Portal part of reauthentication (#1204)
This commit is contained in:
Xavier Guimard
parent
050cf20c72
commit
581f0e4c93
|
|
@ -2984,6 +2984,10 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
|
||||||
'default' => 0,
|
'default' => 0,
|
||||||
'type' => 'bool'
|
'type' => 'bool'
|
||||||
},
|
},
|
||||||
|
'upgradeSession' => {
|
||||||
|
'default' => 0,
|
||||||
|
'type' => 'bool'
|
||||||
|
},
|
||||||
'userControl' => {
|
'userControl' => {
|
||||||
'default' => '^[\\w\\.\\-@]+$',
|
'default' => '^[\\w\\.\\-@]+$',
|
||||||
'type' => 'pcre'
|
'type' => 'pcre'
|
||||||
|
|
|
||||||
|
|
@ -973,6 +973,13 @@ sub attributes {
|
||||||
documentation => 'Register session timeout',
|
documentation => 'Register session timeout',
|
||||||
},
|
},
|
||||||
|
|
||||||
|
# Upgrade session
|
||||||
|
upgradeSession => {
|
||||||
|
type => 'bool',
|
||||||
|
default => 0,
|
||||||
|
documentation => 'Upgrade session activation',
|
||||||
|
},
|
||||||
|
|
||||||
# U2F
|
# U2F
|
||||||
u2fActivation => {
|
u2fActivation => {
|
||||||
type => 'boolOrExpr',
|
type => 'boolOrExpr',
|
||||||
|
|
|
||||||
|
|
@ -602,6 +602,7 @@ sub tree {
|
||||||
'registerDoneSubject'
|
'registerDoneSubject'
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
'upgradeSession',
|
||||||
{
|
{
|
||||||
title => 'u2f',
|
title => 'u2f',
|
||||||
help => 'u2f.html',
|
help => 'u2f.html',
|
||||||
|
|
|
||||||
|
|
@ -677,6 +677,7 @@
|
||||||
"unsecuredCookie": "Unsecured cookie",
|
"unsecuredCookie": "Unsecured cookie",
|
||||||
"up": "Move up",
|
"up": "Move up",
|
||||||
"uploadDenied": "Upload denied",
|
"uploadDenied": "Upload denied",
|
||||||
|
"upgradeSession": "Session upgrade",
|
||||||
"uri": "URI",
|
"uri": "URI",
|
||||||
"url": "URL",
|
"url": "URL",
|
||||||
"use": "Use",
|
"use": "Use",
|
||||||
|
|
|
||||||
|
|
@ -677,6 +677,7 @@
|
||||||
"unsecuredCookie": "Cookie non sécurisé",
|
"unsecuredCookie": "Cookie non sécurisé",
|
||||||
"up": "Monter",
|
"up": "Monter",
|
||||||
"uploadDenied": "Téléchargement refusé",
|
"uploadDenied": "Téléchargement refusé",
|
||||||
|
"upgradeSession": "Ré-authentification",
|
||||||
"uri": "URI",
|
"uri": "URI",
|
||||||
"url": "URL",
|
"url": "URL",
|
||||||
"use": "Usage",
|
"use": "Usage",
|
||||||
|
|
|
||||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -260,6 +260,7 @@ site/templates/bootstrap/register.tpl
|
||||||
site/templates/bootstrap/standardform.tpl
|
site/templates/bootstrap/standardform.tpl
|
||||||
site/templates/bootstrap/u2fcheck.tpl
|
site/templates/bootstrap/u2fcheck.tpl
|
||||||
site/templates/bootstrap/u2fregister.tpl
|
site/templates/bootstrap/u2fregister.tpl
|
||||||
|
site/templates/bootstrap/upgradesession.tpl
|
||||||
site/templates/bootstrap/yubikeyform.tpl
|
site/templates/bootstrap/yubikeyform.tpl
|
||||||
site/templates/common/bullet_go.png
|
site/templates/common/bullet_go.png
|
||||||
site/templates/common/key.png
|
site/templates/common/key.png
|
||||||
|
|
|
||||||
|
|
@ -140,7 +140,7 @@ sub display {
|
||||||
}
|
}
|
||||||
|
|
||||||
# 2.3 Case : user authenticated but an error was returned (bas url,...)
|
# 2.3 Case : user authenticated but an error was returned (bas url,...)
|
||||||
elsif ( $req->userData and %{ $req->userData } ) {
|
elsif ( not $req->datas->{noerror} and $req->userData and %{ $req->userData } ) {
|
||||||
$skinfile = 'error';
|
$skinfile = 'error';
|
||||||
%templateParams = (
|
%templateParams = (
|
||||||
AUTH_ERROR => $req->error,
|
AUTH_ERROR => $req->error,
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,7 @@ our @pList = (
|
||||||
notification => '::Plugins::Notifications',
|
notification => '::Plugins::Notifications',
|
||||||
portalCheckLogins => '::Plugins::History',
|
portalCheckLogins => '::Plugins::History',
|
||||||
stayConnected => '::Plugins::StayConnected',
|
stayConnected => '::Plugins::StayConnected',
|
||||||
|
upgradeSession => '::Plugins::Upgrade',
|
||||||
);
|
);
|
||||||
|
|
||||||
##@method list enabledPlugins
|
##@method list enabledPlugins
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,11 @@ package Lemonldap::NG::Portal::Plugins::Upgrade;
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
use Mouse;
|
use Mouse;
|
||||||
use Lemonldap::NG::Portal::Main::Constants qw(PE_CONFIRM PE_OK);
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||||
|
PE_CONFIRM
|
||||||
|
PE_OK
|
||||||
|
PE_TOKENEXPIRED
|
||||||
|
);
|
||||||
|
|
||||||
our $VERSION = '2.0.0';
|
our $VERSION = '2.0.0';
|
||||||
|
|
||||||
|
|
@ -10,32 +14,67 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||||
|
|
||||||
# INITIALIZATION
|
# INITIALIZATION
|
||||||
|
|
||||||
|
has ott => (
|
||||||
|
is => 'rw',
|
||||||
|
default => sub {
|
||||||
|
my $ott =
|
||||||
|
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
||||||
|
$ott->timeout( $_[0]->{conf}->{formTimeout} );
|
||||||
|
return $ott;
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
sub init {
|
sub init {
|
||||||
my ($self) = @_;
|
my ($self) = @_;
|
||||||
$self->addAuthRoute(upgradesession => 'ask', ['GET']);
|
$self->addAuthRoute( upgradesession => 'ask', ['GET'] );
|
||||||
$self->addAuthRoute(upgradesession => 'confirm', ['POST']);
|
$self->addAuthRoute( upgradesession => 'confirm', ['POST'] );
|
||||||
}
|
}
|
||||||
|
|
||||||
# RUNNING METHOD
|
# RUNNING METHOD
|
||||||
|
|
||||||
sub ask {
|
sub ask {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
if($req->param('upgrading') ) {
|
|
||||||
|
# Check if auth is already running
|
||||||
|
if ( $req->param('upgrading') ) {
|
||||||
|
|
||||||
# verify token
|
# verify token
|
||||||
return $self->confirm($req);
|
return $self->confirm($req);
|
||||||
}
|
}
|
||||||
|
|
||||||
# Display form
|
# Display form
|
||||||
|
return $self->p->sendHtml(
|
||||||
|
$req,
|
||||||
|
'upgradesession',
|
||||||
|
params => {
|
||||||
|
CONFIRMKEY => $self->p->stamp,
|
||||||
|
PORTAL => $self->conf->{portal},
|
||||||
|
URL => $req->param('url'),
|
||||||
|
}
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
sub confirm {
|
sub confirm {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my $ok;
|
my $upg;
|
||||||
if($req->param('upgrading') ) {
|
if ( my $t = $req->param('upgrading') ) {
|
||||||
# verify token and set $ok to 1
|
if ( $self->ott->getToken($t) ) {
|
||||||
|
$upg = 1;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if ( $ok or $req->param('confirm') == 1 ) {
|
$req->steps(['controlUrl']);
|
||||||
$self->p->setHiddenFormValue(); # Insert token
|
my $res = $self->p->process($req);
|
||||||
|
return $self->p->do( $req, [ sub { $res } ] ) if($res);
|
||||||
|
if ( $upg or $req->param('confirm') == 1 ) {
|
||||||
|
$req->datas->{noerror} = 1;
|
||||||
|
$self->p->setHiddenFormValue(
|
||||||
|
$req,
|
||||||
|
upgrading => $self->ott->createToken,
|
||||||
|
''
|
||||||
|
); # Insert token
|
||||||
return $self->p->login($req);
|
return $self->p->login($req);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
|
||||||
|
|
@ -96,6 +96,7 @@
|
||||||
"accountCreationSuccess":"Your account was successfully created.",
|
"accountCreationSuccess":"Your account was successfully created.",
|
||||||
"anotherInformation":"Another information:",
|
"anotherInformation":"Another information:",
|
||||||
"areYouSure":"Are you sure?",
|
"areYouSure":"Are you sure?",
|
||||||
|
"askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate ?",
|
||||||
"authPortal":"Authentication portal",
|
"authPortal":"Authentication portal",
|
||||||
"authRemaining":"%s authentications remaining, change your password!",
|
"authRemaining":"%s authentications remaining, change your password!",
|
||||||
"autoAccept":"Automatically accept in 30 seconds",
|
"autoAccept":"Automatically accept in 30 seconds",
|
||||||
|
|
@ -190,6 +191,7 @@
|
||||||
"u2fSuccess": "Your key is successfully tested",
|
"u2fSuccess": "Your key is successfully tested",
|
||||||
"unableToGetU2FKey": "Unable to access to your key. Retry or contact your administrator",
|
"unableToGetU2FKey": "Unable to access to your key. Retry or contact your administrator",
|
||||||
"updateCdc": "Update Common Domain Cookie",
|
"updateCdc": "Update Common Domain Cookie",
|
||||||
|
"upgradeSession":"Upgrade session",
|
||||||
"user":"User",
|
"user":"User",
|
||||||
"useYubikey":"use your Yubikey",
|
"useYubikey":"use your Yubikey",
|
||||||
"verify": "Verify",
|
"verify": "Verify",
|
||||||
|
|
|
||||||
|
|
@ -96,6 +96,7 @@
|
||||||
"accountCreationSuccess":"Votre compte a bien été créé.",
|
"accountCreationSuccess":"Votre compte a bien été créé.",
|
||||||
"anotherInformation":"Une autre information :",
|
"anotherInformation":"Une autre information :",
|
||||||
"areYouSure":"Êtes vous sûr ?",
|
"areYouSure":"Êtes vous sûr ?",
|
||||||
|
"askToUpgrade":"Cette application nécessite un plus haut niveau d'authentification. Voulez-vous vous réauthentifier ?",
|
||||||
"authPortal":"Portail d'authentification",
|
"authPortal":"Portail d'authentification",
|
||||||
"authRemaining":"%s authentifications restantes, changez votre mot de passe !",
|
"authRemaining":"%s authentifications restantes, changez votre mot de passe !",
|
||||||
"autoAccept":"Acceptation automatique dans 30 secondes",
|
"autoAccept":"Acceptation automatique dans 30 secondes",
|
||||||
|
|
@ -190,6 +191,7 @@
|
||||||
"u2fSuccess": "Votre clef est vérifiée",
|
"u2fSuccess": "Votre clef est vérifiée",
|
||||||
"unableToGetU2FKey": "Impossible d'accéder à la clef, réessayez ou contactez votre administrateur",
|
"unableToGetU2FKey": "Impossible d'accéder à la clef, réessayez ou contactez votre administrateur",
|
||||||
"updateCdc": "Mise à jour du cookie de domaine commun",
|
"updateCdc": "Mise à jour du cookie de domaine commun",
|
||||||
|
"upgradeSession":"Se réauthentifier",
|
||||||
"user":"Utilisateur",
|
"user":"Utilisateur",
|
||||||
"useYubikey":"utilisez votre Yubikey",
|
"useYubikey":"utilisez votre Yubikey",
|
||||||
"verify": "Verifier",
|
"verify": "Verifier",
|
||||||
|
|
|
||||||
|
|
@ -17,5 +17,3 @@
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
<TMPL_INCLUDE NAME="footer.tpl">
|
<TMPL_INCLUDE NAME="footer.tpl">
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,23 @@
|
||||||
|
<TMPL_INCLUDE NAME="header.tpl">
|
||||||
|
|
||||||
|
<div class="message message-positive alert"><span trspan="askToUpgrade"></span></div>
|
||||||
|
<form action="/upgradesession" method="post" class="password" role="form">
|
||||||
|
<div class="form">
|
||||||
|
<div class="form-group input-group">
|
||||||
|
<input type="hidden" name="confirm" value="<TMPL_VAR NAME="CONFIRMKEY">">
|
||||||
|
<input type="hidden" name="url" value="<TMPL_VAR NAME="URL">">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="buttons">
|
||||||
|
<button type="submit" class="btn btn-success">
|
||||||
|
<span class="glyphicon glyphicon-log-in"></span>
|
||||||
|
<span trspan="upgradeSession">Upgrade session</span>
|
||||||
|
</button>
|
||||||
|
<a href="<TMPL_VAR NAME="PORTAL_URL">" class="btn btn-primary" role="button">
|
||||||
|
<span class="glyphicon glyphicon-home"></span>
|
||||||
|
<span trspan="goToPortal">Go to portal</span>
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
|
||||||
|
<TMPL_INCLUDE NAME="footer.tpl">
|
||||||
Loading…
Reference in New Issue
Block a user