Remove explicit references to 2FA types from Manager
This commit is contained in:
parent
389d33d542
commit
3ff3fa9376
|
@ -15,7 +15,6 @@ extends qw(
|
|||
Lemonldap::NG::Common::Conf::AccessLib
|
||||
);
|
||||
|
||||
use constant _2FTYPES => [ "UBK", "U2F", "TOTP", "WebAuthn" ];
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
#############################
|
||||
|
@ -47,8 +46,6 @@ sub init {
|
|||
$self->{hiddenAttributes} //= "_password";
|
||||
$self->{hiddenAttributes} .= ' _session_id'
|
||||
unless $conf->{displaySessionId};
|
||||
$self->{TOTPCheck} = $self->{U2FCheck} = $self->{UBKCheck} =
|
||||
$self->{WebAuthnCheck} = '1';
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
@ -69,14 +66,9 @@ sub del2F {
|
|||
my $epoch = $params->{epoch}
|
||||
or return $self->sendError( $req, 'Missing "epoch" parameter', 400 );
|
||||
|
||||
if ( grep { $_ eq $type } @{ _2FTYPES() } ) {
|
||||
$self->logger->debug(
|
||||
"Call procedure delete2F with type=$type and epoch=$epoch");
|
||||
return $self->delete2F( $req, $session, $skey );
|
||||
}
|
||||
else {
|
||||
return $self->sendError( $req, 'Bad value "type" parameter', 400 );
|
||||
}
|
||||
$self->logger->debug(
|
||||
"Call procedure delete2F with type=$type and epoch=$epoch");
|
||||
return $self->delete2F( $req, $session, $skey );
|
||||
}
|
||||
|
||||
########################
|
||||
|
@ -118,11 +110,8 @@ sub sfa {
|
|||
my $moduleOptions = $mod->{options};
|
||||
$moduleOptions->{backend} = $mod->{module};
|
||||
|
||||
# Select 2FA sessions to display
|
||||
foreach ( @{ _2FTYPES() } ) {
|
||||
$self->{ $_ . 'Check' } = delete $params->{ $_ . 'Check' }
|
||||
if ( defined $params->{ $_ . 'Check' } );
|
||||
}
|
||||
my @display_types = $params->get_all('type');
|
||||
$params->remove('type');
|
||||
|
||||
my %filters = map {
|
||||
my $s = $_;
|
||||
|
@ -190,19 +179,18 @@ sub sfa {
|
|||
# Remove sessions without at least one 2F device(s)
|
||||
$self->logger->debug(
|
||||
"Removing sessions without at least one 2F device(s)...");
|
||||
my $_2f_types_re = join( '|', @{ _2FTYPES() } );
|
||||
foreach my $session ( keys %$res ) {
|
||||
delete $res->{$session}
|
||||
unless ( defined $res->{$session}->{_2fDevices}
|
||||
and $res->{$session}->{_2fDevices} =~
|
||||
/"type":\s*"(?:$_2f_types_re)"/s );
|
||||
and $res->{$session}->{_2fDevices} =~ /"type"/s );
|
||||
}
|
||||
|
||||
# Filter 2FA sessions if needed
|
||||
$self->logger->debug("Filtering 2F sessions...");
|
||||
my $all = ( keys %$res );
|
||||
foreach ( @{ _2FTYPES() } ) {
|
||||
if ( $self->{ $_ . 'Check' } eq '2' ) {
|
||||
|
||||
# Filter 2FA sessions if needed
|
||||
if (@display_types) {
|
||||
$self->logger->debug("Filtering 2F sessions...");
|
||||
foreach (@display_types) {
|
||||
foreach my $session ( keys %$res ) {
|
||||
delete $res->{$session}
|
||||
unless ( defined $res->{$session}->{_2fDevices}
|
||||
|
|
|
@ -228,7 +228,6 @@ sub init {
|
|||
$self->setTypes($conf);
|
||||
$self->{multiValuesSeparator} ||= '; ';
|
||||
$self->{hiddenAttributes} //= "_password";
|
||||
$self->{TOTPCheck} = $self->{U2FCheck} = $self->{UBKCheck} = '1';
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
@ -139,11 +139,6 @@ sub _get2F {
|
|||
my ( $self, $uid, $type, $id ) = @_;
|
||||
my ( $res, $psessions, @secondFactors );
|
||||
|
||||
if ( defined $type ) {
|
||||
$res = $self->_checkType($type);
|
||||
return $res if ( $res->{res} ne 'ok' );
|
||||
}
|
||||
|
||||
$psessions = $self->_getSessions2F( $self->_getPersistentMod, 'Persistent',
|
||||
'_session_uid', $uid );
|
||||
|
||||
|
@ -279,10 +274,6 @@ sub _delete2FFromSessions {
|
|||
sub _delete2F {
|
||||
my ( $self, $uid, $type, $id ) = @_;
|
||||
my ( $res, $removed, $count );
|
||||
if ( defined $type ) {
|
||||
$res = $self->_checkType($type);
|
||||
return $res if ( $res->{res} ne 'ok' );
|
||||
}
|
||||
|
||||
$res =
|
||||
$self->_delete2FFromSessions( $uid, $type, $id, $self->_getPersistentMod,
|
||||
|
@ -331,18 +322,4 @@ sub _getDevicesFromSessionData {
|
|||
return [];
|
||||
}
|
||||
|
||||
sub _checkType {
|
||||
my ( $self, $type ) = @_;
|
||||
|
||||
return {
|
||||
res => "ko",
|
||||
code => 400,
|
||||
msg =>
|
||||
"Invalid input: Type \"$type\" does not exist. Allowed values for type are: \"U2F\", \"TOTP\", \"WebAuthn\" or \"UBK\""
|
||||
}
|
||||
unless ( $type =~ /\b(?:U2F|TOTP|UBK|WebAuthn)\b/i );
|
||||
|
||||
return { res => "ok" };
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
@ -135,14 +135,6 @@ sub checkGetList {
|
|||
return $ret;
|
||||
}
|
||||
|
||||
sub checkGetBadType {
|
||||
my ( $uid, $type ) = splice @_;
|
||||
my ( $test, $res );
|
||||
$test = "Get for uid $uid and type \"$type\" should get rejected.";
|
||||
$res = get( $test, $uid, $type );
|
||||
check400( $test, $res );
|
||||
}
|
||||
|
||||
sub checkGetOnIds {
|
||||
my ( $uid, $ret ) = splice @_;
|
||||
foreach (@$ret) {
|
||||
|
@ -313,7 +305,7 @@ checkGetList( 1, 'dwho', 'U2F' );
|
|||
checkGetList( 1, 'dwho', 'TOTP' );
|
||||
checkGetList( 1, 'dwho', 'UBK' );
|
||||
checkGetList( 1, 'dwho', 'WebAuthn' );
|
||||
checkGetBadType( 'dwho', 'UBKIKI' );
|
||||
checkGetList( 0, 'dwho', 'UBKIKI' );
|
||||
$ret = checkGetList( 4, 'dwho' );
|
||||
checkGetOnIds( 'dwho', $ret );
|
||||
checkDelete( 'dwho', @$ret[0]->{id} );
|
||||
|
|
|
@ -147,8 +147,7 @@ ok( ( $res->{_2fDevices} and $res->{_2fDevices} =~ /"type":\s*"UBK"/s ),
|
|||
count(5);
|
||||
|
||||
## "All" query
|
||||
$res = &client->jsonResponse( '/sfa/persistent',
|
||||
'groupBy=substr(uid,1)&U2FCheck=1&TOTPCheck=1&UBKCheck=1' );
|
||||
$res = &client->jsonResponse( '/sfa/persistent', 'groupBy=substr(uid,1)' );
|
||||
ok( $res->{result} == 1, 'Search * - Result code = 1' );
|
||||
ok( $res->{count} == 3, 'Found 3 results' ) or print STDERR Dumper($res);
|
||||
ok( @{ $res->{values} } == 3, 'List 3 results' );
|
||||
|
@ -168,8 +167,8 @@ count(9);
|
|||
|
||||
## "Search by UID" query
|
||||
# uid=d*
|
||||
$res = &client->jsonResponse( '/sfa/persistent',
|
||||
'uid=d*&groupBy=substr(uid,1)&U2FCheck=1&TOTPCheck=1&UBKCheck=1' );
|
||||
$res =
|
||||
&client->jsonResponse( '/sfa/persistent', 'uid=d*&groupBy=substr(uid,1)' );
|
||||
ok( $res->{result} == 1, 'Search "uid"=d* - Result code = 1' );
|
||||
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
||||
ok( @{ $res->{values} } == 1, 'List 1 result' );
|
||||
|
@ -180,8 +179,8 @@ ok( $res->{values}->[0]->{count} == 2, 'Found 2 sessions starting with "d"' );
|
|||
count(5);
|
||||
|
||||
# uid=dw*
|
||||
$res = &client->jsonResponse( '/sfa/persistent',
|
||||
'uid=dw*&groupBy=substr(uid,2)&U2FCheck=1&TOTPCheck=1&UBKCheck=1' );
|
||||
$res =
|
||||
&client->jsonResponse( '/sfa/persistent', 'uid=dw*&groupBy=substr(uid,2)' );
|
||||
ok( $res->{result} == 1, 'Search "uid"=dw* - Result code = 1' );
|
||||
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
||||
ok( @{ $res->{values} } == 1, 'List 1 result' );
|
||||
|
@ -193,7 +192,7 @@ count(5);
|
|||
|
||||
# uid=d* & UBK
|
||||
$res = &client->jsonResponse( '/sfa/persistent',
|
||||
'uid=d*&groupBy=substr(uid,1)&U2FCheck=1&TOTPCheck=1&UBKCheck=2' );
|
||||
'uid=d*&groupBy=substr(uid,1)&type=UBK' );
|
||||
ok( $res->{result} == 1, 'Search "uid"=d* & UBK - Result code = 1' );
|
||||
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
||||
ok( @{ $res->{values} } == 1, 'List 1 result' );
|
||||
|
@ -208,7 +207,7 @@ count(5);
|
|||
|
||||
# uid=dw* & UBK
|
||||
$res = &client->jsonResponse( '/sfa/persistent',
|
||||
'uid=dw*&groupBy=substr(uid,2)&U2FCheck=1&TOTPCheck=1&UBKCheck=2' );
|
||||
'uid=dw*&groupBy=substr(uid,2)&type=UBK' );
|
||||
ok( $res->{result} == 1, 'Search "uid"=dw* & UBK - Result code = 1' );
|
||||
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
||||
ok( @{ $res->{values} } == 1, 'List 1 result' );
|
||||
|
@ -223,7 +222,7 @@ count(5);
|
|||
|
||||
# uid=da* & UBK
|
||||
$res = &client->jsonResponse( '/sfa/persistent',
|
||||
'uid=da*&groupBy=substr(uid,2)&U2FCheck=1&TOTPCheck=1&UBKCheck=2' );
|
||||
'uid=da*&groupBy=substr(uid,2)&type=UBK' );
|
||||
ok( $res->{result} == 1, 'Search "uid"=da* & UBK - Result code = 1' );
|
||||
ok( $res->{count} == 0, 'Found 0 session with "da" & UBK' )
|
||||
or print STDERR Dumper($res);
|
||||
|
@ -232,7 +231,7 @@ count(3);
|
|||
|
||||
## "Filtered by U2F" query
|
||||
$res = &client->jsonResponse( '/sfa/persistent',
|
||||
'uid=*&groupBy=substr(uid,0)&U2FCheck=2&TOTPCheck=1&UBKCheck=1' );
|
||||
'uid=*&groupBy=substr(uid,0)&type=U2F' );
|
||||
ok( $res->{result} == 1, 'Search "uid"=* & UBK - Result code = 1' );
|
||||
ok( $res->{count} == 3, 'Found 3 results' ) or print STDERR Dumper($res);
|
||||
ok( @{ $res->{values} } == 3, 'List 3 results' );
|
||||
|
@ -261,7 +260,7 @@ count(9);
|
|||
|
||||
## "Filtered by U2F & TOTP" query
|
||||
$res = &client->jsonResponse( '/sfa/persistent',
|
||||
'uid=*&groupBy=substr(uid,0)&U2FCheck=2&TOTPCheck=2&UBKCheck=1' );
|
||||
'uid=*&groupBy=substr(uid,0)&type=U2F&type=TOTP' );
|
||||
ok( $res->{result} == 1, 'Search "uid"=* & UBK & TOTP - Result code = 1' );
|
||||
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
||||
ok( @{ $res->{values} } == 1, 'List 1 result' );
|
||||
|
@ -274,7 +273,7 @@ count(5);
|
|||
|
||||
## "Filtered by U2F & TOTP & UBK" query
|
||||
$res = &client->jsonResponse( '/sfa/persistent',
|
||||
'uid=*&groupBy=substr(uid,0)&U2FCheck=2&TOTPCheck=2&UBKCheck=2' );
|
||||
'uid=*&groupBy=substr(uid,0)&type=U2F&type=TOTP&type=UBK' );
|
||||
ok( $res->{result} == 1,
|
||||
'Search "uid"=* & UBK & TOTP & UBK - Result code = 1' );
|
||||
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
||||
|
@ -288,7 +287,7 @@ count(5);
|
|||
|
||||
## "Filtered by U2F & UBK" query
|
||||
$res = &client->jsonResponse( '/sfa/persistent',
|
||||
'uid=*&groupBy=substr(uid,0)&U2FCheck=2&TOTPCheck=1&UBKCheck=2' );
|
||||
'uid=*&groupBy=substr(uid,0)&type=U2F&type=UBK' );
|
||||
ok( $res->{result} == 1, 'Search "uid"=* & UBK & UBK - Result code = 1' );
|
||||
ok( $res->{count} == 2, 'Found 2 results' ) or print STDERR Dumper($res);
|
||||
ok( @{ $res->{values} } == 2, 'List 2 results' );
|
||||
|
@ -345,8 +344,7 @@ foreach ( 2 .. 3 ) {
|
|||
}
|
||||
|
||||
## Check than all devices have been deleted with "All" query
|
||||
$res = &client->jsonResponse( '/sfa/persistent',
|
||||
'groupBy=substr(uid,1)&U2FCheck=1&TOTPCheck=1&UBKCheck=1' );
|
||||
$res = &client->jsonResponse( '/sfa/persistent', 'groupBy=substr(uid,1)' );
|
||||
ok( $res->{result} == 1, 'Result code = 1' );
|
||||
ok( $res->{count} == 0, 'Found 0 session with 2F device' )
|
||||
or print STDERR Dumper($res);
|
||||
|
|
Loading…
Reference in New Issue