Remove Auth::Yubikey (#1399)
This commit is contained in:
Xavier Guimard
parent
c6908b87a2
commit
e89db33b5e
|
|
@ -264,9 +264,7 @@ sub defaultValues {
|
|||
'whatToTrace' => 'uid',
|
||||
'yubikey2fActivation' => 0,
|
||||
'yubikey2fPublicIDSize' => 12,
|
||||
'yubikey2fSelfRegistration' => 0,
|
||||
'yubikeyAuthnLevel' => 3,
|
||||
'yubikeyPublicIDSize' => 12
|
||||
'yubikey2fSelfRegistration' => 0
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -57,7 +57,6 @@ our $authParameters = {
|
|||
sslParams => [qw(SSLAuthnLevel SSLVar SSLVarIf sslByAjax sslHost)],
|
||||
twitterParams => [qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName)],
|
||||
webidParams => [qw(webIDAuthnLevel webIDExportedVars webIDWhitelist)],
|
||||
yubikeyParams => [qw(yubikeyAuthnLevel yubikeyClientID yubikeySecretKey yubikeyPublicIDSize)],
|
||||
};
|
||||
our $issuerParameters = {
|
||||
issuerDBCAS => [qw(issuerDBCASActivation issuerDBCASPath issuerDBCASRule casAttr casAttributes casAccessControlPolicy)],
|
||||
|
|
|
|||
|
|
@ -368,10 +368,6 @@ sub attributes {
|
|||
'k' => 'WebID',
|
||||
'v' => 'WebID'
|
||||
},
|
||||
{
|
||||
'k' => 'Yubikey',
|
||||
'v' => 'Yubikey'
|
||||
},
|
||||
{
|
||||
'k' => 'Custom',
|
||||
'v' => 'customModule'
|
||||
|
|
@ -546,10 +542,6 @@ sub attributes {
|
|||
'k' => 'WebID',
|
||||
'v' => 'WebID'
|
||||
},
|
||||
{
|
||||
'k' => 'Yubikey',
|
||||
'v' => 'Yubikey'
|
||||
},
|
||||
{
|
||||
'k' => 'Demo',
|
||||
'v' => 'Demonstration'
|
||||
|
|
@ -821,10 +813,6 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'k' => 'WebID',
|
||||
'v' => 'WebID'
|
||||
},
|
||||
{
|
||||
'k' => 'Yubikey',
|
||||
'v' => 'Yubikey'
|
||||
},
|
||||
{
|
||||
'k' => 'Demo',
|
||||
'v' => 'Demonstration'
|
||||
|
|
@ -3438,20 +3426,6 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
|
|||
'yubikey2fUrl' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'yubikeyAuthnLevel' => {
|
||||
'default' => 3,
|
||||
'type' => 'int'
|
||||
},
|
||||
'yubikeyClientID' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'yubikeyPublicIDSize' => {
|
||||
'default' => 12,
|
||||
'type' => 'int'
|
||||
},
|
||||
'yubikeySecretKey' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'zimbraAccountKey' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
|
|
|
|||
|
|
@ -2134,7 +2134,6 @@ sub attributes {
|
|||
{ k => 'SSL', v => 'SSL' },
|
||||
{ k => 'Twitter', v => 'Twitter' },
|
||||
{ k => 'WebID', v => 'WebID' },
|
||||
{ k => 'Yubikey', v => 'Yubikey' },
|
||||
{ k => 'Demo', v => 'Demonstration' },
|
||||
{ k => 'Choice', v => 'authChoice' },
|
||||
{ k => 'Combination', v => 'combineMods' },
|
||||
|
|
@ -2714,7 +2713,6 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
{ k => 'SSL', v => 'SSL' },
|
||||
{ k => 'Twitter', v => 'Twitter' },
|
||||
{ k => 'WebID', v => 'WebID' },
|
||||
{ k => 'Yubikey', v => 'Yubikey' },
|
||||
{ k => 'Custom', v => 'customModule' },
|
||||
],
|
||||
[
|
||||
|
|
@ -2773,7 +2771,6 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
{ k => 'SSL', v => 'SSL' },
|
||||
{ k => 'Twitter', v => 'Twitter' },
|
||||
{ k => 'WebID', v => 'WebID' },
|
||||
{ k => 'Yubikey', v => 'Yubikey' },
|
||||
{ k => 'Demo', v => 'Demonstration' },
|
||||
{ k => 'CAS', v => 'Central Authentication Service (CAS)' },
|
||||
{ k => 'OpenID', v => 'OpenID' },
|
||||
|
|
@ -2787,20 +2784,6 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
],
|
||||
},
|
||||
|
||||
# Yubikey
|
||||
yubikeyAuthnLevel => {
|
||||
type => 'int',
|
||||
default => 3,
|
||||
documentation => 'Yubikey authentication level',
|
||||
},
|
||||
yubikeyClientID => { type => 'text', },
|
||||
yubikeySecretKey => { type => 'text', },
|
||||
yubikeyPublicIDSize => {
|
||||
type => 'int',
|
||||
default => 12,
|
||||
documentation => 'Yubikey public ID size',
|
||||
},
|
||||
|
||||
# Custom auth modules
|
||||
customAuth => {
|
||||
type => 'text',
|
||||
|
|
|
|||
|
|
@ -388,15 +388,6 @@ sub tree {
|
|||
'webIDWhitelist'
|
||||
]
|
||||
},
|
||||
{
|
||||
title => 'yubikeyParams',
|
||||
help => 'authyubikey.html',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'yubikeyAuthnLevel', 'yubikeyClientID',
|
||||
'yubikeySecretKey', 'yubikeyPublicIDSize'
|
||||
]
|
||||
},
|
||||
{
|
||||
title => 'customParams',
|
||||
help => 'authcustom.html',
|
||||
|
|
|
|||
|
|
@ -794,11 +794,6 @@
|
|||
"yubikey2fSecretKey":"مفتاح سرأل API",
|
||||
"yubikey2fSelfRegistration":"التسجيل الذاتي",
|
||||
"yubikey2fUrl":"Service URL",
|
||||
"yubikeyAuthnLevel":"مستوى إثبات الهوية",
|
||||
"yubikeyClientID":"API العميل ID",
|
||||
"yubikeyParams":"معاييرYubikey",
|
||||
"yubikeyPublicIDSize":"حجم الجزء العام لي OTP آي دي",
|
||||
"yubikeySecretKey":"مفتاح سرأل API",
|
||||
"zeroConfExplanations":"لا يحتوي الخادم على إعدادات. استخدام قالب لحفظ الأول",
|
||||
|
||||
"saml":"SAML",
|
||||
|
|
|
|||
|
|
@ -794,11 +794,6 @@
|
|||
"yubikey2fSecretKey":"API secret key",
|
||||
"yubikey2fSelfRegistration":"Self registration",
|
||||
"yubikey2fUrl":"Service URL",
|
||||
"yubikeyAuthnLevel":"Authentication level",
|
||||
"yubikeyClientID":"API client ID",
|
||||
"yubikeyParams":"Yubikey parameters",
|
||||
"yubikeyPublicIDSize":"OTP public ID part size",
|
||||
"yubikeySecretKey":"API secret key",
|
||||
"zeroConfExplanations":"Server has no configuration. Use template to save the first.",
|
||||
|
||||
"saml":"SAML",
|
||||
|
|
|
|||
|
|
@ -794,11 +794,6 @@
|
|||
"yubikey2fSecretKey":"Clef secrète de l'API",
|
||||
"yubikey2fSelfRegistration":"Auto-enregistrement",
|
||||
"yubikey2fUrl":"URL du service",
|
||||
"yubikeyAuthnLevel":"Niveau d'authentification",
|
||||
"yubikeyClientID":"Identifiant client de l'API",
|
||||
"yubikeyParams":"Paramètres Yubikey",
|
||||
"yubikeyPublicIDSize":"Taille de la partie publique de l'OTP",
|
||||
"yubikeySecretKey":"Clef secrète de l'API",
|
||||
"zeroConfExplanations":"Le serveur ne dispose pas de configuration. Cette configuration de base vous permet d'en initialiser une.",
|
||||
|
||||
"saml":"SAML",
|
||||
|
|
|
|||
|
|
@ -794,11 +794,6 @@
|
|||
"yubikey2fSecretKey":"Chiave segreta API",
|
||||
"yubikey2fSelfRegistration":"Auto-registrazione",
|
||||
"yubikey2fUrl":"Service URL",
|
||||
"yubikeyAuthnLevel":"Livello di autenticazione",
|
||||
"yubikeyClientID":"ID client API",
|
||||
"yubikeyParams":"Parametri Yubikey",
|
||||
"yubikeyPublicIDSize":"Dimensione della parte ID OTP pubblica",
|
||||
"yubikeySecretKey":"Chiave segreta API",
|
||||
"zeroConfExplanations":"Il server non ha alcuna configurazione. Utilizza il modello per salvare il primo.",
|
||||
|
||||
"saml":"SAML",
|
||||
|
|
|
|||
|
|
@ -794,11 +794,6 @@
|
|||
"yubikey2fSecretKey":"Khóa bí mật API",
|
||||
"yubikey2fSelfRegistration":"Tự đăng ký",
|
||||
"yubikey2fUrl":"Service URL",
|
||||
"yubikeyAuthnLevel":"Mức xác thực",
|
||||
"yubikeyClientID":"ID ứng dụng khách API",
|
||||
"yubikeyParams":"Tham số Yubikey",
|
||||
"yubikeyPublicIDSize":"Kích thước phần tử công khai OTP",
|
||||
"yubikeySecretKey":"Khóa bí mật API",
|
||||
"zeroConfExplanations":"Máy chủ không có cấu hình. Sử dụng mẫu để lưu đầu tiên. ",
|
||||
|
||||
"saml":"SAML",
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -46,7 +46,6 @@ lib/Lemonldap/NG/Portal/Auth/Slave.pm
|
|||
lib/Lemonldap/NG/Portal/Auth/SSL.pm
|
||||
lib/Lemonldap/NG/Portal/Auth/Twitter.pm
|
||||
lib/Lemonldap/NG/Portal/Auth/WebID.pm
|
||||
lib/Lemonldap/NG/Portal/Auth/Yubikey.pm
|
||||
lib/Lemonldap/NG/Portal/CDC.pm
|
||||
lib/Lemonldap/NG/Portal/Issuer/CAS.pm
|
||||
lib/Lemonldap/NG/Portal/Issuer/Get.pm
|
||||
|
|
|
|||
|
|
@ -1,81 +0,0 @@
|
|||
package Lemonldap::NG::Portal::Auth::Yubikey;
|
||||
|
||||
use strict;
|
||||
use Mouse;
|
||||
use JSON;
|
||||
use Lemonldap::NG::Common::UserAgent;
|
||||
use HTTP::Request;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR PE_FORMEMPTY);
|
||||
|
||||
our $VERSION = '2.0.0';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Auth';
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
# Try to load Yubikey perl module
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
eval { require Auth::Yubikey_WebClient };
|
||||
if ($@) {
|
||||
$self->error($@);
|
||||
return 0;
|
||||
}
|
||||
unless ($self->conf->{yubikeyClientID}
|
||||
and $self->conf->{yubikeySecretKey} )
|
||||
{
|
||||
$self->logger->error(
|
||||
"Missing mandatory parameters (Client ID and secret key)");
|
||||
return 0;
|
||||
}
|
||||
$self->conf->{yubikeyPublicIDSize} ||= 12;
|
||||
return 1;
|
||||
}
|
||||
|
||||
sub extractFormInfo {
|
||||
my ( $self, $req ) = @_;
|
||||
|
||||
# Get OTP
|
||||
my $otp = $req->param('yubikeyOTP');
|
||||
return PE_FORMEMPTY unless $otp;
|
||||
|
||||
$self->logger->debug("Received Yubikey OTP $otp");
|
||||
|
||||
# Verify OTP
|
||||
my $result = Auth::Yubikey_WebClient::yubikey_webclient(
|
||||
$otp,
|
||||
$self->conf->{yubikeyClientID},
|
||||
$self->conf->{yubikeySecretKey}
|
||||
);
|
||||
|
||||
if($result ne 'OK') {
|
||||
$self->userLogger->warn('Yubikey verification failed');
|
||||
return PE_BADCREDENTIALS;
|
||||
}
|
||||
|
||||
# Store user, which is the public ID part of the OTP
|
||||
$req->{user} = substr( $otp, 0, $self->conf->{yubikeyPublicIDSize} );
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
sub authenticate {
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
sub setAuthSessionInfo {
|
||||
my ( $self, $req ) = @_;
|
||||
$req->{sessionInfo}->{authenticationLevel} =
|
||||
$self->conf->{yubikeyAuthnLevel};
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
sub authLogout {
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
sub getDisplayType {
|
||||
return 'yubikeyform';
|
||||
}
|
||||
|
||||
1;
|
||||
Loading…
Reference in New Issue
Block a user