Check if user can register one more device - WIP (#1386)
This commit is contained in:
parent
a3ba56aa12
commit
2134bfd366
|
@ -27,7 +27,7 @@ sub types {
|
||||||
|
|
||||||
BEGIN {
|
BEGIN {
|
||||||
${^WARNING_BITS} =
|
${^WARNING_BITS} =
|
||||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||||
}
|
}
|
||||||
eval "$s $val";
|
eval "$s $val";
|
||||||
my $err = join(
|
my $err = join(
|
||||||
|
@ -662,7 +662,7 @@ sub attributes {
|
||||||
|
|
||||||
BEGIN {
|
BEGIN {
|
||||||
${^WARNING_BITS} =
|
${^WARNING_BITS} =
|
||||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||||
}
|
}
|
||||||
eval "$s $val";
|
eval "$s $val";
|
||||||
my $err = join(
|
my $err = join(
|
||||||
|
@ -1026,7 +1026,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
||||||
|
|
||||||
BEGIN {
|
BEGIN {
|
||||||
${^WARNING_BITS} =
|
${^WARNING_BITS} =
|
||||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||||
}
|
}
|
||||||
eval $s;
|
eval $s;
|
||||||
my $err = join(
|
my $err = join(
|
||||||
|
@ -1111,7 +1111,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
||||||
|
|
||||||
BEGIN {
|
BEGIN {
|
||||||
${^WARNING_BITS} =
|
${^WARNING_BITS} =
|
||||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||||
}
|
}
|
||||||
eval "$s $val";
|
eval "$s $val";
|
||||||
my $err = join(
|
my $err = join(
|
||||||
|
@ -1134,7 +1134,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
||||||
|
|
||||||
BEGIN {
|
BEGIN {
|
||||||
${^WARNING_BITS} =
|
${^WARNING_BITS} =
|
||||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||||
}
|
}
|
||||||
eval "$s $val";
|
eval "$s $val";
|
||||||
my $err = join(
|
my $err = join(
|
||||||
|
@ -1489,7 +1489,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
||||||
|
|
||||||
BEGIN {
|
BEGIN {
|
||||||
${^WARNING_BITS} =
|
${^WARNING_BITS} =
|
||||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||||
}
|
}
|
||||||
eval $s;
|
eval $s;
|
||||||
my $err = join(
|
my $err = join(
|
||||||
|
@ -1526,7 +1526,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
||||||
|
|
||||||
BEGIN {
|
BEGIN {
|
||||||
${^WARNING_BITS} =
|
${^WARNING_BITS} =
|
||||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||||
}
|
}
|
||||||
eval "$s $val";
|
eval "$s $val";
|
||||||
my $err = join(
|
my $err = join(
|
||||||
|
@ -1885,7 +1885,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
||||||
|
|
||||||
BEGIN {
|
BEGIN {
|
||||||
${^WARNING_BITS} =
|
${^WARNING_BITS} =
|
||||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||||
}
|
}
|
||||||
eval "$s $val";
|
eval "$s $val";
|
||||||
my $err = join(
|
my $err = join(
|
||||||
|
@ -2222,7 +2222,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
||||||
|
|
||||||
BEGIN {
|
BEGIN {
|
||||||
${^WARNING_BITS} =
|
${^WARNING_BITS} =
|
||||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||||
}
|
}
|
||||||
eval "$s $val";
|
eval "$s $val";
|
||||||
my $err = join(
|
my $err = join(
|
||||||
|
@ -2925,7 +2925,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
||||||
|
|
||||||
BEGIN {
|
BEGIN {
|
||||||
${^WARNING_BITS} =
|
${^WARNING_BITS} =
|
||||||
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x05";
|
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55\x01";
|
||||||
}
|
}
|
||||||
eval "$s $val";
|
eval "$s $val";
|
||||||
my $err = join(
|
my $err = join(
|
||||||
|
@ -3004,19 +3004,19 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
||||||
'default' => 0,
|
'default' => 0,
|
||||||
'select' => [
|
'select' => [
|
||||||
{
|
{
|
||||||
'k' => 0,
|
'k' => '0',
|
||||||
'v' => 'unsecuredCookie'
|
'v' => 'unsecuredCookie'
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
'k' => 1,
|
'k' => '1',
|
||||||
'v' => 'securedCookie'
|
'v' => 'securedCookie'
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
'k' => 2,
|
'k' => '2',
|
||||||
'v' => 'doubleCookie'
|
'v' => 'doubleCookie'
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
'k' => 3,
|
'k' => '3',
|
||||||
'v' => 'doubleCookieForSingleSession'
|
'v' => 'doubleCookieForSingleSession'
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
|
|
@ -1059,12 +1059,12 @@ sub attributes {
|
||||||
max2FDevices => {
|
max2FDevices => {
|
||||||
default => 10,
|
default => 10,
|
||||||
type => 'int',
|
type => 'int',
|
||||||
documentation => 'Register session timeout',
|
documentation => 'Maximum registered 2F devices',
|
||||||
},
|
},
|
||||||
max2FDevicesNameLength => {
|
max2FDevicesNameLength => {
|
||||||
default => 20,
|
default => 20,
|
||||||
type => 'int',
|
type => 'int',
|
||||||
documentation => 'Register session timeout',
|
documentation => 'Maximum 2F devices name length',
|
||||||
},
|
},
|
||||||
|
|
||||||
# U2F
|
# U2F
|
||||||
|
|
|
@ -29,8 +29,6 @@ has ott => (
|
||||||
);
|
);
|
||||||
|
|
||||||
sub init {
|
sub init {
|
||||||
my ($self) = @_;
|
|
||||||
$self->conf->{max2FDevices} ||= 10;
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -110,19 +108,15 @@ sub run {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check if user can register one more device
|
# Check if user can register one more device
|
||||||
my $size = @$_2FDevices;
|
my $size = @$_2FDevices;
|
||||||
$self->logger->debug(
|
my $maxSize = $self->conf->{max2FDevices};
|
||||||
"Nbr 2FDevices = $size / $self->conf->{max2FDevices}");
|
$self->logger->debug(
|
||||||
if ( $size > $self->conf->{max2FDevices} ) {
|
"Nbr 2FDevices = $size / $maxSize");
|
||||||
$self->userLogger->error("Max number of 2F devices is reached !!!");
|
if ( $size > $maxSize ) {
|
||||||
return $self->p->sendHtml(
|
$self->userLogger->error(
|
||||||
$req, 'error',
|
"Max number of 2F devices is reached !!!");
|
||||||
params => {
|
return $self->p->sendError( $req, 'MaxNumberof2FDevicesReached', 200 );
|
||||||
RAW_ERROR => 'MaxNumberof2FDevicesReached',
|
|
||||||
AUTH_ERROR_TYPE => 'warning',
|
|
||||||
}
|
}
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
push @{$_2FDevices},
|
push @{$_2FDevices},
|
||||||
{
|
{
|
||||||
|
|
|
@ -19,7 +19,6 @@ has logo => ( is => 'rw', default => 'u2f.png' );
|
||||||
|
|
||||||
sub init {
|
sub init {
|
||||||
my ($self) = @_;
|
my ($self) = @_;
|
||||||
$self->conf->{max2FDevices} ||= 10;
|
|
||||||
return 0 unless $self->SUPER::init;
|
return 0 unless $self->SUPER::init;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
@ -80,18 +79,13 @@ sub run {
|
||||||
|
|
||||||
# Check if user can register one more device
|
# Check if user can register one more device
|
||||||
my $size = @$_2FDevices;
|
my $size = @$_2FDevices;
|
||||||
|
my $maxSize = $self->conf->{max2FDevices};
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"Nbr 2FDevices = $size / $self->conf->{max2FDevices}");
|
"Nbr 2FDevices = $size / $maxSize");
|
||||||
if ( $size > $self->conf->{max2FDevices} ) {
|
if ( $size > $maxSize ) {
|
||||||
$self->userLogger->error(
|
$self->userLogger->error(
|
||||||
"Max number of 2F devices is reached !!!");
|
"Max number of 2F devices is reached !!!");
|
||||||
return $self->p->sendHtml(
|
return $self->p->sendError( $req, 'MaxNumberof2FDevicesReached', 200 );
|
||||||
$req, 'error',
|
|
||||||
params => {
|
|
||||||
RAW_ERROR => 'MaxNumberof2FDevicesReached',
|
|
||||||
AUTH_ERROR_TYPE => 'warning',
|
|
||||||
}
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
my $keyName = $req->param('keyName');
|
my $keyName = $req->param('keyName');
|
||||||
|
|
|
@ -24,7 +24,6 @@ has logo => ( is => 'rw', default => 'yubikey.png' );
|
||||||
sub init {
|
sub init {
|
||||||
my ($self) = @_;
|
my ($self) = @_;
|
||||||
$self->conf->{yubikey2fPublicIDSize} ||= 12;
|
$self->conf->{yubikey2fPublicIDSize} ||= 12;
|
||||||
$self->conf->{max2FDevices} ||= 10;
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -81,20 +80,15 @@ sub run {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check if user can register one more device
|
# Check if user can register one more device
|
||||||
my $size = @$_2FDevices;
|
my $size = @$_2FDevices;
|
||||||
$self->logger->debug(
|
my $maxSize = $self->conf->{max2FDevices};
|
||||||
"Nbr 2FDevices = $size / $self->conf->{max2FDevices}");
|
$self->logger->debug(
|
||||||
if ( $size > $self->conf->{max2FDevices} ) {
|
"Nbr 2FDevices = $size / $maxSize");
|
||||||
$self->userLogger->error(
|
if ( $size > $maxSize ) {
|
||||||
"Max number of 2F devices is reached !!!");
|
$self->userLogger->error(
|
||||||
return $self->p->sendHtml(
|
"Max number of 2F devices is reached !!!");
|
||||||
$req, 'error',
|
return $self->p->sendError( $req, 'MaxNumberof2FDevicesReached', 200 );
|
||||||
params => {
|
}
|
||||||
RAW_ERROR => 'MaxNumberof2FDevicesReached',
|
|
||||||
AUTH_ERROR_TYPE => 'warning',
|
|
||||||
}
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
push @{$_2FDevices},
|
push @{$_2FDevices},
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue
Block a user