diff --git a/Makefile b/Makefile
index 732dd1e2f..2c7110355 100644
--- a/Makefile
+++ b/Makefile
@@ -637,7 +637,7 @@ install_uwsgi_server:
@install -v -d $(RUWSGIYAMLDIR) $(RLLNGAPPDIR)
@install -m 644 -v fastcgi-server/uwsgi/llng-server.yaml $(RUWSGIYAMLDIR)/llng-server.yaml
@install -m 644 -v $(SRCHANDLERDIR)/eg/llng-server.psgi $(RLLNGAPPDIR)/llng-server.psgi
- $(PERL) -pi -e 's#__APPDIR__#$(LLNGAPPDIR)#' $(RUWSGIYAMLDIR)/llng-server.yaml
+ $(PERL) -pi -e 's#__APPDIR__#$(LLNGAPPDIR)#;s#__UID__#$(UWSGIUSER)#;s#__GID__#$(UWSGIGROUP)#;' $(RUWSGIYAMLDIR)/llng-server.yaml
# Site install
diff --git a/e2e-tests/test-nginx.conf b/e2e-tests/test-nginx.conf
index f26865242..2995defdf 100644
--- a/e2e-tests/test-nginx.conf
+++ b/e2e-tests/test-nginx.conf
@@ -18,6 +18,14 @@ server {
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
+
+ # OU TO USE uWSGI
+ #include /etc/nginx/uwsgi_params;
+ #uwsgi_pass 127.0.0.1:5000;
+ #uwsgi_pass_request_body off;
+ #uwsgi_param CONTENT_LENGTH "";
+ #uwsgi_param HOST $http_host;
+ #uwsgi_param X_ORIGINAL_URI $request_uri;
}
# Client requests
diff --git a/fastcgi-server/uwsgi/llng-server.yaml b/fastcgi-server/uwsgi/llng-server.yaml
index ea1a4c4ea..84079a31f 100644
--- a/fastcgi-server/uwsgi/llng-server.yaml
+++ b/fastcgi-server/uwsgi/llng-server.yaml
@@ -3,3 +3,5 @@ uwsgi:
socket: 127.0.0.1:5000
psgi: __APPDIR__/llng-server.psgi
master: true
+ uid: __UID__
+ gid: __GID__
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
index b4ed3f2b0..4458fc8e7 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
@@ -3,7 +3,7 @@
# 2FA engine provides 3 functions and 1 interface:
# - init()
# - run($req): called during auth process after session populating
-# - dysplay2fRegisters($req, $session): indicates if a 2F registration is
+# - display2fRegisters($req, $session): indicates if a 2F registration is
# available for this user
# - /2fregisters: the URL path that displays 2F registration menu
@@ -164,11 +164,11 @@ sub run {
return PE_SENDRESPONSE;
}
-# bool public dysplay2fRegisters($req, $session)
+# bool public display2fRegisters($req, $session)
#
# Return true if at least 1 register module is available for this user. Used
# by Menu to display or not /2fregisters page
-sub dysplay2fRegisters {
+sub display2fRegisters {
my($self,$req,$session) = @_;
foreach my $m ( @{ $self->sfRModules } ) {
return 1 if ( $m->{r}->( $req, $session) );
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm
index ba14a97a9..e53bb8d6d 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm
@@ -5,7 +5,6 @@ use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_FORMEMPTY
PE_ERROR
- PE_OK
);
our $VERSION = '2.0.0';
@@ -36,17 +35,36 @@ sub run {
if ( $otp and length($otp) > 12 ) {
my $keys = $req->userData->{_yubikeys} || '';
$keys .= ( $keys ? ', ' : '' )
- . substr( $otp, 0, $self->conf->{yubikeyPublicIDSize} );
+ . substr( $otp, 0, $self->conf->{yubikey2fPublicIDSize} );
$self->p->updatePersistentSession( $req, { _yubikeys => $keys } );
+ return $self->p->sendHtml(
+ $req, 'error',
+ params => {
+ RAW_ERROR => 'yourKeyIsRegistered',
+ AUTH_ERROR_TYPE => 'positive',
+ }
+ );
}
else {
$self->userLogger->error('Yubikey 2F: no code');
- return PE_FORMEMPTY;
+ return $self->p->sendHtml(
+ $req, 'error',
+ params => {
+ AUTH_ERROR => PE_FORMEMPTY,
+ AUTH_ERROR_TYPE => 'positive',
+ }
+ );
}
}
else {
$self->userLogger->error("Unknown Yubikey action $action");
- return PE_ERROR;
+ return $self->p->sendHtml(
+ $req, 'error',
+ params => {
+ AUTH_ERROR => PE_ERROR,
+ AUTH_ERROR_TYPE => 'positive',
+ }
+ );
}
}
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
index c26da7013..53460eae0 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
@@ -36,8 +36,7 @@ sub init {
unless ($self->conf->{yubikey2fClientID}
and $self->conf->{yubikey2fSecretKey} )
{
- $self->logger->error(
- "Missing mandatory parameters (Client ID and secret key)");
+ $self->error('Missing mandatory parameters (Client ID and secret key)');
return 0;
}
$self->conf->{yubikey2fPublicIDSize} ||= 12;
@@ -92,8 +91,8 @@ sub verify {
# Verify OTP
if (
- index( substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ),
- $session->{_yubikeys} ) == -1
+ index( $session->{_yubikeys},
+ substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ) ) == -1
)
{
$self->userLogger->warn('Yubikey not registered');
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/error.tpl b/lemonldap-ng-portal/site/templates/bootstrap/error.tpl
index b79b4a652..b079edfd7 100644
--- a/lemonldap-ng-portal/site/templates/bootstrap/error.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/error.tpl
@@ -3,6 +3,9 @@
alert">">
+
+ alert">">
+
You have no access authorization for this application