diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm index 2433a85b7..274d43c07 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm @@ -67,8 +67,12 @@ sub run { my $TOTPName = $req->param('TOTPName'); my $epoch = time(); - # Set default name if empty and truncate name if too long + # Set default name if empty, check characters and truncate name if too long $TOTPName ||= $epoch; + unless ( $TOTPName =~ /^[\w]+$/ ) { + $self->userLogger->error('TOTP name with bad character(s)'); + return $self->p->sendError( $req, 'badName', 200 ); + } $TOTPName = substr( $TOTPName, 0, $self->conf->{max2FDevicesNameLength} ); $self->logger->debug("TOTP name : $TOTPName"); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm index 94460be3a..502e114ea 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm @@ -119,8 +119,12 @@ sub run { my $keyName = $req->param('keyName'); my $epoch = time(); - # Set default name if empty and truncate name if too long + # Set default name if empty, check characters and truncate name if too long $keyName ||= $epoch; + unless ( $keyName =~ /^[\w]+$/ ) { + $self->userLogger->error('U2F name with bad character(s)'); + return $self->p->sendError( $req, 'badName', 200 ); + } $keyName = substr( $keyName, 0, $self->conf->{max2FDevicesNameLength} ); $self->logger->debug("Key name : $keyName"); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm index 92f9abc80..c0906fbca 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm @@ -36,8 +36,12 @@ sub run { my $UBKName = $req->param('UBKName'); my $epoch = time(); - # Set default name if empty and truncate name if too long + # Set default name if empty, check characters and truncate name if too long $UBKName ||= $epoch; + unless ( $UBKName =~ /^[\w]+$/ ) { + $self->userLogger->error('Yubikey name with bad character(s)'); + return $self->p->sendError( $req, 'badName', 200 ); + } $UBKName = substr( $UBKName, 0, $self->conf->{max2FDevicesNameLength} ); $self->logger->debug("Yubikey name : $UBKName"); @@ -66,7 +70,7 @@ sub run { $_2fDevices = []; } - # Search if the Yubikey has been already registered + # Search if the Yubikey is already registered my $SameUBKFound = 0; foreach (@$_2fDevices) { $self->logger->debug("Reading Yubikeys ..."); @@ -77,7 +81,7 @@ sub run { } if ($SameUBKFound) { - $self->userLogger->error("Yubikey already registered !"); + $self->userLogger->error("Yubikey already registered!"); return $self->p->sendHtml( $req, 'error', params => { diff --git a/lemonldap-ng-portal/site/coffee/u2fregistration.coffee b/lemonldap-ng-portal/site/coffee/u2fregistration.coffee index 250349911..5fb764c33 100644 --- a/lemonldap-ng-portal/site/coffee/u2fregistration.coffee +++ b/lemonldap-ng-portal/site/coffee/u2fregistration.coffee @@ -51,7 +51,9 @@ register = -> dataType: 'json' success: (resp) -> if resp.error - setMsg 'u2fFailed', 'warning' + if resp.error.match /badName/ + setMsg 'badName', 'warning' + else setMsg 'u2fFailed', 'warning' else if resp.result setMsg 'yourKeyIsRegistered', 'positive' error: displayError diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.js b/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.js index 3b610101d..4ae99cdb9 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.js @@ -1,4 +1,4 @@ -// Generated by CoffeeScript 1.10.0 +// Generated by CoffeeScript 1.12.7 /* LemonLDAP::NG U2F registration script @@ -61,7 +61,11 @@ LemonLDAP::NG U2F registration script dataType: 'json', success: function(resp) { if (resp.error) { - return setMsg('u2fFailed', 'warning'); + if (resp.error.match(/badName/)) { + return setMsg('badName', 'warning'); + } else { + return setMsg('u2fFailed', 'warning'); + } } else if (resp.result) { return setMsg('yourKeyIsRegistered', 'positive'); } diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js index bcf332e57..3162aa154 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js @@ -1 +1 @@ -(function(){var a,b,c,d;c=function(e,f){$("#msg").html(window.translate(e));$("#color").removeClass("message-positive message-warning alert-success alert-warning");$("#color").addClass("message-"+f);if(f==="positive"){f="success"}return $("#color").addClass("alert-"+f)};a=function(f,e,h){var g;console.log("Error",h);g=JSON.parse(f.responseText);if(g&&g.error){g=g.error.replace(/.* /,"");console.log("Returned error",g);return c(g,"warning")}};b=function(){return $.ajax({type:"POST",url:portal+"2fregisters/u/register",data:{},dataType:"json",error:a,success:function(e){var f;f=[{challenge:e.challenge,version:e.version}];c("touchU2fDevice","positive");$("#u2fPermission").show();return u2f.register(e.appId,f,[],function(g){$("#u2fPermission").hide();if(g.errorCode){return c(g.error,"warning")}else{return $.ajax({type:"POST",url:portal+"2fregisters/u/registration",data:{registration:JSON.stringify(g),challenge:JSON.stringify(e),keyName:$("#keyName").val()},dataType:"json",success:function(h){if(h.error){return c("u2fFailed","warning")}else{if(h.result){return c("yourKeyIsRegistered","positive")}}},error:a})}})}})};d=function(){return $.ajax({type:"POST",url:portal+"2fregisters/u/verify",data:{},dataType:"json",error:a,success:function(e){c("touchU2fDevice","positive");return u2f.sign(e.appId,e.challenge,e.registeredKeys,function(f){if(f.errorCode){return c("unableToGetKey","warning")}else{return $.ajax({type:"POST",url:portal+"2fregisters/u/signature",data:{signature:JSON.stringify(f),challenge:e.challenge},dataType:"json",success:function(g){if(g.error){return c("u2fFailed","warning")}else{if(g.result){return c("yourKeyIsVerified","positive")}}},error:function(h,g,i){return console.log("error",i)}})}})}})};$(document).ready(function(){$("#u2fPermission").hide();$("#register").on("click",b);$("#verify").on("click",d);return $("#goback").attr("href",portal)})}).call(this); \ No newline at end of file +(function(){var displayError,register,setMsg,verify;setMsg=function(msg,level){$("#msg").html(window.translate(msg));$("#color").removeClass("message-positive message-warning alert-success alert-warning");$("#color").addClass("message-"+level);if(level==="positive"){level="success"}return $("#color").addClass("alert-"+level)};displayError=function(j,status,err){var res;console.log("Error",err);res=JSON.parse(j.responseText);if(res&&res.error){res=res.error.replace(/.* /,"");console.log("Returned error",res);return setMsg(res,"warning")}};register=function(){return $.ajax({type:"POST",url:portal+"2fregisters/u/register",data:{},dataType:"json",error:displayError,success:function(ch){var request;request=[{challenge:ch.challenge,version:ch.version}];setMsg("touchU2fDevice","positive");$("#u2fPermission").show();return u2f.register(ch.appId,request,[],function(data){$("#u2fPermission").hide();if(data.errorCode){return setMsg(data.error,"warning")}else{return $.ajax({type:"POST",url:portal+"2fregisters/u/registration",data:{registration:JSON.stringify(data),challenge:JSON.stringify(ch),keyName:$("#keyName").val()},dataType:"json",success:function(resp){if(resp.error){if(resp.error.match(/badName/)){return setMsg("badName","warning")}else{return setMsg("u2fFailed","warning")}}else if(resp.result){return setMsg("yourKeyIsRegistered","positive")}},error:displayError})}})}})};verify=function(){return $.ajax({type:"POST",url:portal+"2fregisters/u/verify",data:{},dataType:"json",error:displayError,success:function(ch){setMsg("touchU2fDevice","positive");return u2f.sign(ch.appId,ch.challenge,ch.registeredKeys,function(data){if(data.errorCode){return setMsg("unableToGetKey","warning")}else{return $.ajax({type:"POST",url:portal+"2fregisters/u/signature",data:{signature:JSON.stringify(data),challenge:ch.challenge},dataType:"json",success:function(resp){if(resp.error){return setMsg("u2fFailed","warning")}else if(resp.result){return setMsg("yourKeyIsVerified","positive")}},error:function(j,status,err){return console.log("error",err)}})}})}})};$(document).ready(function(){$("#u2fPermission").hide();$("#register").on("click",register);$("#verify").on("click",verify);return $("#goback").attr("href",portal)})}).call(this); diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/ar.json b/lemonldap-ng-portal/site/htdocs/static/languages/ar.json index 5a389fdf0..67437ac38 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/ar.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/ar.json @@ -101,6 +101,7 @@ "back2CasUrl":"التطبيق الذي قمت بتسجيل الخروج منه للتو قد وفرت وصلة قد ترغب في أن تتبعها", "back2Portal":"العودة إلى البوابة", "badCode":"Bad code", +"badName":"Bad name", "cancel":"إلغاء", "captcha":"كلمة التحقق أو الكابتشا ", "changeKey": "Generate new key", @@ -151,7 +152,8 @@ "mail":"البريد", "mailSent2":"تم إرسال رسالة إلى عنوان بريدك الإلكتروني.", "maintenanceMode":"هذا التطبيق في صيانة، يرجى محاولة الاتصال في وقت لاحق", -"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!", +"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!!!", +"missingCode":"Code is missing", "name":"Name", "newMessages":"رسالة جديدة (رسائل)", "newPassword":"كلمة مرور جديدة", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/de.json b/lemonldap-ng-portal/site/htdocs/static/languages/de.json index 3b40c9c7f..b54686ea8 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/de.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/de.json @@ -101,6 +101,7 @@ "back2CasUrl":"The application you just logged out of has provided a link it would like you to follow", "back2Portal":"Go back to portal", "badCode":"Bad code", +"badName":"Bad name", "cancel":"Cancel", "captcha":"Captcha", "changeKey": "Generate new key", @@ -152,6 +153,7 @@ "mailSent2":"A message has been sent to your mail address.", "maintenanceMode":"This application is in maintenance, please try to connect later", "maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!", +"missingCode":"Code is missing", "name":"Name", "newMessages":"New message(s)", "newPassword":"New password", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/en.json b/lemonldap-ng-portal/site/htdocs/static/languages/en.json index 0c4d6c600..efa274dfb 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/en.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/en.json @@ -101,6 +101,7 @@ "back2CasUrl":"The application you just logged out of has provided a link it would like you to follow", "back2Portal":"Go back to portal", "badCode":"Bad code", +"badName":"Bad name", "cancel":"Cancel", "captcha":"Captcha", "changeKey": "Generate new key", @@ -151,7 +152,8 @@ "mail":"Mail", "mailSent2":"A message has been sent to your mail address.", "maintenanceMode":"This application is in maintenance, please try to connect later", -"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!", +"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!!!", +"missingCode":"Code is missing", "name":"Name", "newMessages":"New message(s)", "newPassword":"New password", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/es.json b/lemonldap-ng-portal/site/htdocs/static/languages/es.json index a04d831c9..9d6c90424 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/es.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/es.json @@ -102,6 +102,7 @@ "back2Portal":"Go back to portal", "badCode":"Bad code", "cancel":"Cancel", +"badName":"Bad name", "captcha":"Captcha", "changeKey": "Generate new key", "changePwd":"Change your password", @@ -152,6 +153,7 @@ "mailSent2":"A message has been sent to your mail address.", "maintenanceMode":"This application is in maintenance, please try to connect later", "maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!", +"missingCode":"Code is missing", "name":"Name", "newMessages":"New message(s)", "newPassword":"New password", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json index d9d062689..35cbebea5 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json @@ -101,6 +101,7 @@ "back2CasUrl":"Le service duquel vous arrivez a fourni un lien que vous êtes invité à suivre", "back2Portal":"Retourner au portail", "badCode":"Mauvais code", +"badName":"Bad name", "cancel":"Annuler", "captcha":"Captcha", "changeKey": "Générer une nouvelle clef", @@ -152,7 +153,8 @@ "mailSent2":"Un message a été envoyé à votre adresse mail.", "maintenanceMode":"Cette application est en maintenance, merci de réessayer plus tard", "name":"Nom", -"maxNumberof2FDevicesReached":"Nombre maximum de second facteurs atteint !!!", +"maxNumberof2FDevicesReached":"Nombre maximum de seconds facteurs atteint !!!", +"missingCode":"Code is missing", "newMessages":"Nouveaux messages", "newPassword":"Nouveau mot de passe", "newPwdSentTo":"Une confirmation a été envoyée à votre adresse mail.", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/it.json b/lemonldap-ng-portal/site/htdocs/static/languages/it.json index e5ff69b05..54c6bc8d1 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/it.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/it.json @@ -152,6 +152,7 @@ "mailSent2":"Vi é stato inviato un messaggio via mail", "maintenanceMode":"Questa applicazione è in manutenzione, prova a connetterti più tardi", "maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!!!", +"missingCode":"Code is missing", "name":"Name", "newMessages":"Nuovo(i) messaggio(i)", "newPassword":"Nuova password", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/nl.json b/lemonldap-ng-portal/site/htdocs/static/languages/nl.json index 92726c6dc..b5b25210c 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/nl.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/nl.json @@ -101,6 +101,7 @@ "back2CasUrl":"The application you just logged out of has provided a link it would like you to follow", "back2Portal":"Go back to portal", "badCode":"Bad code", +"badName":"Bad name", "cancel":"Cancel", "captcha":"Captcha", "changeKey": "Generate new key", @@ -151,7 +152,8 @@ "mail":"Mail", "mailSent2":"A message has been sent to your mail address.", "maintenanceMode":"This application is in maintenance, please try to connect later", -"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!", +"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!!!", +"missingCode":"Code is missing", "name":"Name", "newMessages":"New message(s)", "newPassword":"New password", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/pt.json b/lemonldap-ng-portal/site/htdocs/static/languages/pt.json index d9db8e5de..617e02731 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/pt.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/pt.json @@ -101,6 +101,7 @@ "back2CasUrl":"The application you just logged out of has provided a link it would like you to follow", "back2Portal":"Go back to portal", "badCode":"Bad code", +"badName":"Bad name", "cancel":"Cancel", "captcha":"Captcha", "changeKey": "Generate new key", @@ -151,7 +152,8 @@ "mail":"Mail", "mailSent2":"A message has been sent to your mail address.", "maintenanceMode":"This application is in maintenance, please try to connect later", -"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!", +"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!!!", +"missingCode":"Code is missing", "name":"Name", "newMessages":"New message(s)", "newPassword":"New password", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/ro.json b/lemonldap-ng-portal/site/htdocs/static/languages/ro.json index b34e853cd..a078084b5 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/ro.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/ro.json @@ -101,6 +101,7 @@ "back2CasUrl":"The application you just logged out of has provided a link it would like you to follow", "back2Portal":"Go back to portal", "badCode":"Bad code", +"badName":"Bad name", "cancel":"Cancel", "captcha":"Captcha", "changeKey": "Generate new key", @@ -151,7 +152,8 @@ "mail":"Mail", "mailSent2":"A message has been sent to your mail address.", "maintenanceMode":"This application is in maintenance, please try to connect later", -"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!", +"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!!!", +"missingCode":"Code is missing", "name":"Name", "newMessages":"New message(s)", "newPassword":"New password", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/vi.json b/lemonldap-ng-portal/site/htdocs/static/languages/vi.json index 9bf08aac7..8aa65d892 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/vi.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/vi.json @@ -101,6 +101,7 @@ "back2CasUrl":"Ứng dụng bạn vừa đăng xuất đã cung cấp một liên kết mà bạn muốn theo dõi", "back2Portal":"Quay lại cổng thông tin", "badCode":"Bad code", +"badName":"Bad name", "cancel":"Hủy", "captcha":"Captcha", "changeKey": "Generate new key", @@ -151,7 +152,8 @@ "mail":"Thư", "mailSent2":"Một tin nhắn đã được gửi đến địa chỉ thư của bạn.", "maintenanceMode":"Ứng dụng này đang trong quá trình bảo trì, hãy thử kết nối sau", -"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!", +"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!!!", +"missingCode":"Code is missing", "name":"Name", "newMessages":"(Các) tin nhắn mới", "newPassword":"Mật khẩu mới",