Change portal error code on 2F failure (#2008)
This commit is contained in:
Maxime Besson
parent
2c6e33e085
commit
bedcf20806
|
|
@ -98,7 +98,8 @@ sub portalConsts {
|
|||
'92' => 'PE_GET_SERVICE_NOT_ALLOWED',
|
||||
'93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED',
|
||||
'94' => 'PE_ISSUERMISSINGREQATTR',
|
||||
'95' => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED'
|
||||
'95' => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED',
|
||||
'96' => 'PE_BADOTP'
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -102,7 +102,8 @@ sub portalConstants {
|
|||
PE_GET_SERVICE_NOT_ALLOWED => 92,
|
||||
PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93,
|
||||
PE_ISSUERMISSINGREQATTR => 94,
|
||||
PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED => 95
|
||||
PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED => 95,
|
||||
PE_BADOTP => 96
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ package Lemonldap::NG::Portal::2F::Ext2F;
|
|||
use strict;
|
||||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_BADCREDENTIALS
|
||||
PE_BADOTP
|
||||
PE_ERROR
|
||||
PE_FORMEMPTY
|
||||
PE_OK
|
||||
|
|
@ -119,7 +119,7 @@ sub verify {
|
|||
$self->userLogger->warn( 'Second factor failed for '
|
||||
. $session->{ $self->conf->{whatToTrace} } );
|
||||
$self->logger->error("External verify command failed (code $c)");
|
||||
return PE_BADCREDENTIALS;
|
||||
return PE_BADOTP;
|
||||
}
|
||||
return PE_OK;
|
||||
}
|
||||
|
|
@ -136,7 +136,7 @@ sub verify {
|
|||
|
||||
$self->userLogger->warn( 'Second factor failed for '
|
||||
. $session->{ $self->conf->{whatToTrace} } );
|
||||
return PE_BADCREDENTIALS;
|
||||
return PE_BADOTP;
|
||||
}
|
||||
|
||||
# system() is used with an array to avoid shell injection
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ package Lemonldap::NG::Portal::2F::Mail2F;
|
|||
use strict;
|
||||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_BADCREDENTIALS
|
||||
PE_BADOTP
|
||||
PE_ERROR
|
||||
PE_FORMEMPTY
|
||||
PE_OK
|
||||
|
|
@ -147,7 +147,7 @@ sub verify {
|
|||
|
||||
$self->userLogger->warn( 'Second factor failed for '
|
||||
. $session->{ $self->conf->{whatToTrace} } );
|
||||
return PE_BADCREDENTIALS;
|
||||
return PE_BADOTP;
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ package Lemonldap::NG::Portal::2F::REST;
|
|||
use strict;
|
||||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_BADCREDENTIALS
|
||||
PE_BADOTP
|
||||
PE_ERROR
|
||||
PE_FORMEMPTY
|
||||
PE_OK
|
||||
|
|
@ -139,7 +139,7 @@ sub verify {
|
|||
unless ( $res->{result} ) {
|
||||
$self->userLogger->warn( 'REST Second factor failed for '
|
||||
. $session->{ $self->conf->{whatToTrace} } );
|
||||
return PE_BADCREDENTIALS;
|
||||
return PE_BADOTP;
|
||||
}
|
||||
PE_OK;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ package Lemonldap::NG::Portal::2F::Radius;
|
|||
use strict;
|
||||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_BADCREDENTIALS
|
||||
PE_BADOTP
|
||||
PE_ERROR
|
||||
PE_MALFORMEDUSER
|
||||
PE_OK
|
||||
|
|
@ -107,7 +107,7 @@ sub verify {
|
|||
. $session->{ $self->conf->{whatToTrace} } );
|
||||
$self->logger->warn(
|
||||
"Radius server replied: " . $self->radius->get_error );
|
||||
return PE_BADCREDENTIALS;
|
||||
return PE_BADOTP;
|
||||
}
|
||||
$self->logger->debug("Radius server accepted 2F credentials");
|
||||
PE_OK;
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ use strict;
|
|||
use Mouse;
|
||||
use JSON qw(from_json to_json);
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_BADCREDENTIALS
|
||||
PE_BADOTP
|
||||
PE_ERROR
|
||||
PE_FORMEMPTY
|
||||
PE_OK
|
||||
|
|
@ -99,7 +99,7 @@ sub verify {
|
|||
|
||||
unless ($secret) {
|
||||
$self->logger->debug("No TOTP secret found");
|
||||
return PE_BADCREDENTIALS;
|
||||
return PE_BADOTP;
|
||||
}
|
||||
|
||||
my $r = $self->verifyCode(
|
||||
|
|
@ -117,7 +117,7 @@ sub verify {
|
|||
$self->userLogger->notice( 'Invalid TOTP for '
|
||||
. $session->{ $self->conf->{whatToTrace} }
|
||||
. ')' );
|
||||
return PE_BADCREDENTIALS;
|
||||
return PE_BADOTP;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ use Mouse;
|
|||
use JSON qw(from_json to_json);
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_ERROR
|
||||
PE_BADCREDENTIALS
|
||||
PE_BADOTP
|
||||
PE_FORMEMPTY
|
||||
PE_OK
|
||||
PE_SENDRESPONSE
|
||||
|
|
@ -96,7 +96,7 @@ sub run {
|
|||
$self->userLogger->warn( 'User '
|
||||
. $req->{sessionInfo}->{ $self->conf->{whatToTrace} }
|
||||
. ' has no Yubikey registered' );
|
||||
return PE_BADCREDENTIALS;
|
||||
return PE_BADOTP;
|
||||
}
|
||||
$self->logger->debug("Found Yubikey : $yubikey");
|
||||
|
||||
|
|
@ -149,11 +149,11 @@ sub verify {
|
|||
)
|
||||
{
|
||||
$self->userLogger->warn('Yubikey not registered');
|
||||
return PE_BADCREDENTIALS;
|
||||
return PE_BADOTP;
|
||||
}
|
||||
if ( $self->yubi->otp($code) ne 'OK' ) {
|
||||
$self->userLogger->warn('Yubikey verification failed');
|
||||
return PE_BADCREDENTIALS;
|
||||
return PE_BADOTP;
|
||||
}
|
||||
PE_OK;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -99,6 +99,7 @@ use constant {
|
|||
PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93,
|
||||
PE_ISSUERMISSINGREQATTR => 94,
|
||||
PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED => 95,
|
||||
PE_BADOTP => 96,
|
||||
};
|
||||
|
||||
sub portalConsts {
|
||||
|
|
@ -193,7 +194,8 @@ sub portalConsts {
|
|||
'92' => 'PE_GET_SERVICE_NOT_ALLOWED',
|
||||
'93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED',
|
||||
'94' => 'PE_ISSUERMISSINGREQATTR',
|
||||
'95' => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED'
|
||||
'95' => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED',
|
||||
'96' => 'PE_BADOTP'
|
||||
};
|
||||
|
||||
}
|
||||
|
|
@ -292,7 +294,8 @@ our @EXPORT_OK = (
|
|||
'PE_GET_SERVICE_NOT_ALLOWED',
|
||||
'PE_IMPERSONATION_SERVICE_NOT_ALLOWED',
|
||||
'PE_ISSUERMISSINGREQATTR',
|
||||
'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED'
|
||||
'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED',
|
||||
'PE_BADOTP'
|
||||
);
|
||||
our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );
|
||||
|
||||
|
|
|
|||
|
|
@ -237,7 +237,7 @@ sub do {
|
|||
}
|
||||
|
||||
# Remove userData if authentication fails
|
||||
if ( $err == PE_BADCREDENTIALS ) {
|
||||
if ( $err == PE_BADCREDENTIALS or $err == PE_BADOTP) {
|
||||
$req->userData( {} );
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -85,6 +85,7 @@
|
|||
"PE93":"Access not granted on IMPERSONATION service",
|
||||
"PE94":"A required attribute is not available",
|
||||
"PE95":"Access not granted on DECRYPT service",
|
||||
"PE96":"بيانات الإعتماد خاطئة",
|
||||
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
||||
"accept":"قبول",
|
||||
"accessDenied":"ليس لديك إذن بالدخول لهذا التطبيق",
|
||||
|
|
|
|||
|
|
@ -85,6 +85,7 @@
|
|||
"PE93":"Access not granted on IMPERSONATION service",
|
||||
"PE94":"A required attribute is not available",
|
||||
"PE95":"Access not granted on DECRYPT service",
|
||||
"PE96":"Benutzername oder Passwort nicht korrekt",
|
||||
"2fRegRequired":"Dieser Dienst benötigt Zwei-Faktor-Authentifizierung. Bitte legen Sie ein Gerät an und gehen dann zum Portal zurück.",
|
||||
"accept":"Akzeptieren",
|
||||
"accessDenied":"Sie haben keine Zugriffsberechtigung für diese Anwendung",
|
||||
|
|
|
|||
|
|
@ -85,6 +85,7 @@
|
|||
"PE93":"Access not granted on IMPERSONATION service",
|
||||
"PE94":"A required attribute is not available",
|
||||
"PE95":"Access not granted on DECRYPT service",
|
||||
"PE96":"Invalid verification code",
|
||||
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
||||
"accept":"Accept",
|
||||
"accessDenied":"You have no access authorization for this application",
|
||||
|
|
|
|||
|
|
@ -85,6 +85,7 @@
|
|||
"PE93":"Acceso no concedido al servicio de SUPLANTACIÓN",
|
||||
"PE94":"Un atributo obligatorio no está presente",
|
||||
"PE95":"Access not granted on DECRYPT service",
|
||||
"PE96":"Contraseña o identificador incorrecto",
|
||||
"2fRegRequired":"Este servicio necesita la autenticación de dos factores. Registre un dispositivo ahora, luego reingrese al portal.",
|
||||
"accept":"Aceptar",
|
||||
"accessDenied":"No está autorizado a acceder a esta aplicación",
|
||||
|
|
|
|||
|
|
@ -85,6 +85,7 @@
|
|||
"PE93":"Access not granted on IMPERSONATION service",
|
||||
"PE94":"A required attribute is not available",
|
||||
"PE95":"Access not granted on DECRYPT service",
|
||||
"PE96":"Virheelliset kirjautumistiedot",
|
||||
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
||||
"accept":"Hyväksy",
|
||||
"accessDenied":"Sinulla ei ole käyttöoikeutta tähän sovellukseen",
|
||||
|
|
|
|||
|
|
@ -85,6 +85,7 @@
|
|||
"PE93":"Accès non autorisé au service d'Usurpation d'Identité",
|
||||
"PE94":"Un attribut exigé n'est pas disponible",
|
||||
"PE95":"Accès non autorisé au service de déchiffrement",
|
||||
"PE96":"Code de sécurité invalide",
|
||||
"2fRegRequired":"Ce service requiert une authentification à deux facteurs. Enregistrez un équipement ici et retournez au portail.",
|
||||
"accept":"Accepter",
|
||||
"accessDenied":"Vous n'avez pas les droits d'accès à cette application",
|
||||
|
|
|
|||
|
|
@ -85,6 +85,7 @@
|
|||
"PE93":"Accesso non concesso sul servizio IMPERSONATION",
|
||||
"PE94":"A required attribute is not available",
|
||||
"PE95":"Access not granted on DECRYPT service",
|
||||
"PE96":"Password o ID errati",
|
||||
"2fRegRequired":"Questo servizio richiede un'autenticazione a doppio fattore. Registrare un dispositivo ora, quindi tornare al portale.",
|
||||
"accept":"Accetta",
|
||||
"accessDenied":"Non hai un'autorizzazione di accesso per questa applicazione",
|
||||
|
|
|
|||
|
|
@ -85,6 +85,7 @@
|
|||
"PE93":"Access not granted on IMPERSONATION service",
|
||||
"PE94":"A required attribute is not available",
|
||||
"PE95":"Access not granted on DECRYPT service",
|
||||
"PE96":"Wachtwoord of identifier is niet correct",
|
||||
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
||||
"accept":"Accept",
|
||||
"accessDenied":"You have no access authorization for this application",
|
||||
|
|
|
|||
|
|
@ -85,6 +85,7 @@
|
|||
"PE93":"Access not granted on IMPERSONATION service",
|
||||
"PE94":"Um atributo exigido não está disponível",
|
||||
"PE95":"Access not granted on DECRYPT service",
|
||||
"PE96":"Senha ou identificante incorretos",
|
||||
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
||||
"accept":"Accept",
|
||||
"accessDenied":"You have no access authorization for this application",
|
||||
|
|
|
|||
|
|
@ -85,6 +85,7 @@
|
|||
"PE93":"Access not granted on IMPERSONATION service",
|
||||
"PE94":"A required attribute is not available",
|
||||
"PE95":"Access not granted on DECRYPT service",
|
||||
"PE96":"Parolă sau identificator incorect",
|
||||
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
||||
"accept":"Accept",
|
||||
"accessDenied":"You have no access authorization for this application",
|
||||
|
|
|
|||
|
|
@ -85,6 +85,7 @@
|
|||
"PE93":"Access not granted on IMPERSONATION service",
|
||||
"PE94":"Một thuộc tính bắt buộc không có sẵn",
|
||||
"PE95":"Access not granted on DECRYPT service",
|
||||
"PE96":"Thông tin xác thực sai",
|
||||
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
||||
"accept":"Chấp nhận",
|
||||
"accessDenied":"Bạn không có quyền truy cập vào ứng dụng này",
|
||||
|
|
|
|||
|
|
@ -85,6 +85,7 @@
|
|||
"PE93":"Access not granted on IMPERSONATION service",
|
||||
"PE94":"A required attribute is not available",
|
||||
"PE95":"Access not granted on DECRYPT service",
|
||||
"PE96":"认证错误",
|
||||
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
||||
"accept":"Accept 方法",
|
||||
"accessDenied":"您无权访问此应用",
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user