dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use rule to enable OTT (#1694)

Browse Source
This commit is contained in:
maudoux 2019-04-03 23:28:45 +02:00
parent 72bee11c2a
commit 5b67f1f743
5 changed files with 28 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
View File

@ -48,7 +48,7 @@ our %EXPORT_TAGS = (
APPLYSECTION APPLYSECTION
NO NO
$hashParameters $hashParameters
@sessionTypes @sessionTypes
) )
] ]
); );

2
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
View File

@ -2486,7 +2486,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
}, },
'requireToken' => { 'requireToken' => {
'default' => 1, 'default' => 1,
'type' => 'bool' 'type' => 'boolOrExpr'
}, },
'rest2fActivation' => { 'rest2fActivation' => {
'default' => 0, 'default' => 0,

2
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
View File

@ -629,7 +629,7 @@ sub attributes {
}, },
requireToken => { requireToken => {
default => 1, default => 1,
type => 'bool', type => 'boolOrExpr',
documentation => 'Enable token for forms', documentation => 'Enable token for forms',
}, },
tokenUseGlobalStorage => { tokenUseGlobalStorage => {

2
lemonldap-ng-manager/site/htdocs/static/struct.json
View File

File diff suppressed because one or more lines are too long

32
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm
View File

@ -34,16 +34,31 @@ has authnLevel => (
has captcha => ( is => 'rw' ); has captcha => ( is => 'rw' );
has ott => ( is => 'rw' ); has ott => ( is => 'rw' );
has ottRule => ( is => 'rw', default => sub { 1 } );
# INITIALIZATION # INITIALIZATION
sub init { sub init {
if ( $_[0]->{conf}->{captcha_login_enabled} ) { my ($self) = @_;
$_[0]->captcha( $_[0]->p->loadModule('::Lib::Captcha') ) or return 0; my $hd = $self->p->HANDLER;
# Parse OTT activation rule
$self->logger->debug(
"OTT activation rule -> " . $self->conf->{requireToken} );
my $rule =
$hd->buildSub( $hd->substitute( $self->conf->{requireToken} ) );
unless ($rule) {
$self->error( "Bad OTT activation rule -> " . $hd->tsv->{jail}->error );
return 0;
} }
elsif ( $_[0]->{conf}->{requireToken} ) { $self->{ottRule} = $rule;
$_[0]->ott( $_[0]->p->loadModule('::Lib::OneTimeToken') ) or return 0;
$_[0]->ott->timeout( $_[0]->conf->{formTimeout} ); if ( $self->{conf}->{captcha_login_enabled} ) {
$self->captcha( $self->p->loadModule('::Lib::Captcha') ) or return 0;
}
else {
$self->ott( $self->p->loadModule('::Lib::OneTimeToken') ) or return 0;
$self->ott->timeout( $self->conf->{formTimeout} );
} }
return 1; return 1;
} }
@ -96,13 +111,14 @@ sub extractFormInfo {
} }
# Security: check for captcha or token # Security: check for captcha or token
if ( $self->captcha or $self->ott ) { if ( $self->captcha or $self->ottRule->( $req, $req->env ) ) {
my $token; my $token;
unless ( $token = $req->param('token') ) { unless ( $token = $req->param('token') ) {
$self->userLogger->error('Authentication tried without token'); $self->userLogger->error('Authentication tried without token');
$self->ott->setToken($req); $self->ott->setToken($req);
return PE_NOTOKEN; return PE_NOTOKEN;
} }
if ( $self->captcha ) { if ( $self->captcha ) {
my $code = $req->param('captcha'); my $code = $req->param('captcha');
unless ($code) { unless ($code) {
@ -117,7 +133,7 @@ sub extractFormInfo {
} }
$self->logger->debug("Captcha code verified"); $self->logger->debug("Captcha code verified");
} }
elsif ( $self->ott ) { elsif ( $self->ottRule->( $req, $req->env ) ) {
unless ( $req->data->{tokenVerified} unless ( $req->data->{tokenVerified}
or $self->ott->getToken($token) ) or $self->ott->getToken($token) )
{ {
@ -169,7 +185,7 @@ sub setSecurity {
} }
# Else get token # Else get token
elsif ( $self->ott ) { elsif ( $self->ottRule->( $req, $req->env ) ) {
$self->ott->setToken($req); $self->ott->setToken($req);
} }
} }