dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Portal plugins to new Captcha API (#2692)

This commit is contained in:
Maxime Besson 2022-04-19 16:51:59 +02:00
parent ef134f8ce1
commit c6931ccb54
4 changed files with 103 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm
View File

@ -44,7 +44,7 @@ sub init {
my $self = shift;
if ( $self->{conf}->{captcha_login_enabled} ) {
$self->captcha( $self->p->loadModule('::Lib::Captcha') ) or return 0;
$self->captcha(1);
}
else {
$self->ott( $self->p->loadModule('::Lib::OneTimeToken') ) or return 0;
@ -117,18 +117,15 @@ sub extractFormInfo {
}
if ( $self->captcha ) {
my $code = $req->param('captcha');
unless ($code) {
$self->captcha->setCaptcha($req);
return PE_CAPTCHAEMPTY;
my $result = $self->p->_captcha->check_captcha($req);
if ($result) {
$self->logger->debug("Captcha code verified");
}
unless ( $self->captcha->validateCaptcha( $token, $code ) ) {
$self->captcha->setCaptcha($req);
$self->userLogger->warn(
"Captcha failed: wrong or expired code");
else {
$self->p->_captcha->init_captcha($req);
$self->userLogger->warn("Captcha failed");
return PE_CAPTCHAERROR;
}
$self->logger->debug("Captcha code verified");
}
elsif ( $self->ottRule->( $req, {} ) ) {
unless ( $req->data->{tokenVerified}
@ -179,7 +176,7 @@ sub setSecurity {
# If captcha is enable, prepare it
if ( $self->captcha ) {
$self->captcha->setCaptcha($req);
$self->p->_captcha->init_captcha($req);
}
# Else get token

71
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CertificateResetByMail.pm
View File

@ -98,7 +98,7 @@ sub init {
# Initialize Captcha if needed
if ( $self->conf->{captcha_mail_enabled} ) {
$self->captcha( $self->p->loadModule('::Lib::Captcha') ) or return 0;
$self->captcha(1);
}
# Load registered module
@ -179,46 +179,32 @@ sub _certificateReset {
# Use submitted value
$req->{user} = $req->param('mail');
# Check if token exists
my $token;
if ( $self->ottRule->( $req, {} ) or $self->captcha ) {
$token = $req->param('token');
# Captcha for register form
if ( $self->captcha ) {
my $result = $self->p->_captcha->check_captcha($req);
if ($result) {
$self->logger->debug("Captcha code verified");
}
else {
$self->setSecurity($req);
$self->userLogger->warn("Captcha failed");
return PE_CAPTCHAERROR;
}
}
elsif ( $self->ottRule->( $req, {} ) ) {
my $token = $req->param('token');
unless ($token) {
$self->setSecurity($req);
$self->userLogger->warn('Reset try without token');
return PE_NOTOKEN;
}
}
# Captcha for register form
if ( $self->captcha ) {
my $captcha = $req->param('captcha');
unless ($captcha) {
$self->userLogger->notice('Reset try with captcha not filled');
# Set captcha or token
$self->setSecurity($req);
return PE_CAPTCHAEMPTY;
}
# Check captcha
unless ( $self->captcha->validateCaptcha( $token, $captcha ) ) {
$self->userLogger->info('Captcha failed: wrong code');
# Set captcha or token
$self->setSecurity($req);
return PE_CAPTCHAERROR;
}
$self->logger->debug('Captcha code verified');
}
elsif ( $self->ottRule->( $req, {} ) ) {
unless ( $self->ott->getToken($token) ) {
$self->setSecurity($req);
$self->userLogger->warn('Reset try with expired/bad token');
return PE_TOKENEXPIRED;
}
}
unless ( $req->{user} =~ /$self->{conf}->{userControl}/o ) {
$self->setSecurity($req);
return PE_MALFORMEDUSER;
@ -581,9 +567,11 @@ sub modifyCertificate {
sub setSecurity {
my ( $self, $req ) = @_;
if ( $self->captcha ) {
$self->captcha->setCaptcha($req);
$self->p->_captcha->init_captcha($req);
}
elsif ( $self->ottRule->( $req, {} ) ) {
$self->ott->setToken($req);
}
@ -608,9 +596,13 @@ sub display {
STARTMAILDATE => $req->data->{startMailDate},
STARTMAILTIME => $req->data->{startMailTime},
MAILALREADYSENT => $req->data->{mailAlreadySent},
MAIL => (
$self->p->checkXSSAttack( 'mail', $req->{user} )
? ''
(
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: ()
),
MAIL => (
$self->p->checkXSSAttack( 'mail', $req->{user} ) ? ''
: $req->{user}
),
DISPLAY_FORM => 0,
@ -627,14 +619,19 @@ sub display {
}
# Display captcha if enabled
if ( $req->captcha ) {
$tplPrm{CAPTCHA_SRC} = $req->captcha;
$tplPrm{CAPTCHA_SIZE} = $self->conf->{captcha_size};
if ( $req->captchaHtml ) {
$tplPrm{CAPTCHA_HTML} = $req->captchaHtml;
}
if ( $req->token ) {
$tplPrm{TOKEN} = $req->token;
}
# DEPRECATED: This is only used for compatibility with existing templates
if ( $req->captcha ) {
$tplPrm{CAPTCHA_SRC} = $req->captcha;
$tplPrm{CAPTCHA_SIZE} = $self->conf->{captcha_size};
}
# Display form the first time
if ( (
$req->error == PE_MAILFORMEMPTY

64
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm
View File

@ -71,7 +71,7 @@ sub init {
# Initialize Captcha if needed
if ( $self->conf->{captcha_mail_enabled} ) {
$self->captcha( $self->p->loadModule('::Lib::Captcha') ) or return 0;
$self->captcha(1);
}
# Parse password policy activation rule
@ -154,46 +154,32 @@ sub _reset {
# Use submitted value
$req->{user} = $req->param('mail');
# Check if token exists
my $token;
if ( $self->ottRule->( $req, {} ) or $self->captcha ) {
$token = $req->param('token');
# Captcha for register form
if ( $self->captcha ) {
my $result = $self->p->_captcha->check_captcha($req);
if ($result) {
$self->logger->debug("Captcha code verified");
}
else {
$self->setSecurity($req);
$self->userLogger->warn("Captcha failed");
return PE_CAPTCHAERROR;
}
}
elsif ( $self->ottRule->( $req, {} ) ) {
my $token = $req->param('token');
unless ($token) {
$self->setSecurity($req);
$self->userLogger->warn('Reset try without token');
return PE_NOTOKEN;
}
}
# Captcha for register form
if ( $self->captcha ) {
my $captcha = $req->param('captcha');
unless ($captcha) {
$self->userLogger->notice('Reset try with captcha not filled');
# Set captcha or token
$self->setSecurity($req);
return PE_CAPTCHAEMPTY;
}
# Check captcha
unless ( $self->captcha->validateCaptcha( $token, $captcha ) ) {
$self->userLogger->info('Captcha failed: wrong code');
# Set captcha or token
$self->setSecurity($req);
return PE_CAPTCHAERROR;
}
$self->logger->debug('Captcha code verified');
}
elsif ( $self->ottRule->( $req, {} ) ) {
unless ( $self->ott->getToken($token) ) {
$self->setSecurity($req);
$self->userLogger->warn('Reset try with expired/bad token');
return PE_TOKENEXPIRED;
}
}
unless ( $req->{user} =~ /$self->{conf}->{userControl}/o ) {
$self->setSecurity($req);
return PE_MALFORMEDUSER;
@ -583,7 +569,7 @@ sub changePwd {
sub setSecurity {
my ( $self, $req ) = @_;
if ( $self->captcha ) {
$self->captcha->setCaptcha($req);
$self->p->_captcha->init_captcha($req);
}
elsif ( $self->ottRule->( $req, {} ) ) {
$self->ott->setToken($req);
@ -623,6 +609,11 @@ sub display {
STARTMAILDATE => $req->data->{startMailDate},
STARTMAILTIME => $req->data->{startMailTime},
MAILALREADYSENT => $req->data->{mailAlreadySent},
(
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: ()
),
MAIL => (
$self->p->checkXSSAttack( 'mail', $req->{user} )
? ''
@ -653,14 +644,19 @@ sub display {
}
# Display captcha if it's enabled
if ( $req->captcha ) {
$tplPrm{CAPTCHA_SRC} = $req->captcha;
$tplPrm{CAPTCHA_SIZE} = $self->conf->{captcha_size};
if ( $req->captchaHtml ) {
$tplPrm{CAPTCHA_HTML} = $req->captchaHtml;
}
if ( $req->token ) {
$tplPrm{TOKEN} = $req->token;
}
# DEPRECATED: This is only used for compatibility with existing templates
if ( $req->captcha ) {
$tplPrm{CAPTCHA_SRC} = $req->captcha;
$tplPrm{CAPTCHA_SIZE} = $self->conf->{captcha_size};
}
# Display form the first time
if ( (
$req->error == PE_MAILFORMEMPTY

68
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Register.pm
View File

@ -76,7 +76,7 @@ sub init {
# Initialize Captcha if needed
if ( $self->conf->{captcha_register_enabled} ) {
$self->captcha( $self->p->loadModule('::Lib::Captcha') ) or return 0;
$self->captcha(1);
}
# Initialize form token if needed (captcha provides also a token)
@ -168,44 +168,28 @@ sub _register {
!$self->getRegisterSession( $req->data->{registerInfo}->{mail} ) )
{
# Check if token exists
my $token;
if ( $self->ottRule->( $req, {} ) or $self->captcha ) {
$token = $req->param('token');
# Captcha for register form
if ( $self->captcha ) {
my $result = $self->p->_captcha->check_captcha($req);
if ($result) {
$self->logger->debug("Captcha code verified");
}
else {
$self->setSecurity($req);
$self->userLogger->warn("Captcha failed");
return PE_CAPTCHAERROR;
}
}
elsif ( $self->ottRule->( $req, {} ) ) {
my $token = $req->param('token');
unless ($token) {
$self->setSecurity($req);
$self->userLogger->warn('Register try without token');
return PE_NOTOKEN;
}
}
# Captcha for register form
if ( $self->captcha ) {
my $captcha = $req->param('captcha');
unless ($captcha) {
$self->userLogger->warn(
'Register try with captcha not filled');
# Set captcha or token
$self->setSecurity($req);
return PE_CAPTCHAEMPTY;
}
# Check captcha
unless ( $self->captcha->validateCaptcha( $token, $captcha ) ) {
$self->userLogger->info('Captcha failed: wrong code');
# Set captcha or token
$self->setSecurity($req);
return PE_CAPTCHAERROR;
}
$self->logger->debug("Captcha code verified");
}
elsif ( $self->ottRule->( $req, {} ) ) {
unless ( $self->ott->getToken($token) ) {
$self->setSecurity($req);
$self->userLogger->notice(
$self->userLogger->warn(
'Register try with expired/bad token');
return PE_TOKENEXPIRED;
}
@ -445,7 +429,12 @@ sub display {
STARTMAILDATE => $req->data->{startMailDate},
STARTMAILTIME => $req->data->{startMailTime},
MAILALREADYSENT => $req->data->{mail_already_sent},
MAIL => $self->p->checkXSSAttack(
(
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: ()
),
MAIL => $self->p->checkXSSAttack(
'mail', $req->data->{registerInfo}->{mail}
) ? ""
: $req->data->{registerInfo}->{mail},
@ -483,14 +472,19 @@ sub display {
}
# Display captcha if it's enabled
if ( $req->captcha ) {
$templateParams{CAPTCHA_SRC} = $req->captcha;
$templateParams{CAPTCHA_SIZE} = $self->conf->{captcha_size} || 6;
if ( $req->captchaHtml ) {
$templateParams{CAPTCHA_HTML} = $req->captchaHtml;
}
if ( $req->token ) {
$templateParams{TOKEN} = $req->token;
}
# DEPRECATED: This is only used for compatibility with existing templates
if ( $req->captcha ) {
$templateParams{CAPTCHA_SRC} = $req->captcha;
$templateParams{CAPTCHA_SIZE} = $self->conf->{captcha_size};
}
if ( $req->error == PE_REGISTERALREADYEXISTS ) {
%templateParams = (
%templateParams,
@ -560,7 +554,7 @@ sub display {
sub setSecurity {
my ( $self, $req ) = @_;
if ( $self->captcha ) {
$self->captcha->setCaptcha($req);
$self->p->_captcha->init_captcha($req);
}
elsif ( $self->ottRule->( $req, {} ) ) {
$self->ott->setToken($req);