Portal part of reauthentication (#1204)
This commit is contained in:
parent
050cf20c72
commit
581f0e4c93
|
@ -2984,6 +2984,10 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
|
|||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'upgradeSession' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'userControl' => {
|
||||
'default' => '^[\\w\\.\\-@]+$',
|
||||
'type' => 'pcre'
|
||||
|
|
|
@ -973,6 +973,13 @@ sub attributes {
|
|||
documentation => 'Register session timeout',
|
||||
},
|
||||
|
||||
# Upgrade session
|
||||
upgradeSession => {
|
||||
type => 'bool',
|
||||
default => 0,
|
||||
documentation => 'Upgrade session activation',
|
||||
},
|
||||
|
||||
# U2F
|
||||
u2fActivation => {
|
||||
type => 'boolOrExpr',
|
||||
|
|
|
@ -602,6 +602,7 @@ sub tree {
|
|||
'registerDoneSubject'
|
||||
]
|
||||
},
|
||||
'upgradeSession',
|
||||
{
|
||||
title => 'u2f',
|
||||
help => 'u2f.html',
|
||||
|
|
|
@ -677,6 +677,7 @@
|
|||
"unsecuredCookie": "Unsecured cookie",
|
||||
"up": "Move up",
|
||||
"uploadDenied": "Upload denied",
|
||||
"upgradeSession": "Session upgrade",
|
||||
"uri": "URI",
|
||||
"url": "URL",
|
||||
"use": "Use",
|
||||
|
|
|
@ -677,6 +677,7 @@
|
|||
"unsecuredCookie": "Cookie non sécurisé",
|
||||
"up": "Monter",
|
||||
"uploadDenied": "Téléchargement refusé",
|
||||
"upgradeSession": "Ré-authentification",
|
||||
"uri": "URI",
|
||||
"url": "URL",
|
||||
"use": "Usage",
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -260,6 +260,7 @@ site/templates/bootstrap/register.tpl
|
|||
site/templates/bootstrap/standardform.tpl
|
||||
site/templates/bootstrap/u2fcheck.tpl
|
||||
site/templates/bootstrap/u2fregister.tpl
|
||||
site/templates/bootstrap/upgradesession.tpl
|
||||
site/templates/bootstrap/yubikeyform.tpl
|
||||
site/templates/common/bullet_go.png
|
||||
site/templates/common/key.png
|
||||
|
|
|
@ -140,7 +140,7 @@ sub display {
|
|||
}
|
||||
|
||||
# 2.3 Case : user authenticated but an error was returned (bas url,...)
|
||||
elsif ( $req->userData and %{ $req->userData } ) {
|
||||
elsif ( not $req->datas->{noerror} and $req->userData and %{ $req->userData } ) {
|
||||
$skinfile = 'error';
|
||||
%templateParams = (
|
||||
AUTH_ERROR => $req->error,
|
||||
|
|
|
@ -24,6 +24,7 @@ our @pList = (
|
|||
notification => '::Plugins::Notifications',
|
||||
portalCheckLogins => '::Plugins::History',
|
||||
stayConnected => '::Plugins::StayConnected',
|
||||
upgradeSession => '::Plugins::Upgrade',
|
||||
);
|
||||
|
||||
##@method list enabledPlugins
|
||||
|
|
|
@ -2,7 +2,11 @@ package Lemonldap::NG::Portal::Plugins::Upgrade;
|
|||
|
||||
use strict;
|
||||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(PE_CONFIRM PE_OK);
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_CONFIRM
|
||||
PE_OK
|
||||
PE_TOKENEXPIRED
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.0';
|
||||
|
||||
|
@ -10,32 +14,67 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
|
|||
|
||||
# INITIALIZATION
|
||||
|
||||
has ott => (
|
||||
is => 'rw',
|
||||
default => sub {
|
||||
my $ott =
|
||||
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
||||
$ott->timeout( $_[0]->{conf}->{formTimeout} );
|
||||
return $ott;
|
||||
}
|
||||
);
|
||||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
$self->addAuthRoute(upgradesession => 'ask', ['GET']);
|
||||
$self->addAuthRoute(upgradesession => 'confirm', ['POST']);
|
||||
$self->addAuthRoute( upgradesession => 'ask', ['GET'] );
|
||||
$self->addAuthRoute( upgradesession => 'confirm', ['POST'] );
|
||||
}
|
||||
|
||||
# RUNNING METHOD
|
||||
|
||||
sub ask {
|
||||
my ( $self, $req ) = @_;
|
||||
if($req->param('upgrading') ) {
|
||||
|
||||
# Check if auth is already running
|
||||
if ( $req->param('upgrading') ) {
|
||||
|
||||
# verify token
|
||||
return $self->confirm($req);
|
||||
}
|
||||
|
||||
# Display form
|
||||
return $self->p->sendHtml(
|
||||
$req,
|
||||
'upgradesession',
|
||||
params => {
|
||||
CONFIRMKEY => $self->p->stamp,
|
||||
PORTAL => $self->conf->{portal},
|
||||
URL => $req->param('url'),
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
sub confirm {
|
||||
my ( $self, $req ) = @_;
|
||||
my $ok;
|
||||
if($req->param('upgrading') ) {
|
||||
# verify token and set $ok to 1
|
||||
my $upg;
|
||||
if ( my $t = $req->param('upgrading') ) {
|
||||
if ( $self->ott->getToken($t) ) {
|
||||
$upg = 1;
|
||||
}
|
||||
else {
|
||||
return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] );
|
||||
}
|
||||
}
|
||||
if ( $ok or $req->param('confirm') == 1 ) {
|
||||
$self->p->setHiddenFormValue(); # Insert token
|
||||
$req->steps(['controlUrl']);
|
||||
my $res = $self->p->process($req);
|
||||
return $self->p->do( $req, [ sub { $res } ] ) if($res);
|
||||
if ( $upg or $req->param('confirm') == 1 ) {
|
||||
$req->datas->{noerror} = 1;
|
||||
$self->p->setHiddenFormValue(
|
||||
$req,
|
||||
upgrading => $self->ott->createToken,
|
||||
''
|
||||
); # Insert token
|
||||
return $self->p->login($req);
|
||||
}
|
||||
else {
|
||||
|
|
|
@ -96,6 +96,7 @@
|
|||
"accountCreationSuccess":"Your account was successfully created.",
|
||||
"anotherInformation":"Another information:",
|
||||
"areYouSure":"Are you sure?",
|
||||
"askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate ?",
|
||||
"authPortal":"Authentication portal",
|
||||
"authRemaining":"%s authentications remaining, change your password!",
|
||||
"autoAccept":"Automatically accept in 30 seconds",
|
||||
|
@ -190,6 +191,7 @@
|
|||
"u2fSuccess": "Your key is successfully tested",
|
||||
"unableToGetU2FKey": "Unable to access to your key. Retry or contact your administrator",
|
||||
"updateCdc": "Update Common Domain Cookie",
|
||||
"upgradeSession":"Upgrade session",
|
||||
"user":"User",
|
||||
"useYubikey":"use your Yubikey",
|
||||
"verify": "Verify",
|
||||
|
|
|
@ -96,6 +96,7 @@
|
|||
"accountCreationSuccess":"Votre compte a bien été créé.",
|
||||
"anotherInformation":"Une autre information :",
|
||||
"areYouSure":"Êtes vous sûr ?",
|
||||
"askToUpgrade":"Cette application nécessite un plus haut niveau d'authentification. Voulez-vous vous réauthentifier ?",
|
||||
"authPortal":"Portail d'authentification",
|
||||
"authRemaining":"%s authentifications restantes, changez votre mot de passe !",
|
||||
"autoAccept":"Acceptation automatique dans 30 secondes",
|
||||
|
@ -190,6 +191,7 @@
|
|||
"u2fSuccess": "Votre clef est vérifiée",
|
||||
"unableToGetU2FKey": "Impossible d'accéder à la clef, réessayez ou contactez votre administrateur",
|
||||
"updateCdc": "Mise à jour du cookie de domaine commun",
|
||||
"upgradeSession":"Se réauthentifier",
|
||||
"user":"Utilisateur",
|
||||
"useYubikey":"utilisez votre Yubikey",
|
||||
"verify": "Verifier",
|
||||
|
|
|
@ -17,5 +17,3 @@
|
|||
</form>
|
||||
|
||||
<TMPL_INCLUDE NAME="footer.tpl">
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
<TMPL_INCLUDE NAME="header.tpl">
|
||||
|
||||
<div class="message message-positive alert"><span trspan="askToUpgrade"></span></div>
|
||||
<form action="/upgradesession" method="post" class="password" role="form">
|
||||
<div class="form">
|
||||
<div class="form-group input-group">
|
||||
<input type="hidden" name="confirm" value="<TMPL_VAR NAME="CONFIRMKEY">">
|
||||
<input type="hidden" name="url" value="<TMPL_VAR NAME="URL">">
|
||||
</div>
|
||||
</div>
|
||||
<div class="buttons">
|
||||
<button type="submit" class="btn btn-success">
|
||||
<span class="glyphicon glyphicon-log-in"></span>
|
||||
<span trspan="upgradeSession">Upgrade session</span>
|
||||
</button>
|
||||
<a href="<TMPL_VAR NAME="PORTAL_URL">" class="btn btn-primary" role="button">
|
||||
<span class="glyphicon glyphicon-home"></span>
|
||||
<span trspan="goToPortal">Go to portal</span>
|
||||
</a>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<TMPL_INCLUDE NAME="footer.tpl">
|
Loading…
Reference in New Issue
Block a user