Code cleaning & refactoring
This commit is contained in:
parent
d37943e757
commit
055ec69b92
|
@ -22,7 +22,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
PE_NO_SECOND_FACTORS
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.9';
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||
with 'Lemonldap::NG::Portal::Lib::OverConf';
|
||||
|
@ -177,12 +177,10 @@ sub init {
|
|||
# Registration base
|
||||
$self->addAuthRoute( '2fregisters' => '_displayRegister', ['GET'] );
|
||||
$self->addAuthRoute( '2fregisters' => 'register', ['POST'] );
|
||||
if ( $self->conf->{sfRequired} ) {
|
||||
$self->addUnauthRoute(
|
||||
'2fregisters' => 'restoreSession',
|
||||
[ 'GET', 'POST' ]
|
||||
);
|
||||
}
|
||||
$self->addUnauthRoute(
|
||||
'2fregisters' => 'restoreSession',
|
||||
[ 'GET', 'POST' ]
|
||||
) if ( $self->conf->{sfRequired} );
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
@ -236,11 +234,11 @@ sub run {
|
|||
$self->logger->error("Bad encoding in _2fDevices: $@");
|
||||
return PE_ERROR;
|
||||
}
|
||||
|
||||
$self->logger->debug(" -> 2F Device(s) found");
|
||||
my $now = time();
|
||||
my $removed = 0;
|
||||
|
||||
$self->logger->debug("Looking for expired 2F device(s)...");
|
||||
my $removed = 0;
|
||||
my $now = time();
|
||||
foreach my $device (@$_2fDevices) {
|
||||
my $type = lc( $device->{type} );
|
||||
$type =~ s/2f$//i;
|
||||
|
@ -449,14 +447,10 @@ sub _displayRegister {
|
|||
if ($tpl) {
|
||||
my ($m) =
|
||||
grep { $_->{m}->prefix eq $tpl } @{ $self->sfRModules };
|
||||
unless ($m) {
|
||||
return $self->p->sendError( $req,
|
||||
'Inexistent register module', 400 );
|
||||
}
|
||||
unless ( $m->{r}->( $req, $req->userData ) ) {
|
||||
return $self->p->sendError( $req,
|
||||
'Registration not authorized', 403 );
|
||||
}
|
||||
return $self->p->sendError( $req, 'Inexistent register module', 400 )
|
||||
unless $m;
|
||||
return $self->p->sendError( $req, 'Registration not authorized', 403 )
|
||||
unless $m->{r}->( $req, $req->userData );
|
||||
return $self->p->sendHtml(
|
||||
$req,
|
||||
$m->{m}->template,
|
||||
|
@ -481,15 +475,13 @@ sub _displayRegister {
|
|||
};
|
||||
}
|
||||
}
|
||||
if (
|
||||
|
||||
return [ 302, [ Location => $self->conf->{portal} . $am[0]->{URL} ], [] ]
|
||||
if (
|
||||
@am == 1
|
||||
and not( $req->userData->{_2fDevices}
|
||||
or $req->data->{sfRegRequired} )
|
||||
)
|
||||
{
|
||||
return [ 302, [ Location => $self->conf->{portal} . $am[0]->{URL} ],
|
||||
[] ];
|
||||
}
|
||||
);
|
||||
|
||||
# Retrieve user all second factors
|
||||
my $_2fDevices =
|
||||
|
@ -506,7 +498,6 @@ sub _displayRegister {
|
|||
my $action = '';
|
||||
foreach
|
||||
my $type ( split /,\s*/, $self->conf->{available2FSelfRegistration} )
|
||||
|
||||
{
|
||||
foreach (@$_2fDevices) {
|
||||
$_->{type} =~ s/^UBK$/Yubikey/;
|
||||
|
|
|
@ -5,19 +5,16 @@ use strict;
|
|||
use Mouse;
|
||||
use JSON qw(from_json to_json);
|
||||
|
||||
our $VERSION = '2.0.8';
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin', 'Lemonldap::NG::Common::TOTP';
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
has prefix => ( is => 'rw', default => 'totp' );
|
||||
|
||||
has prefix => ( is => 'rw', default => 'totp' );
|
||||
has template => ( is => 'ro', default => 'totp2fregister' );
|
||||
|
||||
has logo => ( is => 'rw', default => 'totp.png' );
|
||||
|
||||
has ott => (
|
||||
has logo => ( is => 'rw', default => 'totp.png' );
|
||||
has ott => (
|
||||
is => 'rw',
|
||||
lazy => 1,
|
||||
default => sub {
|
||||
|
@ -35,10 +32,9 @@ sub init {
|
|||
sub run {
|
||||
my ( $self, $req, $action ) = @_;
|
||||
my $user = $req->userData->{ $self->conf->{whatToTrace} };
|
||||
unless ($user) {
|
||||
return $self->p->sendError( $req,
|
||||
'No ' . $self->conf->{whatToTrace} . ' found in user data', 500 );
|
||||
}
|
||||
return $self->p->sendError( $req,
|
||||
'No ' . $self->conf->{whatToTrace} . ' found in user data', 500 )
|
||||
unless $user;
|
||||
|
||||
# Verification that user has a valid TOTP app
|
||||
if ( $action eq 'verify' ) {
|
||||
|
@ -102,7 +98,6 @@ sub run {
|
|||
$self->logger->debug('TOTP code verified');
|
||||
|
||||
# Now code is verified, let's store the master key in persistent data
|
||||
|
||||
my $secret = '';
|
||||
|
||||
# Reading existing 2FDevices
|
||||
|
@ -124,7 +119,7 @@ sub run {
|
|||
}
|
||||
|
||||
# Reading existing TOTP
|
||||
my @totp2f = grep { $_->{type} eq "TOTP" } @$_2fDevices;
|
||||
my @totp2f = grep { $_->{type} eq 'TOTP' } @$_2fDevices;
|
||||
unless (@totp2f) {
|
||||
$self->logger->debug("No TOTP Device found");
|
||||
|
||||
|
@ -135,22 +130,16 @@ sub run {
|
|||
# Loading TOTP secret
|
||||
$self->logger->debug("Reading TOTP secret if exists ...");
|
||||
$secret = $_->{_secret} foreach (@totp2f);
|
||||
|
||||
if ( $token->{_totp2fSecret} eq $secret ) {
|
||||
return $self->p->sendError( $req, 'totpExistingKey', 200 );
|
||||
}
|
||||
return $self->p->sendError( $req, 'totpExistingKey', 200 )
|
||||
if ( $token->{_totp2fSecret} eq $secret );
|
||||
|
||||
### USER CAN ONLY REGISTER ONE TOTP ###
|
||||
# Delete TOTP previously registered
|
||||
my @keep = ();
|
||||
while (@$_2fDevices) {
|
||||
my $element = shift @$_2fDevices;
|
||||
$self->logger->debug("Looking for TOTP to delete ...");
|
||||
push @keep, $element unless ( $element->{type} eq "TOTP" );
|
||||
}
|
||||
$self->logger->debug("Looking for TOTP to delete...");
|
||||
my $size = my @keep =
|
||||
map { $_->{type} eq 'TOTP' ? () : $_ } @$_2fDevices;
|
||||
|
||||
# Check if user can register one more device
|
||||
my $size = @keep;
|
||||
my $maxSize = $self->conf->{max2FDevices};
|
||||
$self->logger->debug("Nbr 2FDevices = $size / $maxSize");
|
||||
if ( $size >= $maxSize ) {
|
||||
|
@ -167,7 +156,6 @@ sub run {
|
|||
_secret => $token->{_totp2fSecret},
|
||||
epoch => $epoch
|
||||
};
|
||||
|
||||
$self->logger->debug(
|
||||
"Append 2F Device : { type => 'TOTP', name => $TOTPName }");
|
||||
$self->p->updatePersistentSession( $req,
|
||||
|
@ -279,7 +267,7 @@ sub run {
|
|||
|
||||
# Read existing 2FDevices
|
||||
$self->logger->debug("Loading 2F Devices ...");
|
||||
my $_2fDevices;
|
||||
my ( $_2fDevices, $TOTPName );
|
||||
if ( $req->userData->{_2fDevices} ) {
|
||||
$_2fDevices = eval {
|
||||
from_json( $req->userData->{_2fDevices},
|
||||
|
@ -296,11 +284,10 @@ sub run {
|
|||
}
|
||||
|
||||
# Delete TOTP 2F device
|
||||
my $TOTPName;
|
||||
foreach (@$_2fDevices) {
|
||||
$TOTPName = $_->{name} if $_->{epoch} eq $epoch;
|
||||
}
|
||||
@$_2fDevices = grep { $_->{epoch} ne $epoch } @$_2fDevices;
|
||||
@$_2fDevices = map {
|
||||
if ( $_->{epoch} eq $epoch ) { $TOTPName = $_->{name}; () }
|
||||
else { $_ }
|
||||
} @$_2fDevices;
|
||||
$self->logger->debug(
|
||||
"Delete 2F Device : { type => 'TOTP', epoch => $epoch, name => $TOTPName }"
|
||||
);
|
||||
|
|
|
@ -5,18 +5,16 @@ use strict;
|
|||
use Mouse;
|
||||
use JSON qw(from_json to_json);
|
||||
|
||||
our $VERSION = '2.0.8';
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin',
|
||||
'Lemonldap::NG::Portal::Lib::U2F';
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
has prefix => ( is => 'rw', default => 'u' );
|
||||
|
||||
has prefix => ( is => 'rw', default => 'u' );
|
||||
has template => ( is => 'ro', default => 'u2fregister' );
|
||||
|
||||
has logo => ( is => 'rw', default => 'u2f.png' );
|
||||
has logo => ( is => 'rw', default => 'u2f.png' );
|
||||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
|
@ -30,10 +28,10 @@ sub init {
|
|||
sub run {
|
||||
my ( $self, $req, $action ) = @_;
|
||||
my $user = $req->userData->{ $self->conf->{whatToTrace} };
|
||||
unless ($user) {
|
||||
return $self->p->sendError( $req,
|
||||
'No ' . $self->conf->{whatToTrace} . ' found in user data', 500 );
|
||||
}
|
||||
|
||||
return $self->p->sendError( $req,
|
||||
'No ' . $self->conf->{whatToTrace} . ' found in user data', 500 )
|
||||
unless $user;
|
||||
|
||||
if ( $action eq 'register' ) {
|
||||
|
||||
|
@ -50,7 +48,6 @@ sub run {
|
|||
return $self->p->sendError( $req, "Corrupted session", 500 );
|
||||
}
|
||||
}
|
||||
|
||||
else {
|
||||
$self->logger->debug("No 2F Device found");
|
||||
$_2fDevices = [];
|
||||
|
@ -115,7 +112,6 @@ sub run {
|
|||
500 );
|
||||
}
|
||||
}
|
||||
|
||||
else {
|
||||
$self->logger->debug("No 2F Device found");
|
||||
$_2fDevices = [];
|
||||
|
@ -182,13 +178,6 @@ sub run {
|
|||
}
|
||||
|
||||
# Get registered keys
|
||||
|
||||
# my @rk;
|
||||
# foreach ( @{ $req->data->{crypter} } ) {
|
||||
# my $k = push @rk,
|
||||
# { keyHandle => $_->{keyHandle}, version => $data->{version} };
|
||||
# }
|
||||
|
||||
my @rk =
|
||||
map { { keyHandle => $_->{keyHandle}, version => $data->{version} } }
|
||||
@{ $req->data->{crypter} };
|
||||
|
@ -230,10 +219,6 @@ sub run {
|
|||
return $self->p->sendError( $req, "U2FAnswerError" );
|
||||
}
|
||||
|
||||
# my $crypter;
|
||||
# foreach ( @{ $req->data->{crypter} } ) {
|
||||
# $crypter = $_ if ( $_->{keyHandle} eq $data->{keyHandle} );
|
||||
# }
|
||||
$crypter = $_
|
||||
foreach grep { $_->{keyHandle} eq $data->{keyHandle} }
|
||||
@{ $req->data->{crypter} };
|
||||
|
@ -246,7 +231,6 @@ sub run {
|
|||
if ( not $crypter->setChallenge($challenge) ) {
|
||||
$self->logger->error(
|
||||
$@ ? $@ : Crypt::U2F::Server::Simple::lastError() );
|
||||
|
||||
return $self->p->sendError( $req, "U2FServerError" );
|
||||
}
|
||||
|
||||
|
@ -287,15 +271,10 @@ sub run {
|
|||
}
|
||||
|
||||
# Delete U2F device
|
||||
|
||||
# my $keyName;
|
||||
# foreach (@$_2fDevices) {
|
||||
# $keyName = $_->{name} if $_->{epoch} eq $epoch;
|
||||
# }
|
||||
|
||||
$keyName = $_->{name}
|
||||
foreach grep { $_->{epoch} eq $epoch } @$_2fDevices;
|
||||
@$_2fDevices = grep { $_->{epoch} ne $epoch } @$_2fDevices;
|
||||
@$_2fDevices = map {
|
||||
if ( $_->{epoch} eq $epoch ) { $keyName = $_->{name}; () }
|
||||
else { $_ }
|
||||
} @$_2fDevices;
|
||||
$self->logger->debug(
|
||||
"Delete 2F Device : { type => 'U2F', epoch => $epoch, name => $keyName }"
|
||||
);
|
||||
|
|
|
@ -9,17 +9,15 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
PE_ERROR
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.8';
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
has prefix => ( is => 'rw', default => 'yubikey' );
|
||||
|
||||
has prefix => ( is => 'rw', default => 'yubikey' );
|
||||
has template => ( is => 'ro', default => 'yubikey2fregister' );
|
||||
|
||||
has logo => ( is => 'rw', default => 'yubikey.png' );
|
||||
has logo => ( is => 'rw', default => 'yubikey.png' );
|
||||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
|
@ -120,7 +118,6 @@ sub run {
|
|||
_yubikey => $key,
|
||||
epoch => $epoch
|
||||
};
|
||||
|
||||
$self->logger->debug(
|
||||
"Append 2F Device : { type => 'UBK', name => $UBKName }");
|
||||
$self->p->updatePersistentSession( $req,
|
||||
|
@ -162,7 +159,7 @@ sub run {
|
|||
|
||||
# Read existing 2FDevices
|
||||
$self->logger->debug("Looking for 2F Devices ...");
|
||||
my $_2fDevices;
|
||||
my ( $_2fDevices, $UBKName );
|
||||
if ( $req->userData->{_2fDevices} ) {
|
||||
$_2fDevices = eval {
|
||||
from_json( $req->userData->{_2fDevices},
|
||||
|
@ -179,11 +176,10 @@ sub run {
|
|||
}
|
||||
|
||||
# Delete Yubikey device
|
||||
my $UBKName;
|
||||
foreach (@$_2fDevices) {
|
||||
$UBKName = $_->{name} if $_->{epoch} eq $epoch;
|
||||
}
|
||||
@$_2fDevices = grep { $_->{epoch} ne $epoch } @$_2fDevices;
|
||||
@$_2fDevices = map {
|
||||
if ( $_->{epoch} eq $epoch ) { $UBKName = $_->{name}; () }
|
||||
else { $_ }
|
||||
} @$_2fDevices;
|
||||
$self->logger->debug(
|
||||
"Delete 2F Device : { type => 'UBK', epoch => $epoch, name => $UBKName }"
|
||||
);
|
||||
|
|
|
@ -15,7 +15,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
PE_SENDRESPONSE
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.8';
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::SecondFactor',
|
||||
'Lemonldap::NG::Common::TOTP';
|
||||
|
@ -23,7 +23,6 @@ extends 'Lemonldap::NG::Portal::Main::SecondFactor',
|
|||
# INITIALIZATION
|
||||
|
||||
has prefix => ( is => 'ro', default => 'totp' );
|
||||
|
||||
has logo => ( is => 'rw', default => 'totp.png' );
|
||||
|
||||
sub init {
|
||||
|
|
|
@ -16,7 +16,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
PE_U2FFAILED
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.8';
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::SecondFactor',
|
||||
'Lemonldap::NG::Portal::Lib::U2F';
|
||||
|
@ -24,9 +24,7 @@ extends 'Lemonldap::NG::Portal::Main::SecondFactor',
|
|||
# INITIALIZATION
|
||||
|
||||
has rule => ( is => 'rw' );
|
||||
|
||||
has prefix => ( is => 'ro', default => 'u' );
|
||||
|
||||
has logo => ( is => 'rw', default => 'u2f.png' );
|
||||
|
||||
sub init {
|
||||
|
@ -109,6 +107,7 @@ sub run {
|
|||
|
||||
sub verify {
|
||||
my ( $self, $req, $session ) = @_;
|
||||
my $crypter;
|
||||
|
||||
# Check U2F signature
|
||||
if ( my $resp = $req->param('signature')
|
||||
|
@ -136,10 +135,9 @@ sub verify {
|
|||
$req->error(PE_ERROR);
|
||||
return $self->fail($req);
|
||||
}
|
||||
my $crypter;
|
||||
foreach ( @{ $req->data->{crypter} } ) {
|
||||
$crypter = $_ if ( $_->{keyHandle} eq $data->{keyHandle} );
|
||||
}
|
||||
$crypter = $_
|
||||
foreach grep { $_->{keyHandle} eq $data->{keyHandle} }
|
||||
@{ $req->data->{crypter} };
|
||||
unless ($crypter) {
|
||||
$self->userLogger->error("Unregistered U2F key");
|
||||
$req->error(PE_BADCREDENTIALS);
|
||||
|
@ -245,7 +243,7 @@ sub loadUser {
|
|||
'U2F error: ' . Crypt::U2F::Server::u2fclib_getError() );
|
||||
}
|
||||
}
|
||||
return -1 unless (@crypters);
|
||||
return -1 unless @crypters;
|
||||
|
||||
$req->data->{crypter} = \@crypters;
|
||||
return 1;
|
||||
|
|
|
@ -15,16 +15,14 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
PE_SENDRESPONSE
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.9';
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::SecondFactor';
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
has prefix => ( is => 'ro', default => 'yubikey' );
|
||||
|
||||
has logo => ( is => 'rw', default => 'yubikey.png' );
|
||||
|
||||
has yubi => ( is => 'rw' );
|
||||
|
||||
sub init {
|
||||
|
@ -88,8 +86,7 @@ sub init {
|
|||
|
||||
sub _findYubikey {
|
||||
my ( $self, $req, $sessionInfo ) = @_;
|
||||
my $yubikey;
|
||||
my $_2fDevices;
|
||||
my ( $yubikey, $_2fDevices );
|
||||
|
||||
# First, lookup from session attribute
|
||||
if ( $self->conf->{yubikey2fFromSessionAttribute} ) {
|
||||
|
|
|
@ -115,10 +115,7 @@ sub getUser {
|
|||
my ( $self, $req, %args ) = @_;
|
||||
|
||||
$self->validateLdap;
|
||||
|
||||
unless ( $self->ldap ) {
|
||||
return PE_LDAPCONNECTFAILED;
|
||||
}
|
||||
return PE_LDAPCONNECTFAILED unless $self->ldap;
|
||||
|
||||
$self->bind();
|
||||
|
||||
|
@ -144,7 +141,10 @@ sub getUser {
|
|||
return PE_BADCREDENTIALS;
|
||||
}
|
||||
unless ( $req->data->{ldapentry} = $mesg->entry(0) ) {
|
||||
$self->userLogger->warn("$req->{user} was not found in LDAP directory (".$req->address.")");
|
||||
$self->userLogger->warn(
|
||||
"$req->{user} was not found in LDAP directory ("
|
||||
. $req->address
|
||||
. ")" );
|
||||
eval { $self->p->_authentication->setSecurity($req) };
|
||||
return PE_BADCREDENTIALS;
|
||||
}
|
||||
|
@ -168,8 +168,8 @@ sub bind {
|
|||
my $self = shift;
|
||||
|
||||
$self->validateLdap;
|
||||
|
||||
return undef unless ( $self->ldap );
|
||||
return undef unless $self->ldap;
|
||||
|
||||
my $msg = $self->ldap->bind(@_);
|
||||
if ( $msg->code ) {
|
||||
$self->logger->error( $msg->error );
|
||||
|
|
|
@ -28,9 +28,8 @@ sub restCall {
|
|||
$hreq->header( 'Content-Type' => 'application/json' );
|
||||
$hreq->content( to_json($content) );
|
||||
my $resp = $self->ua->request($hreq);
|
||||
unless ( $resp->is_success ) {
|
||||
die $resp->status_line;
|
||||
}
|
||||
die $resp->status_line unless $resp->is_success;
|
||||
|
||||
my $res = eval { from_json( $resp->content ) };
|
||||
die "Bad REST response: $@" if ($@);
|
||||
if ( ref($res) ne "HASH" ) {
|
||||
|
|
Loading…
Reference in New Issue
Block a user