Merge branch '2712-2' into 'v2.0'
Resolve "2fSelfRegistration == 0 + 2fActivation == 1 leads to registrable second factor being presented every time" See merge request lemonldap-ng/lemonldap-ng!284
This commit is contained in:
commit
c057601eb7
|
@ -15,7 +15,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
PE_SENDRESPONSE
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
extends qw(
|
||||
Lemonldap::NG::Portal::Main::SecondFactor
|
||||
|
@ -30,14 +30,11 @@ has logo => ( is => 'rw', default => 'totp.png' );
|
|||
sub init {
|
||||
my ($self) = @_;
|
||||
|
||||
# If self registration is enabled and "activation" is just set to
|
||||
# "enabled", replace the rule to detect if user has registered its key
|
||||
if ( $self->conf->{totp2fSelfRegistration}
|
||||
and $self->conf->{totp2fActivation} eq '1' )
|
||||
{
|
||||
$self->conf->{totp2fActivation} =
|
||||
'$_2fDevices && $_2fDevices =~ /"type":\s*"TOTP"/s';
|
||||
}
|
||||
# If "activation" is just set to "enabled",
|
||||
# replace the rule to detect if user has registered its key
|
||||
$self->conf->{totp2fActivation} = 'has2f("TOTP")'
|
||||
if $self->conf->{totp2fActivation} eq '1';
|
||||
|
||||
return $self->SUPER::init();
|
||||
}
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
PE_BADCREDENTIALS
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.12';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
extends qw(
|
||||
Lemonldap::NG::Portal::Main::SecondFactor
|
||||
|
@ -32,14 +32,11 @@ has logo => ( is => 'rw', default => 'u2f.png' );
|
|||
sub init {
|
||||
my ($self) = @_;
|
||||
|
||||
# If self registration is enabled and "activation" is just set to
|
||||
# "enabled", replace the rule to detect if user has registered its key
|
||||
if ( $self->conf->{u2fSelfRegistration}
|
||||
and $self->conf->{u2fActivation} eq '1' )
|
||||
{
|
||||
$self->conf->{u2fActivation} =
|
||||
'$_2fDevices && $_2fDevices =~ /"type":\s*"U2F"/s';
|
||||
}
|
||||
# If "activation" is just set to "enabled",
|
||||
# replace the rule to detect if user has registered its key
|
||||
$self->conf->{u2fActivation} = 'has2f("U2F")'
|
||||
if $self->conf->{u2fActivation} eq '1';
|
||||
|
||||
return 0
|
||||
unless ( $self->Lemonldap::NG::Portal::Main::SecondFactor::init()
|
||||
and $self->Lemonldap::NG::Portal::Lib::U2F::init() );
|
||||
|
|
|
@ -6,7 +6,7 @@ use JSON qw(from_json to_json);
|
|||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.8';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::SecondFactor';
|
||||
|
||||
|
@ -26,16 +26,9 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
if ( (
|
||||
$self->conf->{totp2fSelfRegistration}
|
||||
or $self->conf->{u2fSelfRegistration}
|
||||
)
|
||||
and $self->conf->{utotp2fActivation} eq '1'
|
||||
)
|
||||
{
|
||||
$self->conf->{utotp2fActivation} =
|
||||
'$_2fDevices && $_2fDevices =~ /"type":\s*"(?:TOTP|U2F)"/s';
|
||||
}
|
||||
$self->conf->{utotp2fActivation} = 'has2f("TOTP") or has2f("U2F")'
|
||||
if $self->conf->{utotp2fActivation} eq '1';
|
||||
|
||||
foreach (qw(U2F TOTP)) {
|
||||
|
||||
# Arg "noRoute" is set for sub 2F modules to avoid enabling direct
|
||||
|
|
|
@ -31,15 +31,12 @@ has logo => ( is => 'rw', default => 'webauthn.png' );
|
|||
sub init {
|
||||
my ($self) = @_;
|
||||
|
||||
# If self registration is enabled and "activation" is just set to
|
||||
# "enabled", replace the rule to detect if user has registered its key
|
||||
if ( $self->conf->{webauthn2fSelfRegistration}
|
||||
and $self->conf->{webauthn2fActivation} eq '1' )
|
||||
{
|
||||
$self->conf->{webauthn2fActivation} = 'has2f("WebAuthn")';
|
||||
}
|
||||
return 0
|
||||
unless ( $self->Lemonldap::NG::Portal::Main::SecondFactor::init() );
|
||||
# If "activation" is just set to "enabled",
|
||||
# replace the rule to detect if user has registered its key
|
||||
$self->conf->{webauthn2fActivation} = 'has2f("WebAuthn")'
|
||||
if $self->conf->{webauthn2fActivation} eq '1';
|
||||
|
||||
return 0 unless $self->SUPER::init();
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -40,7 +40,7 @@ ENDKEY
|
|||
ini => {
|
||||
logLevel => 'error',
|
||||
useSafeJail => 1,
|
||||
webauthn2fSelfRegistration => 1,
|
||||
webauthn2fSelfRegistration => 0,
|
||||
webauthn2fActivation => 1,
|
||||
webauthn2fUserCanRemoveKey => 1,
|
||||
}
|
||||
|
|
|
@ -15,7 +15,7 @@ SKIP: {
|
|||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
totp2fSelfRegistration => 1,
|
||||
totp2fSelfRegistration => '$uid eq "dwho"',
|
||||
totp2fActivation => 1,
|
||||
totp2fTTL => 120,
|
||||
sfManagerRule => 0,
|
||||
|
|
|
@ -22,7 +22,6 @@ SKIP: {
|
|||
logLevel => 'error',
|
||||
utotp2fActivation => 1,
|
||||
totp2fSelfRegistration => 1,
|
||||
u2fSelfRegistration => 1,
|
||||
u2fSelfRegistration =>
|
||||
'$_2fDevices =~ /"type":\s*"(?:TOTP|U2F)"/s',
|
||||
loginHistoryEnabled => 1,
|
||||
|
|
|
@ -79,7 +79,7 @@ SKIP: {
|
|||
expectCookie( $res, 'lemonldappdata' );
|
||||
|
||||
# A message warns the user that they do not have any 2FA available
|
||||
expectPortalError( $res, 83 );
|
||||
expectPortalError( $res, 103 );
|
||||
|
||||
$query = 'user=rtyler&password=rtyler';
|
||||
ok(
|
||||
|
|
Loading…
Reference in New Issue