Remove explicit references to 2FA types from Manager
This commit is contained in:
parent
389d33d542
commit
3ff3fa9376
|
@ -15,7 +15,6 @@ extends qw(
|
||||||
Lemonldap::NG::Common::Conf::AccessLib
|
Lemonldap::NG::Common::Conf::AccessLib
|
||||||
);
|
);
|
||||||
|
|
||||||
use constant _2FTYPES => [ "UBK", "U2F", "TOTP", "WebAuthn" ];
|
|
||||||
our $VERSION = '2.0.10';
|
our $VERSION = '2.0.10';
|
||||||
|
|
||||||
#############################
|
#############################
|
||||||
|
@ -47,8 +46,6 @@ sub init {
|
||||||
$self->{hiddenAttributes} //= "_password";
|
$self->{hiddenAttributes} //= "_password";
|
||||||
$self->{hiddenAttributes} .= ' _session_id'
|
$self->{hiddenAttributes} .= ' _session_id'
|
||||||
unless $conf->{displaySessionId};
|
unless $conf->{displaySessionId};
|
||||||
$self->{TOTPCheck} = $self->{U2FCheck} = $self->{UBKCheck} =
|
|
||||||
$self->{WebAuthnCheck} = '1';
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -69,14 +66,9 @@ sub del2F {
|
||||||
my $epoch = $params->{epoch}
|
my $epoch = $params->{epoch}
|
||||||
or return $self->sendError( $req, 'Missing "epoch" parameter', 400 );
|
or return $self->sendError( $req, 'Missing "epoch" parameter', 400 );
|
||||||
|
|
||||||
if ( grep { $_ eq $type } @{ _2FTYPES() } ) {
|
$self->logger->debug(
|
||||||
$self->logger->debug(
|
"Call procedure delete2F with type=$type and epoch=$epoch");
|
||||||
"Call procedure delete2F with type=$type and epoch=$epoch");
|
return $self->delete2F( $req, $session, $skey );
|
||||||
return $self->delete2F( $req, $session, $skey );
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
return $self->sendError( $req, 'Bad value "type" parameter', 400 );
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
########################
|
########################
|
||||||
|
@ -118,11 +110,8 @@ sub sfa {
|
||||||
my $moduleOptions = $mod->{options};
|
my $moduleOptions = $mod->{options};
|
||||||
$moduleOptions->{backend} = $mod->{module};
|
$moduleOptions->{backend} = $mod->{module};
|
||||||
|
|
||||||
# Select 2FA sessions to display
|
my @display_types = $params->get_all('type');
|
||||||
foreach ( @{ _2FTYPES() } ) {
|
$params->remove('type');
|
||||||
$self->{ $_ . 'Check' } = delete $params->{ $_ . 'Check' }
|
|
||||||
if ( defined $params->{ $_ . 'Check' } );
|
|
||||||
}
|
|
||||||
|
|
||||||
my %filters = map {
|
my %filters = map {
|
||||||
my $s = $_;
|
my $s = $_;
|
||||||
|
@ -190,19 +179,18 @@ sub sfa {
|
||||||
# Remove sessions without at least one 2F device(s)
|
# Remove sessions without at least one 2F device(s)
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"Removing sessions without at least one 2F device(s)...");
|
"Removing sessions without at least one 2F device(s)...");
|
||||||
my $_2f_types_re = join( '|', @{ _2FTYPES() } );
|
|
||||||
foreach my $session ( keys %$res ) {
|
foreach my $session ( keys %$res ) {
|
||||||
delete $res->{$session}
|
delete $res->{$session}
|
||||||
unless ( defined $res->{$session}->{_2fDevices}
|
unless ( defined $res->{$session}->{_2fDevices}
|
||||||
and $res->{$session}->{_2fDevices} =~
|
and $res->{$session}->{_2fDevices} =~ /"type"/s );
|
||||||
/"type":\s*"(?:$_2f_types_re)"/s );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Filter 2FA sessions if needed
|
|
||||||
$self->logger->debug("Filtering 2F sessions...");
|
|
||||||
my $all = ( keys %$res );
|
my $all = ( keys %$res );
|
||||||
foreach ( @{ _2FTYPES() } ) {
|
|
||||||
if ( $self->{ $_ . 'Check' } eq '2' ) {
|
# Filter 2FA sessions if needed
|
||||||
|
if (@display_types) {
|
||||||
|
$self->logger->debug("Filtering 2F sessions...");
|
||||||
|
foreach (@display_types) {
|
||||||
foreach my $session ( keys %$res ) {
|
foreach my $session ( keys %$res ) {
|
||||||
delete $res->{$session}
|
delete $res->{$session}
|
||||||
unless ( defined $res->{$session}->{_2fDevices}
|
unless ( defined $res->{$session}->{_2fDevices}
|
||||||
|
|
|
@ -228,7 +228,6 @@ sub init {
|
||||||
$self->setTypes($conf);
|
$self->setTypes($conf);
|
||||||
$self->{multiValuesSeparator} ||= '; ';
|
$self->{multiValuesSeparator} ||= '; ';
|
||||||
$self->{hiddenAttributes} //= "_password";
|
$self->{hiddenAttributes} //= "_password";
|
||||||
$self->{TOTPCheck} = $self->{U2FCheck} = $self->{UBKCheck} = '1';
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -139,11 +139,6 @@ sub _get2F {
|
||||||
my ( $self, $uid, $type, $id ) = @_;
|
my ( $self, $uid, $type, $id ) = @_;
|
||||||
my ( $res, $psessions, @secondFactors );
|
my ( $res, $psessions, @secondFactors );
|
||||||
|
|
||||||
if ( defined $type ) {
|
|
||||||
$res = $self->_checkType($type);
|
|
||||||
return $res if ( $res->{res} ne 'ok' );
|
|
||||||
}
|
|
||||||
|
|
||||||
$psessions = $self->_getSessions2F( $self->_getPersistentMod, 'Persistent',
|
$psessions = $self->_getSessions2F( $self->_getPersistentMod, 'Persistent',
|
||||||
'_session_uid', $uid );
|
'_session_uid', $uid );
|
||||||
|
|
||||||
|
@ -279,10 +274,6 @@ sub _delete2FFromSessions {
|
||||||
sub _delete2F {
|
sub _delete2F {
|
||||||
my ( $self, $uid, $type, $id ) = @_;
|
my ( $self, $uid, $type, $id ) = @_;
|
||||||
my ( $res, $removed, $count );
|
my ( $res, $removed, $count );
|
||||||
if ( defined $type ) {
|
|
||||||
$res = $self->_checkType($type);
|
|
||||||
return $res if ( $res->{res} ne 'ok' );
|
|
||||||
}
|
|
||||||
|
|
||||||
$res =
|
$res =
|
||||||
$self->_delete2FFromSessions( $uid, $type, $id, $self->_getPersistentMod,
|
$self->_delete2FFromSessions( $uid, $type, $id, $self->_getPersistentMod,
|
||||||
|
@ -331,18 +322,4 @@ sub _getDevicesFromSessionData {
|
||||||
return [];
|
return [];
|
||||||
}
|
}
|
||||||
|
|
||||||
sub _checkType {
|
|
||||||
my ( $self, $type ) = @_;
|
|
||||||
|
|
||||||
return {
|
|
||||||
res => "ko",
|
|
||||||
code => 400,
|
|
||||||
msg =>
|
|
||||||
"Invalid input: Type \"$type\" does not exist. Allowed values for type are: \"U2F\", \"TOTP\", \"WebAuthn\" or \"UBK\""
|
|
||||||
}
|
|
||||||
unless ( $type =~ /\b(?:U2F|TOTP|UBK|WebAuthn)\b/i );
|
|
||||||
|
|
||||||
return { res => "ok" };
|
|
||||||
}
|
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
|
@ -135,14 +135,6 @@ sub checkGetList {
|
||||||
return $ret;
|
return $ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub checkGetBadType {
|
|
||||||
my ( $uid, $type ) = splice @_;
|
|
||||||
my ( $test, $res );
|
|
||||||
$test = "Get for uid $uid and type \"$type\" should get rejected.";
|
|
||||||
$res = get( $test, $uid, $type );
|
|
||||||
check400( $test, $res );
|
|
||||||
}
|
|
||||||
|
|
||||||
sub checkGetOnIds {
|
sub checkGetOnIds {
|
||||||
my ( $uid, $ret ) = splice @_;
|
my ( $uid, $ret ) = splice @_;
|
||||||
foreach (@$ret) {
|
foreach (@$ret) {
|
||||||
|
@ -313,7 +305,7 @@ checkGetList( 1, 'dwho', 'U2F' );
|
||||||
checkGetList( 1, 'dwho', 'TOTP' );
|
checkGetList( 1, 'dwho', 'TOTP' );
|
||||||
checkGetList( 1, 'dwho', 'UBK' );
|
checkGetList( 1, 'dwho', 'UBK' );
|
||||||
checkGetList( 1, 'dwho', 'WebAuthn' );
|
checkGetList( 1, 'dwho', 'WebAuthn' );
|
||||||
checkGetBadType( 'dwho', 'UBKIKI' );
|
checkGetList( 0, 'dwho', 'UBKIKI' );
|
||||||
$ret = checkGetList( 4, 'dwho' );
|
$ret = checkGetList( 4, 'dwho' );
|
||||||
checkGetOnIds( 'dwho', $ret );
|
checkGetOnIds( 'dwho', $ret );
|
||||||
checkDelete( 'dwho', @$ret[0]->{id} );
|
checkDelete( 'dwho', @$ret[0]->{id} );
|
||||||
|
|
|
@ -147,8 +147,7 @@ ok( ( $res->{_2fDevices} and $res->{_2fDevices} =~ /"type":\s*"UBK"/s ),
|
||||||
count(5);
|
count(5);
|
||||||
|
|
||||||
## "All" query
|
## "All" query
|
||||||
$res = &client->jsonResponse( '/sfa/persistent',
|
$res = &client->jsonResponse( '/sfa/persistent', 'groupBy=substr(uid,1)' );
|
||||||
'groupBy=substr(uid,1)&U2FCheck=1&TOTPCheck=1&UBKCheck=1' );
|
|
||||||
ok( $res->{result} == 1, 'Search * - Result code = 1' );
|
ok( $res->{result} == 1, 'Search * - Result code = 1' );
|
||||||
ok( $res->{count} == 3, 'Found 3 results' ) or print STDERR Dumper($res);
|
ok( $res->{count} == 3, 'Found 3 results' ) or print STDERR Dumper($res);
|
||||||
ok( @{ $res->{values} } == 3, 'List 3 results' );
|
ok( @{ $res->{values} } == 3, 'List 3 results' );
|
||||||
|
@ -168,8 +167,8 @@ count(9);
|
||||||
|
|
||||||
## "Search by UID" query
|
## "Search by UID" query
|
||||||
# uid=d*
|
# uid=d*
|
||||||
$res = &client->jsonResponse( '/sfa/persistent',
|
$res =
|
||||||
'uid=d*&groupBy=substr(uid,1)&U2FCheck=1&TOTPCheck=1&UBKCheck=1' );
|
&client->jsonResponse( '/sfa/persistent', 'uid=d*&groupBy=substr(uid,1)' );
|
||||||
ok( $res->{result} == 1, 'Search "uid"=d* - Result code = 1' );
|
ok( $res->{result} == 1, 'Search "uid"=d* - Result code = 1' );
|
||||||
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
||||||
ok( @{ $res->{values} } == 1, 'List 1 result' );
|
ok( @{ $res->{values} } == 1, 'List 1 result' );
|
||||||
|
@ -180,8 +179,8 @@ ok( $res->{values}->[0]->{count} == 2, 'Found 2 sessions starting with "d"' );
|
||||||
count(5);
|
count(5);
|
||||||
|
|
||||||
# uid=dw*
|
# uid=dw*
|
||||||
$res = &client->jsonResponse( '/sfa/persistent',
|
$res =
|
||||||
'uid=dw*&groupBy=substr(uid,2)&U2FCheck=1&TOTPCheck=1&UBKCheck=1' );
|
&client->jsonResponse( '/sfa/persistent', 'uid=dw*&groupBy=substr(uid,2)' );
|
||||||
ok( $res->{result} == 1, 'Search "uid"=dw* - Result code = 1' );
|
ok( $res->{result} == 1, 'Search "uid"=dw* - Result code = 1' );
|
||||||
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
||||||
ok( @{ $res->{values} } == 1, 'List 1 result' );
|
ok( @{ $res->{values} } == 1, 'List 1 result' );
|
||||||
|
@ -193,7 +192,7 @@ count(5);
|
||||||
|
|
||||||
# uid=d* & UBK
|
# uid=d* & UBK
|
||||||
$res = &client->jsonResponse( '/sfa/persistent',
|
$res = &client->jsonResponse( '/sfa/persistent',
|
||||||
'uid=d*&groupBy=substr(uid,1)&U2FCheck=1&TOTPCheck=1&UBKCheck=2' );
|
'uid=d*&groupBy=substr(uid,1)&type=UBK' );
|
||||||
ok( $res->{result} == 1, 'Search "uid"=d* & UBK - Result code = 1' );
|
ok( $res->{result} == 1, 'Search "uid"=d* & UBK - Result code = 1' );
|
||||||
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
||||||
ok( @{ $res->{values} } == 1, 'List 1 result' );
|
ok( @{ $res->{values} } == 1, 'List 1 result' );
|
||||||
|
@ -208,7 +207,7 @@ count(5);
|
||||||
|
|
||||||
# uid=dw* & UBK
|
# uid=dw* & UBK
|
||||||
$res = &client->jsonResponse( '/sfa/persistent',
|
$res = &client->jsonResponse( '/sfa/persistent',
|
||||||
'uid=dw*&groupBy=substr(uid,2)&U2FCheck=1&TOTPCheck=1&UBKCheck=2' );
|
'uid=dw*&groupBy=substr(uid,2)&type=UBK' );
|
||||||
ok( $res->{result} == 1, 'Search "uid"=dw* & UBK - Result code = 1' );
|
ok( $res->{result} == 1, 'Search "uid"=dw* & UBK - Result code = 1' );
|
||||||
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
||||||
ok( @{ $res->{values} } == 1, 'List 1 result' );
|
ok( @{ $res->{values} } == 1, 'List 1 result' );
|
||||||
|
@ -223,7 +222,7 @@ count(5);
|
||||||
|
|
||||||
# uid=da* & UBK
|
# uid=da* & UBK
|
||||||
$res = &client->jsonResponse( '/sfa/persistent',
|
$res = &client->jsonResponse( '/sfa/persistent',
|
||||||
'uid=da*&groupBy=substr(uid,2)&U2FCheck=1&TOTPCheck=1&UBKCheck=2' );
|
'uid=da*&groupBy=substr(uid,2)&type=UBK' );
|
||||||
ok( $res->{result} == 1, 'Search "uid"=da* & UBK - Result code = 1' );
|
ok( $res->{result} == 1, 'Search "uid"=da* & UBK - Result code = 1' );
|
||||||
ok( $res->{count} == 0, 'Found 0 session with "da" & UBK' )
|
ok( $res->{count} == 0, 'Found 0 session with "da" & UBK' )
|
||||||
or print STDERR Dumper($res);
|
or print STDERR Dumper($res);
|
||||||
|
@ -232,7 +231,7 @@ count(3);
|
||||||
|
|
||||||
## "Filtered by U2F" query
|
## "Filtered by U2F" query
|
||||||
$res = &client->jsonResponse( '/sfa/persistent',
|
$res = &client->jsonResponse( '/sfa/persistent',
|
||||||
'uid=*&groupBy=substr(uid,0)&U2FCheck=2&TOTPCheck=1&UBKCheck=1' );
|
'uid=*&groupBy=substr(uid,0)&type=U2F' );
|
||||||
ok( $res->{result} == 1, 'Search "uid"=* & UBK - Result code = 1' );
|
ok( $res->{result} == 1, 'Search "uid"=* & UBK - Result code = 1' );
|
||||||
ok( $res->{count} == 3, 'Found 3 results' ) or print STDERR Dumper($res);
|
ok( $res->{count} == 3, 'Found 3 results' ) or print STDERR Dumper($res);
|
||||||
ok( @{ $res->{values} } == 3, 'List 3 results' );
|
ok( @{ $res->{values} } == 3, 'List 3 results' );
|
||||||
|
@ -261,7 +260,7 @@ count(9);
|
||||||
|
|
||||||
## "Filtered by U2F & TOTP" query
|
## "Filtered by U2F & TOTP" query
|
||||||
$res = &client->jsonResponse( '/sfa/persistent',
|
$res = &client->jsonResponse( '/sfa/persistent',
|
||||||
'uid=*&groupBy=substr(uid,0)&U2FCheck=2&TOTPCheck=2&UBKCheck=1' );
|
'uid=*&groupBy=substr(uid,0)&type=U2F&type=TOTP' );
|
||||||
ok( $res->{result} == 1, 'Search "uid"=* & UBK & TOTP - Result code = 1' );
|
ok( $res->{result} == 1, 'Search "uid"=* & UBK & TOTP - Result code = 1' );
|
||||||
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
||||||
ok( @{ $res->{values} } == 1, 'List 1 result' );
|
ok( @{ $res->{values} } == 1, 'List 1 result' );
|
||||||
|
@ -274,7 +273,7 @@ count(5);
|
||||||
|
|
||||||
## "Filtered by U2F & TOTP & UBK" query
|
## "Filtered by U2F & TOTP & UBK" query
|
||||||
$res = &client->jsonResponse( '/sfa/persistent',
|
$res = &client->jsonResponse( '/sfa/persistent',
|
||||||
'uid=*&groupBy=substr(uid,0)&U2FCheck=2&TOTPCheck=2&UBKCheck=2' );
|
'uid=*&groupBy=substr(uid,0)&type=U2F&type=TOTP&type=UBK' );
|
||||||
ok( $res->{result} == 1,
|
ok( $res->{result} == 1,
|
||||||
'Search "uid"=* & UBK & TOTP & UBK - Result code = 1' );
|
'Search "uid"=* & UBK & TOTP & UBK - Result code = 1' );
|
||||||
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
|
||||||
|
@ -288,7 +287,7 @@ count(5);
|
||||||
|
|
||||||
## "Filtered by U2F & UBK" query
|
## "Filtered by U2F & UBK" query
|
||||||
$res = &client->jsonResponse( '/sfa/persistent',
|
$res = &client->jsonResponse( '/sfa/persistent',
|
||||||
'uid=*&groupBy=substr(uid,0)&U2FCheck=2&TOTPCheck=1&UBKCheck=2' );
|
'uid=*&groupBy=substr(uid,0)&type=U2F&type=UBK' );
|
||||||
ok( $res->{result} == 1, 'Search "uid"=* & UBK & UBK - Result code = 1' );
|
ok( $res->{result} == 1, 'Search "uid"=* & UBK & UBK - Result code = 1' );
|
||||||
ok( $res->{count} == 2, 'Found 2 results' ) or print STDERR Dumper($res);
|
ok( $res->{count} == 2, 'Found 2 results' ) or print STDERR Dumper($res);
|
||||||
ok( @{ $res->{values} } == 2, 'List 2 results' );
|
ok( @{ $res->{values} } == 2, 'List 2 results' );
|
||||||
|
@ -345,8 +344,7 @@ foreach ( 2 .. 3 ) {
|
||||||
}
|
}
|
||||||
|
|
||||||
## Check than all devices have been deleted with "All" query
|
## Check than all devices have been deleted with "All" query
|
||||||
$res = &client->jsonResponse( '/sfa/persistent',
|
$res = &client->jsonResponse( '/sfa/persistent', 'groupBy=substr(uid,1)' );
|
||||||
'groupBy=substr(uid,1)&U2FCheck=1&TOTPCheck=1&UBKCheck=1' );
|
|
||||||
ok( $res->{result} == 1, 'Result code = 1' );
|
ok( $res->{result} == 1, 'Result code = 1' );
|
||||||
ok( $res->{count} == 0, 'Found 0 session with 2F device' )
|
ok( $res->{count} == 0, 'Found 0 session with 2F device' )
|
||||||
or print STDERR Dumper($res);
|
or print STDERR Dumper($res);
|
||||||
|
|
Loading…
Reference in New Issue