => $token,`
			`PREFIX => $self->prefix,`
			`TARGET => '/'`
			`. $self->prefix`
			`. '2fcheck?skin='`
			`. $self->p->getSkin($req),`
Submit 2FA with StayConnected plugin (#2366) 2020-10-31 23:01:11 +01:00			`LEGEND => 'enterRest2fCode',`
			`CHECKLOGINS => $checkLogins,`
			`STAYCONNECTED => $stayconnected`
REST external 2F skeleton (#1379) 2018-02-23 09:11:19 +01:00			`}`
			`);`
			`$self->logger->debug("Prepare external REST verification");`

			`$req->response($tmp);`
			`return PE_SENDRESPONSE;`
			`}`

			`sub verify {`
			`my ( $self, $req, $session ) = @_;`
			`my $code;`
			`unless ( $code = $req->param('code') ) {`
			`$self->userLogger->error('External REST 2F: no code');`
			`return PE_FORMEMPTY;`
			`}`

			`# Prepare args`
Just in case... (#1398) 2018-03-19 16:58:26 +01:00			`my $args = {};`
REST external 2F skeleton (#1379) 2018-02-23 09:11:19 +01:00			`foreach my $k ( keys %{ $self->{vrfyAttrs} } ) {`
Tidy 2018-03-13 07:14:01 +01:00			`$args->{$k} = (`
			`$k eq 'code'`
Code was missing in REST call (#1379) 2018-02-23 09:51:14 +01:00			`? $code`
fix param transmission in rest2f (#2123) 2020-03-26 10:57:37 +01:00			`: $session->{ $self->{vrfyAttrs}->{$k} }`
Tidy 2018-03-13 07:14:01 +01:00			`);`
REST external 2F skeleton (#1379) 2018-02-23 09:11:19 +01:00			`}`

			`# Launch REST request`
			`$self->logger->debug('Call REST vrfy URL');`
			`my $res =`
REST 2F manager part (#1379) 2018-02-23 09:38:33 +01:00			`eval { $self->restCall( $self->conf->{rest2fVerifyUrl}, $args ); };`
REST external 2F skeleton (#1379) 2018-02-23 09:11:19 +01:00			`if ($@) {`
			`$self->logger->error("REST 2F error: $@");`
			`return PE_ERROR;`
			`}`

			`# Result`
			`unless ( $res->{result} ) {`
			`$self->userLogger->warn( 'REST Second factor failed for '`
			`. $session->{ $self->conf->{whatToTrace} } );`
Change portal error code on 2F failure (#2008) 2019-11-13 11:46:30 +01:00			`return PE_BADOTP;`
REST external 2F skeleton (#1379) 2018-02-23 09:11:19 +01:00			`}`
Improve code 2020-02-17 23:22:31 +01:00			`return PE_OK;`
REST external 2F skeleton (#1379) 2018-02-23 09:11:19 +01:00			`}`

			`1;`