Merge branch 'fix-2fa-timeout-2757' into 'v2.0'
Add specific 2FA timeout (#2757) See merge request lemonldap-ng/lemonldap-ng!269
This commit is contained in:
Maxime Besson
commit
cd41ba8872
|
|
@ -562,6 +562,7 @@ sfEngine Second factor engine
|
|||
sfExtra Extra second factors ✔
|
||||
sfManagerRule Rule to display second factor Manager link ✔
|
||||
sfOnlyUpgrade Only trigger second factor on session upgrade ✔
|
||||
sfLoginTimeout Timeout for 2F login process ✔
|
||||
sfRegisterTimeout Timeout for 2F registration process ✔
|
||||
sfRemovedMsgRule Display a message if at leat one expired SF has been removed ✔
|
||||
sfRemovedNotifMsg Notification message ✔
|
||||
|
|
|
|||
|
|
@ -76,10 +76,19 @@ of doing a complete reauthentication.
|
|||
|
||||
.. |beta| image:: /documentation/beta.png
|
||||
|
||||
Login timeout
|
||||
-------------
|
||||
|
||||
Allowed time for the user to authenticate using their second factor. By default
|
||||
it is set to 2 minutes, but some complex second factor types (TOTP, email...)
|
||||
may require more time to be used.
|
||||
|
||||
Registration timeout
|
||||
--------------------
|
||||
|
||||
Allowed time to register a TOTP.
|
||||
Allowed time for the user to register their new second factor. By default it is
|
||||
set to 2 minutes, but some complex second factor types (TOTP...) may require
|
||||
more time to be registered.
|
||||
|
||||
Second factor expiration
|
||||
------------------------
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ sub defaultValues {
|
|||
},
|
||||
'authChoiceParam' => 'lmAuth',
|
||||
'authentication' => 'Demo',
|
||||
'available2F' =>
|
||||
'available2F' =>
|
||||
'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius',
|
||||
'available2FSelfRegistration' => 'TOTP,U2F,WebAuthn,Yubikey',
|
||||
'bruteForceProtectionLockTimes' => '15, 30, 60, 300, 600',
|
||||
|
|
@ -102,7 +102,7 @@ sub defaultValues {
|
|||
'globalLogoutTimer' => 1,
|
||||
'globalStorage' => 'Apache::Session::File',
|
||||
'globalStorageOptions' => {
|
||||
'Directory' => '/var/lib/lemonldap-ng/sessions/',
|
||||
'Directory' => '/var/lib/lemonldap-ng/sessions/',
|
||||
'generateModule' =>
|
||||
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
|
||||
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
|
||||
|
|
@ -175,20 +175,20 @@ sub defaultValues {
|
|||
'locationRules' => {
|
||||
'default' => 'deny'
|
||||
},
|
||||
'logoutServices' => {},
|
||||
'macros' => {},
|
||||
'mail2fActivation' => 0,
|
||||
'mail2fCodeRegex' => '\\d{6}',
|
||||
'mailCharset' => 'utf-8',
|
||||
'mailFrom' => 'noreply@example.com',
|
||||
'mailSessionKey' => 'mail',
|
||||
'mailTimeout' => 0,
|
||||
'mailUrl' => 'http://auth.example.com/resetpwd',
|
||||
'managerDn' => '',
|
||||
'managerPassword' => '',
|
||||
'max2FDevices' => 10,
|
||||
'max2FDevicesNameLength' => 20,
|
||||
'multiValuesSeparator' => '; ',
|
||||
'logoutServices' => {},
|
||||
'macros' => {},
|
||||
'mail2fActivation' => 0,
|
||||
'mail2fCodeRegex' => '\\d{6}',
|
||||
'mailCharset' => 'utf-8',
|
||||
'mailFrom' => 'noreply@example.com',
|
||||
'mailSessionKey' => 'mail',
|
||||
'mailTimeout' => 0,
|
||||
'mailUrl' => 'http://auth.example.com/resetpwd',
|
||||
'managerDn' => '',
|
||||
'managerPassword' => '',
|
||||
'max2FDevices' => 10,
|
||||
'max2FDevicesNameLength' => 20,
|
||||
'multiValuesSeparator' => '; ',
|
||||
'mySessionAuthorizedRWKeys' =>
|
||||
[ '_appsListOrder', '_oidcConnectedRP', '_oidcConsents' ],
|
||||
'newLocationWarningLocationAttribute' => 'ipAddr',
|
||||
|
|
@ -196,7 +196,7 @@ sub defaultValues {
|
|||
'newLocationWarningMaxValues' => '0',
|
||||
'notificationDefaultCond' => '',
|
||||
'notificationServerPOST' => 1,
|
||||
'notificationServerSentAttributes' =>
|
||||
'notificationServerSentAttributes' =>
|
||||
'uid reference date title subtitle text check',
|
||||
'notificationsMaxRetrieve' => 3,
|
||||
'notificationStorage' => 'File',
|
||||
|
|
@ -250,7 +250,7 @@ sub defaultValues {
|
|||
'passwordPolicyMinUpper' => 0,
|
||||
'passwordPolicySpecialChar' => '__ALL__',
|
||||
'passwordResetAllowedRetries' => 3,
|
||||
'persistentSessionAttributes' =>
|
||||
'persistentSessionAttributes' =>
|
||||
'_loginHistory _2fDevices notification_',
|
||||
'port' => -1,
|
||||
'portal' => 'http://auth.example.com/',
|
||||
|
|
@ -261,7 +261,7 @@ sub defaultValues {
|
|||
'portalDisplayGeneratePassword' => 1,
|
||||
'portalDisplayLoginHistory' => 1,
|
||||
'portalDisplayLogout' => 1,
|
||||
'portalDisplayOidcConsents' =>
|
||||
'portalDisplayOidcConsents' =>
|
||||
'$_oidcConsents && $_oidcConsents =~ /\\w+/',
|
||||
'portalDisplayRefreshMyRights' => 1,
|
||||
'portalDisplayRegister' => 1,
|
||||
|
|
@ -290,11 +290,11 @@ sub defaultValues {
|
|||
'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService',
|
||||
'proxy' => 'http://auth.example.com/sessions'
|
||||
},
|
||||
'requireToken' => 1,
|
||||
'rest2fActivation' => 0,
|
||||
'restAuthnLevel' => 2,
|
||||
'restClockTolerance' => 15,
|
||||
'sameSite' => '',
|
||||
'requireToken' => 1,
|
||||
'rest2fActivation' => 0,
|
||||
'restAuthnLevel' => 2,
|
||||
'restClockTolerance' => 15,
|
||||
'sameSite' => '',
|
||||
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
|
||||
'samlAuthnContextMapKerberos' => 4,
|
||||
|
|
@ -334,7 +334,7 @@ sub defaultValues {
|
|||
'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact',
|
||||
'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' =>
|
||||
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost',
|
||||
'samlSPSSODescriptorAuthnRequestsSigned' => 1,
|
||||
'samlSPSSODescriptorAuthnRequestsSigned' => 1,
|
||||
'samlSPSSODescriptorSingleLogoutServiceHTTPPost' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
|
||||
'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' =>
|
||||
|
|
@ -347,7 +347,7 @@ sub defaultValues {
|
|||
'sfEngine' => '::2F::Engines::Default',
|
||||
'sfManagerRule' => 1,
|
||||
'sfRemovedMsgRule' => 0,
|
||||
'sfRemovedNotifMsg' =>
|
||||
'sfRemovedNotifMsg' =>
|
||||
'_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!',
|
||||
'sfRemovedNotifRef' => 'RemoveSF',
|
||||
'sfRemovedNotifTitle' => 'Second factor notification',
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ sub types {
|
|||
'hostname' => {
|
||||
'form' => 'text',
|
||||
'msgFail' => '__badHostname__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))?$/
|
||||
},
|
||||
'int' => {
|
||||
|
|
@ -257,7 +257,7 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\
|
|||
'url' => {
|
||||
'form' => 'text',
|
||||
'msgFail' => '__badUrl__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/(?:^$|(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/
|
||||
}
|
||||
};
|
||||
|
|
@ -806,7 +806,7 @@ sub attributes {
|
|||
},
|
||||
'casSrvMetaDataOptionsUrl' => {
|
||||
'msgFail' => '__badUrl__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
|
||||
'type' => 'text'
|
||||
},
|
||||
|
|
@ -1345,7 +1345,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'domain' => {
|
||||
'default' => 'example.com',
|
||||
'msgFail' => '__badDomainName__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/,
|
||||
'type' => 'text'
|
||||
},
|
||||
|
|
@ -1488,7 +1488,7 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-
|
|||
},
|
||||
'globalStorageOptions' => {
|
||||
'default' => {
|
||||
'Directory' => '/var/lib/lemonldap-ng/sessions/',
|
||||
'Directory' => '/var/lib/lemonldap-ng/sessions/',
|
||||
'generateModule' =>
|
||||
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
|
||||
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
|
||||
|
|
@ -1613,7 +1613,7 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-
|
|||
'issuerDBGetParameters' => {
|
||||
'default' => {},
|
||||
'keyMsgFail' => '__badHostname__',
|
||||
'keyTest' =>
|
||||
'keyTest' =>
|
||||
qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$/,
|
||||
'test' => {
|
||||
'keyMsgFail' => '__badKeyName__',
|
||||
|
|
@ -2816,7 +2816,7 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
'pdataDomain' => {
|
||||
'default' => '',
|
||||
'msgFail' => '__badDomainName__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/,
|
||||
'type' => 'text'
|
||||
},
|
||||
|
|
@ -2837,7 +2837,7 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-
|
|||
'portal' => {
|
||||
'default' => 'http://auth.example.com/',
|
||||
'msgFail' => '__badUrl__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
|
||||
'type' => 'url'
|
||||
},
|
||||
|
|
@ -3148,7 +3148,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'keyTest' =>
|
||||
qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?$/,
|
||||
'msgFail' => '__badUrl__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
|
||||
'type' => 'keyTextContainer'
|
||||
},
|
||||
|
|
@ -3300,19 +3300,19 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
},
|
||||
'samlCommonDomainCookieDomain' => {
|
||||
'msgFail' => '__badDomainName__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$/,
|
||||
'type' => 'text'
|
||||
},
|
||||
'samlCommonDomainCookieReader' => {
|
||||
'msgFail' => '__badUrl__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
|
||||
'type' => 'text'
|
||||
},
|
||||
'samlCommonDomainCookieWriter' => {
|
||||
'msgFail' => '__badUrl__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
|
||||
'type' => 'text'
|
||||
},
|
||||
|
|
@ -3329,7 +3329,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
},
|
||||
'samlDiscoveryProtocolURL' => {
|
||||
'msgFail' => '__badUrl__',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
|
||||
'type' => 'text'
|
||||
},
|
||||
|
|
@ -4026,6 +4026,9 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
},
|
||||
'type' => 'sfExtraContainer'
|
||||
},
|
||||
'sfLoginTimeout' => {
|
||||
'type' => 'int'
|
||||
},
|
||||
'sfManagerRule' => {
|
||||
'default' => 1,
|
||||
'type' => 'boolOrExpr'
|
||||
|
|
@ -4126,7 +4129,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
},
|
||||
'SMTPServer' => {
|
||||
'default' => '',
|
||||
'test' =>
|
||||
'test' =>
|
||||
qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?)?$/,
|
||||
'type' => 'text'
|
||||
},
|
||||
|
|
|
|||
|
|
@ -3374,6 +3374,10 @@ sub attributes {
|
|||
help => 'secondfactor.html',
|
||||
documentation => 'Notification message',
|
||||
},
|
||||
sfLoginTimeout => {
|
||||
type => 'int',
|
||||
documentation => 'Timeout for 2F login process',
|
||||
},
|
||||
sfRegisterTimeout => {
|
||||
type => 'int',
|
||||
documentation => 'Timeout for 2F registration process',
|
||||
|
|
|
|||
|
|
@ -886,6 +886,7 @@ sub tree {
|
|||
'sfManagerRule',
|
||||
'sfRequired',
|
||||
'sfOnlyUpgrade',
|
||||
'sfLoginTimeout',
|
||||
'sfRegisterTimeout',
|
||||
{
|
||||
title => 'utotp2f',
|
||||
|
|
|
|||
|
|
@ -1076,6 +1076,7 @@
|
|||
"session_s":"جلسة( أو جلسات )",
|
||||
"sessions":"الجلسات",
|
||||
"sfExtra":"Additional second factors",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
|
@ -1248,4 +1249,4 @@
|
|||
"yubikey2fUrl":"خدمة أل يو أر ل",
|
||||
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
|
||||
"zeroConfExplanations":"لا يحتوي الخادم على إعدادات. استخدام قالب لحفظ الأول"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1076,6 +1076,7 @@
|
|||
"session_s":"session(s)",
|
||||
"sessions":"Sessions",
|
||||
"sfExtra":"Additional second factors",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
|
|
|||
|
|
@ -1076,6 +1076,7 @@
|
|||
"session_s":"sesión(es)",
|
||||
"sessions":"Sesiones",
|
||||
"sfExtra":"Segundos factores adicionales",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
|
@ -1248,4 +1249,4 @@
|
|||
"yubikey2fUrl":"URL de servicio",
|
||||
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
|
||||
"zeroConfExplanations":"Server has no configuration. Use template to save the first."
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1076,6 +1076,7 @@
|
|||
"session_s":"session(s)",
|
||||
"sessions":"Sessions",
|
||||
"sfExtra":"Seconds facteurs additionnels",
|
||||
"sfLoginTimeout":"Délai maximum d'authentification",
|
||||
"sfManagerRule":"Afficher le lien du Gestionnaire",
|
||||
"sfOnlyUpgrade":"Utiliser le SF pour augmenter le niveau d'authentification",
|
||||
"sfRegisterTimeout":"Délai d'expiration de l'enregistrement",
|
||||
|
|
|
|||
|
|
@ -1076,6 +1076,7 @@
|
|||
"session_s":"session(s)",
|
||||
"sessions":"הפעלות",
|
||||
"sfExtra":"Additional second factors",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
|
@ -1248,4 +1249,4 @@
|
|||
"yubikey2fUrl":"כתובת שירות",
|
||||
"yubikey2fUserCanRemoveKey":"לאפשר למשתמש להסיר Yubikey",
|
||||
"zeroConfExplanations":"Server has no configuration. Use template to save the first."
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1076,6 +1076,7 @@
|
|||
"session_s":"sessione(i)",
|
||||
"sessions":"Sessioni",
|
||||
"sfExtra":"Additional second factors",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
|
@ -1248,4 +1249,4 @@
|
|||
"yubikey2fUrl":"URL del servizio",
|
||||
"yubikey2fUserCanRemoveKey":"Autorizza l'utente a rimuovere la Yubikey",
|
||||
"zeroConfExplanations":"Il server non ha alcuna configurazione. Utilizza il modello per salvare il primo."
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1076,6 +1076,7 @@
|
|||
"session_s":"sesja/e",
|
||||
"sessions":"Sesje",
|
||||
"sfExtra":"Dodatkowe drugie czynniki",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Link do Menedżera wyświetlania",
|
||||
"sfOnlyUpgrade":"Użyj 2FA do aktualizacji sesji",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
|
@ -1248,4 +1249,4 @@
|
|||
"yubikey2fUrl":"URL usługi",
|
||||
"yubikey2fUserCanRemoveKey":"Pozwól użytkownikowi usunąć Yubikey",
|
||||
"zeroConfExplanations":"Serwer nie ma konfiguracji. Użyj szablonu, aby zapisać pierwszy."
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1076,6 +1076,7 @@
|
|||
"session_s":"oturum(lar)",
|
||||
"sessions":"Oturumlar",
|
||||
"sfExtra":"Ek ikinci faktörler",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Yönetici bağlantısını görüntüle",
|
||||
"sfOnlyUpgrade":"Oturum yükseltme için 2FA kullan",
|
||||
"sfRegisterTimeout":"Kayıtlanma zaman aşımı",
|
||||
|
|
@ -1248,4 +1249,4 @@
|
|||
"yubikey2fUrl":"Servis URL'si",
|
||||
"yubikey2fUserCanRemoveKey":"Yubikey'i kaldırmak için kullanıcıya izin ver",
|
||||
"zeroConfExplanations":"Sunucunun yapılandırması yok. Şimdi bir tane kaydetmek için şablonu kullanın."
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1076,6 +1076,7 @@
|
|||
"session_s":"session (s)",
|
||||
"sessions":"Phiên",
|
||||
"sfExtra":"Additional second factors",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
|
@ -1248,4 +1249,4 @@
|
|||
"yubikey2fUrl":"Dịch vụ URL",
|
||||
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
|
||||
"zeroConfExplanations":"Máy chủ không có cấu hình. Sử dụng mẫu để lưu đầu tiên. "
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1076,6 +1076,7 @@
|
|||
"session_s":"工作階段",
|
||||
"sessions":"工作階段",
|
||||
"sfExtra":"額外的第二因素",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"顯示管理程式連結",
|
||||
"sfOnlyUpgrade":"使用 2FA 進行工作階段升級",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
|
@ -1248,4 +1249,4 @@
|
|||
"yubikey2fUrl":"服务 URL",
|
||||
"yubikey2fUserCanRemoveKey":"允許使用者移除 Yubikey",
|
||||
"zeroConfExplanations":"伺服器未設定。使用飯本來儲存第一個。"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1076,6 +1076,7 @@
|
|||
"session_s":"工作階段",
|
||||
"sessions":"工作階段",
|
||||
"sfExtra":"額外的第二因素",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"顯示管理程式連結",
|
||||
"sfOnlyUpgrade":"使用 2FA 進行工作階段升級",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
|
@ -1248,4 +1249,4 @@
|
|||
"yubikey2fUrl":"服務 URL",
|
||||
"yubikey2fUserCanRemoveKey":"允許使用者移除 Yubikey",
|
||||
"zeroConfExplanations":"伺服器未設定。使用飯本來儲存第一個。"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -41,7 +41,8 @@ has ott => (
|
|||
default => sub {
|
||||
my $ott =
|
||||
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
||||
$ott->timeout( $_[0]->{conf}->{formTimeout} );
|
||||
$ott->timeout( $_[0]->{conf}->{sfLoginTimeout}
|
||||
|| $_[0]->{conf}->{formTimeout} );
|
||||
return $ott;
|
||||
}
|
||||
);
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ has ott => (
|
|||
my $ott =
|
||||
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
||||
$ott->timeout( $_[0]->{conf}->{mail2fTimeout}
|
||||
|| $_[0]->{conf}->{sfLoginTimeout}
|
||||
|| $_[0]->{conf}->{formTimeout} );
|
||||
return $ott;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ use Exporter 'import';
|
|||
our $VERSION = '2.0.14';
|
||||
|
||||
use constant HANDLER => 'Lemonldap::NG::Handler::PSGI::Main';
|
||||
use constant URIRE =>
|
||||
use constant URIRE =>
|
||||
qr{(((?^:https?))://((?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::((?:[0-9]*)))?(/(((?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():\@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?]((?:(?:[;/?:\@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)};
|
||||
use constant {
|
||||
PE_IDPCHOICE => -5,
|
||||
|
|
|
|||
|
|
@ -25,7 +25,8 @@ has ott => (
|
|||
default => sub {
|
||||
my $ott =
|
||||
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
||||
$ott->timeout( $_[0]->{conf}->{formTimeout} );
|
||||
$ott->timeout( $_[0]->{conf}->{sfLoginTimeout}
|
||||
|| $_[0]->{conf}->{formTimeout} );
|
||||
return $ott;
|
||||
}
|
||||
);
|
||||
|
|
|
|||
|
|
@ -19,9 +19,10 @@ SKIP: {
|
|||
totp2fActivation => 1,
|
||||
sfRequired => 1,
|
||||
sfRegisterTimeout => 600,
|
||||
sfLoginTimeout => 600,
|
||||
tokenUseGlobalStorage => 1,
|
||||
issuerDBCASActivation => 1,
|
||||
issuersTimeout => 600,
|
||||
issuersTimeout => 1200,
|
||||
}
|
||||
}
|
||||
);
|
||||
|
|
@ -128,9 +129,14 @@ SKIP: {
|
|||
$pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
|
||||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/totp2fcheck', 'token' );
|
||||
|
||||
# Test Login timeout
|
||||
Time::Fake->offset("+10m");
|
||||
|
||||
ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ),
|
||||
'Code' );
|
||||
$query =~ s/code=/code=$code/;
|
||||
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/totp2fcheck', IO::String->new($query),
|
||||
|
|
|
|||
Loading…
Reference in New Issue