Improve code
This commit is contained in:
parent
385a1c1f38
commit
95ad4cac37
|
@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
PE_SENDRESPONSE
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.6';
|
||||
our $VERSION = '2.0.8';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::SecondFactor',
|
||||
'Lemonldap::NG::Portal::Lib::REST';
|
||||
|
@ -141,7 +141,7 @@ sub verify {
|
|||
. $session->{ $self->conf->{whatToTrace} } );
|
||||
return PE_BADOTP;
|
||||
}
|
||||
PE_OK;
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
PE_SENDRESPONSE
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.6';
|
||||
our $VERSION = '2.0.8';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::SecondFactor';
|
||||
|
||||
|
@ -36,7 +36,8 @@ sub init {
|
|||
return 0;
|
||||
}
|
||||
|
||||
unless (
|
||||
$self->error('Radius connect failed')
|
||||
unless (
|
||||
$self->radius(
|
||||
Authen::Radius->new(
|
||||
Host => $self->conf->{radius2fServer},
|
||||
|
@ -44,10 +45,8 @@ sub init {
|
|||
TimeOut => $self->conf->{radius2fTimeout},
|
||||
)
|
||||
)
|
||||
)
|
||||
{
|
||||
$self->error('Radius connect failed');
|
||||
}
|
||||
);
|
||||
|
||||
$self->prefix( $self->conf->{sfPrefix} )
|
||||
if ( $self->conf->{sfPrefix} );
|
||||
return $self->SUPER::init();
|
||||
|
@ -109,8 +108,9 @@ sub verify {
|
|||
"Radius server replied: " . $self->radius->get_error );
|
||||
return PE_BADOTP;
|
||||
}
|
||||
|
||||
$self->logger->debug("Radius server accepted 2F credentials");
|
||||
PE_OK;
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
@ -81,12 +81,11 @@ sub run {
|
|||
elsif ( $action eq 'registration' ) {
|
||||
my ( $resp, $challenge );
|
||||
$self->logger->debug('Registration response');
|
||||
unless ($resp = $req->param('registration')
|
||||
and $challenge = $req->param('challenge') )
|
||||
{
|
||||
return $self->p->sendError( $req, 'Missing registration parameter',
|
||||
400 );
|
||||
}
|
||||
return $self->p->sendError( $req, 'Missing registration parameter',
|
||||
400 )
|
||||
unless ( $resp = $req->param('registration')
|
||||
and $challenge = $req->param('challenge') );
|
||||
|
||||
$self->logger->debug("Get registration data $resp");
|
||||
$self->logger->debug("Get challenge $challenge");
|
||||
eval { $challenge = from_json($challenge)->{challenge} };
|
||||
|
@ -168,29 +167,31 @@ sub run {
|
|||
elsif ( $action eq 'verify' ) {
|
||||
$self->logger->debug('Verification challenge req');
|
||||
my ( $err, $error ) = $self->loadUser($req);
|
||||
if ( $err == -1 ) {
|
||||
return $self->p->sendError( $req, "U2F error: $error", 200 );
|
||||
}
|
||||
elsif ( $err == 0 ) {
|
||||
return $self->p->sendError( $req, "noU2FKeyFound" );
|
||||
}
|
||||
|
||||
return $self->p->sendError( $req, "U2F error: $error", 200 )
|
||||
if ( $err == -1 );
|
||||
return $self->p->sendError( $req, "noU2FKeyFound" ) if ( $err == 0 );
|
||||
|
||||
# Get a challenge (from first key)
|
||||
my $data = eval {
|
||||
from_json( $req->data->{crypter}->[0]->authenticationChallenge );
|
||||
};
|
||||
|
||||
if ($@) {
|
||||
$self->logger->error( Crypt::U2F::Server::u2fclib_getError() );
|
||||
return $self->p->sendError( $req, "U2F error: $error", 200 );
|
||||
}
|
||||
|
||||
# Get registered keys
|
||||
my @rk;
|
||||
foreach ( @{ $req->data->{crypter} } ) {
|
||||
my $k = push @rk,
|
||||
{ keyHandle => $_->{keyHandle}, version => $data->{version} };
|
||||
}
|
||||
|
||||
# my @rk;
|
||||
# foreach ( @{ $req->data->{crypter} } ) {
|
||||
# my $k = push @rk,
|
||||
# { keyHandle => $_->{keyHandle}, version => $data->{version} };
|
||||
# }
|
||||
|
||||
my @rk =
|
||||
map { { keyHandle => $_->{keyHandle}, version => $data->{version} } }
|
||||
@{ $req->data->{crypter} };
|
||||
|
||||
# Serialize data
|
||||
$data = to_json( {
|
||||
|
@ -212,21 +213,15 @@ sub run {
|
|||
|
||||
elsif ( $action eq 'signature' ) {
|
||||
$self->logger->debug('Verification response');
|
||||
my ( $challenge, $resp );
|
||||
unless ($challenge = $req->param('challenge')
|
||||
and $resp = $req->param('signature') )
|
||||
{
|
||||
return $self->p->sendError( $req, 'Missing signature parameter',
|
||||
400 );
|
||||
}
|
||||
my ( $challenge, $resp, $crypter );
|
||||
return $self->p->sendError( $req, 'Missing signature parameter', 400 )
|
||||
unless ( $challenge = $req->param('challenge')
|
||||
and $resp = $req->param('signature') );
|
||||
|
||||
my ( $err, $error ) = $self->loadUser($req);
|
||||
if ( $err == -1 ) {
|
||||
return $self->p->sendError( $req, "U2F loading error: $error",
|
||||
500 );
|
||||
}
|
||||
elsif ( $err == 0 ) {
|
||||
return $self->p->sendError( $req, "noU2FKeyFound" );
|
||||
}
|
||||
return $self->p->sendError( $req, "U2F loading error: $error", 500 )
|
||||
if ( $err == -1 );
|
||||
return $self->p->sendError( $req, "noU2FKeyFound" ) if ( $err == 0 );
|
||||
|
||||
$self->logger->debug("Get verify response $resp");
|
||||
my $data = eval { JSON::from_json($resp) };
|
||||
|
@ -234,10 +229,15 @@ sub run {
|
|||
$self->logger->error("U2F response error: $@");
|
||||
return $self->p->sendError( $req, "U2FAnswerError" );
|
||||
}
|
||||
my $crypter;
|
||||
foreach ( @{ $req->data->{crypter} } ) {
|
||||
$crypter = $_ if ( $_->{keyHandle} eq $data->{keyHandle} );
|
||||
}
|
||||
|
||||
# my $crypter;
|
||||
# foreach ( @{ $req->data->{crypter} } ) {
|
||||
# $crypter = $_ if ( $_->{keyHandle} eq $data->{keyHandle} );
|
||||
# }
|
||||
$crypter = $_
|
||||
foreach grep { $_->{keyHandle} eq $data->{keyHandle} }
|
||||
@{ $req->data->{crypter} };
|
||||
|
||||
unless ($crypter) {
|
||||
$self->userLogger->error("Unregistered U2F key");
|
||||
return $self->p->sendError( $req, "U2FKeyUnregistered" );
|
||||
|
@ -270,7 +270,7 @@ sub run {
|
|||
|
||||
# Read existing 2FDevices
|
||||
$self->logger->debug("Looking for 2F Devices ...");
|
||||
my $_2fDevices;
|
||||
my ( $_2fDevices, $keyName );
|
||||
if ( $req->userData->{_2fDevices} ) {
|
||||
$_2fDevices = eval {
|
||||
from_json( $req->userData->{_2fDevices},
|
||||
|
@ -287,10 +287,14 @@ sub run {
|
|||
}
|
||||
|
||||
# Delete U2F device
|
||||
my $keyName;
|
||||
foreach (@$_2fDevices) {
|
||||
$keyName = $_->{name} if $_->{epoch} eq $epoch;
|
||||
}
|
||||
|
||||
# my $keyName;
|
||||
# foreach (@$_2fDevices) {
|
||||
# $keyName = $_->{name} if $_->{epoch} eq $epoch;
|
||||
# }
|
||||
|
||||
$keyName = $_->{name}
|
||||
foreach grep { $_->{epoch} eq $epoch } @$_2fDevices;
|
||||
@$_2fDevices = grep { $_->{epoch} ne $epoch } @$_2fDevices;
|
||||
$self->logger->debug(
|
||||
"Delete 2F Device : { type => 'U2F', epoch => $epoch, name => $keyName }"
|
||||
|
|
|
@ -15,7 +15,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
PE_SENDRESPONSE
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.0';
|
||||
our $VERSION = '2.0.8';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::SecondFactor',
|
||||
'Lemonldap::NG::Common::TOTP';
|
||||
|
@ -75,8 +75,7 @@ sub verify {
|
|||
return PE_FORMEMPTY;
|
||||
}
|
||||
|
||||
my $secret = '';
|
||||
my $_2fDevices;
|
||||
my ( $secret, $_2fDevices );
|
||||
if ( $session->{_2fDevices} ) {
|
||||
$self->logger->debug("Loading 2F Devices ...");
|
||||
|
||||
|
@ -88,13 +87,10 @@ sub verify {
|
|||
return PE_ERROR;
|
||||
}
|
||||
$self->logger->debug("2F Device(s) found");
|
||||
foreach (@$_2fDevices) {
|
||||
$self->logger->debug("Reading TOTP secret if exists ...");
|
||||
if ( $_->{type} eq 'TOTP' ) {
|
||||
$secret = $_->{_secret};
|
||||
last;
|
||||
}
|
||||
}
|
||||
$self->logger->debug("Reading TOTP secret if exists...");
|
||||
|
||||
$secret = $_->{_secret}
|
||||
foreach grep { $_->{type} eq 'TOTP' } @$_2fDevices;
|
||||
}
|
||||
|
||||
unless ($secret) {
|
||||
|
@ -108,8 +104,9 @@ sub verify {
|
|||
$self->conf->{totp2fDigits},
|
||||
$secret, $code
|
||||
);
|
||||
if ( $r == -1 ) { return PE_ERROR; }
|
||||
elsif ($r) {
|
||||
return PE_ERROR if ( $r == -1 );
|
||||
|
||||
if ($r) {
|
||||
$self->userLogger->info('TOTP succeed');
|
||||
return PE_OK;
|
||||
}
|
||||
|
|
|
@ -118,9 +118,7 @@ sub verify {
|
|||
if ( $req->param('signature') ) {
|
||||
$self->logger->debug('UTOTP: U2F response detected');
|
||||
my $r1 = $self->u2f->verify( $req, $session );
|
||||
if ( $r1 == PE_OK ) {
|
||||
return PE_OK;
|
||||
}
|
||||
return PE_OK if ( $r1 == PE_OK );
|
||||
}
|
||||
if ( $req->param('code') ) {
|
||||
$self->logger->debug('UTOTP: TOTP response detected');
|
||||
|
|
|
@ -15,7 +15,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
PE_SENDRESPONSE
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.6';
|
||||
our $VERSION = '2.0.8';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::SecondFactor';
|
||||
|
||||
|
@ -68,7 +68,7 @@ sub run {
|
|||
my $checkLogins = $req->param('checkLogins');
|
||||
$self->logger->debug("Yubikey checkLogins set") if ($checkLogins);
|
||||
|
||||
my $yubikey = 0;
|
||||
my $yubikey;
|
||||
if ( $req->{sessionInfo}->{_2fDevices} ) {
|
||||
$self->logger->debug("Loading 2F Devices ...");
|
||||
|
||||
|
@ -82,14 +82,10 @@ sub run {
|
|||
return PE_ERROR;
|
||||
}
|
||||
$self->logger->debug("2F Device(s) found");
|
||||
$self->logger->debug("Reading Yubikey ...");
|
||||
|
||||
foreach (@$_2fDevices) {
|
||||
$self->logger->debug("Reading Yubikey ...");
|
||||
if ( $_->{type} eq 'UBK' ) {
|
||||
$yubikey = $_->{_yubikey};
|
||||
last;
|
||||
}
|
||||
}
|
||||
$yubikey = $_->{_yubikey}
|
||||
foreach grep { $_->{type} eq 'UBK' } @$_2fDevices;
|
||||
}
|
||||
|
||||
unless ($yubikey) {
|
||||
|
@ -129,20 +125,19 @@ sub verify {
|
|||
}
|
||||
|
||||
# Verify OTP
|
||||
my $yubikey = 0;
|
||||
my $yubikey;
|
||||
my $_2fDevices = eval {
|
||||
$self->logger->debug("Looking for 2F Devices ...");
|
||||
from_json( $session->{_2fDevices}, { allow_nonref => 1 } );
|
||||
};
|
||||
|
||||
foreach (@$_2fDevices) {
|
||||
$self->logger->debug("Reading Yubikey ...");
|
||||
if ( $_->{type} eq 'UBK' ) {
|
||||
$yubikey = $_->{_yubikey};
|
||||
last;
|
||||
}
|
||||
if ($@) {
|
||||
$self->logger->error("Bad encoding in _2fDevices: $@");
|
||||
return PE_ERROR;
|
||||
}
|
||||
|
||||
$self->logger->debug("Reading Yubikey ...");
|
||||
$yubikey = $_->{_yubikey} foreach grep { $_->{type} eq 'UBK' } @$_2fDevices;
|
||||
|
||||
if (
|
||||
index( $yubikey,
|
||||
substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ) ) == -1
|
||||
|
@ -155,7 +150,7 @@ sub verify {
|
|||
$self->userLogger->warn('Yubikey verification failed');
|
||||
return PE_BADOTP;
|
||||
}
|
||||
PE_OK;
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
1
|
||||
|
|
|
@ -233,7 +233,6 @@ m%<span notif=\'testref\' epoch=\'(\d{10})\' class="btn btn-success" role="butto
|
|||
),
|
||||
'Malformed query'
|
||||
);
|
||||
$json;
|
||||
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
|
||||
or print STDERR "$@\n" . Dumper($res);
|
||||
ok( $json->{error} eq 'Missing parameter', ' Missing parameter' )
|
||||
|
|
Loading…
Reference in New Issue
Block a user