Second-Factor-Engine skeleton (#1148)

2018-03-08 16:33:34 +01:00 · 2018-03-08 16:33:34 +01:00 · 67a530bc01
commit 67a530bc01
parent 0f964ae31d
6 changed files with 71 additions and 38 deletions
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@ -8,12 +8,12 @@ sub types {
        'authParamsText' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'blackWhiteList' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'bool' => {
            'msgFail' => '__notABoolean__',
@ -36,17 +36,17 @@ sub types {
                        split( /\n/, $@, 0 ) )
                );
                return $err ? ( 1, "__badExpression__: $err" ) : 1;
-              }
+            }
        },
        'catAndAppList' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'file' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'hostname' => {
            'form'    => 'text',
@ -80,48 +80,48 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
                      if $_ =~ /exportedvars$/i and defined $conf->{$_}{$val};
                }
                return 1, "__unknownAttrOrMacro__: $val";
-              }
+            }
        },
        'longtext' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'menuApp' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'menuCat' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'oidcmetadatajson' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'oidcmetadatajwks' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'oidcOPMetaDataNode' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'oidcRPMetaDataNode' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'password' => {
            'msgFail' => '__malformedValue__',
            'test'    => sub {
                1;
-              }
+            }
        },
        'pcre' => {
            'form' => 'text',
@ -132,7 +132,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
                      }
                };
                return $@ ? ( 0, "__badRegexp__: $@" ) : 1;
-              }
+            }
        },
        'PerlModule' => {
            'form'    => 'text',
@ -142,17 +142,17 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
        'portalskin' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'portalskinbackground' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'post' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'RSAPrivateKey' => {
            'test' => sub {
@ -160,7 +160,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
 m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:RSA\s+)PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s
                  ? 1
                  : ( 1, '__badPemEncoding__' );
-              }
+            }
        },
        'RSAPublicKey' => {
            'test' => sub {
@ -168,7 +168,7 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+=
 m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$]s
                  ? 1
                  : ( 1, '__badPemEncoding__' );
-              }
+            }
        },
        'RSAPublicKeyOrCertificate' => {
            'test' => sub {
@ -176,37 +176,37 @@ m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\
 m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$]s
                  ? 1
                  : ( 1, '__badPemEncoding__' );
-              }
+            }
        },
        'rule' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'samlAssertion' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'samlAttribute' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'samlIDPMetaDataNode' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'samlService' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'samlSPMetaDataNode' => {
            'test' => sub {
                1;
-              }
+            }
        },
        'select' => {
            'test' => sub {
@ -216,19 +216,19 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\
                return $test
                  ? 1
                  : ( 1, "Invalid value '$_[0]' for this select" );
-              }
+            }
        },
        'subContainer' => {
            'keyTest' => qr/\w/,
            'test'    => sub {
                1;
-              }
+            }
        },
        'text' => {
            'msgFail' => '__malformedValue__',
            'test'    => sub {
                1;
-              }
+            }
        },
        'trool' => {
            'msgFail' => '__authorizedValues__: -1, 0, 1',
@ -1036,7 +1036,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
                            split( /\n/, $@, 0 ) )
                    );
                    return $err ? ( 1, "__badExpression__: $err" ) : 1;
-                  }
+                }
            },
            'type' => 'keyTextContainer'
        },
@ -1208,7 +1208,7 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
                          and defined $conf->{$_}{$val};
                    }
                    return 1, "__unknownAttrOrMacro__: $val";
-                  }
+                }
            },
            'type' => 'doubleHash'
        },
@ -1490,7 +1490,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
                            split( /\n/, $@, 0 ) )
                    );
                    return $err ? ( 1, "__badExpression__: $err" ) : 1;
-                  }
+                }
            },
            'type' => 'ruleContainer'
        },
@ -2986,19 +2986,19 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
            'default' => 0,
            'select'  => [
                {
-                    'k' => 0,
+                    'k' => '0',
                    'v' => 'unsecuredCookie'
                },
                {
-                    'k' => 1,
+                    'k' => '1',
                    'v' => 'securedCookie'
                },
                {
-                    'k' => 2,
+                    'k' => '2',
                    'v' => 'doubleCookie'
                },
                {
-                    'k' => 3,
+                    'k' => '3',
                    'v' => 'doubleCookieForSingleSession'
                }
            ],
@ -3009,6 +3009,9 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
            'keyTest'    => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/,
            'type'       => 'keyTextContainer'
        },
+        'sfEngine' => {
+            'default' => '::2F::Engine::Default'
+        },
        'singleIP' => {
            'default' => 0,
            'type'    => 'bool'
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@ -1981,6 +1981,13 @@ sub attributes {
            documentation => 'Password module',
        },

+        # Seconf Factor Engine
+        sfEngine => {
+            type    => 'text',
+            default => '::2F::Engine::Default',
+            documentation => 'Second factor engine',
+        },
+
        # DEMO
        demoExportedVars => {
            type          => 'keyTextContainer',
--- a/lemonldap-ng-manager/t/80-attributes.t
+++ b/lemonldap-ng-manager/t/80-attributes.t
@ -18,7 +18,7 @@ my @notManagedAttributes = (
    # Complex nodes
    'samlSPMetaDataOptions', 'samlIDPMetaDataOptions', 'oidcRPMetaDataOptions',
    'oidcOPMetaDataOptions', 'casSrvMetaDataOptions',  'casAppMetaDataOptions',
-    'vhostOptions',
+    'vhostOptions',          'sfEngine',

    # Metadatas (added by manager itself)
    'cfgAuthor', 'cfgAuthorIP', 'cfgNum', 'cfgDate', 'cfgLog', 'cfgVersion',
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@ -8,6 +8,7 @@ example/soapconfigtest.pl
 example/soaperrortest.pl
 example/soaptest.pl
 lib/Lemonldap/NG/Portal.pm
+lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
 lib/Lemonldap/NG/Portal/2F/External2F.pm
 lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm
 lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
@ -0,0 +1,17 @@
+package Lemonldap::NG::Portal::2F::Engines::Default;
+
+use strict;
+use Mouse;
+use Lemonldap::NG::Portal::Main::Constants qw(
+  PE_OK
+);
+
+our $VERSION = '2.0.0';
+
+extends 'Lemonldap::NG::Portal::Main::Plugin';
+
+sub init {
+    return 1;
+}
+
+1;
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
@ -217,6 +217,11 @@ sub reloadConf {
          unless ( $self->{"_$type"} = $self->loadPlugin($module) );
    }

+    # Load second-factor engine
+    $self->conf->{'sfEngine'} ||= '::2F::Engines::Default';
+    return $self->fail
+      unless $self->{sfEngine} = $self->loadPlugin( $self->conf->{'sfEngine'} );
+
    # Initialize trusted domain regexp
    if (    $self->conf->{trustedDomains}
        and $self->conf->{trustedDomains} =~ /^\s*\*\s*$/ )