Add an easy way to set level of additional second factors (#2149)
This commit is contained in:
Maxime Besson
parent
21bfe3bc68
commit
4bcb391121
|
|
@ -733,7 +733,7 @@ sub sfExtra {
|
|||
$tmp->{id} = "sfExtra/$mod";
|
||||
$tmp->{type} = 'sfExtra';
|
||||
$tmp->{data}->{$_} = $val->{$mod}->{$_}
|
||||
foreach (qw(type rule logo label));
|
||||
foreach (qw(type rule logo level label));
|
||||
my $over = $val->{$mod}->{over} // {};
|
||||
$tmp->{data}->{over} = [ map { [ $_, $over->{$_} ] } keys %$over ];
|
||||
push @$res, $tmp;
|
||||
|
|
|
|||
|
|
@ -831,7 +831,7 @@ sub _scanNodes {
|
|||
foreach my $node ( @{ $leaf->{nodes} } ) {
|
||||
my $tmp;
|
||||
$tmp->{$_} = $node->{data}->{$_}
|
||||
foreach (qw(type rule logo label));
|
||||
foreach (qw(type rule logo level label));
|
||||
$tmp->{over} = {};
|
||||
foreach ( @{ $node->{data}->{over} } ) {
|
||||
$tmp->{over}->{ $_->[0] } = $_->[1];
|
||||
|
|
|
|||
|
|
@ -339,6 +339,7 @@ llapp.controller 'TreeCtrl', [
|
|||
type: ''
|
||||
rule: ''
|
||||
logo: ''
|
||||
level: ''
|
||||
label: ''
|
||||
over: []
|
||||
|
||||
|
|
|
|||
|
|
@ -5,11 +5,12 @@
|
|||
<table class="table table-striped">
|
||||
<thead>
|
||||
<tr>
|
||||
<th width="12%" trspan="name"></th>
|
||||
<th width="11%" trspan="type"></th>
|
||||
<th width="33%" trspan="label"></th>
|
||||
<th width="11%" trspan="logo"></th>
|
||||
<th width="33%" trspan="rule"></th>
|
||||
<th trspan="name"></th>
|
||||
<th trspan="type"></th>
|
||||
<th trspan="label"></th>
|
||||
<th trspan="logo"></th>
|
||||
<th trspan="level"></th>
|
||||
<th trspan="rule"></th>
|
||||
<th />
|
||||
</tr>
|
||||
</thead>
|
||||
|
|
@ -29,6 +30,9 @@
|
|||
<td>
|
||||
<input class="form-control" ng-model="currentNode.data.logo" />
|
||||
</td>
|
||||
<td>
|
||||
<input class="form-control" ng-model="currentNode.data.level" />
|
||||
</td>
|
||||
<td>
|
||||
<input class="form-control" ng-model="currentNode.data.rule" />
|
||||
</td>
|
||||
|
|
|
|||
|
|
@ -5,11 +5,12 @@
|
|||
<table class="table table-striped">
|
||||
<thead>
|
||||
<tr>
|
||||
<th width="12%" trspan="name"></th>
|
||||
<th width="11%" trspan="type"></th>
|
||||
<th width="33%" trspan="label"></th>
|
||||
<th width="11%" trspan="logo"></th>
|
||||
<th width="33%" trspan="rule"></th>
|
||||
<th trspan="name"></th>
|
||||
<th trspan="type"></th>
|
||||
<th trspan="label"></th>
|
||||
<th trspan="logo"></th>
|
||||
<th trspan="level"></th>
|
||||
<th trspan="rule"></th>
|
||||
<th />
|
||||
</tr>
|
||||
</thead>
|
||||
|
|
@ -29,6 +30,9 @@
|
|||
<td>
|
||||
<input class="form-control" ng-model="s.data.logo" />
|
||||
</td>
|
||||
<td>
|
||||
<input class="form-control" ng-model="s.data.level" />
|
||||
</td>
|
||||
<td>
|
||||
<input class="form-control" ng-model="s.data.rule" />
|
||||
</td>
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.7
|
||||
// Generated by CoffeeScript 1.12.8
|
||||
|
||||
/*
|
||||
LemonLDAP::NG Manager client
|
||||
|
|
@ -394,6 +394,7 @@ This file contains:
|
|||
type: '',
|
||||
rule: '',
|
||||
logo: '',
|
||||
level: '',
|
||||
label: '',
|
||||
over: []
|
||||
}
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -427,6 +427,7 @@
|
|||
"ldapTimeout":"مهلة",
|
||||
"ldapUsePasswordResetAttribute":"استخدام سمة إعادة الضبط",
|
||||
"ldapVersion":"الإصدار",
|
||||
"level":"مستوى",
|
||||
"linkedInAuthnLevel":"مستوى إثبات الهوية",
|
||||
"linkedInClientID":"معرف العميل",
|
||||
"linkedInClientSecret":"سرالعميل",
|
||||
|
|
|
|||
|
|
@ -427,6 +427,7 @@
|
|||
"ldapTimeout":"Timeout",
|
||||
"ldapUsePasswordResetAttribute":"Use reset attribute",
|
||||
"ldapVersion":"Version",
|
||||
"level":"Level",
|
||||
"linkedInAuthnLevel":"Authentication level",
|
||||
"linkedInClientID":"Client ID",
|
||||
"linkedInClientSecret":"Client secret",
|
||||
|
|
|
|||
|
|
@ -427,6 +427,7 @@
|
|||
"ldapTimeout":"Timeout",
|
||||
"ldapUsePasswordResetAttribute":"Use reset attribute",
|
||||
"ldapVersion":"Version",
|
||||
"level":"Level",
|
||||
"linkedInAuthnLevel":"Authentication level",
|
||||
"linkedInClientID":"Client ID",
|
||||
"linkedInClientSecret":"Client secret",
|
||||
|
|
|
|||
|
|
@ -427,6 +427,7 @@
|
|||
"ldapTimeout":"Temps maximum d'inactivité",
|
||||
"ldapUsePasswordResetAttribute":"Utiliser l'attribut de réinitialisation",
|
||||
"ldapVersion":"Version",
|
||||
"level":"Niveau",
|
||||
"linkedInAuthnLevel":"Niveau d'authentification",
|
||||
"linkedInClientID":"Identifiant",
|
||||
"linkedInClientSecret":"Mot de passe",
|
||||
|
|
|
|||
|
|
@ -427,6 +427,7 @@
|
|||
"ldapTimeout":"Timeout",
|
||||
"ldapUsePasswordResetAttribute":"Utilizza l'attributo di ripristino",
|
||||
"ldapVersion":"Versione",
|
||||
"level":"Livello",
|
||||
"linkedInAuthnLevel":"Livello di autenticazione",
|
||||
"linkedInClientID":"Client ID",
|
||||
"linkedInClientSecret":"Client segreto",
|
||||
|
|
|
|||
|
|
@ -427,6 +427,7 @@
|
|||
"ldapTimeout":"Zaman aşımı",
|
||||
"ldapUsePasswordResetAttribute":"Sıfırlama niteliklerini kullan",
|
||||
"ldapVersion":"Sürüm",
|
||||
"level":"Seviyesi",
|
||||
"linkedInAuthnLevel":"Doğrulama seviyesi",
|
||||
"linkedInClientID":"İstemci ID",
|
||||
"linkedInClientSecret":"İstemci sırrı",
|
||||
|
|
|
|||
|
|
@ -427,6 +427,7 @@
|
|||
"ldapTimeout":"Thời gian chờ",
|
||||
"ldapUsePasswordResetAttribute":"Sử dụng thuộc tính đặt lại",
|
||||
"ldapVersion":"Phiên bản",
|
||||
"level":"Mức",
|
||||
"linkedInAuthnLevel":"Mức xác thực",
|
||||
"linkedInClientID":"Client ID",
|
||||
"linkedInClientSecret":"Trình khách bí mật",
|
||||
|
|
|
|||
|
|
@ -427,6 +427,7 @@
|
|||
"ldapTimeout":"Timeout",
|
||||
"ldapUsePasswordResetAttribute":"Use reset attribute",
|
||||
"ldapVersion":"版本",
|
||||
"level":"等级",
|
||||
"linkedInAuthnLevel":"认证等级",
|
||||
"linkedInClientID":"Client ID",
|
||||
"linkedInClientSecret":"Client secret",
|
||||
|
|
|
|||
|
|
@ -113,11 +113,13 @@ sub init {
|
|||
my $rule = $self->conf->{sfExtra}->{$extraKey}->{rule} || 1;
|
||||
my $prefix = $m->prefix;
|
||||
|
||||
# Overwrite logo and label from user configuration
|
||||
# Overwrite logo, label, level from user configuration
|
||||
$m->logo( $self->conf->{sfExtra}->{$extraKey}->{logo} )
|
||||
if $self->conf->{sfExtra}->{$extraKey}->{logo};
|
||||
$m->label( $self->conf->{sfExtra}->{$extraKey}->{label} )
|
||||
if $self->conf->{sfExtra}->{$extraKey}->{label};
|
||||
$m->authnLevel( $self->conf->{sfExtra}->{$extraKey}->{level} )
|
||||
if $self->conf->{sfExtra}->{$extraKey}->{level};
|
||||
|
||||
# Compile rule
|
||||
$rule = $self->p->HANDLER->substitute($rule);
|
||||
|
|
|
|||
|
|
@ -34,6 +34,13 @@ has prefix => ( is => 'rw' );
|
|||
has logo => ( is => 'rw', default => '2f.png' );
|
||||
has label => ( is => 'rw' );
|
||||
has noRoute => ( is => 'ro' );
|
||||
has authnLevel => (
|
||||
is => 'rw',
|
||||
lazy => 1,
|
||||
default => sub {
|
||||
return $_[0]->conf->{ $_[0]->prefix . '2fAuthnLevel' };
|
||||
}
|
||||
);
|
||||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
|
|
@ -122,7 +129,7 @@ sub _verify {
|
|||
. '2F verification for '
|
||||
. $req->sessionInfo->{ $self->conf->{whatToTrace} } );
|
||||
|
||||
if ( my $l = $self->conf->{ $self->prefix . '2fAuthnLevel' } ) {
|
||||
if ( my $l = $self->authnLevel ) {
|
||||
$self->logger->debug(
|
||||
"Update sessionInfo with new authenticationLevel: $l");
|
||||
$req->sessionInfo->{authenticationLevel} = $l;
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ my $client = LLNG::Manager::Test->new( {
|
|||
tokenUseGlobalStorage => 1,
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
restSessionServer => 1,
|
||||
'sfExtra' => {
|
||||
'home' => {
|
||||
'over' => {
|
||||
|
|
@ -25,7 +26,8 @@ my $client = LLNG::Manager::Test->new( {
|
|||
'logo' => 'home.jpg',
|
||||
'label' => "Home Label",
|
||||
'rule' => '$uid eq "dwho" or $uid eq "msmith"',
|
||||
'type' => 'Mail2F'
|
||||
'type' => 'Mail2F',
|
||||
'level' => 5,
|
||||
},
|
||||
'work' => {
|
||||
'over' => {
|
||||
|
|
@ -165,6 +167,15 @@ ok(
|
|||
);
|
||||
count(1);
|
||||
$id = expectCookie($res);
|
||||
|
||||
# Verify Authn Level
|
||||
ok( $res = $client->_get("/sessions/global/$id"), 'Get session' );
|
||||
expectOK($res);
|
||||
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
|
||||
or print STDERR $@;
|
||||
is( $res->{authenticationLevel}, 5, "Correct authentication level" );
|
||||
count(3);
|
||||
|
||||
$client->logout($id);
|
||||
|
||||
clean_sessions();
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user