WIP - Append PortalForceReAuthn (#1507)
This commit is contained in:
Christophe Maudoux
parent
107b0386b9
commit
85c6ad2498
|
|
@ -179,6 +179,8 @@ sub defaultValues {
|
|||
'portalDisplayRegister' => 1,
|
||||
'portalErrorOnExpiredSession' => 1,
|
||||
'portalForceAuthnInterval' => 5,
|
||||
'portalForceReAuthn' => 1,
|
||||
'portalForceReAuthnTempo' => 300,
|
||||
'portalPingInterval' => 60000,
|
||||
'portalRequireOldPassword' => 1,
|
||||
'portalSkin' => 'bootstrap',
|
||||
|
|
|
|||
|
|
@ -2169,6 +2169,14 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'default' => 5,
|
||||
'type' => 'int'
|
||||
},
|
||||
'portalForceReAuthn' => {
|
||||
'default' => 1,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'portalForceReAuthnTempo' => {
|
||||
'default' => 300,
|
||||
'type' => 'int'
|
||||
},
|
||||
'portalOpenLinkInNewWindow' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
|
|
|
|||
|
|
@ -556,6 +556,17 @@ sub attributes {
|
|||
type => 'bool',
|
||||
documentation => 'Check XSS',
|
||||
},
|
||||
portalForceReAuthn => {
|
||||
default => 1,
|
||||
type => 'bool',
|
||||
documentation => 'Enable force reAuthentification to access to Portal',
|
||||
},
|
||||
portalForceReAuthnTempo => {
|
||||
default => 300,
|
||||
type => 'int',
|
||||
documentation =>
|
||||
'Portal force reAuthentification -> Tempo before try again',
|
||||
},
|
||||
bruteForceProtection => {
|
||||
default => 1,
|
||||
type => 'bool',
|
||||
|
|
|
|||
|
|
@ -92,6 +92,7 @@ use constant {
|
|||
PE_UNAUTHORIZEDPARTNER => 84,
|
||||
PE_RENEWSESSION => 85,
|
||||
PE_WAIT => 86,
|
||||
PE_MUSTREAUTHN => 87,
|
||||
};
|
||||
|
||||
# EXPORTER PARAMETERS
|
||||
|
|
@ -117,7 +118,7 @@ our @EXPORT_OK = qw( PE_SENDRESPONSE PE_INFO PE_REDIRECT PE_DONE PE_OK
|
|||
PE_RADIUSCONNECTFAILED PE_MUST_SUPPLY_OLD_PASSWORD PE_FORBIDDENIP
|
||||
PE_CAPTCHAERROR PE_CAPTCHAEMPTY PE_REGISTERFIRSTACCESS PE_REGISTERFORMEMPTY
|
||||
PE_REGISTERALREADYEXISTS PE_NOTOKEN PE_TOKENEXPIRED HANDLER PE_U2FFAILED
|
||||
PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE PE_WAIT
|
||||
PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE PE_WAIT PE_MUSTREAUTHN
|
||||
);
|
||||
our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );
|
||||
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ our @pList = (
|
|||
upgradeSession => '::Plugins::Upgrade',
|
||||
autoSigninRules => '::Plugins::AutoSignin',
|
||||
checkState => '::Plugins::CheckState',
|
||||
portalForceReAuthn => '::Plugins::PortalForceReAuthn',
|
||||
);
|
||||
|
||||
##@method list enabledPlugins
|
||||
|
|
|
|||
|
|
@ -0,0 +1,35 @@
|
|||
package Lemonldap::NG::Portal::Plugins::PortalForceReAuthn;
|
||||
|
||||
use Data::Dumper;
|
||||
use strict;
|
||||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_MUSTREAUTHN);
|
||||
|
||||
our $VERSION = '2.0.0';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
use constant forAuthUser => 'run';
|
||||
|
||||
sub init {1}
|
||||
|
||||
# RUNNING METHOD
|
||||
|
||||
sub run {
|
||||
my ( $self, $req ) = @_;
|
||||
my $portalURL = $self->conf->{portal};
|
||||
my $HTTP_HOST = $req->env->{HTTP_HOST};
|
||||
$self->logger->debug( "Portal URL -> " . Dumper($portalURL) );
|
||||
$self->logger->debug( "HTTP_HOST -> " . Dumper($HTTP_HOST) );
|
||||
if ( $req->env->{HTTP_HOST} and $portalURL =~ qr#\Q$HTTP_HOST# ) {
|
||||
my $delta = time() - $req->{sessionInfo}->{_utime};
|
||||
$self->logger->debug( "Delta with last Authn -> " . $delta );
|
||||
$delta <= $self->conf->{portalForceReAuthnTempo}
|
||||
? return PE_OK
|
||||
: return PE_MUSTREAUTHN;
|
||||
}
|
||||
}
|
||||
|
||||
1;
|
||||
Loading…
Reference in New Issue
Block a user