From 3d5e7f8b05c0b05b0acd588bb512a9c85f84e2d9 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Mon, 22 Aug 2022 12:24:05 +0200
Subject: [PATCH] Do not check selfRegistration (#2712)

---
 .../lib/Lemonldap/NG/Portal/2F/TOTP.pm            | 15 ++++++---------
 .../lib/Lemonldap/NG/Portal/2F/U2F.pm             | 15 ++++++---------
 .../lib/Lemonldap/NG/Portal/2F/UTOTP.pm           | 15 ++++-----------
 .../lib/Lemonldap/NG/Portal/2F/WebAuthn.pm        | 15 ++++++---------
 lemonldap-ng-portal/t/01-WebAuthn.t               |  2 +-
 lemonldap-ng-portal/t/70-2F-TOTP-with-TTL.t       |  2 +-
 .../t/73-2F-UTOTP-TOTP-and-U2F-with-History.t     |  1 -
 7 files changed, 24 insertions(+), 41 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm
index 830481054..07819d74c 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm
@@ -15,7 +15,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
   PE_SENDRESPONSE
 );
 
-our $VERSION = '2.0.10';
+our $VERSION = '2.0.15';
 
 extends qw(
   Lemonldap::NG::Portal::Main::SecondFactor
@@ -30,14 +30,11 @@ has logo   => ( is => 'rw', default => 'totp.png' );
 sub init {
     my ($self) = @_;
 
-    # If self registration is enabled and "activation" is just set to
-    # "enabled", replace the rule to detect if user has registered its key
-    if (    $self->conf->{totp2fSelfRegistration}
-        and $self->conf->{totp2fActivation} eq '1' )
-    {
-        $self->conf->{totp2fActivation} =
-          '$_2fDevices && $_2fDevices =~ /"type":\s*"TOTP"/s';
-    }
+    # If "activation" is just set to "enabled",
+    # replace the rule to detect if user has registered its key
+    $self->conf->{totp2fActivation} = 'has2f("TOTP")'
+      if $self->conf->{totp2fActivation} eq '1';
+
     return $self->SUPER::init();
 }
 
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm
index cc766bb12..0792faa75 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm
@@ -16,7 +16,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
   PE_BADCREDENTIALS
 );
 
-our $VERSION = '2.0.12';
+our $VERSION = '2.0.15';
 
 extends qw(
   Lemonldap::NG::Portal::Main::SecondFactor
@@ -32,14 +32,11 @@ has logo   => ( is => 'rw', default => 'u2f.png' );
 sub init {
     my ($self) = @_;
 
-    # If self registration is enabled and "activation" is just set to
-    # "enabled", replace the rule to detect if user has registered its key
-    if (    $self->conf->{u2fSelfRegistration}
-        and $self->conf->{u2fActivation} eq '1' )
-    {
-        $self->conf->{u2fActivation} =
-          '$_2fDevices && $_2fDevices =~ /"type":\s*"U2F"/s';
-    }
+    # If "activation" is just set to "enabled",
+    # replace the rule to detect if user has registered its key
+    $self->conf->{u2fActivation} = 'has2f("U2F")'
+      if $self->conf->{u2fActivation} eq '1';
+
     return 0
       unless ( $self->Lemonldap::NG::Portal::Main::SecondFactor::init()
         and $self->Lemonldap::NG::Portal::Lib::U2F::init() );
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/UTOTP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/UTOTP.pm
index 778f685e6..6f2dc615a 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/UTOTP.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/UTOTP.pm
@@ -6,7 +6,7 @@ use JSON qw(from_json to_json);
 use Lemonldap::NG::Portal::Main::Constants qw(
 );
 
-our $VERSION = '2.0.8';
+our $VERSION = '2.0.15';
 
 extends 'Lemonldap::NG::Portal::Main::SecondFactor';
 
@@ -26,16 +26,9 @@ use Lemonldap::NG::Portal::Main::Constants qw(
 
 sub init {
     my ($self) = @_;
-    if ( (
-               $self->conf->{totp2fSelfRegistration}
-            or $self->conf->{u2fSelfRegistration}
-        )
-        and $self->conf->{utotp2fActivation} eq '1'
-      )
-    {
-        $self->conf->{utotp2fActivation} =
-          '$_2fDevices && $_2fDevices =~ /"type":\s*"(?:TOTP|U2F)"/s';
-    }
+    $self->conf->{utotp2fActivation} = 'has2f("TOTP") or has2f("U2F")'
+      if ( $self->conf->{utotp2fActivation} eq '1' );
+
     foreach (qw(U2F TOTP)) {
 
         # Arg "noRoute" is set for sub 2F modules to avoid enabling direct
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm
index ff27e4eea..6f05c72ed 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm
@@ -31,15 +31,12 @@ has logo   => ( is => 'rw', default => 'webauthn.png' );
 sub init {
     my ($self) = @_;
 
-    # If self registration is enabled and "activation" is just set to
-    # "enabled", replace the rule to detect if user has registered its key
-    if (    $self->conf->{webauthn2fSelfRegistration}
-        and $self->conf->{webauthn2fActivation} eq '1' )
-    {
-        $self->conf->{webauthn2fActivation} = 'has2f("WebAuthn")';
-    }
-    return 0
-      unless ( $self->Lemonldap::NG::Portal::Main::SecondFactor::init() );
+    # If "activation" is just set to "enabled",
+    # replace the rule to detect if user has registered its key
+    $self->conf->{webauthn2fActivation} = 'has2f("WebAuthn")'
+      if $self->conf->{webauthn2fActivation} eq '1';
+
+    return 0 unless $self->SUPER::init();
 
     return 1;
 }
diff --git a/lemonldap-ng-portal/t/01-WebAuthn.t b/lemonldap-ng-portal/t/01-WebAuthn.t
index 1e7d4632d..e52ba7e90 100644
--- a/lemonldap-ng-portal/t/01-WebAuthn.t
+++ b/lemonldap-ng-portal/t/01-WebAuthn.t
@@ -40,7 +40,7 @@ ENDKEY
             ini => {
                 logLevel                   => 'error',
                 useSafeJail                => 1,
-                webauthn2fSelfRegistration => 1,
+                webauthn2fSelfRegistration => 0,
                 webauthn2fActivation       => 1,
                 webauthn2fUserCanRemoveKey => 1,
             }
diff --git a/lemonldap-ng-portal/t/70-2F-TOTP-with-TTL.t b/lemonldap-ng-portal/t/70-2F-TOTP-with-TTL.t
index b4d12be91..0f04fd935 100644
--- a/lemonldap-ng-portal/t/70-2F-TOTP-with-TTL.t
+++ b/lemonldap-ng-portal/t/70-2F-TOTP-with-TTL.t
@@ -15,7 +15,7 @@ SKIP: {
     my $client = LLNG::Manager::Test->new( {
             ini => {
                 logLevel               => 'error',
-                totp2fSelfRegistration => 1,
+                totp2fSelfRegistration => '$uid eq "dwho"',
                 totp2fActivation       => 1,
                 totp2fTTL              => 120,
                 sfManagerRule          => 0,
diff --git a/lemonldap-ng-portal/t/73-2F-UTOTP-TOTP-and-U2F-with-History.t b/lemonldap-ng-portal/t/73-2F-UTOTP-TOTP-and-U2F-with-History.t
index d07cb632a..fcf9e3864 100644
--- a/lemonldap-ng-portal/t/73-2F-UTOTP-TOTP-and-U2F-with-History.t
+++ b/lemonldap-ng-portal/t/73-2F-UTOTP-TOTP-and-U2F-with-History.t
@@ -22,7 +22,6 @@ SKIP: {
                 logLevel               => 'error',
                 utotp2fActivation      => 1,
                 totp2fSelfRegistration => 1,
-                u2fSelfRegistration    => 1,
                 u2fSelfRegistration    =>
                   '$_2fDevices =~ /"type":\s*"(?:TOTP|U2F)"/s',
                 loginHistoryEnabled => 1,