diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm index 8ed490789..627ad2c51 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm @@ -178,9 +178,8 @@ sub defaultValues { 'portalDisplayOidcConsents' => '$_oidcConnectedRP', 'portalDisplayRegister' => 1, 'portalErrorOnExpiredSession' => 1, + 'portalForceAuthn' => 1, 'portalForceAuthnInterval' => 5, - 'portalForceReAuthn' => 1, - 'portalForceReAuthnTempo' => 300, 'portalPingInterval' => 60000, 'portalRequireOldPassword' => 1, 'portalSkin' => 'bootstrap', diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index cba1ccff2..72aa5ba0d 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -2165,16 +2165,12 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.] 'default' => 0, 'type' => 'bool' }, - 'portalForceAuthnInterval' => { - 'default' => 5, - 'type' => 'int' - }, - 'portalForceReAuthn' => { + 'portalForceAuthn' => { 'default' => 1, 'type' => 'bool' }, - 'portalForceReAuthnTempo' => { - 'default' => 300, + 'portalForceAuthnInterval' => { + 'default' => 5, 'type' => 'int' }, 'portalOpenLinkInNewWindow' => { diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index 52e490702..292a11f0e 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -556,16 +556,17 @@ sub attributes { type => 'bool', documentation => 'Check XSS', }, - portalForceReAuthn => { - default => 1, - type => 'bool', - documentation => 'Enable force reAuthentification to access to Portal', + portalForceAuthn => { + default => 1, + type => 'bool', + documentation => + 'Enable force to authenticate when displaying portal', }, - portalForceReAuthnTempo => { - default => 300, + portalForceAuthnInterval => { + default => 5, type => 'int', documentation => - 'Portal force reAuthentification -> Tempo before try again', + 'Maximun interval in seconds since last authentifcation to force reauthentication', }, bruteForceProtection => { default => 1, @@ -2121,9 +2122,7 @@ sub attributes { type => 'bool', default => 0, }, - samlIDPMetaDataOptionsUserAttribute => { - type => 'text', - }, + samlIDPMetaDataOptionsUserAttribute => { type => 'text', }, # SP keys samlSPMetaDataExportedAttributes => { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm index f2a0750ba..31d3ed142 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm @@ -92,7 +92,7 @@ use constant { PE_UNAUTHORIZEDPARTNER => 84, PE_RENEWSESSION => 85, PE_WAIT => 86, - PE_MUSTREAUTHN => 87, + PE_MUSTAUTHN => 87, }; # EXPORTER PARAMETERS @@ -118,7 +118,7 @@ our @EXPORT_OK = qw( PE_SENDRESPONSE PE_INFO PE_REDIRECT PE_DONE PE_OK PE_RADIUSCONNECTFAILED PE_MUST_SUPPLY_OLD_PASSWORD PE_FORBIDDENIP PE_CAPTCHAERROR PE_CAPTCHAEMPTY PE_REGISTERFIRSTACCESS PE_REGISTERFORMEMPTY PE_REGISTERALREADYEXISTS PE_NOTOKEN PE_TOKENEXPIRED HANDLER PE_U2FFAILED - PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE PE_WAIT PE_MUSTREAUTHN + PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE PE_WAIT PE_MUSTAUTHN ); our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], ); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm index dc6dfcdfc..01b97140b 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm @@ -24,7 +24,7 @@ our @pList = ( upgradeSession => '::Plugins::Upgrade', autoSigninRules => '::Plugins::AutoSignin', checkState => '::Plugins::CheckState', - portalForceReAuthn => '::Plugins::PortalForceReAuthn', + portalForceAuthn => '::Plugins::PortalForceAuthn', ); ##@method list enabledPlugins diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/PortalForceReAuthn.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/PortalForceAuthn.pm similarity index 87% rename from lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/PortalForceReAuthn.pm rename to lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/PortalForceAuthn.pm index 504fc527f..ab13bf0e4 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/PortalForceReAuthn.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/PortalForceAuthn.pm @@ -1,4 +1,4 @@ -package Lemonldap::NG::Portal::Plugins::PortalForceReAuthn; +package Lemonldap::NG::Portal::Plugins::PortalForceAuthn; use Data::Dumper; use strict; @@ -26,7 +26,7 @@ sub run { if ( $req->env->{HTTP_HOST} and $portalURL =~ qr#\Q$HTTP_HOST# ) { my $delta = time() - $req->{sessionInfo}->{_utime}; $self->logger->debug( "Delta with last Authn -> " . $delta ); - $delta <= $self->conf->{portalForceReAuthnTempo} + $delta <= $self->conf->{portalForceAuthnInterval} ? return PE_OK : return PE_MUSTREAUTHN; }