dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'fix-2fa-token-timeout-2791' into 'v2.0' 

Fix #2791 (broken portal after 2FA timeout)

See merge request lemonldap-ng/lemonldap-ng!287
This commit is contained in:
Maxime Besson 2022-09-02 13:20:46 +00:00
parent b2ccead410 d6efecb6cc
commit 6f4ae3552c
4 changed files with 27 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
View File

@ -433,9 +433,16 @@ sub _choice {
my $session; my $session;
unless ( $session = $self->ott->getToken($token) ) { unless ( $session = $self->ott->getToken($token) ) {
$self->userLogger->info('Token expired'); $self->userLogger->info('Token expired');
$req->noLoginDisplay(1);
return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] ); return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] );
} }
unless ( $session->{_2fRealSession} ) {
$self->logger->error("Invalid 2FA session token");
$req->noLoginDisplay(1);
return $self->p->do( $req, [ sub { PE_ERROR } ] );
}
$req->sessionInfo($session); $req->sessionInfo($session);
# New token # New token

8
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm
View File

@ -5,6 +5,7 @@ use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw( use Lemonldap::NG::Portal::Main::Constants qw(
PE_SENDRESPONSE PE_SENDRESPONSE
PE_OK PE_OK
PE_ERROR
PE_NOTOKEN PE_NOTOKEN
PE_TOKENEXPIRED PE_TOKENEXPIRED
PE_BADCREDENTIALS PE_BADCREDENTIALS
@ -101,9 +102,14 @@ sub _verify {
my $session; my $session;
unless ( $session = $self->ott->getToken($token) ) { unless ( $session = $self->ott->getToken($token) ) {
$self->userLogger->info('Token expired'); $self->userLogger->info('Token expired');
$self->setSecurity($req); $req->noLoginDisplay(1);
return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] ); return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] );
} }
unless ( $session->{_2fRealSession} ) {
$self->logger->error("Invalid 2FA session token");
$req->noLoginDisplay(1);
return $self->p->do( $req, [ sub { PE_ERROR } ] );
}
# Launch second factor verification # Launch second factor verification
my $res = $self->verify( $req, $session ); my $res = $self->verify( $req, $session );

9
lemonldap-ng-portal/t/70-2F-TOTP-8-with-global-storage.t
View File

@ -3,7 +3,7 @@ use strict;
use IO::String; use IO::String;
require 't/test-lib.pm'; require 't/test-lib.pm';
my $maintests = 27; my $maintests = 28;
SKIP: { SKIP: {
eval { require Convert::Base32 }; eval { require Convert::Base32 };
@ -186,10 +186,13 @@ SKIP: {
), ),
'Post code' 'Post code'
); );
( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'password', 'token' );
ok( $res->[2]->[0] =~ /<span trmsg="82"><\/span>/, 'Token expired' ) ok( $res->[2]->[0] =~ /<span trmsg="82"><\/span>/, 'Token expired' )
or print STDERR Dumper( $res->[2]->[0] ); or print STDERR Dumper( $res->[2]->[0] );
unlike(
$res->[2]->[0],
qr/input id="userfield"/,
'Login form is not displayed'
);
# Try to sign-in # Try to sign-in
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', ); ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );

10
lemonldap-ng-portal/t/70-2F-TOTP-encryption.t
View File

@ -4,7 +4,7 @@ use IO::String;
use JSON qw/from_json to_json/; use JSON qw/from_json to_json/;
require 't/test-lib.pm'; require 't/test-lib.pm';
my $maintests = 30; my $maintests = 31;
SKIP: { SKIP: {
eval { require Convert::Base32 }; eval { require Convert::Base32 };
@ -187,10 +187,14 @@ SKIP: {
), ),
'Post code' 'Post code'
); );
( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'password', 'token' );
ok( $res->[2]->[0] =~ /<span trmsg="82"><\/span>/, 'Token expired' ) ok( $res->[2]->[0] =~ /<span trmsg="82"><\/span>/, 'Token expired' )
or print STDERR Dumper( $res->[2]->[0] ); or print STDERR Dumper( $res->[2]->[0] );
unlike(
$res->[2]->[0],
qr/input id="userfield"/,
'Login form is not displayed'
);
# Try to sign-in # Try to sign-in
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', ); ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );