Use rule to enable OTT (#1694)
This commit is contained in:
parent
72bee11c2a
commit
5b67f1f743
|
@ -48,7 +48,7 @@ our %EXPORT_TAGS = (
|
||||||
APPLYSECTION
|
APPLYSECTION
|
||||||
NO
|
NO
|
||||||
$hashParameters
|
$hashParameters
|
||||||
@sessionTypes
|
@sessionTypes
|
||||||
)
|
)
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
|
|
@ -2486,7 +2486,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
||||||
},
|
},
|
||||||
'requireToken' => {
|
'requireToken' => {
|
||||||
'default' => 1,
|
'default' => 1,
|
||||||
'type' => 'bool'
|
'type' => 'boolOrExpr'
|
||||||
},
|
},
|
||||||
'rest2fActivation' => {
|
'rest2fActivation' => {
|
||||||
'default' => 0,
|
'default' => 0,
|
||||||
|
|
|
@ -629,7 +629,7 @@ sub attributes {
|
||||||
},
|
},
|
||||||
requireToken => {
|
requireToken => {
|
||||||
default => 1,
|
default => 1,
|
||||||
type => 'bool',
|
type => 'boolOrExpr',
|
||||||
documentation => 'Enable token for forms',
|
documentation => 'Enable token for forms',
|
||||||
},
|
},
|
||||||
tokenUseGlobalStorage => {
|
tokenUseGlobalStorage => {
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -34,16 +34,31 @@ has authnLevel => (
|
||||||
|
|
||||||
has captcha => ( is => 'rw' );
|
has captcha => ( is => 'rw' );
|
||||||
has ott => ( is => 'rw' );
|
has ott => ( is => 'rw' );
|
||||||
|
has ottRule => ( is => 'rw', default => sub { 1 } );
|
||||||
|
|
||||||
# INITIALIZATION
|
# INITIALIZATION
|
||||||
|
|
||||||
sub init {
|
sub init {
|
||||||
if ( $_[0]->{conf}->{captcha_login_enabled} ) {
|
my ($self) = @_;
|
||||||
$_[0]->captcha( $_[0]->p->loadModule('::Lib::Captcha') ) or return 0;
|
my $hd = $self->p->HANDLER;
|
||||||
|
|
||||||
|
# Parse OTT activation rule
|
||||||
|
$self->logger->debug(
|
||||||
|
"OTT activation rule -> " . $self->conf->{requireToken} );
|
||||||
|
my $rule =
|
||||||
|
$hd->buildSub( $hd->substitute( $self->conf->{requireToken} ) );
|
||||||
|
unless ($rule) {
|
||||||
|
$self->error( "Bad OTT activation rule -> " . $hd->tsv->{jail}->error );
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
elsif ( $_[0]->{conf}->{requireToken} ) {
|
$self->{ottRule} = $rule;
|
||||||
$_[0]->ott( $_[0]->p->loadModule('::Lib::OneTimeToken') ) or return 0;
|
|
||||||
$_[0]->ott->timeout( $_[0]->conf->{formTimeout} );
|
if ( $self->{conf}->{captcha_login_enabled} ) {
|
||||||
|
$self->captcha( $self->p->loadModule('::Lib::Captcha') ) or return 0;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$self->ott( $self->p->loadModule('::Lib::OneTimeToken') ) or return 0;
|
||||||
|
$self->ott->timeout( $self->conf->{formTimeout} );
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
@ -96,13 +111,14 @@ sub extractFormInfo {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Security: check for captcha or token
|
# Security: check for captcha or token
|
||||||
if ( $self->captcha or $self->ott ) {
|
if ( $self->captcha or $self->ottRule->( $req, $req->env ) ) {
|
||||||
my $token;
|
my $token;
|
||||||
unless ( $token = $req->param('token') ) {
|
unless ( $token = $req->param('token') ) {
|
||||||
$self->userLogger->error('Authentication tried without token');
|
$self->userLogger->error('Authentication tried without token');
|
||||||
$self->ott->setToken($req);
|
$self->ott->setToken($req);
|
||||||
return PE_NOTOKEN;
|
return PE_NOTOKEN;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $self->captcha ) {
|
if ( $self->captcha ) {
|
||||||
my $code = $req->param('captcha');
|
my $code = $req->param('captcha');
|
||||||
unless ($code) {
|
unless ($code) {
|
||||||
|
@ -117,7 +133,7 @@ sub extractFormInfo {
|
||||||
}
|
}
|
||||||
$self->logger->debug("Captcha code verified");
|
$self->logger->debug("Captcha code verified");
|
||||||
}
|
}
|
||||||
elsif ( $self->ott ) {
|
elsif ( $self->ottRule->( $req, $req->env ) ) {
|
||||||
unless ( $req->data->{tokenVerified}
|
unless ( $req->data->{tokenVerified}
|
||||||
or $self->ott->getToken($token) )
|
or $self->ott->getToken($token) )
|
||||||
{
|
{
|
||||||
|
@ -169,7 +185,7 @@ sub setSecurity {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Else get token
|
# Else get token
|
||||||
elsif ( $self->ott ) {
|
elsif ( $self->ottRule->( $req, $req->env ) ) {
|
||||||
$self->ott->setToken($req);
|
$self->ott->setToken($req);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user