Don't create session before U2F check (#1148)
This commit is contained in:
parent
2735520c16
commit
22c22af3c0
|
@ -21,7 +21,7 @@ extends 'Lemonldap::NG::Portal::Lib::U2F';
|
||||||
|
|
||||||
# INTERFACE
|
# INTERFACE
|
||||||
|
|
||||||
sub afterDatas { 'run' }
|
sub betweenAuthAndDatas { 'run' }
|
||||||
|
|
||||||
# INITIALIZATION
|
# INITIALIZATION
|
||||||
|
|
||||||
|
@ -54,18 +54,16 @@ sub run {
|
||||||
return PE_ERROR if ( $res == -1 );
|
return PE_ERROR if ( $res == -1 );
|
||||||
|
|
||||||
$req->sessionInfo->{_u2fRealSession} = $req->id;
|
$req->sessionInfo->{_u2fRealSession} = $req->id;
|
||||||
my $token = $self->ott->createToken( $req->sessionInfo );
|
my $token = $self->ott->createToken($req);
|
||||||
$req->id(0);
|
|
||||||
$self->p->rebuildCookies($req);
|
|
||||||
|
|
||||||
my $challenge = $self->crypter->authenticationChallenge;
|
my $challenge = $self->crypter->authenticationChallenge;
|
||||||
my $tmp = $self->p->sendHtml(
|
my $tmp = $self->p->sendHtml(
|
||||||
$req,
|
$req,
|
||||||
'u2fcheck',
|
'u2fcheck',
|
||||||
params => {
|
params => {
|
||||||
SKIN => $self->conf->{portalSkin},
|
SKIN => $self->conf->{portalSkin},
|
||||||
CHALLENGE => $challenge,
|
CHALLENGE => $challenge,
|
||||||
TOKEN => $token
|
TOKEN => $token
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
$self->logger->debug( 'Prepare U2F verification for '
|
$self->logger->debug( 'Prepare U2F verification for '
|
||||||
|
@ -87,7 +85,8 @@ sub verify {
|
||||||
$req->error(PE_NOTOKEN);
|
$req->error(PE_NOTOKEN);
|
||||||
return $self->fail($req);
|
return $self->fail($req);
|
||||||
}
|
}
|
||||||
unless ( $req->sessionInfo( $self->ott->getToken($token) ) ) {
|
my $oldReq;
|
||||||
|
unless ( $oldReq = $self->ott->getToken($token) ) ) {
|
||||||
$self->userLogger->info('Token expired');
|
$self->userLogger->info('Token expired');
|
||||||
$req->error(PE_TOKENEXPIRED);
|
$req->error(PE_TOKENEXPIRED);
|
||||||
return $self->fail($req);
|
return $self->fail($req);
|
||||||
|
@ -104,7 +103,9 @@ sub verify {
|
||||||
$req->mustRedirect(1);
|
$req->mustRedirect(1);
|
||||||
$self->userLogger->info( 'U2F signature verified for '
|
$self->userLogger->info( 'U2F signature verified for '
|
||||||
. $req->sessionInfo->{ $self->conf->{whatToTrace} } );
|
. $req->sessionInfo->{ $self->conf->{whatToTrace} } );
|
||||||
return $self->p->do( $req, [ sub { PE_OK } ] );
|
bless $oldReq, 'Lemonldap::NG::Portal::Main::Request';
|
||||||
|
return $self->p->do( $oldReq,
|
||||||
|
[ $self->p->sessionDatas, @{ $self->p->afterDatas } ] );
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->userLogger->notice( 'Invalid U2F signature for '
|
$self->userLogger->notice( 'Invalid U2F signature for '
|
||||||
|
|
Loading…
Reference in New Issue
Block a user