2018-03-30 21:24:34 +02:00
|
|
|
# Self Yubikey registration
|
2018-03-20 18:19:53 +01:00
|
|
|
package Lemonldap::NG::Portal::2F::Register::Yubikey;
|
|
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
|
use Mouse;
|
2018-03-29 21:27:35 +02:00
|
|
|
use JSON qw(from_json to_json);
|
2018-03-20 18:19:53 +01:00
|
|
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
|
|
|
|
PE_FORMEMPTY
|
|
|
|
|
PE_ERROR
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
our $VERSION = '2.0.0';
|
|
|
|
|
|
|
|
|
|
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
|
|
|
|
|
|
|
|
|
# INITIALIZATION
|
|
|
|
|
|
|
|
|
|
has prefix => ( is => 'rw', default => 'yubikey' );
|
|
|
|
|
|
|
|
|
|
has template => ( is => 'ro', default => 'yubikey2fregister' );
|
|
|
|
|
|
2018-03-29 21:27:35 +02:00
|
|
|
has logo => ( is => 'rw', default => 'yubikey.png' );
|
2018-03-20 18:19:53 +01:00
|
|
|
|
|
|
|
|
sub init {
|
|
|
|
|
my ($self) = @_;
|
2018-04-05 19:43:06 +02:00
|
|
|
|
|
|
|
|
#$self->conf->{yubikey2fPublicIDSize} ||= 12;
|
2018-03-20 18:19:53 +01:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# RUNNING METHODS
|
|
|
|
|
|
|
|
|
|
# Main method
|
|
|
|
|
sub run {
|
|
|
|
|
my ( $self, $req, $action ) = @_;
|
|
|
|
|
if ( $action eq 'register' ) {
|
2018-03-29 23:11:46 +02:00
|
|
|
my $otp = $req->param('otp');
|
|
|
|
|
my $UBKName = $req->param('UBKName');
|
2018-04-03 21:17:15 +02:00
|
|
|
my $epoch = time();
|
|
|
|
|
|
2018-04-05 19:43:06 +02:00
|
|
|
# Set default name if empty and troncate name if too long
|
2018-04-03 21:17:15 +02:00
|
|
|
$UBKName ||= $epoch;
|
2018-04-05 19:43:06 +02:00
|
|
|
$UBKName = substr( $UBKName, 0, $self->conf->{max2FDevicesNameLength} );
|
|
|
|
|
$self->logger->debug("Yubikey name : $UBKName");
|
|
|
|
|
|
2018-04-03 21:17:15 +02:00
|
|
|
if ( $otp
|
2018-03-29 23:11:46 +02:00
|
|
|
and length($otp) > $self->conf->{yubikey2fPublicIDSize} )
|
|
|
|
|
{
|
2018-03-29 21:27:35 +02:00
|
|
|
my $key = substr( $otp, 0, $self->conf->{yubikey2fPublicIDSize} );
|
2018-04-07 13:22:06 +02:00
|
|
|
my $_2fDevices = eval {
|
2018-03-30 21:24:34 +02:00
|
|
|
$self->logger->debug("Looking for 2F Devices ...");
|
2018-04-07 13:22:06 +02:00
|
|
|
from_json( $req->userData->{_2fDevices},
|
2018-03-29 23:11:46 +02:00
|
|
|
{ allow_nonref => 1 } );
|
|
|
|
|
};
|
2018-04-07 13:22:06 +02:00
|
|
|
unless ($_2fDevices) {
|
2018-03-29 23:11:46 +02:00
|
|
|
$self->logger->debug("No 2F Device found");
|
2018-04-07 13:22:06 +02:00
|
|
|
$_2fDevices = [];
|
2018-03-29 23:11:46 +02:00
|
|
|
}
|
2018-04-03 21:17:15 +02:00
|
|
|
|
|
|
|
|
# Search if Yubikey has been already registered
|
|
|
|
|
my $SameUBKFound = 0;
|
2018-04-07 13:22:06 +02:00
|
|
|
foreach (@$_2fDevices) {
|
2018-04-03 21:17:15 +02:00
|
|
|
$self->logger->debug("Reading Yubikeys ...");
|
|
|
|
|
if ( $_->{_yubikey} eq $key ) {
|
|
|
|
|
$SameUBKFound = 1;
|
|
|
|
|
last;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$self->logger->debug("Same 2F Device found ? $SameUBKFound");
|
|
|
|
|
if ($SameUBKFound) {
|
|
|
|
|
$self->userLogger->error("Yubikey already registered !");
|
2018-04-04 23:05:27 +02:00
|
|
|
return $self->p->sendHtml(
|
2018-04-04 23:16:36 +02:00
|
|
|
$req, 'error',
|
|
|
|
|
params => {
|
|
|
|
|
RAW_ERROR => 'yourKeyIsAlreadyRegistered',
|
|
|
|
|
AUTH_ERROR_TYPE => 'warning',
|
|
|
|
|
}
|
|
|
|
|
);
|
2018-04-03 21:17:15 +02:00
|
|
|
}
|
|
|
|
|
|
2018-04-04 23:50:33 +02:00
|
|
|
# Check if user can register one more device
|
2018-04-07 13:22:06 +02:00
|
|
|
my $size = @$_2fDevices;
|
2018-04-05 19:08:29 +02:00
|
|
|
my $maxSize = $self->conf->{max2FDevices};
|
|
|
|
|
$self->logger->debug("Nbr 2FDevices = $size / $maxSize");
|
|
|
|
|
if ( $size >= $maxSize ) {
|
|
|
|
|
$self->userLogger->error(
|
|
|
|
|
"Max number of 2F devices is reached !!!");
|
|
|
|
|
return $self->p->sendHtml(
|
|
|
|
|
$req, 'error',
|
|
|
|
|
params => {
|
|
|
|
|
RAW_ERROR => 'maxNumberof2FDevicesReached',
|
|
|
|
|
AUTH_ERROR_TYPE => 'warning',
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
2018-04-04 23:50:33 +02:00
|
|
|
|
2018-04-07 13:22:06 +02:00
|
|
|
push @{$_2fDevices},
|
2018-03-29 23:11:46 +02:00
|
|
|
{
|
|
|
|
|
type => 'UBK',
|
|
|
|
|
name => $UBKName,
|
|
|
|
|
_yubikey => $key,
|
2018-04-03 21:17:15 +02:00
|
|
|
epoch => $epoch
|
2018-03-29 23:11:46 +02:00
|
|
|
};
|
2018-04-03 21:17:15 +02:00
|
|
|
|
2018-03-29 23:11:46 +02:00
|
|
|
$self->logger->debug(
|
|
|
|
|
"Append 2F Device : { type => 'UBK', name => $UBKName }");
|
|
|
|
|
$self->p->updatePersistentSession( $req,
|
2018-04-07 13:22:06 +02:00
|
|
|
{ _2fDevices => to_json($_2fDevices) } );
|
2018-03-29 23:11:46 +02:00
|
|
|
|
2018-03-26 10:15:37 +02:00
|
|
|
return $self->p->sendHtml(
|
|
|
|
|
$req, 'error',
|
|
|
|
|
params => {
|
2018-03-29 23:11:46 +02:00
|
|
|
RAW_ERROR => 'yourKeyIsRegistered',
|
2018-03-26 10:15:37 +02:00
|
|
|
AUTH_ERROR_TYPE => 'positive',
|
|
|
|
|
}
|
|
|
|
|
);
|
2018-03-20 18:19:53 +01:00
|
|
|
}
|
|
|
|
|
else {
|
2018-03-29 23:11:46 +02:00
|
|
|
$self->userLogger->error('Yubikey 2F: no code or name');
|
2018-03-26 10:15:37 +02:00
|
|
|
return $self->p->sendHtml(
|
|
|
|
|
$req, 'error',
|
|
|
|
|
params => {
|
|
|
|
|
AUTH_ERROR => PE_FORMEMPTY,
|
|
|
|
|
AUTH_ERROR_TYPE => 'positive',
|
|
|
|
|
}
|
|
|
|
|
);
|
2018-03-20 18:19:53 +01:00
|
|
|
}
|
|
|
|
|
}
|
2018-04-03 00:01:01 +02:00
|
|
|
|
2018-04-03 21:17:15 +02:00
|
|
|
# Check if unregistration is allowed
|
2018-04-03 23:03:29 +02:00
|
|
|
unless ( $self->conf->{yubikey2fUserCanRemoveKey} ) {
|
|
|
|
|
return $self->p->sendError( $req, 'notAuthorized', 400 );
|
2018-04-03 21:17:15 +02:00
|
|
|
}
|
2018-04-03 00:01:01 +02:00
|
|
|
|
2018-04-03 21:17:15 +02:00
|
|
|
if ( $action eq 'delete' ) {
|
2018-04-04 23:16:36 +02:00
|
|
|
my $epoch = $req->param('epoch');
|
2018-04-07 13:22:06 +02:00
|
|
|
my $_2fDevices = eval {
|
2018-04-03 00:01:01 +02:00
|
|
|
$self->logger->debug("Loading 2F Devices ...");
|
|
|
|
|
|
|
|
|
|
# Read existing 2FDevices
|
2018-04-07 13:22:06 +02:00
|
|
|
from_json( $req->userData->{_2fDevices}, { allow_nonref => 1 } );
|
2018-04-03 00:01:01 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
my @keep = ();
|
2018-04-07 13:22:06 +02:00
|
|
|
while (@$_2fDevices) {
|
|
|
|
|
my $element = shift @$_2fDevices;
|
2018-04-03 21:17:15 +02:00
|
|
|
$self->logger->debug("Looking for 2F device to delete ...");
|
2018-04-03 00:01:01 +02:00
|
|
|
push @keep, $element unless ( $element->{epoch} eq $epoch );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$self->logger->debug(
|
|
|
|
|
"Delete 2F Device : { type => 'UBK', epoch => $epoch }");
|
|
|
|
|
$self->p->updatePersistentSession( $req,
|
2018-04-07 13:22:06 +02:00
|
|
|
{ _2fDevices => to_json( \@keep ) } );
|
2018-04-03 00:01:01 +02:00
|
|
|
|
|
|
|
|
$self->userLogger->notice('Yubikey deletion succeed');
|
|
|
|
|
return [
|
|
|
|
|
200,
|
|
|
|
|
[ 'Content-Type' => 'application/json', 'Content-Length' => 12, ],
|
|
|
|
|
['{"result":1}']
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
}
|
2018-03-20 18:19:53 +01:00
|
|
|
else {
|
|
|
|
|
$self->userLogger->error("Unknown Yubikey action $action");
|
2018-03-26 10:15:37 +02:00
|
|
|
return $self->p->sendHtml(
|
|
|
|
|
$req, 'error',
|
|
|
|
|
params => {
|
|
|
|
|
AUTH_ERROR => PE_ERROR,
|
|
|
|
|
AUTH_ERROR_TYPE => 'positive',
|
|
|
|
|
}
|
|
|
|
|
);
|
2018-03-20 18:19:53 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
1;
|
