diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index 557dce2d2..622cee1ab 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -27,7 +27,7 @@ sub types { BEGIN { ${^WARNING_BITS} = -"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05"; +"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01"; } eval "$s $val"; my $err = join( @@ -662,7 +662,7 @@ sub attributes { BEGIN { ${^WARNING_BITS} = -"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05"; +"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01"; } eval "$s $val"; my $err = join( @@ -1026,7 +1026,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][ BEGIN { ${^WARNING_BITS} = -"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05"; +"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01"; } eval $s; my $err = join( @@ -1111,7 +1111,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][ BEGIN { ${^WARNING_BITS} = -"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05"; +"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01"; } eval "$s $val"; my $err = join( @@ -1134,7 +1134,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][ BEGIN { ${^WARNING_BITS} = -"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05"; +"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01"; } eval "$s $val"; my $err = join( @@ -1489,7 +1489,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][ BEGIN { ${^WARNING_BITS} = -"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05"; +"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01"; } eval $s; my $err = join( @@ -1526,7 +1526,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][ BEGIN { ${^WARNING_BITS} = -"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05"; +"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01"; } eval "$s $val"; my $err = join( @@ -1885,7 +1885,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][ BEGIN { ${^WARNING_BITS} = -"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05"; +"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01"; } eval "$s $val"; my $err = join( @@ -2222,7 +2222,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][ BEGIN { ${^WARNING_BITS} = -"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05"; +"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01"; } eval "$s $val"; my $err = join( @@ -2925,7 +2925,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.] BEGIN { ${^WARNING_BITS} = -"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05"; +"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01"; } eval "$s $val"; my $err = join( @@ -3004,19 +3004,19 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.] 'default' => 0, 'select' => [ { - 'k' => 0, + 'k' => '0', 'v' => 'unsecuredCookie' }, { - 'k' => 1, + 'k' => '1', 'v' => 'securedCookie' }, { - 'k' => 2, + 'k' => '2', 'v' => 'doubleCookie' }, { - 'k' => 3, + 'k' => '3', 'v' => 'doubleCookieForSingleSession' } ], diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm index c8a416419..659c9c74e 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm @@ -141,20 +141,51 @@ sub run { # Get or generate master key elsif ( $action eq 'getkey' ) { my $nk = 0; - my $secret; + my $secret = ''; + + my $_2fDevices = eval { + $self->logger->debug("Loading 2F Devices ..."); + + # Read existing 2FDevices + from_json( $req->userData->{_2fDevices}, { allow_nonref => 1 } ); + }; + + my @totp2f = grep { $_->{type} eq "TOTP" } @$_2fDevices; + + unless ( @totp2f ) { + $self->logger->debug("No 2F Device found"); + + # Set default value + push @totp2f, { _secret => '' } ; + } + + foreach ( @totp2f ) { + $self->logger->debug("Reading TOTP secret ..."); + $secret = $_->{_secret}; + + }; + + + if ( ( $req->param('newkey') and $self->conf->{totp2fUserCanChangeKey} ) #or not $req->userData->{_totp2fSecret} ) - or $req->userData->{$_2fDevices} !~ /"type":\s*"TOTP"/s ) + or not $secret ) { $secret = $self->newSecret; + $self->logger->debug("Generating new secret = $secret"); $nk = 1; } elsif ( $req->param('newkey') ) { return $self->p->sendError( $req, 'notAuthorized', 200 ); } elsif ( $self->conf->{totp2fDisplayExistingSecret} ) { - $secret = $req->userData->{_totp2fSecret}; + #$secret = $req->userData->{_totp2fSecret}; + + + $self->logger->debug("User secret = $secret"); + } + else { return $self->p->sendError( $req, 'totpExistingKey', 200 ); } @@ -172,6 +203,14 @@ sub run { $issuer = $self->conf->{portal}; $issuer =~ s#^https?://([^/:]+).*$#$1#; } + + if ( $token eq $secret ) { + + return $self->p->sendError( $req, 'notAuthorized', 200 ); + + } + + # QR-code will be generated by a javascript, here we just send data return $self->p->sendJSONresponse(