diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm index c95fdd703..e9a85fe15 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm @@ -15,7 +15,6 @@ extends qw( Lemonldap::NG::Common::Conf::AccessLib ); -use constant _2FTYPES => [ "UBK", "U2F", "TOTP", "WebAuthn" ]; our $VERSION = '2.0.10'; ############################# @@ -47,8 +46,6 @@ sub init { $self->{hiddenAttributes} //= "_password"; $self->{hiddenAttributes} .= ' _session_id' unless $conf->{displaySessionId}; - $self->{TOTPCheck} = $self->{U2FCheck} = $self->{UBKCheck} = - $self->{WebAuthnCheck} = '1'; return 1; } @@ -69,14 +66,9 @@ sub del2F { my $epoch = $params->{epoch} or return $self->sendError( $req, 'Missing "epoch" parameter', 400 ); - if ( grep { $_ eq $type } @{ _2FTYPES() } ) { - $self->logger->debug( - "Call procedure delete2F with type=$type and epoch=$epoch"); - return $self->delete2F( $req, $session, $skey ); - } - else { - return $self->sendError( $req, 'Bad value "type" parameter', 400 ); - } + $self->logger->debug( + "Call procedure delete2F with type=$type and epoch=$epoch"); + return $self->delete2F( $req, $session, $skey ); } ######################## @@ -118,11 +110,8 @@ sub sfa { my $moduleOptions = $mod->{options}; $moduleOptions->{backend} = $mod->{module}; - # Select 2FA sessions to display - foreach ( @{ _2FTYPES() } ) { - $self->{ $_ . 'Check' } = delete $params->{ $_ . 'Check' } - if ( defined $params->{ $_ . 'Check' } ); - } + my @display_types = $params->get_all('type'); + $params->remove('type'); my %filters = map { my $s = $_; @@ -190,19 +179,18 @@ sub sfa { # Remove sessions without at least one 2F device(s) $self->logger->debug( "Removing sessions without at least one 2F device(s)..."); - my $_2f_types_re = join( '|', @{ _2FTYPES() } ); foreach my $session ( keys %$res ) { delete $res->{$session} unless ( defined $res->{$session}->{_2fDevices} - and $res->{$session}->{_2fDevices} =~ - /"type":\s*"(?:$_2f_types_re)"/s ); + and $res->{$session}->{_2fDevices} =~ /"type"/s ); } - # Filter 2FA sessions if needed - $self->logger->debug("Filtering 2F sessions..."); my $all = ( keys %$res ); - foreach ( @{ _2FTYPES() } ) { - if ( $self->{ $_ . 'Check' } eq '2' ) { + + # Filter 2FA sessions if needed + if (@display_types) { + $self->logger->debug("Filtering 2F sessions..."); + foreach (@display_types) { foreach my $session ( keys %$res ) { delete $res->{$session} unless ( defined $res->{$session}->{_2fDevices} diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api.pm index 6b7427677..9e7b291cd 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api.pm @@ -228,7 +228,6 @@ sub init { $self->setTypes($conf); $self->{multiValuesSeparator} ||= '; '; $self->{hiddenAttributes} //= "_password"; - $self->{TOTPCheck} = $self->{U2FCheck} = $self->{UBKCheck} = '1'; return 1; } diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/2F.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/2F.pm index fa3fb25b9..918339607 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/2F.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/2F.pm @@ -139,11 +139,6 @@ sub _get2F { my ( $self, $uid, $type, $id ) = @_; my ( $res, $psessions, @secondFactors ); - if ( defined $type ) { - $res = $self->_checkType($type); - return $res if ( $res->{res} ne 'ok' ); - } - $psessions = $self->_getSessions2F( $self->_getPersistentMod, 'Persistent', '_session_uid', $uid ); @@ -279,10 +274,6 @@ sub _delete2FFromSessions { sub _delete2F { my ( $self, $uid, $type, $id ) = @_; my ( $res, $removed, $count ); - if ( defined $type ) { - $res = $self->_checkType($type); - return $res if ( $res->{res} ne 'ok' ); - } $res = $self->_delete2FFromSessions( $uid, $type, $id, $self->_getPersistentMod, @@ -331,18 +322,4 @@ sub _getDevicesFromSessionData { return []; } -sub _checkType { - my ( $self, $type ) = @_; - - return { - res => "ko", - code => 400, - msg => -"Invalid input: Type \"$type\" does not exist. Allowed values for type are: \"U2F\", \"TOTP\", \"WebAuthn\" or \"UBK\"" - } - unless ( $type =~ /\b(?:U2F|TOTP|UBK|WebAuthn)\b/i ); - - return { res => "ok" }; -} - 1; diff --git a/lemonldap-ng-manager/t/04-2F-api.t b/lemonldap-ng-manager/t/04-2F-api.t index 364647435..7167c8ded 100644 --- a/lemonldap-ng-manager/t/04-2F-api.t +++ b/lemonldap-ng-manager/t/04-2F-api.t @@ -135,14 +135,6 @@ sub checkGetList { return $ret; } -sub checkGetBadType { - my ( $uid, $type ) = splice @_; - my ( $test, $res ); - $test = "Get for uid $uid and type \"$type\" should get rejected."; - $res = get( $test, $uid, $type ); - check400( $test, $res ); -} - sub checkGetOnIds { my ( $uid, $ret ) = splice @_; foreach (@$ret) { @@ -313,7 +305,7 @@ checkGetList( 1, 'dwho', 'U2F' ); checkGetList( 1, 'dwho', 'TOTP' ); checkGetList( 1, 'dwho', 'UBK' ); checkGetList( 1, 'dwho', 'WebAuthn' ); -checkGetBadType( 'dwho', 'UBKIKI' ); +checkGetList( 0, 'dwho', 'UBKIKI' ); $ret = checkGetList( 4, 'dwho' ); checkGetOnIds( 'dwho', $ret ); checkDelete( 'dwho', @$ret[0]->{id} ); diff --git a/lemonldap-ng-manager/t/60-2ndfa.t b/lemonldap-ng-manager/t/60-2ndfa.t index fff93623c..ac011f105 100644 --- a/lemonldap-ng-manager/t/60-2ndfa.t +++ b/lemonldap-ng-manager/t/60-2ndfa.t @@ -147,8 +147,7 @@ ok( ( $res->{_2fDevices} and $res->{_2fDevices} =~ /"type":\s*"UBK"/s ), count(5); ## "All" query -$res = &client->jsonResponse( '/sfa/persistent', - 'groupBy=substr(uid,1)&U2FCheck=1&TOTPCheck=1&UBKCheck=1' ); +$res = &client->jsonResponse( '/sfa/persistent', 'groupBy=substr(uid,1)' ); ok( $res->{result} == 1, 'Search * - Result code = 1' ); ok( $res->{count} == 3, 'Found 3 results' ) or print STDERR Dumper($res); ok( @{ $res->{values} } == 3, 'List 3 results' ); @@ -168,8 +167,8 @@ count(9); ## "Search by UID" query # uid=d* -$res = &client->jsonResponse( '/sfa/persistent', - 'uid=d*&groupBy=substr(uid,1)&U2FCheck=1&TOTPCheck=1&UBKCheck=1' ); +$res = + &client->jsonResponse( '/sfa/persistent', 'uid=d*&groupBy=substr(uid,1)' ); ok( $res->{result} == 1, 'Search "uid"=d* - Result code = 1' ); ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res); ok( @{ $res->{values} } == 1, 'List 1 result' ); @@ -180,8 +179,8 @@ ok( $res->{values}->[0]->{count} == 2, 'Found 2 sessions starting with "d"' ); count(5); # uid=dw* -$res = &client->jsonResponse( '/sfa/persistent', - 'uid=dw*&groupBy=substr(uid,2)&U2FCheck=1&TOTPCheck=1&UBKCheck=1' ); +$res = + &client->jsonResponse( '/sfa/persistent', 'uid=dw*&groupBy=substr(uid,2)' ); ok( $res->{result} == 1, 'Search "uid"=dw* - Result code = 1' ); ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res); ok( @{ $res->{values} } == 1, 'List 1 result' ); @@ -193,7 +192,7 @@ count(5); # uid=d* & UBK $res = &client->jsonResponse( '/sfa/persistent', - 'uid=d*&groupBy=substr(uid,1)&U2FCheck=1&TOTPCheck=1&UBKCheck=2' ); + 'uid=d*&groupBy=substr(uid,1)&type=UBK' ); ok( $res->{result} == 1, 'Search "uid"=d* & UBK - Result code = 1' ); ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res); ok( @{ $res->{values} } == 1, 'List 1 result' ); @@ -208,7 +207,7 @@ count(5); # uid=dw* & UBK $res = &client->jsonResponse( '/sfa/persistent', - 'uid=dw*&groupBy=substr(uid,2)&U2FCheck=1&TOTPCheck=1&UBKCheck=2' ); + 'uid=dw*&groupBy=substr(uid,2)&type=UBK' ); ok( $res->{result} == 1, 'Search "uid"=dw* & UBK - Result code = 1' ); ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res); ok( @{ $res->{values} } == 1, 'List 1 result' ); @@ -223,7 +222,7 @@ count(5); # uid=da* & UBK $res = &client->jsonResponse( '/sfa/persistent', - 'uid=da*&groupBy=substr(uid,2)&U2FCheck=1&TOTPCheck=1&UBKCheck=2' ); + 'uid=da*&groupBy=substr(uid,2)&type=UBK' ); ok( $res->{result} == 1, 'Search "uid"=da* & UBK - Result code = 1' ); ok( $res->{count} == 0, 'Found 0 session with "da" & UBK' ) or print STDERR Dumper($res); @@ -232,7 +231,7 @@ count(3); ## "Filtered by U2F" query $res = &client->jsonResponse( '/sfa/persistent', - 'uid=*&groupBy=substr(uid,0)&U2FCheck=2&TOTPCheck=1&UBKCheck=1' ); + 'uid=*&groupBy=substr(uid,0)&type=U2F' ); ok( $res->{result} == 1, 'Search "uid"=* & UBK - Result code = 1' ); ok( $res->{count} == 3, 'Found 3 results' ) or print STDERR Dumper($res); ok( @{ $res->{values} } == 3, 'List 3 results' ); @@ -261,7 +260,7 @@ count(9); ## "Filtered by U2F & TOTP" query $res = &client->jsonResponse( '/sfa/persistent', - 'uid=*&groupBy=substr(uid,0)&U2FCheck=2&TOTPCheck=2&UBKCheck=1' ); + 'uid=*&groupBy=substr(uid,0)&type=U2F&type=TOTP' ); ok( $res->{result} == 1, 'Search "uid"=* & UBK & TOTP - Result code = 1' ); ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res); ok( @{ $res->{values} } == 1, 'List 1 result' ); @@ -274,7 +273,7 @@ count(5); ## "Filtered by U2F & TOTP & UBK" query $res = &client->jsonResponse( '/sfa/persistent', - 'uid=*&groupBy=substr(uid,0)&U2FCheck=2&TOTPCheck=2&UBKCheck=2' ); + 'uid=*&groupBy=substr(uid,0)&type=U2F&type=TOTP&type=UBK' ); ok( $res->{result} == 1, 'Search "uid"=* & UBK & TOTP & UBK - Result code = 1' ); ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res); @@ -288,7 +287,7 @@ count(5); ## "Filtered by U2F & UBK" query $res = &client->jsonResponse( '/sfa/persistent', - 'uid=*&groupBy=substr(uid,0)&U2FCheck=2&TOTPCheck=1&UBKCheck=2' ); + 'uid=*&groupBy=substr(uid,0)&type=U2F&type=UBK' ); ok( $res->{result} == 1, 'Search "uid"=* & UBK & UBK - Result code = 1' ); ok( $res->{count} == 2, 'Found 2 results' ) or print STDERR Dumper($res); ok( @{ $res->{values} } == 2, 'List 2 results' ); @@ -345,8 +344,7 @@ foreach ( 2 .. 3 ) { } ## Check than all devices have been deleted with "All" query -$res = &client->jsonResponse( '/sfa/persistent', - 'groupBy=substr(uid,1)&U2FCheck=1&TOTPCheck=1&UBKCheck=1' ); +$res = &client->jsonResponse( '/sfa/persistent', 'groupBy=substr(uid,1)' ); ok( $res->{result} == 1, 'Result code = 1' ); ok( $res->{count} == 0, 'Found 0 session with 2F device' ) or print STDERR Dumper($res);