Merge branch '2712-2' into 'v2.0'

Resolve "2fSelfRegistration == 0 + 2fActivation == 1 leads to registrable second factor being presented every time"

See merge request lemonldap-ng/lemonldap-ng!284

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm

@@ -15,7 +15,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
   PE_SENDRESPONSE
 );
 
-our $VERSION = '2.0.10';
+our $VERSION = '2.0.15';
 
 extends qw(
   Lemonldap::NG::Portal::Main::SecondFactor
@@ -30,14 +30,11 @@ has logo   => ( is => 'rw', default => 'totp.png' );
 sub init {
     my ($self) = @_;
 
-    # If self registration is enabled and "activation" is just set to
+    # If "activation" is just set to "enabled",
-    # "enabled", replace the rule to detect if user has registered its key
+    # replace the rule to detect if user has registered its key
-    if (    $self->conf->{totp2fSelfRegistration}
+    $self->conf->{totp2fActivation} = 'has2f("TOTP")'
-        and $self->conf->{totp2fActivation} eq '1' )
+      if $self->conf->{totp2fActivation} eq '1';
-    {
+
-        $self->conf->{totp2fActivation} =
-          '$_2fDevices && $_2fDevices =~ /"type":\s*"TOTP"/s';
-    }
     return $self->SUPER::init();
 }
 

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm

@@ -16,7 +16,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
   PE_BADCREDENTIALS
 );
 
-our $VERSION = '2.0.12';
+our $VERSION = '2.0.15';
 
 extends qw(
   Lemonldap::NG::Portal::Main::SecondFactor
@@ -32,14 +32,11 @@ has logo   => ( is => 'rw', default => 'u2f.png' );
 sub init {
     my ($self) = @_;
 
-    # If self registration is enabled and "activation" is just set to
+    # If "activation" is just set to "enabled",
-    # "enabled", replace the rule to detect if user has registered its key
+    # replace the rule to detect if user has registered its key
-    if (    $self->conf->{u2fSelfRegistration}
+    $self->conf->{u2fActivation} = 'has2f("U2F")'
-        and $self->conf->{u2fActivation} eq '1' )
+      if $self->conf->{u2fActivation} eq '1';
-    {
+
-        $self->conf->{u2fActivation} =
-          '$_2fDevices && $_2fDevices =~ /"type":\s*"U2F"/s';
-    }
     return 0
       unless ( $self->Lemonldap::NG::Portal::Main::SecondFactor::init()
         and $self->Lemonldap::NG::Portal::Lib::U2F::init() );

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/UTOTP.pm

@@ -6,7 +6,7 @@ use JSON qw(from_json to_json);
 use Lemonldap::NG::Portal::Main::Constants qw(
 );
 
-our $VERSION = '2.0.8';
+our $VERSION = '2.0.15';
 
 extends 'Lemonldap::NG::Portal::Main::SecondFactor';
 
@@ -26,16 +26,9 @@ use Lemonldap::NG::Portal::Main::Constants qw(
 
 sub init {
     my ($self) = @_;
-    if ( (
+    $self->conf->{utotp2fActivation} = 'has2f("TOTP") or has2f("U2F")'
-               $self->conf->{totp2fSelfRegistration}
+      if $self->conf->{utotp2fActivation} eq '1';
-            or $self->conf->{u2fSelfRegistration}
+
-        )
-        and $self->conf->{utotp2fActivation} eq '1'
-      )
-    {
-        $self->conf->{utotp2fActivation} =
-          '$_2fDevices && $_2fDevices =~ /"type":\s*"(?:TOTP|U2F)"/s';
-    }
     foreach (qw(U2F TOTP)) {
 
         # Arg "noRoute" is set for sub 2F modules to avoid enabling direct

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm

@@ -31,15 +31,12 @@ has logo   => ( is => 'rw', default => 'webauthn.png' );
 sub init {
     my ($self) = @_;
 
-    # If self registration is enabled and "activation" is just set to
+    # If "activation" is just set to "enabled",
-    # "enabled", replace the rule to detect if user has registered its key
+    # replace the rule to detect if user has registered its key
-    if (    $self->conf->{webauthn2fSelfRegistration}
+    $self->conf->{webauthn2fActivation} = 'has2f("WebAuthn")'
-        and $self->conf->{webauthn2fActivation} eq '1' )
+      if $self->conf->{webauthn2fActivation} eq '1';
-    {
+
-        $self->conf->{webauthn2fActivation} = 'has2f("WebAuthn")';
+    return 0 unless $self->SUPER::init();
-    }
-    return 0
-      unless ( $self->Lemonldap::NG::Portal::Main::SecondFactor::init() );
 
     return 1;
 }

lemonldap-ng-portal/t/01-WebAuthn.t

@@ -40,7 +40,7 @@ ENDKEY
             ini => {
                 logLevel                   => 'error',
                 useSafeJail                => 1,
-                webauthn2fSelfRegistration => 1,
+                webauthn2fSelfRegistration => 0,
                 webauthn2fActivation       => 1,
                 webauthn2fUserCanRemoveKey => 1,
             }

lemonldap-ng-portal/t/70-2F-TOTP-with-TTL.t

@@ -15,7 +15,7 @@ SKIP: {
     my $client = LLNG::Manager::Test->new( {
             ini => {
                 logLevel               => 'error',
-                totp2fSelfRegistration => 1,
+                totp2fSelfRegistration => '$uid eq "dwho"',
                 totp2fActivation       => 1,
                 totp2fTTL              => 120,
                 sfManagerRule          => 0,

lemonldap-ng-portal/t/73-2F-UTOTP-TOTP-and-U2F-with-History.t

@@ -22,7 +22,6 @@ SKIP: {
                 logLevel               => 'error',
                 utotp2fActivation      => 1,
                 totp2fSelfRegistration => 1,
-                u2fSelfRegistration    => 1,
                 u2fSelfRegistration    =>
                   '$_2fDevices =~ /"type":\s*"(?:TOTP|U2F)"/s',
                 loginHistoryEnabled => 1,

lemonldap-ng-portal/t/78-2F-UpgradeOnly-without-2F.t

@@ -79,7 +79,7 @@ SKIP: {
     expectCookie( $res, 'lemonldappdata' );
 
     # A message warns the user that they do not have any 2FA available
-    expectPortalError( $res, 83 );
+    expectPortalError( $res, 103 );
 
     $query = 'user=rtyler&password=rtyler';
     ok(