Improve messages (#2332)
This commit is contained in:
Christophe Maudoux
parent
901dc20d69
commit
90c8c2ba86
|
|
@ -359,11 +359,14 @@ sub run {
|
|||
$req,
|
||||
'2fchoice',
|
||||
params => {
|
||||
MAIN_LOGO => $self->conf->{portalMainLogo},
|
||||
SKIN => $self->p->getSkin($req),
|
||||
LANGS => $self->conf->{showLanguages},
|
||||
TOKEN => $token,
|
||||
MODULES => [
|
||||
MAIN_LOGO => $self->conf->{portalMainLogo},
|
||||
SKIN => $self->p->getSkin($req),
|
||||
LANGS => $self->conf->{showLanguages},
|
||||
CHECKLOGINS => $checkLogins,
|
||||
TOKEN => $token,
|
||||
MSG => $self->canUpdateSfa($req) || 'choose2f',
|
||||
ALERT => ( $self->canUpdateSfa($req) ? 'warning' : 'positive' ),
|
||||
MODULES => [
|
||||
map { {
|
||||
CODE => $_->prefix,
|
||||
LOGO => $_->logo,
|
||||
|
|
@ -371,7 +374,6 @@ sub run {
|
|||
}
|
||||
} @am
|
||||
],
|
||||
CHECKLOGINS => $checkLogins
|
||||
}
|
||||
);
|
||||
$req->response($tpl);
|
||||
|
|
@ -458,6 +460,8 @@ sub _displayRegister {
|
|||
params => {
|
||||
MAIN_LOGO => $self->conf->{portalMainLogo},
|
||||
LANGS => $self->conf->{showLanguages},
|
||||
MSG => $self->canUpdateSfa($req) || $m->{m}->welcome,
|
||||
ALERT => ( $self->canUpdateSfa($req) ? 'warning' : 'positive' ),
|
||||
}
|
||||
);
|
||||
}
|
||||
|
|
@ -486,7 +490,7 @@ sub _displayRegister {
|
|||
|
||||
# Retrieve user all second factors
|
||||
my $_2fDevices = [];
|
||||
if ( $self->allowedUpdateSfa($req) ) {
|
||||
unless ( $self->canUpdateSfa($req) ) {
|
||||
$_2fDevices = $req->userData->{_2fDevices}
|
||||
? eval {
|
||||
from_json( $req->userData->{_2fDevices}, { allow_nonref => 1 } );
|
||||
|
|
@ -543,6 +547,8 @@ sub _displayRegister {
|
|||
ACTION => $action,
|
||||
REG_REQUIRED => $req->data->{sfRegRequired},
|
||||
DISPLAY_UPG => $displayUpgBtn,
|
||||
MSG => $self->canUpdateSfa($req) || 'choose2f',
|
||||
ALERT => ( $self->canUpdateSfa($req) ? 'warning' : 'positive' ),
|
||||
SFREGISTERS_URL =>
|
||||
encode_base64( "$self->{conf}->{portal}2fregisters", '' )
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ extends 'Lemonldap::NG::Portal::Main::Plugin', 'Lemonldap::NG::Common::TOTP';
|
|||
|
||||
has prefix => ( is => 'rw', default => 'totp' );
|
||||
has template => ( is => 'ro', default => 'totp2fregister' );
|
||||
has welcome => ( is => 'ro', default => 'yourNewTotpKey' );
|
||||
has logo => ( is => 'rw', default => 'totp.png' );
|
||||
has ott => (
|
||||
is => 'rw',
|
||||
|
|
@ -37,8 +38,8 @@ sub run {
|
|||
unless $user;
|
||||
|
||||
# Check if TOTP can be updated
|
||||
return $self->p->sendError( $req, 'notAuthorizedAuthLevel', 400 )
|
||||
unless $self->allowedUpdateSfa( $req, $action );
|
||||
my $msg = $self->canUpdateSfa( $req, $action );
|
||||
return $self->p->sendError( $req, $msg, 400 ) if $msg;
|
||||
|
||||
# Verification that user has a valid TOTP app
|
||||
if ( $action eq 'verify' ) {
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ extends 'Lemonldap::NG::Portal::Main::Plugin',
|
|||
|
||||
has prefix => ( is => 'rw', default => 'u' );
|
||||
has template => ( is => 'ro', default => 'u2fregister' );
|
||||
has welcome => ( is => 'ro', default => 'u2fWelcome' );
|
||||
has logo => ( is => 'rw', default => 'u2f.png' );
|
||||
|
||||
sub init {
|
||||
|
|
@ -34,8 +35,8 @@ sub run {
|
|||
unless $user;
|
||||
|
||||
# Check if U2F key can be updated
|
||||
return $self->p->sendError( $req, 'notAuthorizedAuthLevel', 400 )
|
||||
unless $self->allowedUpdateSfa( $req, $action );
|
||||
my $msg = $self->canUpdateSfa( $req, $action );
|
||||
return $self->p->sendError( $req, $msg, 400 ) if $msg;
|
||||
|
||||
if ( $action eq 'register' ) {
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
|
|||
|
||||
has prefix => ( is => 'rw', default => 'yubikey' );
|
||||
has template => ( is => 'ro', default => 'yubikey2fregister' );
|
||||
has welcome => ( is => 'ro', default => 'clickOnYubikey' );
|
||||
has logo => ( is => 'rw', default => 'yubikey.png' );
|
||||
|
||||
sub init {
|
||||
|
|
@ -35,6 +36,7 @@ sub run {
|
|||
unless $user;
|
||||
|
||||
# Check if UBK key can be updated
|
||||
my $msg = $self->canUpdateSfa( $req, $action );
|
||||
return $self->p->sendHtml(
|
||||
$req, 'error',
|
||||
params => {
|
||||
|
|
@ -42,7 +44,7 @@ sub run {
|
|||
RAW_ERROR => 'notAuthorizedAuthLevel',
|
||||
AUTH_ERROR_TYPE => 'warning',
|
||||
}
|
||||
) unless $self->allowedUpdateSfa( $req, $action );
|
||||
) if $msg;
|
||||
|
||||
if ( $action eq 'register' ) {
|
||||
my $otp = $req->param('otp');
|
||||
|
|
|
|||
|
|
@ -104,10 +104,10 @@ sub createNotification {
|
|||
}
|
||||
}
|
||||
|
||||
sub allowedUpdateSfa {
|
||||
sub canUpdateSfa {
|
||||
my ( $self, $req, $action ) = @_;
|
||||
my $user = $req->userData->{ $self->conf->{whatToTrace} };
|
||||
my $res = 1;
|
||||
my $msg = undef;
|
||||
|
||||
# Test action
|
||||
if ( $action && $action eq 'delete' ) {
|
||||
|
|
@ -125,12 +125,12 @@ sub allowedUpdateSfa {
|
|||
$self->logger->debug(
|
||||
"authLevel: $req->{userData}->{authenticationLevel} < requiredLevel: "
|
||||
. $self->{conf}->{"${module}2fAuthnLevel"} );
|
||||
undef $res;
|
||||
$msg = 'notAuthorizedAuthLevel';
|
||||
}
|
||||
}
|
||||
|
||||
# Test if impersonation is in progress
|
||||
if ( $res && $self->conf->{impersonationRule} ) {
|
||||
if ( !$msg && $self->conf->{impersonationRule} ) {
|
||||
$self->logger->debug('Impersonation plugin is enabled');
|
||||
if ( $req->userData->{"$self->{conf}->{impersonationPrefix}_user"}
|
||||
&& $req->userData->{"$self->{conf}->{impersonationPrefix}_user"} ne
|
||||
|
|
@ -139,12 +139,12 @@ sub allowedUpdateSfa {
|
|||
$self->userLogger->warn(
|
||||
"Impersonation in progress! $user is not allowed to update 2FA."
|
||||
);
|
||||
undef $res;
|
||||
$msg = 'notAuthorized';
|
||||
}
|
||||
}
|
||||
|
||||
# Test if contextSwitching is in progress
|
||||
if ( $res && $self->conf->{contextSwitchingRule} ) {
|
||||
if ( !$msg && $self->conf->{contextSwitchingRule} ) {
|
||||
$self->logger->debug('ContextSwitching plugin is enabled');
|
||||
if (
|
||||
$req->userData->{
|
||||
|
|
@ -154,11 +154,11 @@ sub allowedUpdateSfa {
|
|||
$self->userLogger->warn(
|
||||
"ContextSwitching in progress! $user is not allowed to update 2FA."
|
||||
);
|
||||
undef $res;
|
||||
$msg = 'notAuthorized';
|
||||
}
|
||||
}
|
||||
$self->userLogger->info("$user is allowed to update 2FA") if $res;
|
||||
return $res;
|
||||
$self->userLogger->info("$user is allowed to update 2FA") unless $msg;
|
||||
return $msg;
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<TMPL_INCLUDE NAME="header.tpl">
|
||||
|
||||
<div class="container">
|
||||
<div class="message message-positive alert" trspan="choose2f"></div>
|
||||
<div class="message message-<TMPL_VAR NAME="ALERT"> alert" trspan="<TMPL_VAR NAME="MSG">"></div>
|
||||
<div class="buttons">
|
||||
<form action="/2fchoice" method="POST">
|
||||
<input type="hidden" id="token" name="token" value="<TMPL_VAR NAME="TOKEN">" />
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
<TMPL_INCLUDE NAME="header.tpl">
|
||||
|
||||
<div class="container">
|
||||
<div id="color" class="message message-positive alert">
|
||||
<div id="color" class="message message-<TMPL_VAR NAME="ALERT"> alert">
|
||||
<TMPL_IF NAME="REG_REQUIRED">
|
||||
<span trspan="2fRegRequired"></span>
|
||||
<TMPL_ELSE>
|
||||
<span id="msg" trspan="choose2f"></span>
|
||||
<span id="msg" trspan="<TMPL_VAR NAME="MSG">"></span>
|
||||
</TMPL_IF>
|
||||
</div>
|
||||
<TMPL_IF NAME="SFDEVICES">
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
<main id="menucontent" class="container">
|
||||
|
||||
<div id="color" class="message message-positive alert"><span id="msg" trspan="yourNewTotpKey"></span></div>
|
||||
<div id="color" class="message message-<TMPL_VAR NAME="ALERT"> alert"><span id="msg" trspan="<TMPL_VAR NAME="MSG">"></span></div>
|
||||
|
||||
<div class="card">
|
||||
<div class="card-body">
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
<main id="menucontent" class="container">
|
||||
|
||||
<div id="color" class="message message-positive alert"><span id="msg" trspan="u2fWelcome"></span></div>
|
||||
<div id="color" class="message message-<TMPL_VAR NAME="ALERT"> alert"><span id="msg" trspan="<TMPL_VAR NAME="MSG">"></span></div>
|
||||
|
||||
<div class="card">
|
||||
<div class="card-body">
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
<main id="menucontent" class="container">
|
||||
|
||||
<div id="color" class="message message-positive alert"><span id="msg" trspan="clickOnYubikey"></span></div>
|
||||
<div id="color" class="message message-<TMPL_VAR NAME="ALERT"> alert"><span id="msg" trspan="<TMPL_VAR NAME="MSG">"></span></div>
|
||||
|
||||
<div class="card">
|
||||
<div class="card-body">
|
||||
|
|
|
|||
|
|
@ -332,7 +332,7 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
),
|
||||
'Form 2fregisters'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ /<span id="msg" trspan="choose2f">/,
|
||||
ok( $res->[2]->[0] =~ /<span id="msg" trspan="notAuthorized">/,
|
||||
'Found choose 2F' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] !~ m%<span device=\'(TOTP|U2F)\' epoch=\'\d{10}\'%g,
|
||||
|
|
@ -369,7 +369,7 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
eval { $res = JSON::from_json( $res->[2]->[0] ) };
|
||||
ok( not($@), 'Content is JSON' )
|
||||
or explain( $res->[2]->[0], 'JSON content' );
|
||||
ok( $res->{error} eq 'notAuthorizedAuthLevel', 'Not authorized to register a TOTP' )
|
||||
ok( $res->{error} eq 'notAuthorized', 'Not authorized to register a TOTP' )
|
||||
or explain( $res, 'Bad result' );
|
||||
|
||||
# Try to unregister TOTP
|
||||
|
|
@ -386,7 +386,7 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
ok( not($@), ' Content is JSON' )
|
||||
or explain( [ $@, $res->[2] ], 'JSON content' );
|
||||
ok(
|
||||
$data->{error} eq 'notAuthorizedAuthLevel',
|
||||
$data->{error} eq 'notAuthorized',
|
||||
'Not authorized to unregister a TOTP'
|
||||
) or explain( $data, 'Bad result' );
|
||||
|
||||
|
|
@ -404,7 +404,7 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
eval { $data = JSON::from_json( $res->[2]->[0] ) };
|
||||
ok( not($@), ' Content is JSON' )
|
||||
or explain( [ $@, $res->[2] ], 'JSON content' );
|
||||
ok( $data->{error} eq 'notAuthorizedAuthLevel', 'Not authorized to verify a TOTP' )
|
||||
ok( $data->{error} eq 'notAuthorized', 'Not authorized to verify a TOTP' )
|
||||
or explain( $data, 'Bad result' );
|
||||
|
||||
## Try to register an U2F key
|
||||
|
|
@ -437,7 +437,7 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
ok( not($@), ' Content is JSON' )
|
||||
or explain( [ $@, $res->[2] ], 'JSON content' );
|
||||
ok(
|
||||
$data->{error} eq 'notAuthorizedAuthLevel',
|
||||
$data->{error} eq 'notAuthorized',
|
||||
'Not authorized to register an U2F key'
|
||||
) or explain( $data, 'Bad result' );
|
||||
|
||||
|
|
@ -455,7 +455,7 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
ok( not($@), ' Content is JSON' )
|
||||
or explain( [ $@, $res->[2] ], 'JSON content' );
|
||||
ok(
|
||||
$data->{error} eq 'notAuthorizedAuthLevel',
|
||||
$data->{error} eq 'notAuthorized',
|
||||
'Not authorized to unregister an U2F key'
|
||||
) or explain( $data, 'Bad result' );
|
||||
|
||||
|
|
|
|||
|
|
@ -272,7 +272,7 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
),
|
||||
'Form 2fregisters'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ /<span id="msg" trspan="choose2f">/,
|
||||
ok( $res->[2]->[0] =~ /<span id="msg" trspan="notAuthorized">/,
|
||||
'Found choose 2F' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] !~ m%<span device=\'(TOTP|U2F)\' epoch=\'\d{10}\'%g,
|
||||
|
|
@ -309,7 +309,7 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
eval { $res = JSON::from_json( $res->[2]->[0] ) };
|
||||
ok( not($@), 'Content is JSON' )
|
||||
or explain( $res->[2]->[0], 'JSON content' );
|
||||
ok( $res->{error} eq 'notAuthorizedAuthLevel', 'Not authorized to register a TOTP' )
|
||||
ok( $res->{error} eq 'notAuthorized', 'Not authorized to register a TOTP' )
|
||||
or explain( $res, 'Bad result' );
|
||||
|
||||
# Try to unregister TOTP
|
||||
|
|
@ -326,7 +326,7 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
ok( not($@), ' Content is JSON' )
|
||||
or explain( [ $@, $res->[2] ], 'JSON content' );
|
||||
ok(
|
||||
$data->{error} eq 'notAuthorizedAuthLevel',
|
||||
$data->{error} eq 'notAuthorized',
|
||||
'Not authorized to unregister a TOTP'
|
||||
) or explain( $data, 'Bad result' );
|
||||
|
||||
|
|
@ -344,7 +344,7 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
eval { $data = JSON::from_json( $res->[2]->[0] ) };
|
||||
ok( not($@), ' Content is JSON' )
|
||||
or explain( [ $@, $res->[2] ], 'JSON content' );
|
||||
ok( $data->{error} eq 'notAuthorizedAuthLevel', 'Not authorized to verify a TOTP' )
|
||||
ok( $data->{error} eq 'notAuthorized', 'Not authorized to verify a TOTP' )
|
||||
or explain( $data, 'Bad result' );
|
||||
|
||||
## Try to register an U2F key
|
||||
|
|
@ -377,7 +377,7 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
ok( not($@), ' Content is JSON' )
|
||||
or explain( [ $@, $res->[2] ], 'JSON content' );
|
||||
ok(
|
||||
$data->{error} eq 'notAuthorizedAuthLevel',
|
||||
$data->{error} eq 'notAuthorized',
|
||||
'Not authorized to register an U2F key'
|
||||
) or explain( $data, 'Bad result' );
|
||||
|
||||
|
|
@ -395,7 +395,7 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
ok( not($@), ' Content is JSON' )
|
||||
or explain( [ $@, $res->[2] ], 'JSON content' );
|
||||
ok(
|
||||
$data->{error} eq 'notAuthorizedAuthLevel',
|
||||
$data->{error} eq 'notAuthorized',
|
||||
'Not authorized to unregister an U2F key'
|
||||
) or explain( $data, 'Bad result' );
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue