Add an easy way to set level of additional second factors (#2149)
This commit is contained in:
parent
21bfe3bc68
commit
4bcb391121
|
@ -733,7 +733,7 @@ sub sfExtra {
|
||||||
$tmp->{id} = "sfExtra/$mod";
|
$tmp->{id} = "sfExtra/$mod";
|
||||||
$tmp->{type} = 'sfExtra';
|
$tmp->{type} = 'sfExtra';
|
||||||
$tmp->{data}->{$_} = $val->{$mod}->{$_}
|
$tmp->{data}->{$_} = $val->{$mod}->{$_}
|
||||||
foreach (qw(type rule logo label));
|
foreach (qw(type rule logo level label));
|
||||||
my $over = $val->{$mod}->{over} // {};
|
my $over = $val->{$mod}->{over} // {};
|
||||||
$tmp->{data}->{over} = [ map { [ $_, $over->{$_} ] } keys %$over ];
|
$tmp->{data}->{over} = [ map { [ $_, $over->{$_} ] } keys %$over ];
|
||||||
push @$res, $tmp;
|
push @$res, $tmp;
|
||||||
|
|
|
@ -831,7 +831,7 @@ sub _scanNodes {
|
||||||
foreach my $node ( @{ $leaf->{nodes} } ) {
|
foreach my $node ( @{ $leaf->{nodes} } ) {
|
||||||
my $tmp;
|
my $tmp;
|
||||||
$tmp->{$_} = $node->{data}->{$_}
|
$tmp->{$_} = $node->{data}->{$_}
|
||||||
foreach (qw(type rule logo label));
|
foreach (qw(type rule logo level label));
|
||||||
$tmp->{over} = {};
|
$tmp->{over} = {};
|
||||||
foreach ( @{ $node->{data}->{over} } ) {
|
foreach ( @{ $node->{data}->{over} } ) {
|
||||||
$tmp->{over}->{ $_->[0] } = $_->[1];
|
$tmp->{over}->{ $_->[0] } = $_->[1];
|
||||||
|
|
|
@ -339,6 +339,7 @@ llapp.controller 'TreeCtrl', [
|
||||||
type: ''
|
type: ''
|
||||||
rule: ''
|
rule: ''
|
||||||
logo: ''
|
logo: ''
|
||||||
|
level: ''
|
||||||
label: ''
|
label: ''
|
||||||
over: []
|
over: []
|
||||||
|
|
||||||
|
|
|
@ -5,11 +5,12 @@
|
||||||
<table class="table table-striped">
|
<table class="table table-striped">
|
||||||
<thead>
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
<th width="12%" trspan="name"></th>
|
<th trspan="name"></th>
|
||||||
<th width="11%" trspan="type"></th>
|
<th trspan="type"></th>
|
||||||
<th width="33%" trspan="label"></th>
|
<th trspan="label"></th>
|
||||||
<th width="11%" trspan="logo"></th>
|
<th trspan="logo"></th>
|
||||||
<th width="33%" trspan="rule"></th>
|
<th trspan="level"></th>
|
||||||
|
<th trspan="rule"></th>
|
||||||
<th />
|
<th />
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
|
@ -29,6 +30,9 @@
|
||||||
<td>
|
<td>
|
||||||
<input class="form-control" ng-model="currentNode.data.logo" />
|
<input class="form-control" ng-model="currentNode.data.logo" />
|
||||||
</td>
|
</td>
|
||||||
|
<td>
|
||||||
|
<input class="form-control" ng-model="currentNode.data.level" />
|
||||||
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<input class="form-control" ng-model="currentNode.data.rule" />
|
<input class="form-control" ng-model="currentNode.data.rule" />
|
||||||
</td>
|
</td>
|
||||||
|
|
|
@ -5,11 +5,12 @@
|
||||||
<table class="table table-striped">
|
<table class="table table-striped">
|
||||||
<thead>
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
<th width="12%" trspan="name"></th>
|
<th trspan="name"></th>
|
||||||
<th width="11%" trspan="type"></th>
|
<th trspan="type"></th>
|
||||||
<th width="33%" trspan="label"></th>
|
<th trspan="label"></th>
|
||||||
<th width="11%" trspan="logo"></th>
|
<th trspan="logo"></th>
|
||||||
<th width="33%" trspan="rule"></th>
|
<th trspan="level"></th>
|
||||||
|
<th trspan="rule"></th>
|
||||||
<th />
|
<th />
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
|
@ -29,6 +30,9 @@
|
||||||
<td>
|
<td>
|
||||||
<input class="form-control" ng-model="s.data.logo" />
|
<input class="form-control" ng-model="s.data.logo" />
|
||||||
</td>
|
</td>
|
||||||
|
<td>
|
||||||
|
<input class="form-control" ng-model="s.data.level" />
|
||||||
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<input class="form-control" ng-model="s.data.rule" />
|
<input class="form-control" ng-model="s.data.rule" />
|
||||||
</td>
|
</td>
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
// Generated by CoffeeScript 1.12.7
|
// Generated by CoffeeScript 1.12.8
|
||||||
|
|
||||||
/*
|
/*
|
||||||
LemonLDAP::NG Manager client
|
LemonLDAP::NG Manager client
|
||||||
|
@ -394,6 +394,7 @@ This file contains:
|
||||||
type: '',
|
type: '',
|
||||||
rule: '',
|
rule: '',
|
||||||
logo: '',
|
logo: '',
|
||||||
|
level: '',
|
||||||
label: '',
|
label: '',
|
||||||
over: []
|
over: []
|
||||||
}
|
}
|
||||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -427,6 +427,7 @@
|
||||||
"ldapTimeout":"مهلة",
|
"ldapTimeout":"مهلة",
|
||||||
"ldapUsePasswordResetAttribute":"استخدام سمة إعادة الضبط",
|
"ldapUsePasswordResetAttribute":"استخدام سمة إعادة الضبط",
|
||||||
"ldapVersion":"الإصدار",
|
"ldapVersion":"الإصدار",
|
||||||
|
"level":"مستوى",
|
||||||
"linkedInAuthnLevel":"مستوى إثبات الهوية",
|
"linkedInAuthnLevel":"مستوى إثبات الهوية",
|
||||||
"linkedInClientID":"معرف العميل",
|
"linkedInClientID":"معرف العميل",
|
||||||
"linkedInClientSecret":"سرالعميل",
|
"linkedInClientSecret":"سرالعميل",
|
||||||
|
|
|
@ -427,6 +427,7 @@
|
||||||
"ldapTimeout":"Timeout",
|
"ldapTimeout":"Timeout",
|
||||||
"ldapUsePasswordResetAttribute":"Use reset attribute",
|
"ldapUsePasswordResetAttribute":"Use reset attribute",
|
||||||
"ldapVersion":"Version",
|
"ldapVersion":"Version",
|
||||||
|
"level":"Level",
|
||||||
"linkedInAuthnLevel":"Authentication level",
|
"linkedInAuthnLevel":"Authentication level",
|
||||||
"linkedInClientID":"Client ID",
|
"linkedInClientID":"Client ID",
|
||||||
"linkedInClientSecret":"Client secret",
|
"linkedInClientSecret":"Client secret",
|
||||||
|
|
|
@ -427,6 +427,7 @@
|
||||||
"ldapTimeout":"Timeout",
|
"ldapTimeout":"Timeout",
|
||||||
"ldapUsePasswordResetAttribute":"Use reset attribute",
|
"ldapUsePasswordResetAttribute":"Use reset attribute",
|
||||||
"ldapVersion":"Version",
|
"ldapVersion":"Version",
|
||||||
|
"level":"Level",
|
||||||
"linkedInAuthnLevel":"Authentication level",
|
"linkedInAuthnLevel":"Authentication level",
|
||||||
"linkedInClientID":"Client ID",
|
"linkedInClientID":"Client ID",
|
||||||
"linkedInClientSecret":"Client secret",
|
"linkedInClientSecret":"Client secret",
|
||||||
|
|
|
@ -427,6 +427,7 @@
|
||||||
"ldapTimeout":"Temps maximum d'inactivité",
|
"ldapTimeout":"Temps maximum d'inactivité",
|
||||||
"ldapUsePasswordResetAttribute":"Utiliser l'attribut de réinitialisation",
|
"ldapUsePasswordResetAttribute":"Utiliser l'attribut de réinitialisation",
|
||||||
"ldapVersion":"Version",
|
"ldapVersion":"Version",
|
||||||
|
"level":"Niveau",
|
||||||
"linkedInAuthnLevel":"Niveau d'authentification",
|
"linkedInAuthnLevel":"Niveau d'authentification",
|
||||||
"linkedInClientID":"Identifiant",
|
"linkedInClientID":"Identifiant",
|
||||||
"linkedInClientSecret":"Mot de passe",
|
"linkedInClientSecret":"Mot de passe",
|
||||||
|
|
|
@ -427,6 +427,7 @@
|
||||||
"ldapTimeout":"Timeout",
|
"ldapTimeout":"Timeout",
|
||||||
"ldapUsePasswordResetAttribute":"Utilizza l'attributo di ripristino",
|
"ldapUsePasswordResetAttribute":"Utilizza l'attributo di ripristino",
|
||||||
"ldapVersion":"Versione",
|
"ldapVersion":"Versione",
|
||||||
|
"level":"Livello",
|
||||||
"linkedInAuthnLevel":"Livello di autenticazione",
|
"linkedInAuthnLevel":"Livello di autenticazione",
|
||||||
"linkedInClientID":"Client ID",
|
"linkedInClientID":"Client ID",
|
||||||
"linkedInClientSecret":"Client segreto",
|
"linkedInClientSecret":"Client segreto",
|
||||||
|
|
|
@ -427,6 +427,7 @@
|
||||||
"ldapTimeout":"Zaman aşımı",
|
"ldapTimeout":"Zaman aşımı",
|
||||||
"ldapUsePasswordResetAttribute":"Sıfırlama niteliklerini kullan",
|
"ldapUsePasswordResetAttribute":"Sıfırlama niteliklerini kullan",
|
||||||
"ldapVersion":"Sürüm",
|
"ldapVersion":"Sürüm",
|
||||||
|
"level":"Seviyesi",
|
||||||
"linkedInAuthnLevel":"Doğrulama seviyesi",
|
"linkedInAuthnLevel":"Doğrulama seviyesi",
|
||||||
"linkedInClientID":"İstemci ID",
|
"linkedInClientID":"İstemci ID",
|
||||||
"linkedInClientSecret":"İstemci sırrı",
|
"linkedInClientSecret":"İstemci sırrı",
|
||||||
|
|
|
@ -427,6 +427,7 @@
|
||||||
"ldapTimeout":"Thời gian chờ",
|
"ldapTimeout":"Thời gian chờ",
|
||||||
"ldapUsePasswordResetAttribute":"Sử dụng thuộc tính đặt lại",
|
"ldapUsePasswordResetAttribute":"Sử dụng thuộc tính đặt lại",
|
||||||
"ldapVersion":"Phiên bản",
|
"ldapVersion":"Phiên bản",
|
||||||
|
"level":"Mức",
|
||||||
"linkedInAuthnLevel":"Mức xác thực",
|
"linkedInAuthnLevel":"Mức xác thực",
|
||||||
"linkedInClientID":"Client ID",
|
"linkedInClientID":"Client ID",
|
||||||
"linkedInClientSecret":"Trình khách bí mật",
|
"linkedInClientSecret":"Trình khách bí mật",
|
||||||
|
|
|
@ -427,6 +427,7 @@
|
||||||
"ldapTimeout":"Timeout",
|
"ldapTimeout":"Timeout",
|
||||||
"ldapUsePasswordResetAttribute":"Use reset attribute",
|
"ldapUsePasswordResetAttribute":"Use reset attribute",
|
||||||
"ldapVersion":"版本",
|
"ldapVersion":"版本",
|
||||||
|
"level":"等级",
|
||||||
"linkedInAuthnLevel":"认证等级",
|
"linkedInAuthnLevel":"认证等级",
|
||||||
"linkedInClientID":"Client ID",
|
"linkedInClientID":"Client ID",
|
||||||
"linkedInClientSecret":"Client secret",
|
"linkedInClientSecret":"Client secret",
|
||||||
|
|
|
@ -113,11 +113,13 @@ sub init {
|
||||||
my $rule = $self->conf->{sfExtra}->{$extraKey}->{rule} || 1;
|
my $rule = $self->conf->{sfExtra}->{$extraKey}->{rule} || 1;
|
||||||
my $prefix = $m->prefix;
|
my $prefix = $m->prefix;
|
||||||
|
|
||||||
# Overwrite logo and label from user configuration
|
# Overwrite logo, label, level from user configuration
|
||||||
$m->logo( $self->conf->{sfExtra}->{$extraKey}->{logo} )
|
$m->logo( $self->conf->{sfExtra}->{$extraKey}->{logo} )
|
||||||
if $self->conf->{sfExtra}->{$extraKey}->{logo};
|
if $self->conf->{sfExtra}->{$extraKey}->{logo};
|
||||||
$m->label( $self->conf->{sfExtra}->{$extraKey}->{label} )
|
$m->label( $self->conf->{sfExtra}->{$extraKey}->{label} )
|
||||||
if $self->conf->{sfExtra}->{$extraKey}->{label};
|
if $self->conf->{sfExtra}->{$extraKey}->{label};
|
||||||
|
$m->authnLevel( $self->conf->{sfExtra}->{$extraKey}->{level} )
|
||||||
|
if $self->conf->{sfExtra}->{$extraKey}->{level};
|
||||||
|
|
||||||
# Compile rule
|
# Compile rule
|
||||||
$rule = $self->p->HANDLER->substitute($rule);
|
$rule = $self->p->HANDLER->substitute($rule);
|
||||||
|
|
|
@ -34,6 +34,13 @@ has prefix => ( is => 'rw' );
|
||||||
has logo => ( is => 'rw', default => '2f.png' );
|
has logo => ( is => 'rw', default => '2f.png' );
|
||||||
has label => ( is => 'rw' );
|
has label => ( is => 'rw' );
|
||||||
has noRoute => ( is => 'ro' );
|
has noRoute => ( is => 'ro' );
|
||||||
|
has authnLevel => (
|
||||||
|
is => 'rw',
|
||||||
|
lazy => 1,
|
||||||
|
default => sub {
|
||||||
|
return $_[0]->conf->{ $_[0]->prefix . '2fAuthnLevel' };
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
sub init {
|
sub init {
|
||||||
my ($self) = @_;
|
my ($self) = @_;
|
||||||
|
@ -122,7 +129,7 @@ sub _verify {
|
||||||
. '2F verification for '
|
. '2F verification for '
|
||||||
. $req->sessionInfo->{ $self->conf->{whatToTrace} } );
|
. $req->sessionInfo->{ $self->conf->{whatToTrace} } );
|
||||||
|
|
||||||
if ( my $l = $self->conf->{ $self->prefix . '2fAuthnLevel' } ) {
|
if ( my $l = $self->authnLevel ) {
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"Update sessionInfo with new authenticationLevel: $l");
|
"Update sessionInfo with new authenticationLevel: $l");
|
||||||
$req->sessionInfo->{authenticationLevel} = $l;
|
$req->sessionInfo->{authenticationLevel} = $l;
|
||||||
|
|
|
@ -17,6 +17,7 @@ my $client = LLNG::Manager::Test->new( {
|
||||||
tokenUseGlobalStorage => 1,
|
tokenUseGlobalStorage => 1,
|
||||||
authentication => 'Demo',
|
authentication => 'Demo',
|
||||||
userDB => 'Same',
|
userDB => 'Same',
|
||||||
|
restSessionServer => 1,
|
||||||
'sfExtra' => {
|
'sfExtra' => {
|
||||||
'home' => {
|
'home' => {
|
||||||
'over' => {
|
'over' => {
|
||||||
|
@ -25,7 +26,8 @@ my $client = LLNG::Manager::Test->new( {
|
||||||
'logo' => 'home.jpg',
|
'logo' => 'home.jpg',
|
||||||
'label' => "Home Label",
|
'label' => "Home Label",
|
||||||
'rule' => '$uid eq "dwho" or $uid eq "msmith"',
|
'rule' => '$uid eq "dwho" or $uid eq "msmith"',
|
||||||
'type' => 'Mail2F'
|
'type' => 'Mail2F',
|
||||||
|
'level' => 5,
|
||||||
},
|
},
|
||||||
'work' => {
|
'work' => {
|
||||||
'over' => {
|
'over' => {
|
||||||
|
@ -165,6 +167,15 @@ ok(
|
||||||
);
|
);
|
||||||
count(1);
|
count(1);
|
||||||
$id = expectCookie($res);
|
$id = expectCookie($res);
|
||||||
|
|
||||||
|
# Verify Authn Level
|
||||||
|
ok( $res = $client->_get("/sessions/global/$id"), 'Get session' );
|
||||||
|
expectOK($res);
|
||||||
|
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
|
||||||
|
or print STDERR $@;
|
||||||
|
is( $res->{authenticationLevel}, 5, "Correct authentication level" );
|
||||||
|
count(3);
|
||||||
|
|
||||||
$client->logout($id);
|
$client->logout($id);
|
||||||
|
|
||||||
clean_sessions();
|
clean_sessions();
|
||||||
|
|
Loading…
Reference in New Issue
Block a user