New TOTP register engine - WIP
This commit is contained in:
parent
936c54a802
commit
1bc83a242d
|
@ -27,7 +27,7 @@ sub types {
|
|||
|
||||
BEGIN {
|
||||
${^WARNING_BITS} =
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||
}
|
||||
eval "$s $val";
|
||||
my $err = join(
|
||||
|
@ -662,7 +662,7 @@ sub attributes {
|
|||
|
||||
BEGIN {
|
||||
${^WARNING_BITS} =
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||
}
|
||||
eval "$s $val";
|
||||
my $err = join(
|
||||
|
@ -1026,7 +1026,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
|||
|
||||
BEGIN {
|
||||
${^WARNING_BITS} =
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||
}
|
||||
eval $s;
|
||||
my $err = join(
|
||||
|
@ -1111,7 +1111,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
|||
|
||||
BEGIN {
|
||||
${^WARNING_BITS} =
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||
}
|
||||
eval "$s $val";
|
||||
my $err = join(
|
||||
|
@ -1134,7 +1134,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
|||
|
||||
BEGIN {
|
||||
${^WARNING_BITS} =
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||
}
|
||||
eval "$s $val";
|
||||
my $err = join(
|
||||
|
@ -1489,7 +1489,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
|||
|
||||
BEGIN {
|
||||
${^WARNING_BITS} =
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||
}
|
||||
eval $s;
|
||||
my $err = join(
|
||||
|
@ -1526,7 +1526,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
|||
|
||||
BEGIN {
|
||||
${^WARNING_BITS} =
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||
}
|
||||
eval "$s $val";
|
||||
my $err = join(
|
||||
|
@ -1885,7 +1885,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
|||
|
||||
BEGIN {
|
||||
${^WARNING_BITS} =
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||
}
|
||||
eval "$s $val";
|
||||
my $err = join(
|
||||
|
@ -2222,7 +2222,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
|||
|
||||
BEGIN {
|
||||
${^WARNING_BITS} =
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||
}
|
||||
eval "$s $val";
|
||||
my $err = join(
|
||||
|
@ -2925,7 +2925,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
|
||||
BEGIN {
|
||||
${^WARNING_BITS} =
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||
}
|
||||
eval "$s $val";
|
||||
my $err = join(
|
||||
|
@ -3004,19 +3004,19 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'default' => 0,
|
||||
'select' => [
|
||||
{
|
||||
'k' => 0,
|
||||
'k' => '0',
|
||||
'v' => 'unsecuredCookie'
|
||||
},
|
||||
{
|
||||
'k' => 1,
|
||||
'k' => '1',
|
||||
'v' => 'securedCookie'
|
||||
},
|
||||
{
|
||||
'k' => 2,
|
||||
'k' => '2',
|
||||
'v' => 'doubleCookie'
|
||||
},
|
||||
{
|
||||
'k' => 3,
|
||||
'k' => '3',
|
||||
'v' => 'doubleCookieForSingleSession'
|
||||
}
|
||||
],
|
||||
|
|
|
@ -141,20 +141,51 @@ sub run {
|
|||
# Get or generate master key
|
||||
elsif ( $action eq 'getkey' ) {
|
||||
my $nk = 0;
|
||||
my $secret;
|
||||
my $secret = '';
|
||||
|
||||
my $_2fDevices = eval {
|
||||
$self->logger->debug("Loading 2F Devices ...");
|
||||
|
||||
# Read existing 2FDevices
|
||||
from_json( $req->userData->{_2fDevices}, { allow_nonref => 1 } );
|
||||
};
|
||||
|
||||
my @totp2f = grep { $_->{type} eq "TOTP" } @$_2fDevices;
|
||||
|
||||
unless ( @totp2f ) {
|
||||
$self->logger->debug("No 2F Device found");
|
||||
|
||||
# Set default value
|
||||
push @totp2f, { _secret => '' } ;
|
||||
}
|
||||
|
||||
foreach ( @totp2f ) {
|
||||
$self->logger->debug("Reading TOTP secret ...");
|
||||
$secret = $_->{_secret};
|
||||
|
||||
};
|
||||
|
||||
|
||||
|
||||
if ( ( $req->param('newkey') and $self->conf->{totp2fUserCanChangeKey} )
|
||||
#or not $req->userData->{_totp2fSecret} )
|
||||
or $req->userData->{$_2fDevices} !~ /"type":\s*"TOTP"/s )
|
||||
or not $secret )
|
||||
{
|
||||
$secret = $self->newSecret;
|
||||
$self->logger->debug("Generating new secret = $secret");
|
||||
$nk = 1;
|
||||
}
|
||||
elsif ( $req->param('newkey') ) {
|
||||
return $self->p->sendError( $req, 'notAuthorized', 200 );
|
||||
}
|
||||
elsif ( $self->conf->{totp2fDisplayExistingSecret} ) {
|
||||
$secret = $req->userData->{_totp2fSecret};
|
||||
#$secret = $req->userData->{_totp2fSecret};
|
||||
|
||||
|
||||
$self->logger->debug("User secret = $secret");
|
||||
|
||||
}
|
||||
|
||||
else {
|
||||
return $self->p->sendError( $req, 'totpExistingKey', 200 );
|
||||
}
|
||||
|
@ -172,6 +203,14 @@ sub run {
|
|||
$issuer = $self->conf->{portal};
|
||||
$issuer =~ s#^https?://([^/:]+).*$#$1#;
|
||||
}
|
||||
|
||||
if ( $token eq $secret ) {
|
||||
|
||||
return $self->p->sendError( $req, 'notAuthorized', 200 );
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
# QR-code will be generated by a javascript, here we just send data
|
||||
return $self->p->sendJSONresponse(
|
||||
|
|
Loading…
Reference in New Issue
Block a user