dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

U2F in progress (#1148)

Browse Source
This commit is contained in:
Xavier Guimard 2017-02-04 07:55:47 +00:00
parent 8ef4391303
commit ebf077f7f5
5 changed files with 91 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
TODO-2.0.md
View File

@ -1,3 +1,5 @@
* GrantSession plugin
* Test ForceAuth
* Calendar in notifications explorer
* login history
* Test for Zero

43
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/U2F.pm Normal file
View File

@ -0,0 +1,43 @@
package Lemonldap::NG::Portal::Lib::U2F;
use strict;
use Mouse;
our $VERSION = '2.0.0';
extends 'Lemonldap::NG::Portal::Main::Plugin';
has crypter => ( is => 'rw' );
has origin => (
is => 'rw',
default => sub {
my $p = $_[0]->{conf}->{portal};
$p =~ s#^(https?://[^/]+).*$#$1#;
return $p;
}
);
sub init {
my ($self) = @_;
eval 'use Crypt::U2F::Server::Simple';
if ($@) {
$self->error("Can't load U2F library: $@");
return 0;
}
unless (
$self->crypter(
Crypt::U2F::Server::Simple->new(
appId => $self->origin,
origin => $self->origin,
)
)
)
{
$self->error( Crypt::U2F::Server::Simple::lastError() );
return 0;
}
return 1;
}
1;

1
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
View File

@ -345,6 +345,7 @@ sub updatePersistentSession {
$uid ||= $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
return () unless ($uid);
$self->lmLog("Update $uid persistent session", 'debug');
my $persistentSession = $self->getPersistentSession($uid);

31
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/U2F.pm
View File

@ -1,3 +1,7 @@
# U2F second factor authentication
#
# This plugin handle authentications to ask U2F second factor for users that
# have registered their U2F key
package Lemonldap::NG::Portal::Plugins::U2F;
use strict;
@ -5,10 +9,35 @@ use Mouse;
our $VERSION = '2.0.0';
extends 'Lemonldap::NG::Portal::Main::Plugin';
extends 'Lemonldap::NG::Portal::Lib::U2F';
# INTERFACE
sub afterDatas { 'run' }
# INITIALIZATION
has ott => (
is => 'rw',
default => sub {
my $ott =
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
$ott->timeout( $_[0]->conf->{formTimeout} );
return $ott;
}
);
sub init {
my ($self) = @_;
return 0 unless $self->SUPER::init;
1;
}
# RUNNING METHODS
# Main method
sub run {
my($self,$req) = @_;
}
1;

45
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Register/U2F.pm
View File

@ -1,46 +1,26 @@
# Self U2F registration
package Lemonldap::NG::Portal::Register::U2F;
use strict;
use Mouse;
use MIME::Base64;
our $VERSION = '2.0.0';
extends 'Lemonldap::NG::Portal::Main::Plugin';
extends 'Lemonldap::NG::Portal::Lib::U2F';
has crypter => ( is => 'rw' );
has origin => (
is => 'rw',
default => sub {
my $p = $_[0]->{conf}->{portal};
$p =~ s#^(https?://[^/]+).*$#$1#;
return $p;
}
);
# INITIALIZATION
sub init {
my ($self) = @_;
eval 'use Crypt::U2F::Server::Simple';
if ($@) {
$self->error("Can't load U2F library: $@");
return 0;
}
unless (
$self->crypter(
Crypt::U2F::Server::Simple->new(
appId => $self->origin,
origin => $self->origin,
)
)
)
{
$self->error( Crypt::U2F::Server::Simple::lastError() );
return 0;
}
return 0 unless $self->SUPER::init;
$self->addAuthRoute( u2fregister => 'run', [ 'GET', 'POST' ] );
return 1;
}
# RUNNING METHODS
# Main method
sub run {
my ( $self, $req ) = @_;
@ -50,8 +30,13 @@ sub run {
my ( $keyHandle, $userKey ) =
$self->crypter->registrationVerify($response);
if ( $keyHandle and $userKey ) {
$self->p->updatePersistentSession( $req,
{ _u2fHandle => $keyHandle, _u2fKey => $userKey } );
$self->p->updatePersistentSession(
$req,
{
_u2fHandle => encode_base64( $keyHandle, '' ),
_u2fKey => encode_base64( $userKey, '' )
}
);
return $self->p->sendHtml( $req, 'u2fregister',
params => { SUCCESS => 1 } );
}