Merge branch 'master' into portal-multi-U2F-registration
This commit is contained in:
commit
b088888f6c
2
Makefile
2
Makefile
@ -637,7 +637,7 @@ install_uwsgi_server:
|
|||||||
@install -v -d $(RUWSGIYAMLDIR) $(RLLNGAPPDIR)
|
@install -v -d $(RUWSGIYAMLDIR) $(RLLNGAPPDIR)
|
||||||
@install -m 644 -v fastcgi-server/uwsgi/llng-server.yaml $(RUWSGIYAMLDIR)/llng-server.yaml
|
@install -m 644 -v fastcgi-server/uwsgi/llng-server.yaml $(RUWSGIYAMLDIR)/llng-server.yaml
|
||||||
@install -m 644 -v $(SRCHANDLERDIR)/eg/llng-server.psgi $(RLLNGAPPDIR)/llng-server.psgi
|
@install -m 644 -v $(SRCHANDLERDIR)/eg/llng-server.psgi $(RLLNGAPPDIR)/llng-server.psgi
|
||||||
$(PERL) -pi -e 's#__APPDIR__#$(LLNGAPPDIR)#' $(RUWSGIYAMLDIR)/llng-server.yaml
|
$(PERL) -pi -e 's#__APPDIR__#$(LLNGAPPDIR)#;s#__UID__#$(UWSGIUSER)#;s#__GID__#$(UWSGIGROUP)#;' $(RUWSGIYAMLDIR)/llng-server.yaml
|
||||||
|
|
||||||
# Site install
|
# Site install
|
||||||
|
|
||||||
|
@ -18,6 +18,14 @@ server {
|
|||||||
|
|
||||||
# Keep original request (LLNG server will received /llauth)
|
# Keep original request (LLNG server will received /llauth)
|
||||||
fastcgi_param X_ORIGINAL_URI $request_uri;
|
fastcgi_param X_ORIGINAL_URI $request_uri;
|
||||||
|
|
||||||
|
# OU TO USE uWSGI
|
||||||
|
#include /etc/nginx/uwsgi_params;
|
||||||
|
#uwsgi_pass 127.0.0.1:5000;
|
||||||
|
#uwsgi_pass_request_body off;
|
||||||
|
#uwsgi_param CONTENT_LENGTH "";
|
||||||
|
#uwsgi_param HOST $http_host;
|
||||||
|
#uwsgi_param X_ORIGINAL_URI $request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Client requests
|
# Client requests
|
||||||
|
@ -3,3 +3,5 @@ uwsgi:
|
|||||||
socket: 127.0.0.1:5000
|
socket: 127.0.0.1:5000
|
||||||
psgi: __APPDIR__/llng-server.psgi
|
psgi: __APPDIR__/llng-server.psgi
|
||||||
master: true
|
master: true
|
||||||
|
uid: __UID__
|
||||||
|
gid: __GID__
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
# 2FA engine provides 3 functions and 1 interface:
|
# 2FA engine provides 3 functions and 1 interface:
|
||||||
# - init()
|
# - init()
|
||||||
# - run($req): called during auth process after session populating
|
# - run($req): called during auth process after session populating
|
||||||
# - dysplay2fRegisters($req, $session): indicates if a 2F registration is
|
# - display2fRegisters($req, $session): indicates if a 2F registration is
|
||||||
# available for this user
|
# available for this user
|
||||||
# - /2fregisters: the URL path that displays 2F registration menu
|
# - /2fregisters: the URL path that displays 2F registration menu
|
||||||
|
|
||||||
@ -164,11 +164,11 @@ sub run {
|
|||||||
return PE_SENDRESPONSE;
|
return PE_SENDRESPONSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
# bool public dysplay2fRegisters($req, $session)
|
# bool public display2fRegisters($req, $session)
|
||||||
#
|
#
|
||||||
# Return true if at least 1 register module is available for this user. Used
|
# Return true if at least 1 register module is available for this user. Used
|
||||||
# by Menu to display or not /2fregisters page
|
# by Menu to display or not /2fregisters page
|
||||||
sub dysplay2fRegisters {
|
sub display2fRegisters {
|
||||||
my($self,$req,$session) = @_;
|
my($self,$req,$session) = @_;
|
||||||
foreach my $m ( @{ $self->sfRModules } ) {
|
foreach my $m ( @{ $self->sfRModules } ) {
|
||||||
return 1 if ( $m->{r}->( $req, $session) );
|
return 1 if ( $m->{r}->( $req, $session) );
|
||||||
|
@ -5,7 +5,6 @@ use Mouse;
|
|||||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||||
PE_FORMEMPTY
|
PE_FORMEMPTY
|
||||||
PE_ERROR
|
PE_ERROR
|
||||||
PE_OK
|
|
||||||
);
|
);
|
||||||
|
|
||||||
our $VERSION = '2.0.0';
|
our $VERSION = '2.0.0';
|
||||||
@ -36,17 +35,36 @@ sub run {
|
|||||||
if ( $otp and length($otp) > 12 ) {
|
if ( $otp and length($otp) > 12 ) {
|
||||||
my $keys = $req->userData->{_yubikeys} || '';
|
my $keys = $req->userData->{_yubikeys} || '';
|
||||||
$keys .= ( $keys ? ', ' : '' )
|
$keys .= ( $keys ? ', ' : '' )
|
||||||
. substr( $otp, 0, $self->conf->{yubikeyPublicIDSize} );
|
. substr( $otp, 0, $self->conf->{yubikey2fPublicIDSize} );
|
||||||
$self->p->updatePersistentSession( $req, { _yubikeys => $keys } );
|
$self->p->updatePersistentSession( $req, { _yubikeys => $keys } );
|
||||||
|
return $self->p->sendHtml(
|
||||||
|
$req, 'error',
|
||||||
|
params => {
|
||||||
|
RAW_ERROR => 'yourKeyIsRegistered',
|
||||||
|
AUTH_ERROR_TYPE => 'positive',
|
||||||
|
}
|
||||||
|
);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->userLogger->error('Yubikey 2F: no code');
|
$self->userLogger->error('Yubikey 2F: no code');
|
||||||
return PE_FORMEMPTY;
|
return $self->p->sendHtml(
|
||||||
|
$req, 'error',
|
||||||
|
params => {
|
||||||
|
AUTH_ERROR => PE_FORMEMPTY,
|
||||||
|
AUTH_ERROR_TYPE => 'positive',
|
||||||
|
}
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->userLogger->error("Unknown Yubikey action $action");
|
$self->userLogger->error("Unknown Yubikey action $action");
|
||||||
return PE_ERROR;
|
return $self->p->sendHtml(
|
||||||
|
$req, 'error',
|
||||||
|
params => {
|
||||||
|
AUTH_ERROR => PE_ERROR,
|
||||||
|
AUTH_ERROR_TYPE => 'positive',
|
||||||
|
}
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -36,8 +36,7 @@ sub init {
|
|||||||
unless ($self->conf->{yubikey2fClientID}
|
unless ($self->conf->{yubikey2fClientID}
|
||||||
and $self->conf->{yubikey2fSecretKey} )
|
and $self->conf->{yubikey2fSecretKey} )
|
||||||
{
|
{
|
||||||
$self->logger->error(
|
$self->error('Missing mandatory parameters (Client ID and secret key)');
|
||||||
"Missing mandatory parameters (Client ID and secret key)");
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
$self->conf->{yubikey2fPublicIDSize} ||= 12;
|
$self->conf->{yubikey2fPublicIDSize} ||= 12;
|
||||||
@ -92,8 +91,8 @@ sub verify {
|
|||||||
|
|
||||||
# Verify OTP
|
# Verify OTP
|
||||||
if (
|
if (
|
||||||
index( substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ),
|
index( $session->{_yubikeys},
|
||||||
$session->{_yubikeys} ) == -1
|
substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ) ) == -1
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
$self->userLogger->warn('Yubikey not registered');
|
$self->userLogger->warn('Yubikey not registered');
|
||||||
|
@ -3,6 +3,9 @@
|
|||||||
<TMPL_IF AUTH_ERROR>
|
<TMPL_IF AUTH_ERROR>
|
||||||
<div class="message message-<TMPL_VAR NAME="AUTH_ERROR_TYPE"> alert"><span trmsg="<TMPL_VAR NAME="AUTH_ERROR">"></span></div>
|
<div class="message message-<TMPL_VAR NAME="AUTH_ERROR_TYPE"> alert"><span trmsg="<TMPL_VAR NAME="AUTH_ERROR">"></span></div>
|
||||||
</TMPL_IF>
|
</TMPL_IF>
|
||||||
|
<TMPL_IF RAW_ERROR>
|
||||||
|
<div class="message message-<TMPL_VAR NAME="AUTH_ERROR_TYPE"> alert"><span trspan="<TMPL_VAR NAME="RAW_ERROR">"></span></div>
|
||||||
|
</TMPL_IF>
|
||||||
<TMPL_IF ERROR403>
|
<TMPL_IF ERROR403>
|
||||||
<div class="message message-negative alert">
|
<div class="message message-negative alert">
|
||||||
<span trspan="accessDenied">You have no access authorization for this application</span>
|
<span trspan="accessDenied">You have no access authorization for this application</span>
|
||||||
|
Loading…
Reference in New Issue
Block a user