WIP - Fix login history update (#1501)
This commit is contained in:
parent
5cc64d285f
commit
1791747281
|
@ -1,12 +1,14 @@
|
|||
package Lemonldap::NG::Portal::Main::SecondFactor;
|
||||
|
||||
use Data::Dumper;
|
||||
use strict;
|
||||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_SENDRESPONSE
|
||||
PE_OK
|
||||
PE_NOTOKEN
|
||||
PE_TOKENEXPIRED
|
||||
PE_SENDRESPONSE
|
||||
PE_OK
|
||||
PE_NOTOKEN
|
||||
PE_TOKENEXPIRED
|
||||
PE_BADCREDENTIALS
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.0';
|
||||
|
@ -18,8 +20,8 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
|
|||
has ott => (
|
||||
is => 'rw',
|
||||
default => sub {
|
||||
my $ott =
|
||||
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
||||
my $ott = $_[0]->{p}
|
||||
->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
||||
$ott->timeout( $_[0]->{conf}->{formTimeout} );
|
||||
return $ott;
|
||||
}
|
||||
|
@ -51,7 +53,8 @@ sub _redirect {
|
|||
my ( $self, $req ) = @_;
|
||||
my $arg = $req->env->{QUERY_STRING};
|
||||
return [
|
||||
302, [ Location => $self->conf->{portal} . ( $arg ? "?$arg" : '' ) ], []
|
||||
302, [ Location => $self->conf->{portal} . ( $arg ? "?$arg" : '' ) ],
|
||||
[]
|
||||
];
|
||||
}
|
||||
|
||||
|
@ -64,15 +67,16 @@ sub _verify {
|
|||
# Check token
|
||||
my $token;
|
||||
unless ( $token = $req->param('token') ) {
|
||||
$self->userLogger->error( $self->prefix . ' 2F access without token' );
|
||||
$self->userLogger->error(
|
||||
$self->prefix . ' 2F access without token' );
|
||||
$req->mustRedirect(1);
|
||||
return $self->p->do( $req, [ sub { PE_NOTOKEN } ] );
|
||||
return $self->p->do( $req, [ sub {PE_NOTOKEN} ] );
|
||||
}
|
||||
|
||||
my $session;
|
||||
unless ( $session = $self->ott->getToken($token) ) {
|
||||
$self->userLogger->info('Token expired');
|
||||
return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] );
|
||||
return $self->p->do( $req, [ sub {PE_TOKENEXPIRED} ] );
|
||||
}
|
||||
|
||||
# Launch second factor verification
|
||||
|
@ -81,7 +85,13 @@ sub _verify {
|
|||
# Case error
|
||||
if ($res) {
|
||||
$req->noLoginDisplay(1);
|
||||
return $self->p->do( $req, [ sub { $res } ] );
|
||||
$req->sessionInfo($session);
|
||||
$req->id( delete $req->sessionInfo->{_2fRealSession} );
|
||||
$req->urldc( delete $req->sessionInfo->{_2fUrldc} );
|
||||
$self->logger->debug("req badcredentials -> " . Dumper($req));
|
||||
$req->authResult(PE_BADCREDENTIALS);
|
||||
return $self->p->do( $req,
|
||||
[ $self->p->storeHistory($req), sub {$res} ] );
|
||||
}
|
||||
|
||||
# Else restore session
|
||||
|
@ -91,13 +101,14 @@ sub _verify {
|
|||
$self->p->rebuildCookies($req);
|
||||
$req->mustRedirect(1);
|
||||
$self->userLogger->notice( $self->prefix
|
||||
. '2F verification for '
|
||||
. $req->sessionInfo->{ $self->conf->{whatToTrace} } );
|
||||
. '2F verification for '
|
||||
. $req->sessionInfo->{ $self->conf->{whatToTrace} } );
|
||||
if ( my $l = $self->conf->{ $self->prefix . '2fAuthnLevel' } ) {
|
||||
$self->p->updateSession( $req, { authenticationLevel => $l } );
|
||||
}
|
||||
$req->authResult( PE_SENDRESPONSE );
|
||||
return $self->p->do( $req, [ $self->p->validSession, @{ $self->p->endAuth }, sub { PE_OK } ] );
|
||||
$req->authResult(PE_SENDRESPONSE);
|
||||
return $self->p->do( $req,
|
||||
[ $self->p->validSession, @{ $self->p->endAuth }, sub {PE_OK} ] );
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
Loading…
Reference in New Issue
Block a user