Merge branch 'master' into portal-multi-U2F-registration
This commit is contained in:
Christophe Maudoux
commit
b0d5d14f52
2
Makefile
2
Makefile
|
|
@ -637,7 +637,7 @@ install_uwsgi_server:
|
|||
@install -v -d $(RUWSGIYAMLDIR) $(RLLNGAPPDIR)
|
||||
@install -m 644 -v fastcgi-server/uwsgi/llng-server.yaml $(RUWSGIYAMLDIR)/llng-server.yaml
|
||||
@install -m 644 -v $(SRCHANDLERDIR)/eg/llng-server.psgi $(RLLNGAPPDIR)/llng-server.psgi
|
||||
$(PERL) -pi -e 's#__APPDIR__#$(LLNGAPPDIR)#' $(RUWSGIYAMLDIR)/llng-server.yaml
|
||||
$(PERL) -pi -e 's#__APPDIR__#$(LLNGAPPDIR)#;s#__UID__#$(UWSGIUSER)#;s#__GID__#$(UWSGIGROUP)#;' $(RUWSGIYAMLDIR)/llng-server.yaml
|
||||
|
||||
# Site install
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,14 @@ server {
|
|||
|
||||
# Keep original request (LLNG server will received /llauth)
|
||||
fastcgi_param X_ORIGINAL_URI $request_uri;
|
||||
|
||||
# OU TO USE uWSGI
|
||||
#include /etc/nginx/uwsgi_params;
|
||||
#uwsgi_pass 127.0.0.1:5000;
|
||||
#uwsgi_pass_request_body off;
|
||||
#uwsgi_param CONTENT_LENGTH "";
|
||||
#uwsgi_param HOST $http_host;
|
||||
#uwsgi_param X_ORIGINAL_URI $request_uri;
|
||||
}
|
||||
|
||||
# Client requests
|
||||
|
|
|
|||
|
|
@ -3,3 +3,5 @@ uwsgi:
|
|||
socket: 127.0.0.1:5000
|
||||
psgi: __APPDIR__/llng-server.psgi
|
||||
master: true
|
||||
uid: __UID__
|
||||
gid: __GID__
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
# 2FA engine provides 3 functions and 1 interface:
|
||||
# - init()
|
||||
# - run($req): called during auth process after session populating
|
||||
# - dysplay2fRegisters($req, $session): indicates if a 2F registration is
|
||||
# - display2fRegisters($req, $session): indicates if a 2F registration is
|
||||
# available for this user
|
||||
# - /2fregisters: the URL path that displays 2F registration menu
|
||||
|
||||
|
|
@ -164,11 +164,11 @@ sub run {
|
|||
return PE_SENDRESPONSE;
|
||||
}
|
||||
|
||||
# bool public dysplay2fRegisters($req, $session)
|
||||
# bool public display2fRegisters($req, $session)
|
||||
#
|
||||
# Return true if at least 1 register module is available for this user. Used
|
||||
# by Menu to display or not /2fregisters page
|
||||
sub dysplay2fRegisters {
|
||||
sub display2fRegisters {
|
||||
my($self,$req,$session) = @_;
|
||||
foreach my $m ( @{ $self->sfRModules } ) {
|
||||
return 1 if ( $m->{r}->( $req, $session) );
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ use Mouse;
|
|||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_FORMEMPTY
|
||||
PE_ERROR
|
||||
PE_OK
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.0';
|
||||
|
|
@ -36,17 +35,36 @@ sub run {
|
|||
if ( $otp and length($otp) > 12 ) {
|
||||
my $keys = $req->userData->{_yubikeys} || '';
|
||||
$keys .= ( $keys ? ', ' : '' )
|
||||
. substr( $otp, 0, $self->conf->{yubikeyPublicIDSize} );
|
||||
. substr( $otp, 0, $self->conf->{yubikey2fPublicIDSize} );
|
||||
$self->p->updatePersistentSession( $req, { _yubikeys => $keys } );
|
||||
return $self->p->sendHtml(
|
||||
$req, 'error',
|
||||
params => {
|
||||
RAW_ERROR => 'yourKeyIsRegistered',
|
||||
AUTH_ERROR_TYPE => 'positive',
|
||||
}
|
||||
);
|
||||
}
|
||||
else {
|
||||
$self->userLogger->error('Yubikey 2F: no code');
|
||||
return PE_FORMEMPTY;
|
||||
return $self->p->sendHtml(
|
||||
$req, 'error',
|
||||
params => {
|
||||
AUTH_ERROR => PE_FORMEMPTY,
|
||||
AUTH_ERROR_TYPE => 'positive',
|
||||
}
|
||||
);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$self->userLogger->error("Unknown Yubikey action $action");
|
||||
return PE_ERROR;
|
||||
return $self->p->sendHtml(
|
||||
$req, 'error',
|
||||
params => {
|
||||
AUTH_ERROR => PE_ERROR,
|
||||
AUTH_ERROR_TYPE => 'positive',
|
||||
}
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -36,8 +36,7 @@ sub init {
|
|||
unless ($self->conf->{yubikey2fClientID}
|
||||
and $self->conf->{yubikey2fSecretKey} )
|
||||
{
|
||||
$self->logger->error(
|
||||
"Missing mandatory parameters (Client ID and secret key)");
|
||||
$self->error('Missing mandatory parameters (Client ID and secret key)');
|
||||
return 0;
|
||||
}
|
||||
$self->conf->{yubikey2fPublicIDSize} ||= 12;
|
||||
|
|
@ -92,8 +91,8 @@ sub verify {
|
|||
|
||||
# Verify OTP
|
||||
if (
|
||||
index( substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ),
|
||||
$session->{_yubikeys} ) == -1
|
||||
index( $session->{_yubikeys},
|
||||
substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ) ) == -1
|
||||
)
|
||||
{
|
||||
$self->userLogger->warn('Yubikey not registered');
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@
|
|||
<TMPL_IF AUTH_ERROR>
|
||||
<div class="message message-<TMPL_VAR NAME="AUTH_ERROR_TYPE"> alert"><span trmsg="<TMPL_VAR NAME="AUTH_ERROR">"></span></div>
|
||||
</TMPL_IF>
|
||||
<TMPL_IF RAW_ERROR>
|
||||
<div class="message message-<TMPL_VAR NAME="AUTH_ERROR_TYPE"> alert"><span trspan="<TMPL_VAR NAME="RAW_ERROR">"></span></div>
|
||||
</TMPL_IF>
|
||||
<TMPL_IF ERROR403>
|
||||
<div class="message message-negative alert">
|
||||
<span trspan="accessDenied">You have no access authorization for this application</span>
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user