dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve code

Browse Source
This commit is contained in:
Christophe Maudoux 2020-02-17 23:22:31 +01:00
parent 385a1c1f38
commit 95ad4cac37
7 changed files with 77 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/REST.pm
View File

@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_SENDRESPONSE
);
our $VERSION = '2.0.6';
our $VERSION = '2.0.8';
extends 'Lemonldap::NG::Portal::Main::SecondFactor',
'Lemonldap::NG::Portal::Lib::REST';
@ -141,7 +141,7 @@ sub verify {
. $session->{ $self->conf->{whatToTrace} } );
return PE_BADOTP;
}
PE_OK;
return PE_OK;
}
1;

14
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Radius.pm
View File

@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_SENDRESPONSE
);
our $VERSION = '2.0.6';
our $VERSION = '2.0.8';
extends 'Lemonldap::NG::Portal::Main::SecondFactor';
@ -36,7 +36,8 @@ sub init {
return 0;
}
unless (
$self->error('Radius connect failed')
unless (
$self->radius(
Authen::Radius->new(
Host => $self->conf->{radius2fServer},
@ -44,10 +45,8 @@ sub init {
TimeOut => $self->conf->{radius2fTimeout},
)
)
)
{
$self->error('Radius connect failed');
}
);
$self->prefix( $self->conf->{sfPrefix} )
if ( $self->conf->{sfPrefix} );
return $self->SUPER::init();
@ -109,8 +108,9 @@ sub verify {
"Radius server replied: " . $self->radius->get_error );
return PE_BADOTP;
}
$self->logger->debug("Radius server accepted 2F credentials");
PE_OK;
return PE_OK;
}
1;

86
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
View File

@ -81,12 +81,11 @@ sub run {
elsif ( $action eq 'registration' ) {
my ( $resp, $challenge );
$self->logger->debug('Registration response');
unless ($resp = $req->param('registration')
and $challenge = $req->param('challenge') )
{
return $self->p->sendError( $req, 'Missing registration parameter',
400 );
}
return $self->p->sendError( $req, 'Missing registration parameter',
400 )
unless ( $resp = $req->param('registration')
and $challenge = $req->param('challenge') );
$self->logger->debug("Get registration data $resp");
$self->logger->debug("Get challenge $challenge");
eval { $challenge = from_json($challenge)->{challenge} };
@ -168,29 +167,31 @@ sub run {
elsif ( $action eq 'verify' ) {
$self->logger->debug('Verification challenge req');
my ( $err, $error ) = $self->loadUser($req);
if ( $err == -1 ) {
return $self->p->sendError( $req, "U2F error: $error", 200 );
}
elsif ( $err == 0 ) {
return $self->p->sendError( $req, "noU2FKeyFound" );
}
return $self->p->sendError( $req, "U2F error: $error", 200 )
if ( $err == -1 );
return $self->p->sendError( $req, "noU2FKeyFound" ) if ( $err == 0 );
# Get a challenge (from first key)
my $data = eval {
from_json( $req->data->{crypter}->[0]->authenticationChallenge );
};
if ($@) {
$self->logger->error( Crypt::U2F::Server::u2fclib_getError() );
return $self->p->sendError( $req, "U2F error: $error", 200 );
}
# Get registered keys
my @rk;
foreach ( @{ $req->data->{crypter} } ) {
my $k = push @rk,
{ keyHandle => $_->{keyHandle}, version => $data->{version} };
}
# my @rk;
# foreach ( @{ $req->data->{crypter} } ) {
# my $k = push @rk,
# { keyHandle => $_->{keyHandle}, version => $data->{version} };
# }
my @rk =
map { { keyHandle => $_->{keyHandle}, version => $data->{version} } }
@{ $req->data->{crypter} };
# Serialize data
$data = to_json( {
@ -212,21 +213,15 @@ sub run {
elsif ( $action eq 'signature' ) {
$self->logger->debug('Verification response');
my ( $challenge, $resp );
unless ($challenge = $req->param('challenge')
and $resp = $req->param('signature') )
{
return $self->p->sendError( $req, 'Missing signature parameter',
400 );
}
my ( $challenge, $resp, $crypter );
return $self->p->sendError( $req, 'Missing signature parameter', 400 )
unless ( $challenge = $req->param('challenge')
and $resp = $req->param('signature') );
my ( $err, $error ) = $self->loadUser($req);
if ( $err == -1 ) {
return $self->p->sendError( $req, "U2F loading error: $error",
500 );
}
elsif ( $err == 0 ) {
return $self->p->sendError( $req, "noU2FKeyFound" );
}
return $self->p->sendError( $req, "U2F loading error: $error", 500 )
if ( $err == -1 );
return $self->p->sendError( $req, "noU2FKeyFound" ) if ( $err == 0 );
$self->logger->debug("Get verify response $resp");
my $data = eval { JSON::from_json($resp) };
@ -234,10 +229,15 @@ sub run {
$self->logger->error("U2F response error: $@");
return $self->p->sendError( $req, "U2FAnswerError" );
}
my $crypter;
foreach ( @{ $req->data->{crypter} } ) {
$crypter = $_ if ( $_->{keyHandle} eq $data->{keyHandle} );
}
# my $crypter;
# foreach ( @{ $req->data->{crypter} } ) {
# $crypter = $_ if ( $_->{keyHandle} eq $data->{keyHandle} );
# }
$crypter = $_
foreach grep { $_->{keyHandle} eq $data->{keyHandle} }
@{ $req->data->{crypter} };
unless ($crypter) {
$self->userLogger->error("Unregistered U2F key");
return $self->p->sendError( $req, "U2FKeyUnregistered" );
@ -270,7 +270,7 @@ sub run {
# Read existing 2FDevices
$self->logger->debug("Looking for 2F Devices ...");
my $_2fDevices;
my ( $_2fDevices, $keyName );
if ( $req->userData->{_2fDevices} ) {
$_2fDevices = eval {
from_json( $req->userData->{_2fDevices},
@ -287,10 +287,14 @@ sub run {
}
# Delete U2F device
my $keyName;
foreach (@$_2fDevices) {
$keyName = $_->{name} if $_->{epoch} eq $epoch;
}
# my $keyName;
# foreach (@$_2fDevices) {
# $keyName = $_->{name} if $_->{epoch} eq $epoch;
# }
$keyName = $_->{name}
foreach grep { $_->{epoch} eq $epoch } @$_2fDevices;
@$_2fDevices = grep { $_->{epoch} ne $epoch } @$_2fDevices;
$self->logger->debug(
"Delete 2F Device : { type => 'U2F', epoch => $epoch, name => $keyName }"

21
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm
View File

@ -15,7 +15,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_SENDRESPONSE
);
our $VERSION = '2.0.0';
our $VERSION = '2.0.8';
extends 'Lemonldap::NG::Portal::Main::SecondFactor',
'Lemonldap::NG::Common::TOTP';
@ -75,8 +75,7 @@ sub verify {
return PE_FORMEMPTY;
}
my $secret = '';
my $_2fDevices;
my ( $secret, $_2fDevices );
if ( $session->{_2fDevices} ) {
$self->logger->debug("Loading 2F Devices ...");
@ -88,13 +87,10 @@ sub verify {
return PE_ERROR;
}
$self->logger->debug("2F Device(s) found");
foreach (@$_2fDevices) {
$self->logger->debug("Reading TOTP secret if exists ...");
if ( $_->{type} eq 'TOTP' ) {
$secret = $_->{_secret};
last;
}
}
$self->logger->debug("Reading TOTP secret if exists...");
$secret = $_->{_secret}
foreach grep { $_->{type} eq 'TOTP' } @$_2fDevices;
}
unless ($secret) {
@ -108,8 +104,9 @@ sub verify {
$self->conf->{totp2fDigits},
$secret, $code
);
if ( $r == -1 ) { return PE_ERROR; }
elsif ($r) {
return PE_ERROR if ( $r == -1 );
if ($r) {
$self->userLogger->info('TOTP succeed');
return PE_OK;
}

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/UTOTP.pm
View File

@ -118,9 +118,7 @@ sub verify {
if ( $req->param('signature') ) {
$self->logger->debug('UTOTP: U2F response detected');
my $r1 = $self->u2f->verify( $req, $session );
if ( $r1 == PE_OK ) {
return PE_OK;
}
return PE_OK if ( $r1 == PE_OK );
}
if ( $req->param('code') ) {
$self->logger->debug('UTOTP: TOTP response detected');

31
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
View File

@ -15,7 +15,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_SENDRESPONSE
);
our $VERSION = '2.0.6';
our $VERSION = '2.0.8';
extends 'Lemonldap::NG::Portal::Main::SecondFactor';
@ -68,7 +68,7 @@ sub run {
my $checkLogins = $req->param('checkLogins');
$self->logger->debug("Yubikey checkLogins set") if ($checkLogins);
my $yubikey = 0;
my $yubikey;
if ( $req->{sessionInfo}->{_2fDevices} ) {
$self->logger->debug("Loading 2F Devices ...");
@ -82,14 +82,10 @@ sub run {
return PE_ERROR;
}
$self->logger->debug("2F Device(s) found");
$self->logger->debug("Reading Yubikey ...");
foreach (@$_2fDevices) {
$self->logger->debug("Reading Yubikey ...");
if ( $_->{type} eq 'UBK' ) {
$yubikey = $_->{_yubikey};
last;
}
}
$yubikey = $_->{_yubikey}
foreach grep { $_->{type} eq 'UBK' } @$_2fDevices;
}
unless ($yubikey) {
@ -129,20 +125,19 @@ sub verify {
}
# Verify OTP
my $yubikey = 0;
my $yubikey;
my $_2fDevices = eval {
$self->logger->debug("Looking for 2F Devices ...");
from_json( $session->{_2fDevices}, { allow_nonref => 1 } );
};
foreach (@$_2fDevices) {
$self->logger->debug("Reading Yubikey ...");
if ( $_->{type} eq 'UBK' ) {
$yubikey = $_->{_yubikey};
last;
}
if ($@) {
$self->logger->error("Bad encoding in _2fDevices: $@");
return PE_ERROR;
}
$self->logger->debug("Reading Yubikey ...");
$yubikey = $_->{_yubikey} foreach grep { $_->{type} eq 'UBK' } @$_2fDevices;
if (
index( $yubikey,
substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ) ) == -1
@ -155,7 +150,7 @@ sub verify {
$self->userLogger->warn('Yubikey verification failed');
return PE_BADOTP;
}
PE_OK;
return PE_OK;
}
1

1
lemonldap-ng-portal/t/40-Notifications-Explorer-XML-File.t
View File

@ -233,7 +233,6 @@ m%<span notif=\'testref\' epoch=\'(\d{10})\' class="btn btn-success" role="butto
),
'Malformed query'
);
$json;
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
or print STDERR "$@\n" . Dumper($res);
ok( $json->{error} eq 'Missing parameter', ' Missing parameter' )