dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

WIP - Fix login history update (#1501)

Browse Source
This commit is contained in:
Christophe Maudoux 2018-09-10 23:21:40 +02:00
parent 5cc64d285f
commit 1791747281
1 changed files with 26 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm
View File

@ -1,12 +1,14 @@
package Lemonldap::NG::Portal::Main::SecondFactor; package Lemonldap::NG::Portal::Main::SecondFactor;
use Data::Dumper;
use strict; use strict;
use Mouse; use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw( use Lemonldap::NG::Portal::Main::Constants qw(
PE_SENDRESPONSE PE_SENDRESPONSE
PE_OK PE_OK
PE_NOTOKEN PE_NOTOKEN
PE_TOKENEXPIRED PE_TOKENEXPIRED
PE_BADCREDENTIALS
); );
our $VERSION = '2.0.0'; our $VERSION = '2.0.0';
@ -18,8 +20,8 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
has ott => ( has ott => (
is => 'rw', is => 'rw',
default => sub { default => sub {
my $ott = my $ott = $_[0]->{p}
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken'); ->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
$ott->timeout( $_[0]->{conf}->{formTimeout} ); $ott->timeout( $_[0]->{conf}->{formTimeout} );
return $ott; return $ott;
} }
@ -51,7 +53,8 @@ sub _redirect {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
my $arg = $req->env->{QUERY_STRING}; my $arg = $req->env->{QUERY_STRING};
return [ return [
302, [ Location => $self->conf->{portal} . ( $arg ? "?$arg" : '' ) ], [] 302, [ Location => $self->conf->{portal} . ( $arg ? "?$arg" : '' ) ],
[]
]; ];
} }
@ -64,15 +67,16 @@ sub _verify {
# Check token # Check token
my $token; my $token;
unless ( $token = $req->param('token') ) { unless ( $token = $req->param('token') ) {
$self->userLogger->error( $self->prefix . ' 2F access without token' ); $self->userLogger->error(
$self->prefix . ' 2F access without token' );
$req->mustRedirect(1); $req->mustRedirect(1);
return $self->p->do( $req, [ sub { PE_NOTOKEN } ] ); return $self->p->do( $req, [ sub {PE_NOTOKEN} ] );
} }
my $session; my $session;
unless ( $session = $self->ott->getToken($token) ) { unless ( $session = $self->ott->getToken($token) ) {
$self->userLogger->info('Token expired'); $self->userLogger->info('Token expired');
return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] ); return $self->p->do( $req, [ sub {PE_TOKENEXPIRED} ] );
} }
# Launch second factor verification # Launch second factor verification
@ -81,7 +85,13 @@ sub _verify {
# Case error # Case error
if ($res) { if ($res) {
$req->noLoginDisplay(1); $req->noLoginDisplay(1);
return $self->p->do( $req, [ sub { $res } ] ); $req->sessionInfo($session);
$req->id( delete $req->sessionInfo->{_2fRealSession} );
$req->urldc( delete $req->sessionInfo->{_2fUrldc} );
$self->logger->debug("req badcredentials -> " . Dumper($req));
$req->authResult(PE_BADCREDENTIALS);
return $self->p->do( $req,
[ $self->p->storeHistory($req), sub {$res} ] );
} }
# Else restore session # Else restore session
@ -91,13 +101,14 @@ sub _verify {
$self->p->rebuildCookies($req); $self->p->rebuildCookies($req);
$req->mustRedirect(1); $req->mustRedirect(1);
$self->userLogger->notice( $self->prefix $self->userLogger->notice( $self->prefix
. '2F verification for ' . '2F verification for '
. $req->sessionInfo->{ $self->conf->{whatToTrace} } ); . $req->sessionInfo->{ $self->conf->{whatToTrace} } );
if ( my $l = $self->conf->{ $self->prefix . '2fAuthnLevel' } ) { if ( my $l = $self->conf->{ $self->prefix . '2fAuthnLevel' } ) {
$self->p->updateSession( $req, { authenticationLevel => $l } ); $self->p->updateSession( $req, { authenticationLevel => $l } );
} }
$req->authResult( PE_SENDRESPONSE ); $req->authResult(PE_SENDRESPONSE);
return $self->p->do( $req, [ $self->p->validSession, @{ $self->p->endAuth }, sub { PE_OK } ] ); return $self->p->do( $req,
[ $self->p->validSession, @{ $self->p->endAuth }, sub {PE_OK} ] );
} }
1; 1;