Merge branch 'master' into portal-multi-U2F-registration

2018-03-26 11:37:15 +02:00 · 2018-03-26 11:37:15 +02:00 · b088888f6c
commit b088888f6c
parent b972c8fcf8 f42763c1de
7 changed files with 42 additions and 12 deletions
--- a/2
+++ b/2
@ -637,7 +637,7 @@ install_uwsgi_server:
 	@install -v -d $(RUWSGIYAMLDIR) $(RLLNGAPPDIR)
 	@install -m 644 -v fastcgi-server/uwsgi/llng-server.yaml $(RUWSGIYAMLDIR)/llng-server.yaml
 	@install -m 644 -v $(SRCHANDLERDIR)/eg/llng-server.psgi $(RLLNGAPPDIR)/llng-server.psgi
-	$(PERL) -pi -e 's#__APPDIR__#$(LLNGAPPDIR)#' $(RUWSGIYAMLDIR)/llng-server.yaml
+	$(PERL) -pi -e 's#__APPDIR__#$(LLNGAPPDIR)#;s#__UID__#$(UWSGIUSER)#;s#__GID__#$(UWSGIGROUP)#;' $(RUWSGIYAMLDIR)/llng-server.yaml
 # Site install
--- a/e2e-tests/test-nginx.conf
+++ b/e2e-tests/test-nginx.conf
@ -18,6 +18,14 @@ server {
    # Keep original request (LLNG server will received /llauth)
    fastcgi_param X_ORIGINAL_URI  $request_uri;
    # OU TO USE uWSGI
    #include /etc/nginx/uwsgi_params;
    #uwsgi_pass 127.0.0.1:5000;
    #uwsgi_pass_request_body  off;
    #uwsgi_param CONTENT_LENGTH "";
    #uwsgi_param HOST $http_host;
    #uwsgi_param X_ORIGINAL_URI  $request_uri;
  }
  # Client requests
--- a/fastcgi-server/uwsgi/llng-server.yaml
+++ b/fastcgi-server/uwsgi/llng-server.yaml
@ -3,3 +3,5 @@ uwsgi:
        socket: 127.0.0.1:5000
        psgi: __APPDIR__/llng-server.psgi
        master: true
        uid: __UID__
        gid: __GID__
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
@ -3,7 +3,7 @@
 # 2FA engine provides 3 functions and 1 interface:
 #  - init()
 #  - run($req): called during auth process after session populating
-#  - dysplay2fRegisters($req, $session): indicates if a 2F registration is
+#  - display2fRegisters($req, $session): indicates if a 2F registration is
 #                                        available for this user
 #  - /2fregisters: the URL path that displays 2F registration menu
@ -164,11 +164,11 @@ sub run {
    return PE_SENDRESPONSE;
 }
-# bool public dysplay2fRegisters($req, $session)
+# bool public display2fRegisters($req, $session)
 #
 # Return true if at least 1 register module is available for this user. Used
 # by Menu to display or not /2fregisters page
-sub dysplay2fRegisters {
+sub display2fRegisters {
    my($self,$req,$session) = @_;
    foreach my $m ( @{ $self->sfRModules } ) {
        return 1 if ( $m->{r}->( $req, $session) );
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm
@ -5,7 +5,6 @@ use Mouse;
 use Lemonldap::NG::Portal::Main::Constants qw(
  PE_FORMEMPTY
  PE_ERROR
  PE_OK
 );
 our $VERSION = '2.0.0';
@ -36,17 +35,36 @@ sub run {
        if ( $otp and length($otp) > 12 ) {
            my $keys = $req->userData->{_yubikeys} || '';
            $keys .= ( $keys ? ', ' : '' )
-              . substr( $otp, 0, $self->conf->{yubikeyPublicIDSize} );
+              . substr( $otp, 0, $self->conf->{yubikey2fPublicIDSize} );
            $self->p->updatePersistentSession( $req, { _yubikeys => $keys } );
            return $self->p->sendHtml(
                $req, 'error',
                params => {
                    RAW_ERROR      => 'yourKeyIsRegistered',
                    AUTH_ERROR_TYPE => 'positive',
                }
            );
        }
        else {
            $self->userLogger->error('Yubikey 2F: no code');
-            return PE_FORMEMPTY;
+            return $self->p->sendHtml(
                $req, 'error',
                params => {
                    AUTH_ERROR      => PE_FORMEMPTY,
                    AUTH_ERROR_TYPE => 'positive',
                }
            );
        }
    }
    else {
        $self->userLogger->error("Unknown Yubikey action $action");
-        return PE_ERROR;
+        return $self->p->sendHtml(
            $req, 'error',
            params => {
                AUTH_ERROR      => PE_ERROR,
                AUTH_ERROR_TYPE => 'positive',
            }
        );
    }
 }
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
@ -36,8 +36,7 @@ sub init {
    unless ($self->conf->{yubikey2fClientID}
        and $self->conf->{yubikey2fSecretKey} )
    {
-        $self->logger->error(
+        $self->error('Missing mandatory parameters (Client ID and secret key)');
            "Missing mandatory parameters (Client ID and secret key)");
        return 0;
    }
    $self->conf->{yubikey2fPublicIDSize} ||= 12;
@ -92,8 +91,8 @@ sub verify {
    # Verify OTP
    if (
-        index( substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ),
+        index( $session->{_yubikeys},
-            $session->{_yubikeys} ) == -1
+            substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ) ) == -1
      )
    {
        $self->userLogger->warn('Yubikey not registered');
--- a/lemonldap-ng-portal/site/templates/bootstrap/error.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/error.tpl
@ -3,6 +3,9 @@
  <TMPL_IF AUTH_ERROR>
    <div class="message message-<TMPL_VAR NAME="AUTH_ERROR_TYPE"> alert"><span trmsg="<TMPL_VAR NAME="AUTH_ERROR">"></span></div>
  </TMPL_IF>
  <TMPL_IF RAW_ERROR>
    <div class="message message-<TMPL_VAR NAME="AUTH_ERROR_TYPE"> alert"><span trspan="<TMPL_VAR NAME="RAW_ERROR">"></span></div>
  </TMPL_IF>
  <TMPL_IF ERROR403>
    <div class="message message-negative alert">
      <span trspan="accessDenied">You have no access authorization for this application</span>