From 095b1d253167f4088fb0f5734ed01972e2b91a51 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Thu, 30 Aug 2018 19:45:35 +0200
Subject: [PATCH] Append parameter test & error msg

---
 .../lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm              | 5 ++++-
 .../lib/Lemonldap/NG/Portal/2F/Register/U2F.pm               | 4 +++-
 .../lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm           | 5 ++++-
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm
index 155e4f4c2..2433a85b7 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm
@@ -268,13 +268,16 @@ sub run {
 
     # Delete TOTP
     elsif ( $action eq 'delete' ) {
-        my $epoch = $req->param('epoch');
 
         # Check if unregistration is allowed
         unless ( $self->conf->{totp2fUserCanRemoveKey} ) {
             return $self->p->sendError( $req, 'notAuthorized', 400 );
         }
 
+        my $epoch = $req->param('epoch')
+          or return $self->p->sendError( $req, '"epoch" parameter is missing',
+            400 );
+
         # Read existing 2FDevices
         $self->logger->debug("Loading 2F Devices ...");
         my $_2fDevices;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
index 90e2d69d8..94460be3a 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
@@ -254,7 +254,9 @@ sub run {
             return $self->p->sendError( $req, 'notAuthorized', 200 );
         }
 
-        my $epoch = $req->param('epoch');
+        my $epoch = $req->param('epoch')
+          or return $self->p->sendError( $req, '"epoch" parameter is missing',
+            400 );
 
         # Read existing 2FDevices
         $self->logger->debug("Looking for 2F Devices ...");
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm
index 6b46ba5b5..92f9abc80 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm
@@ -137,13 +137,16 @@ sub run {
     }
 
     elsif ( $action eq 'delete' ) {
-        my $epoch = $req->param('epoch');
 
         # Check if unregistration is allowed
         unless ( $self->conf->{yubikey2fUserCanRemoveKey} ) {
             return $self->p->sendError( $req, 'notAuthorized', 400 );
         }
 
+        my $epoch = $req->param('epoch')
+          or return $self->p->sendError( $req, '"epoch" parameter is missing',
+            400 );
+
         # Read existing 2FDevices
         $self->logger->debug("Looking for 2F Devices ...");
         my $_2fDevices;