U2F in progress (#1148)
This commit is contained in:
parent
8ef4391303
commit
ebf077f7f5
|
@ -1,3 +1,5 @@
|
|||
* GrantSession plugin
|
||||
* Test ForceAuth
|
||||
* Calendar in notifications explorer
|
||||
* login history
|
||||
* Test for Zero
|
||||
|
|
43
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/U2F.pm
Normal file
43
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/U2F.pm
Normal file
|
@ -0,0 +1,43 @@
|
|||
package Lemonldap::NG::Portal::Lib::U2F;
|
||||
|
||||
use strict;
|
||||
use Mouse;
|
||||
|
||||
our $VERSION = '2.0.0';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||
|
||||
has crypter => ( is => 'rw' );
|
||||
|
||||
has origin => (
|
||||
is => 'rw',
|
||||
default => sub {
|
||||
my $p = $_[0]->{conf}->{portal};
|
||||
$p =~ s#^(https?://[^/]+).*$#$1#;
|
||||
return $p;
|
||||
}
|
||||
);
|
||||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
eval 'use Crypt::U2F::Server::Simple';
|
||||
if ($@) {
|
||||
$self->error("Can't load U2F library: $@");
|
||||
return 0;
|
||||
}
|
||||
unless (
|
||||
$self->crypter(
|
||||
Crypt::U2F::Server::Simple->new(
|
||||
appId => $self->origin,
|
||||
origin => $self->origin,
|
||||
)
|
||||
)
|
||||
)
|
||||
{
|
||||
$self->error( Crypt::U2F::Server::Simple::lastError() );
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
1;
|
|
@ -345,6 +345,7 @@ sub updatePersistentSession {
|
|||
|
||||
$uid ||= $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
|
||||
return () unless ($uid);
|
||||
$self->lmLog("Update $uid persistent session", 'debug');
|
||||
|
||||
my $persistentSession = $self->getPersistentSession($uid);
|
||||
|
||||
|
|
|
@ -1,3 +1,7 @@
|
|||
# U2F second factor authentication
|
||||
#
|
||||
# This plugin handle authentications to ask U2F second factor for users that
|
||||
# have registered their U2F key
|
||||
package Lemonldap::NG::Portal::Plugins::U2F;
|
||||
|
||||
use strict;
|
||||
|
@ -5,10 +9,35 @@ use Mouse;
|
|||
|
||||
our $VERSION = '2.0.0';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||
extends 'Lemonldap::NG::Portal::Lib::U2F';
|
||||
|
||||
# INTERFACE
|
||||
|
||||
sub afterDatas { 'run' }
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
has ott => (
|
||||
is => 'rw',
|
||||
default => sub {
|
||||
my $ott =
|
||||
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
||||
$ott->timeout( $_[0]->conf->{formTimeout} );
|
||||
return $ott;
|
||||
}
|
||||
);
|
||||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
return 0 unless $self->SUPER::init;
|
||||
1;
|
||||
}
|
||||
|
||||
# RUNNING METHODS
|
||||
|
||||
# Main method
|
||||
sub run {
|
||||
my($self,$req) = @_;
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
@ -1,46 +1,26 @@
|
|||
# Self U2F registration
|
||||
package Lemonldap::NG::Portal::Register::U2F;
|
||||
|
||||
use strict;
|
||||
use Mouse;
|
||||
use MIME::Base64;
|
||||
|
||||
our $VERSION = '2.0.0';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||
extends 'Lemonldap::NG::Portal::Lib::U2F';
|
||||
|
||||
has crypter => ( is => 'rw' );
|
||||
|
||||
has origin => (
|
||||
is => 'rw',
|
||||
default => sub {
|
||||
my $p = $_[0]->{conf}->{portal};
|
||||
$p =~ s#^(https?://[^/]+).*$#$1#;
|
||||
return $p;
|
||||
}
|
||||
);
|
||||
# INITIALIZATION
|
||||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
eval 'use Crypt::U2F::Server::Simple';
|
||||
if ($@) {
|
||||
$self->error("Can't load U2F library: $@");
|
||||
return 0;
|
||||
}
|
||||
unless (
|
||||
$self->crypter(
|
||||
Crypt::U2F::Server::Simple->new(
|
||||
appId => $self->origin,
|
||||
origin => $self->origin,
|
||||
)
|
||||
)
|
||||
)
|
||||
{
|
||||
$self->error( Crypt::U2F::Server::Simple::lastError() );
|
||||
return 0;
|
||||
}
|
||||
return 0 unless $self->SUPER::init;
|
||||
$self->addAuthRoute( u2fregister => 'run', [ 'GET', 'POST' ] );
|
||||
return 1;
|
||||
}
|
||||
|
||||
# RUNNING METHODS
|
||||
|
||||
# Main method
|
||||
sub run {
|
||||
my ( $self, $req ) = @_;
|
||||
|
||||
|
@ -50,8 +30,13 @@ sub run {
|
|||
my ( $keyHandle, $userKey ) =
|
||||
$self->crypter->registrationVerify($response);
|
||||
if ( $keyHandle and $userKey ) {
|
||||
$self->p->updatePersistentSession( $req,
|
||||
{ _u2fHandle => $keyHandle, _u2fKey => $userKey } );
|
||||
$self->p->updatePersistentSession(
|
||||
$req,
|
||||
{
|
||||
_u2fHandle => encode_base64( $keyHandle, '' ),
|
||||
_u2fKey => encode_base64( $userKey, '' )
|
||||
}
|
||||
);
|
||||
return $self->p->sendHtml( $req, 'u2fregister',
|
||||
params => { SUCCESS => 1 } );
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user