WIP - Fix login history update (#1501)
This commit is contained in:
parent
5cc64d285f
commit
1791747281
|
@ -1,12 +1,14 @@
|
||||||
package Lemonldap::NG::Portal::Main::SecondFactor;
|
package Lemonldap::NG::Portal::Main::SecondFactor;
|
||||||
|
|
||||||
|
use Data::Dumper;
|
||||||
use strict;
|
use strict;
|
||||||
use Mouse;
|
use Mouse;
|
||||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||||
PE_SENDRESPONSE
|
PE_SENDRESPONSE
|
||||||
PE_OK
|
PE_OK
|
||||||
PE_NOTOKEN
|
PE_NOTOKEN
|
||||||
PE_TOKENEXPIRED
|
PE_TOKENEXPIRED
|
||||||
|
PE_BADCREDENTIALS
|
||||||
);
|
);
|
||||||
|
|
||||||
our $VERSION = '2.0.0';
|
our $VERSION = '2.0.0';
|
||||||
|
@ -18,8 +20,8 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||||
has ott => (
|
has ott => (
|
||||||
is => 'rw',
|
is => 'rw',
|
||||||
default => sub {
|
default => sub {
|
||||||
my $ott =
|
my $ott = $_[0]->{p}
|
||||||
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
||||||
$ott->timeout( $_[0]->{conf}->{formTimeout} );
|
$ott->timeout( $_[0]->{conf}->{formTimeout} );
|
||||||
return $ott;
|
return $ott;
|
||||||
}
|
}
|
||||||
|
@ -51,7 +53,8 @@ sub _redirect {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my $arg = $req->env->{QUERY_STRING};
|
my $arg = $req->env->{QUERY_STRING};
|
||||||
return [
|
return [
|
||||||
302, [ Location => $self->conf->{portal} . ( $arg ? "?$arg" : '' ) ], []
|
302, [ Location => $self->conf->{portal} . ( $arg ? "?$arg" : '' ) ],
|
||||||
|
[]
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -64,15 +67,16 @@ sub _verify {
|
||||||
# Check token
|
# Check token
|
||||||
my $token;
|
my $token;
|
||||||
unless ( $token = $req->param('token') ) {
|
unless ( $token = $req->param('token') ) {
|
||||||
$self->userLogger->error( $self->prefix . ' 2F access without token' );
|
$self->userLogger->error(
|
||||||
|
$self->prefix . ' 2F access without token' );
|
||||||
$req->mustRedirect(1);
|
$req->mustRedirect(1);
|
||||||
return $self->p->do( $req, [ sub { PE_NOTOKEN } ] );
|
return $self->p->do( $req, [ sub {PE_NOTOKEN} ] );
|
||||||
}
|
}
|
||||||
|
|
||||||
my $session;
|
my $session;
|
||||||
unless ( $session = $self->ott->getToken($token) ) {
|
unless ( $session = $self->ott->getToken($token) ) {
|
||||||
$self->userLogger->info('Token expired');
|
$self->userLogger->info('Token expired');
|
||||||
return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] );
|
return $self->p->do( $req, [ sub {PE_TOKENEXPIRED} ] );
|
||||||
}
|
}
|
||||||
|
|
||||||
# Launch second factor verification
|
# Launch second factor verification
|
||||||
|
@ -81,7 +85,13 @@ sub _verify {
|
||||||
# Case error
|
# Case error
|
||||||
if ($res) {
|
if ($res) {
|
||||||
$req->noLoginDisplay(1);
|
$req->noLoginDisplay(1);
|
||||||
return $self->p->do( $req, [ sub { $res } ] );
|
$req->sessionInfo($session);
|
||||||
|
$req->id( delete $req->sessionInfo->{_2fRealSession} );
|
||||||
|
$req->urldc( delete $req->sessionInfo->{_2fUrldc} );
|
||||||
|
$self->logger->debug("req badcredentials -> " . Dumper($req));
|
||||||
|
$req->authResult(PE_BADCREDENTIALS);
|
||||||
|
return $self->p->do( $req,
|
||||||
|
[ $self->p->storeHistory($req), sub {$res} ] );
|
||||||
}
|
}
|
||||||
|
|
||||||
# Else restore session
|
# Else restore session
|
||||||
|
@ -91,13 +101,14 @@ sub _verify {
|
||||||
$self->p->rebuildCookies($req);
|
$self->p->rebuildCookies($req);
|
||||||
$req->mustRedirect(1);
|
$req->mustRedirect(1);
|
||||||
$self->userLogger->notice( $self->prefix
|
$self->userLogger->notice( $self->prefix
|
||||||
. '2F verification for '
|
. '2F verification for '
|
||||||
. $req->sessionInfo->{ $self->conf->{whatToTrace} } );
|
. $req->sessionInfo->{ $self->conf->{whatToTrace} } );
|
||||||
if ( my $l = $self->conf->{ $self->prefix . '2fAuthnLevel' } ) {
|
if ( my $l = $self->conf->{ $self->prefix . '2fAuthnLevel' } ) {
|
||||||
$self->p->updateSession( $req, { authenticationLevel => $l } );
|
$self->p->updateSession( $req, { authenticationLevel => $l } );
|
||||||
}
|
}
|
||||||
$req->authResult( PE_SENDRESPONSE );
|
$req->authResult(PE_SENDRESPONSE);
|
||||||
return $self->p->do( $req, [ $self->p->validSession, @{ $self->p->endAuth }, sub { PE_OK } ] );
|
return $self->p->do( $req,
|
||||||
|
[ $self->p->validSession, @{ $self->p->endAuth }, sub {PE_OK} ] );
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user