WIP - Append PortalForceReAuthn (#1507)
This commit is contained in:
parent
107b0386b9
commit
85c6ad2498
|
@ -179,6 +179,8 @@ sub defaultValues {
|
||||||
'portalDisplayRegister' => 1,
|
'portalDisplayRegister' => 1,
|
||||||
'portalErrorOnExpiredSession' => 1,
|
'portalErrorOnExpiredSession' => 1,
|
||||||
'portalForceAuthnInterval' => 5,
|
'portalForceAuthnInterval' => 5,
|
||||||
|
'portalForceReAuthn' => 1,
|
||||||
|
'portalForceReAuthnTempo' => 300,
|
||||||
'portalPingInterval' => 60000,
|
'portalPingInterval' => 60000,
|
||||||
'portalRequireOldPassword' => 1,
|
'portalRequireOldPassword' => 1,
|
||||||
'portalSkin' => 'bootstrap',
|
'portalSkin' => 'bootstrap',
|
||||||
|
|
|
@ -2169,6 +2169,14 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
||||||
'default' => 5,
|
'default' => 5,
|
||||||
'type' => 'int'
|
'type' => 'int'
|
||||||
},
|
},
|
||||||
|
'portalForceReAuthn' => {
|
||||||
|
'default' => 1,
|
||||||
|
'type' => 'bool'
|
||||||
|
},
|
||||||
|
'portalForceReAuthnTempo' => {
|
||||||
|
'default' => 300,
|
||||||
|
'type' => 'int'
|
||||||
|
},
|
||||||
'portalOpenLinkInNewWindow' => {
|
'portalOpenLinkInNewWindow' => {
|
||||||
'default' => 0,
|
'default' => 0,
|
||||||
'type' => 'bool'
|
'type' => 'bool'
|
||||||
|
|
|
@ -556,6 +556,17 @@ sub attributes {
|
||||||
type => 'bool',
|
type => 'bool',
|
||||||
documentation => 'Check XSS',
|
documentation => 'Check XSS',
|
||||||
},
|
},
|
||||||
|
portalForceReAuthn => {
|
||||||
|
default => 1,
|
||||||
|
type => 'bool',
|
||||||
|
documentation => 'Enable force reAuthentification to access to Portal',
|
||||||
|
},
|
||||||
|
portalForceReAuthnTempo => {
|
||||||
|
default => 300,
|
||||||
|
type => 'int',
|
||||||
|
documentation =>
|
||||||
|
'Portal force reAuthentification -> Tempo before try again',
|
||||||
|
},
|
||||||
bruteForceProtection => {
|
bruteForceProtection => {
|
||||||
default => 1,
|
default => 1,
|
||||||
type => 'bool',
|
type => 'bool',
|
||||||
|
|
|
@ -92,6 +92,7 @@ use constant {
|
||||||
PE_UNAUTHORIZEDPARTNER => 84,
|
PE_UNAUTHORIZEDPARTNER => 84,
|
||||||
PE_RENEWSESSION => 85,
|
PE_RENEWSESSION => 85,
|
||||||
PE_WAIT => 86,
|
PE_WAIT => 86,
|
||||||
|
PE_MUSTREAUTHN => 87,
|
||||||
};
|
};
|
||||||
|
|
||||||
# EXPORTER PARAMETERS
|
# EXPORTER PARAMETERS
|
||||||
|
@ -117,7 +118,7 @@ our @EXPORT_OK = qw( PE_SENDRESPONSE PE_INFO PE_REDIRECT PE_DONE PE_OK
|
||||||
PE_RADIUSCONNECTFAILED PE_MUST_SUPPLY_OLD_PASSWORD PE_FORBIDDENIP
|
PE_RADIUSCONNECTFAILED PE_MUST_SUPPLY_OLD_PASSWORD PE_FORBIDDENIP
|
||||||
PE_CAPTCHAERROR PE_CAPTCHAEMPTY PE_REGISTERFIRSTACCESS PE_REGISTERFORMEMPTY
|
PE_CAPTCHAERROR PE_CAPTCHAEMPTY PE_REGISTERFIRSTACCESS PE_REGISTERFORMEMPTY
|
||||||
PE_REGISTERALREADYEXISTS PE_NOTOKEN PE_TOKENEXPIRED HANDLER PE_U2FFAILED
|
PE_REGISTERALREADYEXISTS PE_NOTOKEN PE_TOKENEXPIRED HANDLER PE_U2FFAILED
|
||||||
PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE PE_WAIT
|
PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE PE_WAIT PE_MUSTREAUTHN
|
||||||
);
|
);
|
||||||
our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );
|
our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );
|
||||||
|
|
||||||
|
|
|
@ -24,6 +24,7 @@ our @pList = (
|
||||||
upgradeSession => '::Plugins::Upgrade',
|
upgradeSession => '::Plugins::Upgrade',
|
||||||
autoSigninRules => '::Plugins::AutoSignin',
|
autoSigninRules => '::Plugins::AutoSignin',
|
||||||
checkState => '::Plugins::CheckState',
|
checkState => '::Plugins::CheckState',
|
||||||
|
portalForceReAuthn => '::Plugins::PortalForceReAuthn',
|
||||||
);
|
);
|
||||||
|
|
||||||
##@method list enabledPlugins
|
##@method list enabledPlugins
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
package Lemonldap::NG::Portal::Plugins::PortalForceReAuthn;
|
||||||
|
|
||||||
|
use Data::Dumper;
|
||||||
|
use strict;
|
||||||
|
use Mouse;
|
||||||
|
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_MUSTREAUTHN);
|
||||||
|
|
||||||
|
our $VERSION = '2.0.0';
|
||||||
|
|
||||||
|
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||||
|
|
||||||
|
# INITIALIZATION
|
||||||
|
|
||||||
|
use constant forAuthUser => 'run';
|
||||||
|
|
||||||
|
sub init {1}
|
||||||
|
|
||||||
|
# RUNNING METHOD
|
||||||
|
|
||||||
|
sub run {
|
||||||
|
my ( $self, $req ) = @_;
|
||||||
|
my $portalURL = $self->conf->{portal};
|
||||||
|
my $HTTP_HOST = $req->env->{HTTP_HOST};
|
||||||
|
$self->logger->debug( "Portal URL -> " . Dumper($portalURL) );
|
||||||
|
$self->logger->debug( "HTTP_HOST -> " . Dumper($HTTP_HOST) );
|
||||||
|
if ( $req->env->{HTTP_HOST} and $portalURL =~ qr#\Q$HTTP_HOST# ) {
|
||||||
|
my $delta = time() - $req->{sessionInfo}->{_utime};
|
||||||
|
$self->logger->debug( "Delta with last Authn -> " . $delta );
|
||||||
|
$delta <= $self->conf->{portalForceReAuthnTempo}
|
||||||
|
? return PE_OK
|
||||||
|
: return PE_MUSTREAUTHN;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
1;
|
Loading…
Reference in New Issue
Block a user