From 1e74b2716f80c59b686d009fd45ad7ba2b74f9e7 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Sat, 3 Mar 2018 22:13:54 +0100
Subject: [PATCH 1/9] U2F manager module - Hide U2F key attributs

---
 .gitignore                                    |  3 +-
 .../lib/Lemonldap/NG/Manager/Attributes.pm    | 74 +++++++++----------
 .../site/coffee/sessions.coffee               |  2 +
 lemonldap-ng-manager/site/coffee/u2f.coffee   |  2 +
 .../site/htdocs/static/js/sessions.js         |  2 +
 .../site/htdocs/static/js/sessions.min.js     |  2 +-
 .../site/htdocs/static/js/u2f.js              |  2 +
 .../site/htdocs/static/js/u2f.min.js          |  2 +-
 8 files changed, 48 insertions(+), 41 deletions(-)

diff --git a/.gitignore b/.gitignore
index 8b59be3fb..8dd528420 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,5 @@
 node_modules
-e2e-tests/conf/
+e2e-tests/
 lemonldap-ng-common/MYMETA.json
 lemonldap-ng-common/MYMETA.yml
 lemonldap-ng-common/Makefile
@@ -22,4 +22,3 @@ lemonldap-ng-portal/blib/
 lemonldap-ng-portal/t/
 .gitignore
 lemonldap-ng-portal/pm_to_blib
-e2e-tests/lemonldap-ng.ini
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
index 1a93f1e51..a90db612c 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@@ -8,12 +8,12 @@ sub types {
         'authParamsText' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'blackWhiteList' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'bool' => {
             'msgFail' => '__notABoolean__',
@@ -36,17 +36,17 @@ sub types {
                         split( /\n/, $@, 0 ) )
                 );
                 return $err ? ( 1, "__badExpression__: $err" ) : 1;
-            }
+              }
         },
         'catAndAppList' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'file' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'hostname' => {
             'form'    => 'text',
@@ -80,48 +80,48 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
                       if $_ =~ /exportedvars$/i and defined $conf->{$_}{$val};
                 }
                 return 1, "__unknownAttrOrMacro__: $val";
-            }
+              }
         },
         'longtext' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'menuApp' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'menuCat' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'oidcmetadatajson' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'oidcmetadatajwks' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'oidcOPMetaDataNode' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'oidcRPMetaDataNode' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'password' => {
             'msgFail' => '__malformedValue__',
             'test'    => sub {
                 1;
-            }
+              }
         },
         'pcre' => {
             'form' => 'text',
@@ -132,7 +132,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
                       }
                 };
                 return $@ ? ( 0, "__badRegexp__: $@" ) : 1;
-            }
+              }
         },
         'PerlModule' => {
             'form'    => 'text',
@@ -142,17 +142,17 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
         'portalskin' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'portalskinbackground' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'post' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'RSAPrivateKey' => {
             'test' => sub {
@@ -160,7 +160,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
 m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:RSA\s+)PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s
                   ? 1
                   : ( 1, '__badPemEncoding__' );
-            }
+              }
         },
         'RSAPublicKey' => {
             'test' => sub {
@@ -168,7 +168,7 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+=
 m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$]s
                   ? 1
                   : ( 1, '__badPemEncoding__' );
-            }
+              }
         },
         'RSAPublicKeyOrCertificate' => {
             'test' => sub {
@@ -176,37 +176,37 @@ m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\
 m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$]s
                   ? 1
                   : ( 1, '__badPemEncoding__' );
-            }
+              }
         },
         'rule' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'samlAssertion' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'samlAttribute' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'samlIDPMetaDataNode' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'samlService' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'samlSPMetaDataNode' => {
             'test' => sub {
                 1;
-            }
+              }
         },
         'select' => {
             'test' => sub {
@@ -216,19 +216,19 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\
                 return $test
                   ? 1
                   : ( 1, "Invalid value '$_[0]' for this select" );
-            }
+              }
         },
         'subContainer' => {
             'keyTest' => qr/\w/,
             'test'    => sub {
                 1;
-            }
+              }
         },
         'text' => {
             'msgFail' => '__malformedValue__',
             'test'    => sub {
                 1;
-            }
+              }
         },
         'trool' => {
             'msgFail' => '__authorizedValues__: -1, 0, 1',
@@ -1036,7 +1036,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
                             split( /\n/, $@, 0 ) )
                     );
                     return $err ? ( 1, "__badExpression__: $err" ) : 1;
-                }
+                  }
             },
             'type' => 'keyTextContainer'
         },
@@ -1208,7 +1208,7 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
                           and defined $conf->{$_}{$val};
                     }
                     return 1, "__unknownAttrOrMacro__: $val";
-                }
+                  }
             },
             'type' => 'doubleHash'
         },
@@ -1490,7 +1490,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
                             split( /\n/, $@, 0 ) )
                     );
                     return $err ? ( 1, "__badExpression__: $err" ) : 1;
-                }
+                  }
             },
             'type' => 'ruleContainer'
         },
@@ -2986,19 +2986,19 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
             'default' => 0,
             'select'  => [
                 {
-                    'k' => '0',
+                    'k' => 0,
                     'v' => 'unsecuredCookie'
                 },
                 {
-                    'k' => '1',
+                    'k' => 1,
                     'v' => 'securedCookie'
                 },
                 {
-                    'k' => '2',
+                    'k' => 2,
                     'v' => 'doubleCookie'
                 },
                 {
-                    'k' => '3',
+                    'k' => 3,
                     'v' => 'doubleCookieForSingleSession'
                 }
             ],
diff --git a/lemonldap-ng-manager/site/coffee/sessions.coffee b/lemonldap-ng-manager/site/coffee/sessions.coffee
index 428b4a133..e2e7646e5 100644
--- a/lemonldap-ng-manager/site/coffee/sessions.coffee
+++ b/lemonldap-ng-manager/site/coffee/sessions.coffee
@@ -196,6 +196,8 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
 							session[key] = $scope.localeDate value
 						else if key.match /^(_startTime|_updateTime)$/
 							session[key] = _stToStr value
+						else if key.match /^(_u2fKeyHandle|_u2fUserKey)$/
+							session[key] = '########'
 			res = []
 
 			# 2. Push session keys in reuslt, grouped by categories
diff --git a/lemonldap-ng-manager/site/coffee/u2f.coffee b/lemonldap-ng-manager/site/coffee/u2f.coffee
index e19d9fa60..c32be1488 100644
--- a/lemonldap-ng-manager/site/coffee/u2f.coffee
+++ b/lemonldap-ng-manager/site/coffee/u2f.coffee
@@ -197,6 +197,8 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
 							session[key] = $scope.localeDate value
 						else if key.match /^(_startTime|_updateTime)$/
 							session[key] = _stToStr value
+						else if key.match /^(_u2fKeyHandle|_u2fUserKey)$/
+							session[key] = '########'
 			res = []
 
 			# 2. Push session keys in result, grouped by categories
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/sessions.js b/lemonldap-ng-manager/site/htdocs/static/js/sessions.js
index ccc91c467..59878cbcc 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/sessions.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/sessions.js
@@ -227,6 +227,8 @@
                   session[key] = $scope.localeDate(value);
                 } else if (key.match(/^(_startTime|_updateTime)$/)) {
                   session[key] = _stToStr(value);
+                } else if (key.match(/^(_u2fKeyHandle|_u2fUserKey)$/)) {
+                  session[key] = '########';
                 }
               }
             }
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js b/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js
index 2d199aba4..9a3cbbe27 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js
@@ -1 +1 @@
-(function(){var c,e,d,b,g,f,a;b=25;a={_whatToTrace:[function(i,h){return"groupBy=substr("+i+",1)"},function(i,h){return i+"="+h+"*&groupBy="+i},function(i,h){return i+"="+h}],ipAddr:[function(i,h){return"groupBy=net("+i+",16,1)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",32,2)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",48,3)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",128,4)"},function(i,h){return i+"="+h+"&groupBy=_whatToTrace"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],_startTime:[function(i,h){return"groupBy=substr("+i+",8)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",10)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",11)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",12)"},function(i,h){return i+"="+h+"*&groupBy=_whatToTrace"},function(i,h,j){console.log(i);console.log(h);console.log(j);return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],doubleIp:[function(i,h){return i},function(i,h){return"_whatToTrace="+h+"&groupBy=ipAddr"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&ipAddr="+h)}]};f={_whatToTrace:function(i,h,k,j){if(k===1){return i+"="+h+"*&groupBy=substr("+i+","+(k+j+1)+")"}else{return null}},ipAddr:function(i,h,k,j){if(k>0&&k<4){return i+"="+h+"*&groupBy=net("+i+","+(16*k+4*(j+1))+",2)"}else{return null}}};e="_password";c={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"]};g={session:[{title:"deleteSession",icon:"trash"}],home:[]};d=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);d.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(p,h,i,j,m){var n,l,k,o;p.links=links;p.menulinks=menulinks;p.staticPrefix=staticPrefix;p.scriptname=scriptname;p.formPrefix=formPrefix;p.availableLanguages=availableLanguages;p.waiting=true;p.showM=false;p.showT=true;p.data=[];p.currentScope=null;p.currentSession=null;p.menu=g;p.translateP=h.translateP;p.translate=h.translate;p.translateTitle=function(q){return h.translateField(q,"title")};o="global";p.menuClick=function(q){if(q.popup){window.open(q.popup)}else{if(!q.action){q.action=q.title}switch(typeof q.action){case"function":q.action(p.currentNode,p);break;case"string":p[q.action]();break;default:console.log(typeof q.action)}}return p.showM=false};p.deleteSession=function(){p.waiting=true;return m["delete"](scriptname+"sessions/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;p.currentScope.remove();return p.waiting=false},function(q){p.currentSession=null;p.currentScope.remove();return p.waiting=false})};p.stoggle=function(q){var r;r=q.$modelValue;if(r.nodes.length===0){p.updateTree(r.value,r.nodes,r.level,r.over,r.query,r.count)}return q.toggle()};p.displaySession=function(r){var s,q;q=function(t){var y,A,E,C,G,J,B,I,H,O,F,K,x,w,u,z,N,M,v,L,D;A=function(P){return P};y=function(S,U){var Q,R,P,T;P=[];R=new RegExp(S);for(Q in t){T=t[Q];if(Q.match(R)&&T){P.push({title:Q,value:T});delete t[Q]}}if(P.length>0){return N.push({title:U,nodes:P})}};v=t._utime;B=t._session_id;for(O in t){D=t[O];if(!D){delete t[O]}else{if(typeof t==="string"&&D.match(/; /)){t[O]=D.split("; ")}if(typeof t[O]!=="object"){if(e.match(new RegExp("\b"+O+"\b"))){t[O]="********"}else{if(O.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){t[O]=p.localeDate(D)}else{if(O.match(/^(_startTime|_updateTime)$/)){t[O]=A(D)}}}}}}N=[];for(G in c){C=c[G];M=[];for(J=0,K=C.length;J<K;J++){E=C[J];if(t[E]){M.push({title:E,value:t[E]});delete t[E]}}if(M.length>0){N.push({title:"__"+G+"__",nodes:M})}}y("^openid","OpenID");y("^notification_(.+)","__notificationsDone__");if(t._loginHistory){L=[];if(t._loginHistory.successLogin){u=t._loginHistory.successLogin;for(I=0,x=u.length;I<x;I++){F=u[I];L.push({t:F._utime,title:p.localeDate(F._utime),value:"Success (IP "+F.ipAddr+")"})}}if(t._loginHistory.failedLogin){z=t._loginHistory.failedLogin;for(H=0,w=z.length;H<w;H++){F=z[H];L.push({t:F._utime,title:p.localeDate(F._utime),value:F.error+" (IP "+F.ipAddr+")"})}}delete t._loginHistory;L.sort(function(Q,P){return Q.t-P.t});N.push({title:"__loginHistory__",nodes:L})}L=[];for(O in t){D=t[O];L.push({title:O,value:D})}L.sort(function(Q,P){if(Q.title>P.title){return 1}else{if(Q.title<P.title){return -1}else{return 0}}});N.push({title:"__attributesAndMacros__",nodes:L});return{_utime:v,id:B,nodes:N}};p.currentScope=r;s=r.$modelValue.session;m.get(scriptname+"sessions/"+o+"/"+s).then(function(t){return p.currentSession=q(t.data)});return p.showT=false};p.localeDate=function(q){var r;r=new Date(q*1000);return r.toLocaleString()};p.getLanguage=function(q){p.lang=q;p.form="white";p.init();return p.showM=false};k=function(r,q,s){var t;t=q.match(/#\/(\w+)/);o="global";if(t===null){p.type="_whatToTrace"}else{if(t[1].match(/^(persistent)$/)){o=RegExp.$1;p.type="_session_uid"}else{p.type=t[1]}}return p.init()};p.$on("$locationChangeSuccess",k);n=0;p.updateTree=function(y,s,q,v,x,u){var w,r,t;p.waiting=true;r=a[p.type]?a[p.type]:p.type==="_updateTime"?a._startTime:a._whatToTrace;w=r[q](p.type,y,x);if(u>b&&f[p.type]){if(t=f[p.type](p.type,y,q,v,x)){v++;w=t;q=q-1}else{v=0}}else{v=0}return m.get(scriptname+"sessions/"+o+"?"+w).then(function(A){var D,B,z,E,C;D=A.data;if(D.result){C=D.values;for(B=0,z=C.length;B<z;B++){E=C[B];n++;E.id="node"+n;if(q<r.length-1){E.nodes=[];E.level=q+1;E.query=w;E.over=v;if(p.type.match(/^(?:start|update)Time$/)){E.title=E.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}s.push(E)}if(y===""){p.total=D.total}}return p.waiting=false},function(z){return p.waiting=false})};p.init=function(){p.waiting=true;p.data=[];return j.all([h.init(p.lang),p.updateTree("",p.data,0,0)]).then(function(){return p.waiting=false},function(q){return p.waiting=false})};l=i.path().match(/^\/(\w+)/);return p.type=l?l[1]:"_whatToTrace"}])}).call(this);
\ No newline at end of file
+(function(){var c,e,d,b,g,f,a;b=25;a={_whatToTrace:[function(i,h){return"groupBy=substr("+i+",1)"},function(i,h){return i+"="+h+"*&groupBy="+i},function(i,h){return i+"="+h}],ipAddr:[function(i,h){return"groupBy=net("+i+",16,1)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",32,2)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",48,3)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",128,4)"},function(i,h){return i+"="+h+"&groupBy=_whatToTrace"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],_startTime:[function(i,h){return"groupBy=substr("+i+",8)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",10)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",11)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",12)"},function(i,h){return i+"="+h+"*&groupBy=_whatToTrace"},function(i,h,j){console.log(i);console.log(h);console.log(j);return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],doubleIp:[function(i,h){return i},function(i,h){return"_whatToTrace="+h+"&groupBy=ipAddr"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&ipAddr="+h)}]};f={_whatToTrace:function(i,h,k,j){if(k===1){return i+"="+h+"*&groupBy=substr("+i+","+(k+j+1)+")"}else{return null}},ipAddr:function(i,h,k,j){if(k>0&&k<4){return i+"="+h+"*&groupBy=net("+i+","+(16*k+4*(j+1))+",2)"}else{return null}}};e="_password";c={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"]};g={session:[{title:"deleteSession",icon:"trash"}],home:[]};d=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);d.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(p,h,i,j,m){var n,l,k,o;p.links=links;p.menulinks=menulinks;p.staticPrefix=staticPrefix;p.scriptname=scriptname;p.formPrefix=formPrefix;p.availableLanguages=availableLanguages;p.waiting=true;p.showM=false;p.showT=true;p.data=[];p.currentScope=null;p.currentSession=null;p.menu=g;p.translateP=h.translateP;p.translate=h.translate;p.translateTitle=function(q){return h.translateField(q,"title")};o="global";p.menuClick=function(q){if(q.popup){window.open(q.popup)}else{if(!q.action){q.action=q.title}switch(typeof q.action){case"function":q.action(p.currentNode,p);break;case"string":p[q.action]();break;default:console.log(typeof q.action)}}return p.showM=false};p.deleteSession=function(){p.waiting=true;return m["delete"](scriptname+"sessions/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;p.currentScope.remove();return p.waiting=false},function(q){p.currentSession=null;p.currentScope.remove();return p.waiting=false})};p.stoggle=function(q){var r;r=q.$modelValue;if(r.nodes.length===0){p.updateTree(r.value,r.nodes,r.level,r.over,r.query,r.count)}return q.toggle()};p.displaySession=function(r){var s,q;q=function(t){var y,A,E,C,G,J,B,I,H,O,F,K,x,w,u,z,N,M,v,L,D;A=function(P){return P};y=function(S,U){var Q,R,P,T;P=[];R=new RegExp(S);for(Q in t){T=t[Q];if(Q.match(R)&&T){P.push({title:Q,value:T});delete t[Q]}}if(P.length>0){return N.push({title:U,nodes:P})}};v=t._utime;B=t._session_id;for(O in t){D=t[O];if(!D){delete t[O]}else{if(typeof t==="string"&&D.match(/; /)){t[O]=D.split("; ")}if(typeof t[O]!=="object"){if(e.match(new RegExp("\b"+O+"\b"))){t[O]="********"}else{if(O.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){t[O]=p.localeDate(D)}else{if(O.match(/^(_startTime|_updateTime)$/)){t[O]=A(D)}else{if(O.match(/^(_u2fKeyHandle|_u2fUserKey)$/)){t[O]="########"}}}}}}}N=[];for(G in c){C=c[G];M=[];for(J=0,K=C.length;J<K;J++){E=C[J];if(t[E]){M.push({title:E,value:t[E]});delete t[E]}}if(M.length>0){N.push({title:"__"+G+"__",nodes:M})}}y("^openid","OpenID");y("^notification_(.+)","__notificationsDone__");if(t._loginHistory){L=[];if(t._loginHistory.successLogin){u=t._loginHistory.successLogin;for(I=0,x=u.length;I<x;I++){F=u[I];L.push({t:F._utime,title:p.localeDate(F._utime),value:"Success (IP "+F.ipAddr+")"})}}if(t._loginHistory.failedLogin){z=t._loginHistory.failedLogin;for(H=0,w=z.length;H<w;H++){F=z[H];L.push({t:F._utime,title:p.localeDate(F._utime),value:F.error+" (IP "+F.ipAddr+")"})}}delete t._loginHistory;L.sort(function(Q,P){return Q.t-P.t});N.push({title:"__loginHistory__",nodes:L})}L=[];for(O in t){D=t[O];L.push({title:O,value:D})}L.sort(function(Q,P){if(Q.title>P.title){return 1}else{if(Q.title<P.title){return -1}else{return 0}}});N.push({title:"__attributesAndMacros__",nodes:L});return{_utime:v,id:B,nodes:N}};p.currentScope=r;s=r.$modelValue.session;m.get(scriptname+"sessions/"+o+"/"+s).then(function(t){return p.currentSession=q(t.data)});return p.showT=false};p.localeDate=function(q){var r;r=new Date(q*1000);return r.toLocaleString()};p.getLanguage=function(q){p.lang=q;p.form="white";p.init();return p.showM=false};k=function(r,q,s){var t;t=q.match(/#\/(\w+)/);o="global";if(t===null){p.type="_whatToTrace"}else{if(t[1].match(/^(persistent)$/)){o=RegExp.$1;p.type="_session_uid"}else{p.type=t[1]}}return p.init()};p.$on("$locationChangeSuccess",k);n=0;p.updateTree=function(y,s,q,v,x,u){var w,r,t;p.waiting=true;r=a[p.type]?a[p.type]:p.type==="_updateTime"?a._startTime:a._whatToTrace;w=r[q](p.type,y,x);if(u>b&&f[p.type]){if(t=f[p.type](p.type,y,q,v,x)){v++;w=t;q=q-1}else{v=0}}else{v=0}return m.get(scriptname+"sessions/"+o+"?"+w).then(function(A){var D,B,z,E,C;D=A.data;if(D.result){C=D.values;for(B=0,z=C.length;B<z;B++){E=C[B];n++;E.id="node"+n;if(q<r.length-1){E.nodes=[];E.level=q+1;E.query=w;E.over=v;if(p.type.match(/^(?:start|update)Time$/)){E.title=E.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}s.push(E)}if(y===""){p.total=D.total}}return p.waiting=false},function(z){return p.waiting=false})};p.init=function(){p.waiting=true;p.data=[];return j.all([h.init(p.lang),p.updateTree("",p.data,0,0)]).then(function(){return p.waiting=false},function(q){return p.waiting=false})};l=i.path().match(/^\/(\w+)/);return p.type=l?l[1]:"_whatToTrace"}])}).call(this);
\ No newline at end of file
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/u2f.js b/lemonldap-ng-manager/site/htdocs/static/js/u2f.js
index 09c041abf..5f326c230 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/u2f.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/u2f.js
@@ -226,6 +226,8 @@
                   session[key] = $scope.localeDate(value);
                 } else if (key.match(/^(_startTime|_updateTime)$/)) {
                   session[key] = _stToStr(value);
+                } else if (key.match(/^(_u2fKeyHandle|_u2fUserKey)$/)) {
+                  session[key] = '########';
                 }
               }
             }
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js b/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js
index 84ed3d7dd..62c83b027 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js
@@ -1 +1 @@
-(function(){var c,e,d,b,g,f,a;b=25;a={_whatToTrace:[function(i,h){return"groupBy=substr("+i+",1)"},function(i,h){return i+"="+h+"*&groupBy="+i},function(i,h){return i+"="+h}],ipAddr:[function(i,h){return"groupBy=net("+i+",16,1)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",32,2)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",48,3)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",128,4)"},function(i,h){return i+"="+h+"&groupBy=_whatToTrace"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],_startTime:[function(i,h){return"groupBy=substr("+i+",8)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",10)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",11)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",12)"},function(i,h){return i+"="+h+"*&groupBy=_whatToTrace"},function(i,h,j){console.log(i);console.log(h);console.log(j);return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],doubleIp:[function(i,h){return i},function(i,h){return"_whatToTrace="+h+"&groupBy=ipAddr"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&ipAddr="+h)}]};f={_whatToTrace:function(i,h,k,j){if(k===1){return i+"="+h+"*&groupBy=substr("+i+","+(k+j+1)+")"}else{return null}},ipAddr:function(i,h,k,j){if(k>0&&k<4){return i+"="+h+"*&groupBy=net("+i+","+(16*k+4*(j+1))+",2)"}else{return null}}};e="_password";c={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"]};g={session:[{title:"deleteU2FKey",icon:"trash"}],home:[]};d=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);d.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(p,h,i,j,m){var n,l,k,o;p.links=links;p.menulinks=menulinks;p.staticPrefix=staticPrefix;p.scriptname=scriptname;p.formPrefix=formPrefix;p.availableLanguages=availableLanguages;p.waiting=true;p.showM=false;p.showT=true;p.data=[];p.currentScope=null;p.currentSession=null;p.menu=g;p.translateP=h.translateP;p.translate=h.translate;p.translateTitle=function(q){return h.translateField(q,"title")};o="global";p.menuClick=function(q){if(q.popup){window.open(q.popup)}else{if(!q.action){q.action=q.title}switch(typeof q.action){case"function":q.action(p.currentNode,p);break;case"string":p[q.action]();break;default:console.log(typeof q.action)}}return p.showM=false};p.deleteU2FKey=function(){p.waiting=true;m["delete"](scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.stoggle=function(q){var r;r=q.$modelValue;if(r.nodes.length===0){p.updateTree(r.value,r.nodes,r.level,r.over,r.query,r.count)}return q.toggle()};p.displaySession=function(r){var s,q;q=function(t){var y,A,E,C,G,J,B,I,H,O,F,K,x,w,u,z,N,M,v,L,D;A=function(P){return P};y=function(S,U){var Q,R,P,T;P=[];R=new RegExp(S);for(Q in t){T=t[Q];if(Q.match(R)&&T){P.push({title:Q,value:T});delete t[Q]}}if(P.length>0){return N.push({title:U,nodes:P})}};v=t._utime;B=t._session_id;for(O in t){D=t[O];if(!D){delete t[O]}else{if(typeof t==="string"&&D.match(/; /)){t[O]=D.split("; ")}if(typeof t[O]!=="object"){if(e.match(new RegExp("\b"+O+"\b"))){t[O]="********"}else{if(O.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){t[O]=p.localeDate(D)}else{if(O.match(/^(_startTime|_updateTime)$/)){t[O]=A(D)}}}}}}N=[];for(G in c){C=c[G];M=[];for(J=0,K=C.length;J<K;J++){E=C[J];if(t[E]){M.push({title:E,value:t[E]});delete t[E]}}if(M.length>0){N.push({title:"__"+G+"__",nodes:M})}}y("^openid","OpenID");y("^notification_(.+)","__notificationsDone__");if(t._loginHistory){L=[];if(t._loginHistory.successLogin){u=t._loginHistory.successLogin;for(I=0,x=u.length;I<x;I++){F=u[I];L.push({t:F._utime,title:p.localeDate(F._utime),value:"Success (IP "+F.ipAddr+")"})}}if(t._loginHistory.failedLogin){z=t._loginHistory.failedLogin;for(H=0,w=z.length;H<w;H++){F=z[H];L.push({t:F._utime,title:p.localeDate(F._utime),value:F.error+" (IP "+F.ipAddr+")"})}}delete t._loginHistory;L.sort(function(Q,P){return Q.t-P.t});N.push({title:"__loginHistory__",nodes:L})}L=[];for(O in t){D=t[O];L.push({title:O,value:D})}L.sort(function(Q,P){if(Q.title>P.title){return 1}else{if(Q.title<P.title){return -1}else{return 0}}});N.push({title:"__attributesAndMacros__",nodes:L});return{_utime:v,id:B,nodes:N}};p.currentScope=r;s=r.$modelValue.session;m.get(scriptname+"sessions/"+o+"/"+s).then(function(t){return p.currentSession=q(t.data)});return p.showT=false};p.localeDate=function(q){var r;r=new Date(q*1000);return r.toLocaleString()};p.getLanguage=function(q){p.lang=q;p.form="white";p.init();return p.showM=false};k=function(r,q,s){var t;t=q.match(/#\/(\w+)/);o="global";if(t===null){p.type="_whatToTrace"}else{if(t[1].match(/^(persistent)$/)){o=RegExp.$1;p.type="_session_uid"}else{p.type=t[1]}}return p.init()};p.$on("$locationChangeSuccess",k);n=0;p.updateTree=function(y,s,q,v,x,u){var w,r,t;p.waiting=true;r=a[p.type]?a[p.type]:p.type==="_updateTime"?a._startTime:a._whatToTrace;w=r[q](p.type,y,x);if(u>b&&f[p.type]){if(t=f[p.type](p.type,y,q,v,x)){v++;w=t;q=q-1}else{v=0}}else{v=0}return m.get(scriptname+"sessions/"+o+"?"+w).then(function(A){var D,B,z,E,C;D=A.data;if(D.result){C=D.values;for(B=0,z=C.length;B<z;B++){E=C[B];n++;E.id="node"+n;if(q<r.length-1){E.nodes=[];E.level=q+1;E.query=w;E.over=v;if(p.type.match(/^(?:start|update)Time$/)){E.title=E.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}s.push(E)}if(y===""){p.total=D.total}}return p.waiting=false},function(z){return p.waiting=false})};p.init=function(){p.waiting=true;p.data=[];return j.all([h.init(p.lang),p.updateTree("",p.data,0,0)]).then(function(){return p.waiting=false},function(q){return p.waiting=false})};l=i.path().match(/^\/(\w+)/);return p.type=l?l[1]:"_whatToTrace"}])}).call(this);
\ No newline at end of file
+(function(){var c,e,d,b,g,f,a;b=25;a={_whatToTrace:[function(i,h){return"groupBy=substr("+i+",1)"},function(i,h){return i+"="+h+"*&groupBy="+i},function(i,h){return i+"="+h}],ipAddr:[function(i,h){return"groupBy=net("+i+",16,1)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",32,2)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",48,3)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",128,4)"},function(i,h){return i+"="+h+"&groupBy=_whatToTrace"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],_startTime:[function(i,h){return"groupBy=substr("+i+",8)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",10)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",11)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",12)"},function(i,h){return i+"="+h+"*&groupBy=_whatToTrace"},function(i,h,j){console.log(i);console.log(h);console.log(j);return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],doubleIp:[function(i,h){return i},function(i,h){return"_whatToTrace="+h+"&groupBy=ipAddr"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&ipAddr="+h)}]};f={_whatToTrace:function(i,h,k,j){if(k===1){return i+"="+h+"*&groupBy=substr("+i+","+(k+j+1)+")"}else{return null}},ipAddr:function(i,h,k,j){if(k>0&&k<4){return i+"="+h+"*&groupBy=net("+i+","+(16*k+4*(j+1))+",2)"}else{return null}}};e="_password";c={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"]};g={session:[{title:"deleteU2FKey",icon:"trash"}],home:[]};d=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);d.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(p,h,i,j,m){var n,l,k,o;p.links=links;p.menulinks=menulinks;p.staticPrefix=staticPrefix;p.scriptname=scriptname;p.formPrefix=formPrefix;p.availableLanguages=availableLanguages;p.waiting=true;p.showM=false;p.showT=true;p.data=[];p.currentScope=null;p.currentSession=null;p.menu=g;p.translateP=h.translateP;p.translate=h.translate;p.translateTitle=function(q){return h.translateField(q,"title")};o="global";p.menuClick=function(q){if(q.popup){window.open(q.popup)}else{if(!q.action){q.action=q.title}switch(typeof q.action){case"function":q.action(p.currentNode,p);break;case"string":p[q.action]();break;default:console.log(typeof q.action)}}return p.showM=false};p.deleteU2FKey=function(){p.waiting=true;m["delete"](scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.stoggle=function(q){var r;r=q.$modelValue;if(r.nodes.length===0){p.updateTree(r.value,r.nodes,r.level,r.over,r.query,r.count)}return q.toggle()};p.displaySession=function(r){var s,q;q=function(t){var y,A,E,C,G,J,B,I,H,O,F,K,x,w,u,z,N,M,v,L,D;A=function(P){return P};y=function(S,U){var Q,R,P,T;P=[];R=new RegExp(S);for(Q in t){T=t[Q];if(Q.match(R)&&T){P.push({title:Q,value:T});delete t[Q]}}if(P.length>0){return N.push({title:U,nodes:P})}};v=t._utime;B=t._session_id;for(O in t){D=t[O];if(!D){delete t[O]}else{if(typeof t==="string"&&D.match(/; /)){t[O]=D.split("; ")}if(typeof t[O]!=="object"){if(e.match(new RegExp("\b"+O+"\b"))){t[O]="********"}else{if(O.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){t[O]=p.localeDate(D)}else{if(O.match(/^(_startTime|_updateTime)$/)){t[O]=A(D)}else{if(O.match(/^(_u2fKeyHandle|_u2fUserKey)$/)){t[O]="########"}}}}}}}N=[];for(G in c){C=c[G];M=[];for(J=0,K=C.length;J<K;J++){E=C[J];if(t[E]){M.push({title:E,value:t[E]});delete t[E]}}if(M.length>0){N.push({title:"__"+G+"__",nodes:M})}}y("^openid","OpenID");y("^notification_(.+)","__notificationsDone__");if(t._loginHistory){L=[];if(t._loginHistory.successLogin){u=t._loginHistory.successLogin;for(I=0,x=u.length;I<x;I++){F=u[I];L.push({t:F._utime,title:p.localeDate(F._utime),value:"Success (IP "+F.ipAddr+")"})}}if(t._loginHistory.failedLogin){z=t._loginHistory.failedLogin;for(H=0,w=z.length;H<w;H++){F=z[H];L.push({t:F._utime,title:p.localeDate(F._utime),value:F.error+" (IP "+F.ipAddr+")"})}}delete t._loginHistory;L.sort(function(Q,P){return Q.t-P.t});N.push({title:"__loginHistory__",nodes:L})}L=[];for(O in t){D=t[O];L.push({title:O,value:D})}L.sort(function(Q,P){if(Q.title>P.title){return 1}else{if(Q.title<P.title){return -1}else{return 0}}});N.push({title:"__attributesAndMacros__",nodes:L});return{_utime:v,id:B,nodes:N}};p.currentScope=r;s=r.$modelValue.session;m.get(scriptname+"sessions/"+o+"/"+s).then(function(t){return p.currentSession=q(t.data)});return p.showT=false};p.localeDate=function(q){var r;r=new Date(q*1000);return r.toLocaleString()};p.getLanguage=function(q){p.lang=q;p.form="white";p.init();return p.showM=false};k=function(r,q,s){var t;t=q.match(/#\/(\w+)/);o="global";if(t===null){p.type="_whatToTrace"}else{if(t[1].match(/^(persistent)$/)){o=RegExp.$1;p.type="_session_uid"}else{p.type=t[1]}}return p.init()};p.$on("$locationChangeSuccess",k);n=0;p.updateTree=function(y,s,q,v,x,u){var w,r,t;p.waiting=true;r=a[p.type]?a[p.type]:p.type==="_updateTime"?a._startTime:a._whatToTrace;w=r[q](p.type,y,x);if(u>b&&f[p.type]){if(t=f[p.type](p.type,y,q,v,x)){v++;w=t;q=q-1}else{v=0}}else{v=0}return m.get(scriptname+"sessions/"+o+"?"+w).then(function(A){var D,B,z,E,C;D=A.data;if(D.result){C=D.values;for(B=0,z=C.length;B<z;B++){E=C[B];n++;E.id="node"+n;if(q<r.length-1){E.nodes=[];E.level=q+1;E.query=w;E.over=v;if(p.type.match(/^(?:start|update)Time$/)){E.title=E.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}s.push(E)}if(y===""){p.total=D.total}}return p.waiting=false},function(z){return p.waiting=false})};p.init=function(){p.waiting=true;p.data=[];return j.all([h.init(p.lang),p.updateTree("",p.data,0,0)]).then(function(){return p.waiting=false},function(q){return p.waiting=false})};l=i.path().match(/^\/(\w+)/);return p.type=l?l[1]:"_whatToTrace"}])}).call(this);
\ No newline at end of file

From d50775a5f2c37509f7a0033b18e39bb8a7b83eea Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Sat, 3 Mar 2018 23:19:30 +0100
Subject: [PATCH 2/9] Append add & verify button + update lang

---
 .../lib/Lemonldap/NG/Common/Session/REST.pm   | 52 ++++++++++++++++++-
 .../lib/Lemonldap/NG/Manager/U2F.pm           | 22 +++++---
 lemonldap-ng-manager/site/coffee/u2f.coffee   | 42 +++++++++++++--
 .../site/htdocs/static/js/u2f.js              | 38 ++++++++++++--
 .../site/htdocs/static/js/u2f.min.js          |  2 +-
 .../site/htdocs/static/languages/ar.json      |  2 +
 .../site/htdocs/static/languages/en.json      |  2 +
 .../site/htdocs/static/languages/fr.json      |  2 +
 .../site/htdocs/static/languages/it.json      |  2 +
 .../site/htdocs/static/languages/vi.json      |  2 +
 lemonldap-ng-manager/site/templates/u2f.tpl   |  6 ++-
 .../site/htdocs/static/languages/en.json      |  2 +-
 .../site/htdocs/static/languages/fr.json      |  4 +-
 13 files changed, 156 insertions(+), 22 deletions(-)

diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm
index e156f1398..1d90dac32 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm
@@ -52,7 +52,7 @@ sub delSession {
     return $self->sendJSONresponse( $req, { result => 1 } );
 }
 
-sub delU2FKey {
+sub deleteU2FKey {
     my ( $self, $req ) = @_;
     return $self->sendJSONresponse( $req, { result => 1 } )
       if ( $self->{demoMode} );
@@ -77,6 +77,56 @@ sub delU2FKey {
     return $self->sendJSONresponse( $req, { result => 1 } );
 }
 
+sub addU2FKey {
+    my ( $self, $req ) = @_;
+    return $self->sendJSONresponse( $req, { result => 1 } )
+      if ( $self->{demoMode} );
+    my $mod = $self->getMod($req)
+      or return $self->sendError( $req, undef, 400 );
+    my $id = $req->params('sessionId')
+      or return $self->sendError( $req, 'sessionId is missing', 400 );
+
+    # Try to read session
+    my $session = $self->getApacheSession( $mod, $id )
+      or return $self->sendError( $req, undef, 400 );
+
+    # Delete U2F key attributs and update session
+    $session->data->{_u2fKeyHandle} = 'TOF';
+    $session->data->{_u2fUserKey}   = 'TOF';
+    $session->update( \%{ $session->data } );
+
+    Lemonldap::NG::Handler::PSGI::Main->localUnlog( $req, $id );
+    if ( $session->error ) {
+        return $self->sendError( $req, $session->error, 200 );
+    }
+    return $self->sendJSONresponse( $req, { result => 1 } );
+}
+
+sub verifyU2FKey {
+    my ( $self, $req ) = @_;
+    return $self->sendJSONresponse( $req, { result => 1 } )
+      if ( $self->{demoMode} );
+    my $mod = $self->getMod($req)
+      or return $self->sendError( $req, undef, 400 );
+    my $id = $req->params('sessionId')
+      or return $self->sendError( $req, 'sessionId is missing', 400 );
+
+    # Try to read session
+    my $session = $self->getApacheSession( $mod, $id )
+      or return $self->sendError( $req, undef, 400 );
+
+    # Delete U2F key attributs and update session
+    $session->data->{_u2fKeyHandle} = 'OK';
+    $session->data->{_u2fUserKey}   = 'OK';
+    $session->update( \%{ $session->data } );
+
+    Lemonldap::NG::Handler::PSGI::Main->localUnlog( $req, $id );
+    if ( $session->error ) {
+        return $self->sendError( $req, $session->error, 200 );
+    }
+    return $self->sendJSONresponse( $req, { result => 1 } );
+}
+
 sub session {
     my ( $self, $req, $id, $skey ) = @_;
     my ( %h, $res );
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/U2F.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/U2F.pm
index 73cb736c5..ffae7971e 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/U2F.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/U2F.pm
@@ -37,17 +37,23 @@ sub addRoutes {
         ['GET']
       )
 
-      # DELETE U2F KEY ATTRIBUTS
+      # DELETE U2F KEY
       ->addRoute(
-        u2f => { ':sessionType' => { ':sessionId' => 'delU2FKey' } },
+        u2f => { ':sessionType' => { ':sessionId' => 'deleteU2FKey' } },
         ['DELETE']
-      );
+      )
 
-    # UPDATE U2F KEY ATTRIBUTS
-    # ->addRoute(
-    # u2f => { ':sessionType' => { ':sessionId' => { ':updateSession' } },
-    # ['PUT']
-    #);
+      # ADD U2F KEY
+      ->addRoute(
+        u2f => { ':sessionType' => { ':sessionId' => 'addU2FKey' } },
+        ['PUT']
+      )
+    
+      # VERIFY U2F KEY
+      ->addRoute(
+        u2f => { ':sessionType' => { ':sessionId' => 'verifyU2FKey' } },
+        ['POST']
+      );
 
     $self->setTypes($conf);
 
diff --git a/lemonldap-ng-manager/site/coffee/u2f.coffee b/lemonldap-ng-manager/site/coffee/u2f.coffee
index c32be1488..9336c23a5 100644
--- a/lemonldap-ng-manager/site/coffee/u2f.coffee
+++ b/lemonldap-ng-manager/site/coffee/u2f.coffee
@@ -87,10 +87,18 @@ categories =
 
 # Menu entries
 menu =
-	session: [
+	delU2FKey: [
 		title: 'deleteU2FKey'
 		icon:  'trash'
 	]
+	addU2FKey: [
+		title: 'addU2FKey'
+		icon:  'plus'
+	]
+	verifyU2FKey: [
+		title: 'verifyU2FKey'
+		icon:  'check'
+	]
 	home: []
 
 ###
@@ -138,7 +146,7 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
 
 	# SESSION MANAGEMENT
 
-	# Delete U2F key attributs
+	# Delete U2F key
 	$scope.deleteU2FKey = ->
 		$scope.waiting = true
 		$http['delete']("#{scriptname}u2f/#{sessionType}/#{$scope.currentSession.id}").then (response) ->
@@ -151,6 +159,32 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
 			$scope.waiting = false
 		$scope.showT = true
 
+	# Add U2F key
+	$scope.addU2FKey = ->
+		$scope.waiting = true
+		$http['put']("#{scriptname}u2f/#{sessionType}/#{$scope.currentSession.id}").then (response) ->
+			$scope.currentSession = null
+			#$scope.currentScope.remove()
+			$scope.waiting = false
+		, (resp) ->
+			$scope.currentSession = null
+			#$scope.currentScope.remove()
+			$scope.waiting = false
+		$scope.showT = true
+
+	# Verify U2F key
+	$scope.verifyU2FKey = ->
+		$scope.waiting = true
+		$http['post']("#{scriptname}u2f/#{sessionType}/#{$scope.currentSession.id}").then (response) ->
+			$scope.currentSession = null
+			#$scope.currentScope.remove()
+			$scope.waiting = false
+		, (resp) ->
+			$scope.currentSession = null
+			#$scope.currentScope.remove()
+			$scope.waiting = false
+		$scope.showT = true
+
 	# Open node
 	$scope.stoggle = (scope) ->
 		node = scope.$modelValue
@@ -197,8 +231,8 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
 							session[key] = $scope.localeDate value
 						else if key.match /^(_startTime|_updateTime)$/
 							session[key] = _stToStr value
-						else if key.match /^(_u2fKeyHandle|_u2fUserKey)$/
-							session[key] = '########'
+						#else if key.match /^(_u2fKeyHandle|_u2fUserKey)$/
+						#	session[key] = '########'
 			res = []
 
 			# 2. Push session keys in result, grouped by categories
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/u2f.js b/lemonldap-ng-manager/site/htdocs/static/js/u2f.js
index 5f326c230..afa2e766c 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/u2f.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/u2f.js
@@ -104,12 +104,24 @@
   };
 
   menu = {
-    session: [
+    delU2FKey: [
       {
         title: 'deleteU2FKey',
         icon: 'trash'
       }
     ],
+    addU2FKey: [
+      {
+        title: 'addU2FKey',
+        icon: 'plus'
+      }
+    ],
+    verifyU2FKey: [
+      {
+        title: 'verifyU2FKey',
+        icon: 'check'
+      }
+    ],
     home: []
   };
 
@@ -173,6 +185,28 @@
         });
         return $scope.showT = true;
       };
+      $scope.addU2FKey = function() {
+        $scope.waiting = true;
+        $http['put'](scriptname + "u2f/" + sessionType + "/" + $scope.currentSession.id).then(function(response) {
+          $scope.currentSession = null;
+          return $scope.waiting = false;
+        }, function(resp) {
+          $scope.currentSession = null;
+          return $scope.waiting = false;
+        });
+        return $scope.showT = true;
+      };
+      $scope.verifyU2FKey = function() {
+        $scope.waiting = true;
+        $http['post'](scriptname + "u2f/" + sessionType + "/" + $scope.currentSession.id).then(function(response) {
+          $scope.currentSession = null;
+          return $scope.waiting = false;
+        }, function(resp) {
+          $scope.currentSession = null;
+          return $scope.waiting = false;
+        });
+        return $scope.showT = true;
+      };
       $scope.stoggle = function(scope) {
         var node;
         node = scope.$modelValue;
@@ -226,8 +260,6 @@
                   session[key] = $scope.localeDate(value);
                 } else if (key.match(/^(_startTime|_updateTime)$/)) {
                   session[key] = _stToStr(value);
-                } else if (key.match(/^(_u2fKeyHandle|_u2fUserKey)$/)) {
-                  session[key] = '########';
                 }
               }
             }
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js b/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js
index 62c83b027..adb80fe3e 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js
@@ -1 +1 @@
-(function(){var c,e,d,b,g,f,a;b=25;a={_whatToTrace:[function(i,h){return"groupBy=substr("+i+",1)"},function(i,h){return i+"="+h+"*&groupBy="+i},function(i,h){return i+"="+h}],ipAddr:[function(i,h){return"groupBy=net("+i+",16,1)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",32,2)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",48,3)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",128,4)"},function(i,h){return i+"="+h+"&groupBy=_whatToTrace"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],_startTime:[function(i,h){return"groupBy=substr("+i+",8)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",10)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",11)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",12)"},function(i,h){return i+"="+h+"*&groupBy=_whatToTrace"},function(i,h,j){console.log(i);console.log(h);console.log(j);return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],doubleIp:[function(i,h){return i},function(i,h){return"_whatToTrace="+h+"&groupBy=ipAddr"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&ipAddr="+h)}]};f={_whatToTrace:function(i,h,k,j){if(k===1){return i+"="+h+"*&groupBy=substr("+i+","+(k+j+1)+")"}else{return null}},ipAddr:function(i,h,k,j){if(k>0&&k<4){return i+"="+h+"*&groupBy=net("+i+","+(16*k+4*(j+1))+",2)"}else{return null}}};e="_password";c={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"]};g={session:[{title:"deleteU2FKey",icon:"trash"}],home:[]};d=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);d.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(p,h,i,j,m){var n,l,k,o;p.links=links;p.menulinks=menulinks;p.staticPrefix=staticPrefix;p.scriptname=scriptname;p.formPrefix=formPrefix;p.availableLanguages=availableLanguages;p.waiting=true;p.showM=false;p.showT=true;p.data=[];p.currentScope=null;p.currentSession=null;p.menu=g;p.translateP=h.translateP;p.translate=h.translate;p.translateTitle=function(q){return h.translateField(q,"title")};o="global";p.menuClick=function(q){if(q.popup){window.open(q.popup)}else{if(!q.action){q.action=q.title}switch(typeof q.action){case"function":q.action(p.currentNode,p);break;case"string":p[q.action]();break;default:console.log(typeof q.action)}}return p.showM=false};p.deleteU2FKey=function(){p.waiting=true;m["delete"](scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.stoggle=function(q){var r;r=q.$modelValue;if(r.nodes.length===0){p.updateTree(r.value,r.nodes,r.level,r.over,r.query,r.count)}return q.toggle()};p.displaySession=function(r){var s,q;q=function(t){var y,A,E,C,G,J,B,I,H,O,F,K,x,w,u,z,N,M,v,L,D;A=function(P){return P};y=function(S,U){var Q,R,P,T;P=[];R=new RegExp(S);for(Q in t){T=t[Q];if(Q.match(R)&&T){P.push({title:Q,value:T});delete t[Q]}}if(P.length>0){return N.push({title:U,nodes:P})}};v=t._utime;B=t._session_id;for(O in t){D=t[O];if(!D){delete t[O]}else{if(typeof t==="string"&&D.match(/; /)){t[O]=D.split("; ")}if(typeof t[O]!=="object"){if(e.match(new RegExp("\b"+O+"\b"))){t[O]="********"}else{if(O.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){t[O]=p.localeDate(D)}else{if(O.match(/^(_startTime|_updateTime)$/)){t[O]=A(D)}else{if(O.match(/^(_u2fKeyHandle|_u2fUserKey)$/)){t[O]="########"}}}}}}}N=[];for(G in c){C=c[G];M=[];for(J=0,K=C.length;J<K;J++){E=C[J];if(t[E]){M.push({title:E,value:t[E]});delete t[E]}}if(M.length>0){N.push({title:"__"+G+"__",nodes:M})}}y("^openid","OpenID");y("^notification_(.+)","__notificationsDone__");if(t._loginHistory){L=[];if(t._loginHistory.successLogin){u=t._loginHistory.successLogin;for(I=0,x=u.length;I<x;I++){F=u[I];L.push({t:F._utime,title:p.localeDate(F._utime),value:"Success (IP "+F.ipAddr+")"})}}if(t._loginHistory.failedLogin){z=t._loginHistory.failedLogin;for(H=0,w=z.length;H<w;H++){F=z[H];L.push({t:F._utime,title:p.localeDate(F._utime),value:F.error+" (IP "+F.ipAddr+")"})}}delete t._loginHistory;L.sort(function(Q,P){return Q.t-P.t});N.push({title:"__loginHistory__",nodes:L})}L=[];for(O in t){D=t[O];L.push({title:O,value:D})}L.sort(function(Q,P){if(Q.title>P.title){return 1}else{if(Q.title<P.title){return -1}else{return 0}}});N.push({title:"__attributesAndMacros__",nodes:L});return{_utime:v,id:B,nodes:N}};p.currentScope=r;s=r.$modelValue.session;m.get(scriptname+"sessions/"+o+"/"+s).then(function(t){return p.currentSession=q(t.data)});return p.showT=false};p.localeDate=function(q){var r;r=new Date(q*1000);return r.toLocaleString()};p.getLanguage=function(q){p.lang=q;p.form="white";p.init();return p.showM=false};k=function(r,q,s){var t;t=q.match(/#\/(\w+)/);o="global";if(t===null){p.type="_whatToTrace"}else{if(t[1].match(/^(persistent)$/)){o=RegExp.$1;p.type="_session_uid"}else{p.type=t[1]}}return p.init()};p.$on("$locationChangeSuccess",k);n=0;p.updateTree=function(y,s,q,v,x,u){var w,r,t;p.waiting=true;r=a[p.type]?a[p.type]:p.type==="_updateTime"?a._startTime:a._whatToTrace;w=r[q](p.type,y,x);if(u>b&&f[p.type]){if(t=f[p.type](p.type,y,q,v,x)){v++;w=t;q=q-1}else{v=0}}else{v=0}return m.get(scriptname+"sessions/"+o+"?"+w).then(function(A){var D,B,z,E,C;D=A.data;if(D.result){C=D.values;for(B=0,z=C.length;B<z;B++){E=C[B];n++;E.id="node"+n;if(q<r.length-1){E.nodes=[];E.level=q+1;E.query=w;E.over=v;if(p.type.match(/^(?:start|update)Time$/)){E.title=E.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}s.push(E)}if(y===""){p.total=D.total}}return p.waiting=false},function(z){return p.waiting=false})};p.init=function(){p.waiting=true;p.data=[];return j.all([h.init(p.lang),p.updateTree("",p.data,0,0)]).then(function(){return p.waiting=false},function(q){return p.waiting=false})};l=i.path().match(/^\/(\w+)/);return p.type=l?l[1]:"_whatToTrace"}])}).call(this);
\ No newline at end of file
+(function(){var c,e,d,b,g,f,a;b=25;a={_whatToTrace:[function(i,h){return"groupBy=substr("+i+",1)"},function(i,h){return i+"="+h+"*&groupBy="+i},function(i,h){return i+"="+h}],ipAddr:[function(i,h){return"groupBy=net("+i+",16,1)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",32,2)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",48,3)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",128,4)"},function(i,h){return i+"="+h+"&groupBy=_whatToTrace"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],_startTime:[function(i,h){return"groupBy=substr("+i+",8)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",10)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",11)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",12)"},function(i,h){return i+"="+h+"*&groupBy=_whatToTrace"},function(i,h,j){console.log(i);console.log(h);console.log(j);return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],doubleIp:[function(i,h){return i},function(i,h){return"_whatToTrace="+h+"&groupBy=ipAddr"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&ipAddr="+h)}]};f={_whatToTrace:function(i,h,k,j){if(k===1){return i+"="+h+"*&groupBy=substr("+i+","+(k+j+1)+")"}else{return null}},ipAddr:function(i,h,k,j){if(k>0&&k<4){return i+"="+h+"*&groupBy=net("+i+","+(16*k+4*(j+1))+",2)"}else{return null}}};e="_password";c={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"]};g={delU2FKey:[{title:"deleteU2FKey",icon:"trash"}],addU2FKey:[{title:"addU2FKey",icon:"plus"}],verifyU2FKey:[{title:"verifyU2FKey",icon:"check"}],home:[]};d=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);d.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(p,h,i,j,m){var n,l,k,o;p.links=links;p.menulinks=menulinks;p.staticPrefix=staticPrefix;p.scriptname=scriptname;p.formPrefix=formPrefix;p.availableLanguages=availableLanguages;p.waiting=true;p.showM=false;p.showT=true;p.data=[];p.currentScope=null;p.currentSession=null;p.menu=g;p.translateP=h.translateP;p.translate=h.translate;p.translateTitle=function(q){return h.translateField(q,"title")};o="global";p.menuClick=function(q){if(q.popup){window.open(q.popup)}else{if(!q.action){q.action=q.title}switch(typeof q.action){case"function":q.action(p.currentNode,p);break;case"string":p[q.action]();break;default:console.log(typeof q.action)}}return p.showM=false};p.deleteU2FKey=function(){p.waiting=true;m["delete"](scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.addU2FKey=function(){p.waiting=true;m.put(scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.verifyU2FKey=function(){p.waiting=true;m.post(scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.stoggle=function(q){var r;r=q.$modelValue;if(r.nodes.length===0){p.updateTree(r.value,r.nodes,r.level,r.over,r.query,r.count)}return q.toggle()};p.displaySession=function(r){var s,q;q=function(t){var y,A,E,C,G,J,B,I,H,O,F,K,x,w,u,z,N,M,v,L,D;A=function(P){return P};y=function(S,U){var Q,R,P,T;P=[];R=new RegExp(S);for(Q in t){T=t[Q];if(Q.match(R)&&T){P.push({title:Q,value:T});delete t[Q]}}if(P.length>0){return N.push({title:U,nodes:P})}};v=t._utime;B=t._session_id;for(O in t){D=t[O];if(!D){delete t[O]}else{if(typeof t==="string"&&D.match(/; /)){t[O]=D.split("; ")}if(typeof t[O]!=="object"){if(e.match(new RegExp("\b"+O+"\b"))){t[O]="********"}else{if(O.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){t[O]=p.localeDate(D)}else{if(O.match(/^(_startTime|_updateTime)$/)){t[O]=A(D)}}}}}}N=[];for(G in c){C=c[G];M=[];for(J=0,K=C.length;J<K;J++){E=C[J];if(t[E]){M.push({title:E,value:t[E]});delete t[E]}}if(M.length>0){N.push({title:"__"+G+"__",nodes:M})}}y("^openid","OpenID");y("^notification_(.+)","__notificationsDone__");if(t._loginHistory){L=[];if(t._loginHistory.successLogin){u=t._loginHistory.successLogin;for(I=0,x=u.length;I<x;I++){F=u[I];L.push({t:F._utime,title:p.localeDate(F._utime),value:"Success (IP "+F.ipAddr+")"})}}if(t._loginHistory.failedLogin){z=t._loginHistory.failedLogin;for(H=0,w=z.length;H<w;H++){F=z[H];L.push({t:F._utime,title:p.localeDate(F._utime),value:F.error+" (IP "+F.ipAddr+")"})}}delete t._loginHistory;L.sort(function(Q,P){return Q.t-P.t});N.push({title:"__loginHistory__",nodes:L})}L=[];for(O in t){D=t[O];L.push({title:O,value:D})}L.sort(function(Q,P){if(Q.title>P.title){return 1}else{if(Q.title<P.title){return -1}else{return 0}}});N.push({title:"__attributesAndMacros__",nodes:L});return{_utime:v,id:B,nodes:N}};p.currentScope=r;s=r.$modelValue.session;m.get(scriptname+"sessions/"+o+"/"+s).then(function(t){return p.currentSession=q(t.data)});return p.showT=false};p.localeDate=function(q){var r;r=new Date(q*1000);return r.toLocaleString()};p.getLanguage=function(q){p.lang=q;p.form="white";p.init();return p.showM=false};k=function(r,q,s){var t;t=q.match(/#\/(\w+)/);o="global";if(t===null){p.type="_whatToTrace"}else{if(t[1].match(/^(persistent)$/)){o=RegExp.$1;p.type="_session_uid"}else{p.type=t[1]}}return p.init()};p.$on("$locationChangeSuccess",k);n=0;p.updateTree=function(y,s,q,v,x,u){var w,r,t;p.waiting=true;r=a[p.type]?a[p.type]:p.type==="_updateTime"?a._startTime:a._whatToTrace;w=r[q](p.type,y,x);if(u>b&&f[p.type]){if(t=f[p.type](p.type,y,q,v,x)){v++;w=t;q=q-1}else{v=0}}else{v=0}return m.get(scriptname+"sessions/"+o+"?"+w).then(function(A){var D,B,z,E,C;D=A.data;if(D.result){C=D.values;for(B=0,z=C.length;B<z;B++){E=C[B];n++;E.id="node"+n;if(q<r.length-1){E.nodes=[];E.level=q+1;E.query=w;E.over=v;if(p.type.match(/^(?:start|update)Time$/)){E.title=E.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}s.push(E)}if(y===""){p.total=D.total}}return p.waiting=false},function(z){return p.waiting=false})};p.init=function(){p.waiting=true;p.data=[];return j.all([h.init(p.lang),p.updateTree("",p.data,0,0)]).then(function(){return p.waiting=false},function(q){return p.waiting=false})};l=i.path().match(/^\/(\w+)/);return p.type=l?l[1]:"_whatToTrace"}])}).call(this);
\ No newline at end of file
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
index fad93de0c..97ac8c3d0 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@@ -33,6 +33,7 @@
 "addSamlAttribute":"إضافة صفة",
 "addSPSamlPartner":"إضافة SP SAML",
 "addSrvCasPartner":"إضافة سرفر كاس",
+"addU2FKey":"Add U2F key",
 "addVhost":"إضافة خادم افتراضي",
 "adParams":"معاييرأكتيف ديريكتوري",
 "ADPwdExpireWarning":"تحذير انتهاء صلاحية كلمة المرور",
@@ -752,6 +753,7 @@
 "values":"القيم",
 "variables":"المتغيرات",
 "version":"الإصدار",
+"verifyU2FKey":"Verify U2F key",
 "vhostAliases":"اسماء مستعارة",
 "vhostAuthnLevel":"مستوى إثبات الهوية  واجب",
 "vhostHttps":"إتش تي تي بي س",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/en.json b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
index b4c8872b5..3dbb6f9dd 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@@ -33,6 +33,7 @@
 "addSamlAttribute":"Add attribute",
 "addSPSamlPartner":"Add SAML SP",
 "addSrvCasPartner":"Add CAS server",
+"addU2FKey":"Add U2F key",
 "addVhost":"Add virtualhost",
 "adParams":"Active Directory Parameters",
 "ADPwdExpireWarning":"Password expire warning",
@@ -752,6 +753,7 @@
 "values":"Values",
 "variables":"Variables",
 "version":"Version",
+"verifyU2FKey":"Verify U2F key",
 "vhostAliases":"Aliases",
 "vhostAuthnLevel":"Required authentication level",
 "vhostHttps":"HTTPS",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
index 1626282a1..d682ef14d 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@@ -33,6 +33,7 @@
 "addSamlAttribute":"Ajouter un attribut",
 "addSPSamlPartner":"Ajouter un SP SAML",
 "addSrvCasPartner":"Ajouter un serveur CAS",
+"addU2FKey":"Ajouter une clef U2F",
 "addVhost":"Ajouter un hôte virtuel",
 "adParams":"Paramètres Active Directory",
 "ADPwdExpireWarning":"Avertissement avant expiration du mot de passe",
@@ -751,6 +752,7 @@
 "value":"Valeur",
 "values":"Valeurs",
 "variables":"Variables",
+"verifyU2FKey":"Vérifier la clef U2F",
 "version":"Version",
 "vhostAliases":"Alias",
 "vhostAuthnLevel":"Niveau d'authentication requis",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/it.json b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
index dc3b776a9..6d18fb1c2 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@@ -33,6 +33,7 @@
 "addSamlAttribute":"Aggiungi attributo",
 "addSPSamlPartner":"Aggiungi SAML SP",
 "addSrvCasPartner":"Aggiungi server CAS",
+"addU2FKey":"Add U2F key",
 "addVhost":"Aggiungi virtualhost",
 "adParams":"Parametri di Active Directory",
 "ADPwdExpireWarning":"Avviso di scadenza password",
@@ -752,6 +753,7 @@
 "values":"Valori",
 "variables":"Variabili",
 "version":"Versioni",
+"verifyU2FKey":"Verify U2F key",
 "vhostAliases":"Alias",
 "vhostAuthnLevel":"Livello di autenticazione richiesto",
 "vhostHttps":"HTTPS",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
index 605a4b2cd..3d5209ac7 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@@ -33,6 +33,7 @@
 "addSamlAttribute":"Thêm thuộc tính",
 "addSPSamlPartner":"Thêm SAML SP",
 "addSrvCasPartner":"Thêm máy chủ CAS",
+"addU2FKey":"Add U2F key",
 "addVhost":"Thêm host ảo",
 "adParams":"Tham số của Active Directory",
 "ADPwdExpireWarning":"Cảnh báo mật khẩu hết hạn",
@@ -752,6 +753,7 @@
 "values":"Giá trị",
 "variables":"biến",
 "version":"Phiên bản",
+"verifyU2FKey":"Verify U2F key",
 "vhostAliases":"Bí danh",
 "vhostAuthnLevel":"Mức xác thực bắt buộc",
 "vhostHttps":"HTTPS",
diff --git a/lemonldap-ng-manager/site/templates/u2f.tpl b/lemonldap-ng-manager/site/templates/u2f.tpl
index b439eef34..14fb4d23c 100644
--- a/lemonldap-ng-manager/site/templates/u2f.tpl
+++ b/lemonldap-ng-manager/site/templates/u2f.tpl
@@ -40,8 +40,10 @@
       <!-- Menu buttons -->
       <div class="lmmenu navbar navbar-default" ng-class="{'hidden-xs':!showM}">
         <div class="navbar-collapse" ng-class="{'collapse':!showM}" id="formmenu">
-          <ul class="nav navbar-nav">
-            <li ng-if="currentSession" ng-repeat="button in menu.session" ng-include="'menubutton.html'"></li>
+          <ul class="nav navbar-nav">            
+            <li ng-if="currentSession" ng-repeat="button in menu.addU2FKey" ng-include="'menubutton.html'"></li>
+            <li ng-if="currentSession" ng-repeat="button in menu.verifyU2FKey" ng-include="'menubutton.html'"></li>
+            <li ng-if="currentSession" ng-repeat="button in menu.delU2FKey" ng-include="'menubutton.html'"></li>
             <li ng-if="currentSession===null" ng-repeat="button in menu.home" ng-include="'menubutton.html'"></li>
             <li uib-dropdown class="visible-xs">
               <a id="langmenu" name="menu" uib-dropdown-toggle data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Menu <span class="caret"></span></a>
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/en.json b/lemonldap-ng-portal/site/htdocs/static/languages/en.json
index 6e7da7624..0a7077f5d 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/en.json
@@ -197,7 +197,7 @@
 "touchU2fDevice": "Please touch the flashing U2F device now.",
 "u2fFailed": "U2F verification failed. Retry or contact your administrator",
 "u2fPermission": "You may be prompted to allow the site permission to access your security keys. After granting permission, the device will start to blink.",
-"u2fRegistered": "Your key is registered. Click to verify.",
+"u2fRegistered": "Your key has been registered. CLICK TO VERIFY !",
 "u2fUnregistered": "Your key has been unregistered.",
 "u2fSuccess": "Your key is successfully tested",
 "u2fWelcome": "U2F device management",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json
index 4098dd170..149560479 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json
@@ -197,7 +197,7 @@
 "touchU2fDevice": "Poser votre doigt sur le périphérique U2F",
 "u2fFailed": "La vérification U2F a échoué, réessayez ou contactez votre administrateur",
 "u2fPermission": "Il est possible qu'on vous demande d'autoriser le site à accéder à votre clef. Après votre accord, la clef clignotera.",
-"u2fRegistered": "Votre clef est enregistrée. Cliquez sur vérifier",
+"u2fRegistered": "Votre clef a été enregistrée. CLIQUEZ SUR VÉRIFIER !",
 "u2fUnregistered": "Votre clef a été supprimée.",
 "u2fSuccess": "Votre clef est vérifiée",
 "u2fWelcome": "Gestion du périphérique U2F",
@@ -206,7 +206,7 @@
 "upgradeSession":"Se réauthentifier",
 "user":"Utilisateur",
 "useYubikey":"utilisez votre Yubikey",
-"verify": "Verifier",
+"verify": "Vérifier",
 "wait":"Attendre",
 "warning":"Attention",
 "welcomeOnPortal":"Bienvenue sur votre portail d'authentification sécurisée.",

From ab6b100bb330d23c937fa3cf526789a8de07f6e7 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Sun, 4 Mar 2018 20:17:23 +0100
Subject: [PATCH 3/9] fix bug

---
 lemonldap-ng-manager/site/coffee/u2f.coffee           | 4 ++--
 lemonldap-ng-manager/site/htdocs/static/js/u2f.js     | 2 +-
 lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lemonldap-ng-manager/site/coffee/u2f.coffee b/lemonldap-ng-manager/site/coffee/u2f.coffee
index 9336c23a5..04a0e2eb2 100644
--- a/lemonldap-ng-manager/site/coffee/u2f.coffee
+++ b/lemonldap-ng-manager/site/coffee/u2f.coffee
@@ -297,7 +297,7 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
 
 		$scope.currentScope = scope
 		sessionId = scope.$modelValue.session
-		$http.get("#{scriptname}sessions/#{sessionType}/#{sessionId}").then (response) ->
+		$http.get("#{scriptname}u2f/#{sessionType}/#{sessionId}").then (response) ->
 			$scope.currentSession = transformSession response.data
 		$scope.showT = false
 
@@ -361,7 +361,7 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
 			over = 0
 
 		# Launch HTTP query
-		$http.get("#{scriptname}sessions/#{sessionType}?#{query}").then (response) ->
+		$http.get("#{scriptname}u2f/#{sessionType}?#{query}").then (response) ->
 			data = response.data
 			if data.result
 				for n in data.values
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/u2f.js b/lemonldap-ng-manager/site/htdocs/static/js/u2f.js
index afa2e766c..28b869565 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/u2f.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/u2f.js
@@ -349,7 +349,7 @@
         };
         $scope.currentScope = scope;
         sessionId = scope.$modelValue.session;
-        $http.get(scriptname + "sessions/" + sessionType + "/" + sessionId).then(function(response) {
+        $http.get(scriptname + "u2f/" + sessionType + "/" + sessionId).then(function(response) {
           return $scope.currentSession = transformSession(response.data);
         });
         return $scope.showT = false;
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js b/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js
index adb80fe3e..c8ec7e235 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js
@@ -1 +1 @@
-(function(){var c,e,d,b,g,f,a;b=25;a={_whatToTrace:[function(i,h){return"groupBy=substr("+i+",1)"},function(i,h){return i+"="+h+"*&groupBy="+i},function(i,h){return i+"="+h}],ipAddr:[function(i,h){return"groupBy=net("+i+",16,1)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",32,2)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",48,3)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",128,4)"},function(i,h){return i+"="+h+"&groupBy=_whatToTrace"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],_startTime:[function(i,h){return"groupBy=substr("+i+",8)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",10)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",11)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",12)"},function(i,h){return i+"="+h+"*&groupBy=_whatToTrace"},function(i,h,j){console.log(i);console.log(h);console.log(j);return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],doubleIp:[function(i,h){return i},function(i,h){return"_whatToTrace="+h+"&groupBy=ipAddr"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&ipAddr="+h)}]};f={_whatToTrace:function(i,h,k,j){if(k===1){return i+"="+h+"*&groupBy=substr("+i+","+(k+j+1)+")"}else{return null}},ipAddr:function(i,h,k,j){if(k>0&&k<4){return i+"="+h+"*&groupBy=net("+i+","+(16*k+4*(j+1))+",2)"}else{return null}}};e="_password";c={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"]};g={delU2FKey:[{title:"deleteU2FKey",icon:"trash"}],addU2FKey:[{title:"addU2FKey",icon:"plus"}],verifyU2FKey:[{title:"verifyU2FKey",icon:"check"}],home:[]};d=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);d.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(p,h,i,j,m){var n,l,k,o;p.links=links;p.menulinks=menulinks;p.staticPrefix=staticPrefix;p.scriptname=scriptname;p.formPrefix=formPrefix;p.availableLanguages=availableLanguages;p.waiting=true;p.showM=false;p.showT=true;p.data=[];p.currentScope=null;p.currentSession=null;p.menu=g;p.translateP=h.translateP;p.translate=h.translate;p.translateTitle=function(q){return h.translateField(q,"title")};o="global";p.menuClick=function(q){if(q.popup){window.open(q.popup)}else{if(!q.action){q.action=q.title}switch(typeof q.action){case"function":q.action(p.currentNode,p);break;case"string":p[q.action]();break;default:console.log(typeof q.action)}}return p.showM=false};p.deleteU2FKey=function(){p.waiting=true;m["delete"](scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.addU2FKey=function(){p.waiting=true;m.put(scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.verifyU2FKey=function(){p.waiting=true;m.post(scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.stoggle=function(q){var r;r=q.$modelValue;if(r.nodes.length===0){p.updateTree(r.value,r.nodes,r.level,r.over,r.query,r.count)}return q.toggle()};p.displaySession=function(r){var s,q;q=function(t){var y,A,E,C,G,J,B,I,H,O,F,K,x,w,u,z,N,M,v,L,D;A=function(P){return P};y=function(S,U){var Q,R,P,T;P=[];R=new RegExp(S);for(Q in t){T=t[Q];if(Q.match(R)&&T){P.push({title:Q,value:T});delete t[Q]}}if(P.length>0){return N.push({title:U,nodes:P})}};v=t._utime;B=t._session_id;for(O in t){D=t[O];if(!D){delete t[O]}else{if(typeof t==="string"&&D.match(/; /)){t[O]=D.split("; ")}if(typeof t[O]!=="object"){if(e.match(new RegExp("\b"+O+"\b"))){t[O]="********"}else{if(O.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){t[O]=p.localeDate(D)}else{if(O.match(/^(_startTime|_updateTime)$/)){t[O]=A(D)}}}}}}N=[];for(G in c){C=c[G];M=[];for(J=0,K=C.length;J<K;J++){E=C[J];if(t[E]){M.push({title:E,value:t[E]});delete t[E]}}if(M.length>0){N.push({title:"__"+G+"__",nodes:M})}}y("^openid","OpenID");y("^notification_(.+)","__notificationsDone__");if(t._loginHistory){L=[];if(t._loginHistory.successLogin){u=t._loginHistory.successLogin;for(I=0,x=u.length;I<x;I++){F=u[I];L.push({t:F._utime,title:p.localeDate(F._utime),value:"Success (IP "+F.ipAddr+")"})}}if(t._loginHistory.failedLogin){z=t._loginHistory.failedLogin;for(H=0,w=z.length;H<w;H++){F=z[H];L.push({t:F._utime,title:p.localeDate(F._utime),value:F.error+" (IP "+F.ipAddr+")"})}}delete t._loginHistory;L.sort(function(Q,P){return Q.t-P.t});N.push({title:"__loginHistory__",nodes:L})}L=[];for(O in t){D=t[O];L.push({title:O,value:D})}L.sort(function(Q,P){if(Q.title>P.title){return 1}else{if(Q.title<P.title){return -1}else{return 0}}});N.push({title:"__attributesAndMacros__",nodes:L});return{_utime:v,id:B,nodes:N}};p.currentScope=r;s=r.$modelValue.session;m.get(scriptname+"sessions/"+o+"/"+s).then(function(t){return p.currentSession=q(t.data)});return p.showT=false};p.localeDate=function(q){var r;r=new Date(q*1000);return r.toLocaleString()};p.getLanguage=function(q){p.lang=q;p.form="white";p.init();return p.showM=false};k=function(r,q,s){var t;t=q.match(/#\/(\w+)/);o="global";if(t===null){p.type="_whatToTrace"}else{if(t[1].match(/^(persistent)$/)){o=RegExp.$1;p.type="_session_uid"}else{p.type=t[1]}}return p.init()};p.$on("$locationChangeSuccess",k);n=0;p.updateTree=function(y,s,q,v,x,u){var w,r,t;p.waiting=true;r=a[p.type]?a[p.type]:p.type==="_updateTime"?a._startTime:a._whatToTrace;w=r[q](p.type,y,x);if(u>b&&f[p.type]){if(t=f[p.type](p.type,y,q,v,x)){v++;w=t;q=q-1}else{v=0}}else{v=0}return m.get(scriptname+"sessions/"+o+"?"+w).then(function(A){var D,B,z,E,C;D=A.data;if(D.result){C=D.values;for(B=0,z=C.length;B<z;B++){E=C[B];n++;E.id="node"+n;if(q<r.length-1){E.nodes=[];E.level=q+1;E.query=w;E.over=v;if(p.type.match(/^(?:start|update)Time$/)){E.title=E.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}s.push(E)}if(y===""){p.total=D.total}}return p.waiting=false},function(z){return p.waiting=false})};p.init=function(){p.waiting=true;p.data=[];return j.all([h.init(p.lang),p.updateTree("",p.data,0,0)]).then(function(){return p.waiting=false},function(q){return p.waiting=false})};l=i.path().match(/^\/(\w+)/);return p.type=l?l[1]:"_whatToTrace"}])}).call(this);
\ No newline at end of file
+(function(){var c,e,d,b,g,f,a;b=25;a={_whatToTrace:[function(i,h){return"groupBy=substr("+i+",1)"},function(i,h){return i+"="+h+"*&groupBy="+i},function(i,h){return i+"="+h}],ipAddr:[function(i,h){return"groupBy=net("+i+",16,1)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",32,2)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",48,3)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",128,4)"},function(i,h){return i+"="+h+"&groupBy=_whatToTrace"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],_startTime:[function(i,h){return"groupBy=substr("+i+",8)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",10)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",11)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",12)"},function(i,h){return i+"="+h+"*&groupBy=_whatToTrace"},function(i,h,j){console.log(i);console.log(h);console.log(j);return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],doubleIp:[function(i,h){return i},function(i,h){return"_whatToTrace="+h+"&groupBy=ipAddr"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&ipAddr="+h)}]};f={_whatToTrace:function(i,h,k,j){if(k===1){return i+"="+h+"*&groupBy=substr("+i+","+(k+j+1)+")"}else{return null}},ipAddr:function(i,h,k,j){if(k>0&&k<4){return i+"="+h+"*&groupBy=net("+i+","+(16*k+4*(j+1))+",2)"}else{return null}}};e="_password";c={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"]};g={delU2FKey:[{title:"deleteU2FKey",icon:"trash"}],addU2FKey:[{title:"addU2FKey",icon:"plus"}],verifyU2FKey:[{title:"verifyU2FKey",icon:"check"}],home:[]};d=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);d.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(p,h,i,j,m){var n,l,k,o;p.links=links;p.menulinks=menulinks;p.staticPrefix=staticPrefix;p.scriptname=scriptname;p.formPrefix=formPrefix;p.availableLanguages=availableLanguages;p.waiting=true;p.showM=false;p.showT=true;p.data=[];p.currentScope=null;p.currentSession=null;p.menu=g;p.translateP=h.translateP;p.translate=h.translate;p.translateTitle=function(q){return h.translateField(q,"title")};o="global";p.menuClick=function(q){if(q.popup){window.open(q.popup)}else{if(!q.action){q.action=q.title}switch(typeof q.action){case"function":q.action(p.currentNode,p);break;case"string":p[q.action]();break;default:console.log(typeof q.action)}}return p.showM=false};p.deleteU2FKey=function(){p.waiting=true;m["delete"](scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.addU2FKey=function(){p.waiting=true;m.put(scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.verifyU2FKey=function(){p.waiting=true;m.post(scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.stoggle=function(q){var r;r=q.$modelValue;if(r.nodes.length===0){p.updateTree(r.value,r.nodes,r.level,r.over,r.query,r.count)}return q.toggle()};p.displaySession=function(r){var s,q;q=function(t){var y,A,E,C,G,J,B,I,H,O,F,K,x,w,u,z,N,M,v,L,D;A=function(P){return P};y=function(S,U){var Q,R,P,T;P=[];R=new RegExp(S);for(Q in t){T=t[Q];if(Q.match(R)&&T){P.push({title:Q,value:T});delete t[Q]}}if(P.length>0){return N.push({title:U,nodes:P})}};v=t._utime;B=t._session_id;for(O in t){D=t[O];if(!D){delete t[O]}else{if(typeof t==="string"&&D.match(/; /)){t[O]=D.split("; ")}if(typeof t[O]!=="object"){if(e.match(new RegExp("\b"+O+"\b"))){t[O]="********"}else{if(O.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){t[O]=p.localeDate(D)}else{if(O.match(/^(_startTime|_updateTime)$/)){t[O]=A(D)}}}}}}N=[];for(G in c){C=c[G];M=[];for(J=0,K=C.length;J<K;J++){E=C[J];if(t[E]){M.push({title:E,value:t[E]});delete t[E]}}if(M.length>0){N.push({title:"__"+G+"__",nodes:M})}}y("^openid","OpenID");y("^notification_(.+)","__notificationsDone__");if(t._loginHistory){L=[];if(t._loginHistory.successLogin){u=t._loginHistory.successLogin;for(I=0,x=u.length;I<x;I++){F=u[I];L.push({t:F._utime,title:p.localeDate(F._utime),value:"Success (IP "+F.ipAddr+")"})}}if(t._loginHistory.failedLogin){z=t._loginHistory.failedLogin;for(H=0,w=z.length;H<w;H++){F=z[H];L.push({t:F._utime,title:p.localeDate(F._utime),value:F.error+" (IP "+F.ipAddr+")"})}}delete t._loginHistory;L.sort(function(Q,P){return Q.t-P.t});N.push({title:"__loginHistory__",nodes:L})}L=[];for(O in t){D=t[O];L.push({title:O,value:D})}L.sort(function(Q,P){if(Q.title>P.title){return 1}else{if(Q.title<P.title){return -1}else{return 0}}});N.push({title:"__attributesAndMacros__",nodes:L});return{_utime:v,id:B,nodes:N}};p.currentScope=r;s=r.$modelValue.session;m.get(scriptname+"u2f/"+o+"/"+s).then(function(t){return p.currentSession=q(t.data)});return p.showT=false};p.localeDate=function(q){var r;r=new Date(q*1000);return r.toLocaleString()};p.getLanguage=function(q){p.lang=q;p.form="white";p.init();return p.showM=false};k=function(r,q,s){var t;t=q.match(/#\/(\w+)/);o="global";if(t===null){p.type="_whatToTrace"}else{if(t[1].match(/^(persistent)$/)){o=RegExp.$1;p.type="_session_uid"}else{p.type=t[1]}}return p.init()};p.$on("$locationChangeSuccess",k);n=0;p.updateTree=function(y,s,q,v,x,u){var w,r,t;p.waiting=true;r=a[p.type]?a[p.type]:p.type==="_updateTime"?a._startTime:a._whatToTrace;w=r[q](p.type,y,x);if(u>b&&f[p.type]){if(t=f[p.type](p.type,y,q,v,x)){v++;w=t;q=q-1}else{v=0}}else{v=0}return m.get(scriptname+"sessions/"+o+"?"+w).then(function(A){var D,B,z,E,C;D=A.data;if(D.result){C=D.values;for(B=0,z=C.length;B<z;B++){E=C[B];n++;E.id="node"+n;if(q<r.length-1){E.nodes=[];E.level=q+1;E.query=w;E.over=v;if(p.type.match(/^(?:start|update)Time$/)){E.title=E.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}s.push(E)}if(y===""){p.total=D.total}}return p.waiting=false},function(z){return p.waiting=false})};p.init=function(){p.waiting=true;p.data=[];return j.all([h.init(p.lang),p.updateTree("",p.data,0,0)]).then(function(){return p.waiting=false},function(q){return p.waiting=false})};l=i.path().match(/^\/(\w+)/);return p.type=l?l[1]:"_whatToTrace"}])}).call(this);
\ No newline at end of file

From a6e9895c6145230909bd51b7d1bdc114b733d189 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Sun, 4 Mar 2018 22:12:44 +0100
Subject: [PATCH 4/9] U2F manager module - Fix mistakes

---
 .../lib/Lemonldap/NG/Manager/U2F.pm           | 51 ++++++++++++++++++-
 .../site/htdocs/static/js/u2f.js              |  2 +-
 .../site/htdocs/static/js/u2f.min.js          |  2 +-
 3 files changed, 52 insertions(+), 3 deletions(-)

diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/U2F.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/U2F.pm
index ffae7971e..a08716c18 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/U2F.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/U2F.pm
@@ -4,6 +4,8 @@ use 5.10.0;
 use utf8;
 use strict;
 use Mouse;
+use MIME::Base64 qw(encode_base64 decode_base64);
+use Crypt::U2F::Server::Simple;
 
 use Lemonldap::NG::Common::Session;
 use Lemonldap::NG::Common::Conf::Constants;
@@ -33,7 +35,7 @@ sub addRoutes {
 
       # READ
       ->addRoute(
-        u2f => { ':sessionType' => 'sessions' },
+        u2f => { ':sessionType' => 'u2f' },
         ['GET']
       )
 
@@ -71,6 +73,8 @@ sub u2f {
 
     # Case 1: only one session is required
     if ($session) {
+		#return $self->sendError( $req, 'on rentre dans la boucle', 666 );
+
         return $self->session( $req, $session, $skey );
     }
 
@@ -81,6 +85,51 @@ sub u2f {
     $type = $type eq 'global' ? 'SSO' : ucfirst($type);
 
     my $res;
+    
+    
+		
+		
+		#if ( $mod =~ /\b(?:PUT|POST)\b/ ) {
+			#eval 'use Crypt::U2F::Server::Simple';
+			#if ($@) {
+				#$self->error("Can't load U2F library: $@");
+				#return 0;
+			#}
+		#}
+		
+		
+		
+		#if ( $mod =~ /PUT/ ) {
+			 #my $challenge = $self->crypter->registrationChallenge;
+		#}
+		
+		#my $resp;
+        #unless ( $resp = $req->param('registration') ) {
+            #return $self->p->sendError( $req, 'Missing registration parameter',
+                #400 );
+        #}
+        #$self->logger->debug("Get registration data $resp");
+        #my ( $keyHandle, $userKey ) = $self->crypter->registrationVerify($resp);
+        #if ( $keyHandle and $userKey ) {
+            #$self->p->updatePersistentSession(
+                #$req,
+                #{
+                    #_u2fKeyHandle => $self->encode_base64url( $keyHandle, '' ),
+                    #_u2fUserKey   => $self->encode_base64url( $userKey,   '' )
+                #}
+            #);
+		#}
+		
+		
+		
+		
+    
+    
+    
+    
+    
+    
+    
 
     # Case 2: list of sessions
 
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/u2f.js b/lemonldap-ng-manager/site/htdocs/static/js/u2f.js
index 28b869565..ffaab4960 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/u2f.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/u2f.js
@@ -397,7 +397,7 @@
         } else {
           over = 0;
         }
-        return $http.get(scriptname + "sessions/" + sessionType + "?" + query).then(function(response) {
+        return $http.get(scriptname + "u2f/" + sessionType + "?" + query).then(function(response) {
           var data, i, len, n, ref;
           data = response.data;
           if (data.result) {
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js b/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js
index c8ec7e235..b93a62765 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js
@@ -1 +1 @@
-(function(){var c,e,d,b,g,f,a;b=25;a={_whatToTrace:[function(i,h){return"groupBy=substr("+i+",1)"},function(i,h){return i+"="+h+"*&groupBy="+i},function(i,h){return i+"="+h}],ipAddr:[function(i,h){return"groupBy=net("+i+",16,1)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",32,2)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",48,3)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",128,4)"},function(i,h){return i+"="+h+"&groupBy=_whatToTrace"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],_startTime:[function(i,h){return"groupBy=substr("+i+",8)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",10)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",11)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",12)"},function(i,h){return i+"="+h+"*&groupBy=_whatToTrace"},function(i,h,j){console.log(i);console.log(h);console.log(j);return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],doubleIp:[function(i,h){return i},function(i,h){return"_whatToTrace="+h+"&groupBy=ipAddr"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&ipAddr="+h)}]};f={_whatToTrace:function(i,h,k,j){if(k===1){return i+"="+h+"*&groupBy=substr("+i+","+(k+j+1)+")"}else{return null}},ipAddr:function(i,h,k,j){if(k>0&&k<4){return i+"="+h+"*&groupBy=net("+i+","+(16*k+4*(j+1))+",2)"}else{return null}}};e="_password";c={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"]};g={delU2FKey:[{title:"deleteU2FKey",icon:"trash"}],addU2FKey:[{title:"addU2FKey",icon:"plus"}],verifyU2FKey:[{title:"verifyU2FKey",icon:"check"}],home:[]};d=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);d.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(p,h,i,j,m){var n,l,k,o;p.links=links;p.menulinks=menulinks;p.staticPrefix=staticPrefix;p.scriptname=scriptname;p.formPrefix=formPrefix;p.availableLanguages=availableLanguages;p.waiting=true;p.showM=false;p.showT=true;p.data=[];p.currentScope=null;p.currentSession=null;p.menu=g;p.translateP=h.translateP;p.translate=h.translate;p.translateTitle=function(q){return h.translateField(q,"title")};o="global";p.menuClick=function(q){if(q.popup){window.open(q.popup)}else{if(!q.action){q.action=q.title}switch(typeof q.action){case"function":q.action(p.currentNode,p);break;case"string":p[q.action]();break;default:console.log(typeof q.action)}}return p.showM=false};p.deleteU2FKey=function(){p.waiting=true;m["delete"](scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.addU2FKey=function(){p.waiting=true;m.put(scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.verifyU2FKey=function(){p.waiting=true;m.post(scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.stoggle=function(q){var r;r=q.$modelValue;if(r.nodes.length===0){p.updateTree(r.value,r.nodes,r.level,r.over,r.query,r.count)}return q.toggle()};p.displaySession=function(r){var s,q;q=function(t){var y,A,E,C,G,J,B,I,H,O,F,K,x,w,u,z,N,M,v,L,D;A=function(P){return P};y=function(S,U){var Q,R,P,T;P=[];R=new RegExp(S);for(Q in t){T=t[Q];if(Q.match(R)&&T){P.push({title:Q,value:T});delete t[Q]}}if(P.length>0){return N.push({title:U,nodes:P})}};v=t._utime;B=t._session_id;for(O in t){D=t[O];if(!D){delete t[O]}else{if(typeof t==="string"&&D.match(/; /)){t[O]=D.split("; ")}if(typeof t[O]!=="object"){if(e.match(new RegExp("\b"+O+"\b"))){t[O]="********"}else{if(O.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){t[O]=p.localeDate(D)}else{if(O.match(/^(_startTime|_updateTime)$/)){t[O]=A(D)}}}}}}N=[];for(G in c){C=c[G];M=[];for(J=0,K=C.length;J<K;J++){E=C[J];if(t[E]){M.push({title:E,value:t[E]});delete t[E]}}if(M.length>0){N.push({title:"__"+G+"__",nodes:M})}}y("^openid","OpenID");y("^notification_(.+)","__notificationsDone__");if(t._loginHistory){L=[];if(t._loginHistory.successLogin){u=t._loginHistory.successLogin;for(I=0,x=u.length;I<x;I++){F=u[I];L.push({t:F._utime,title:p.localeDate(F._utime),value:"Success (IP "+F.ipAddr+")"})}}if(t._loginHistory.failedLogin){z=t._loginHistory.failedLogin;for(H=0,w=z.length;H<w;H++){F=z[H];L.push({t:F._utime,title:p.localeDate(F._utime),value:F.error+" (IP "+F.ipAddr+")"})}}delete t._loginHistory;L.sort(function(Q,P){return Q.t-P.t});N.push({title:"__loginHistory__",nodes:L})}L=[];for(O in t){D=t[O];L.push({title:O,value:D})}L.sort(function(Q,P){if(Q.title>P.title){return 1}else{if(Q.title<P.title){return -1}else{return 0}}});N.push({title:"__attributesAndMacros__",nodes:L});return{_utime:v,id:B,nodes:N}};p.currentScope=r;s=r.$modelValue.session;m.get(scriptname+"u2f/"+o+"/"+s).then(function(t){return p.currentSession=q(t.data)});return p.showT=false};p.localeDate=function(q){var r;r=new Date(q*1000);return r.toLocaleString()};p.getLanguage=function(q){p.lang=q;p.form="white";p.init();return p.showM=false};k=function(r,q,s){var t;t=q.match(/#\/(\w+)/);o="global";if(t===null){p.type="_whatToTrace"}else{if(t[1].match(/^(persistent)$/)){o=RegExp.$1;p.type="_session_uid"}else{p.type=t[1]}}return p.init()};p.$on("$locationChangeSuccess",k);n=0;p.updateTree=function(y,s,q,v,x,u){var w,r,t;p.waiting=true;r=a[p.type]?a[p.type]:p.type==="_updateTime"?a._startTime:a._whatToTrace;w=r[q](p.type,y,x);if(u>b&&f[p.type]){if(t=f[p.type](p.type,y,q,v,x)){v++;w=t;q=q-1}else{v=0}}else{v=0}return m.get(scriptname+"sessions/"+o+"?"+w).then(function(A){var D,B,z,E,C;D=A.data;if(D.result){C=D.values;for(B=0,z=C.length;B<z;B++){E=C[B];n++;E.id="node"+n;if(q<r.length-1){E.nodes=[];E.level=q+1;E.query=w;E.over=v;if(p.type.match(/^(?:start|update)Time$/)){E.title=E.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}s.push(E)}if(y===""){p.total=D.total}}return p.waiting=false},function(z){return p.waiting=false})};p.init=function(){p.waiting=true;p.data=[];return j.all([h.init(p.lang),p.updateTree("",p.data,0,0)]).then(function(){return p.waiting=false},function(q){return p.waiting=false})};l=i.path().match(/^\/(\w+)/);return p.type=l?l[1]:"_whatToTrace"}])}).call(this);
\ No newline at end of file
+(function(){var c,e,d,b,g,f,a;b=25;a={_whatToTrace:[function(i,h){return"groupBy=substr("+i+",1)"},function(i,h){return i+"="+h+"*&groupBy="+i},function(i,h){return i+"="+h}],ipAddr:[function(i,h){return"groupBy=net("+i+",16,1)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",32,2)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",48,3)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",128,4)"},function(i,h){return i+"="+h+"&groupBy=_whatToTrace"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],_startTime:[function(i,h){return"groupBy=substr("+i+",8)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",10)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",11)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",12)"},function(i,h){return i+"="+h+"*&groupBy=_whatToTrace"},function(i,h,j){console.log(i);console.log(h);console.log(j);return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],doubleIp:[function(i,h){return i},function(i,h){return"_whatToTrace="+h+"&groupBy=ipAddr"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&ipAddr="+h)}]};f={_whatToTrace:function(i,h,k,j){if(k===1){return i+"="+h+"*&groupBy=substr("+i+","+(k+j+1)+")"}else{return null}},ipAddr:function(i,h,k,j){if(k>0&&k<4){return i+"="+h+"*&groupBy=net("+i+","+(16*k+4*(j+1))+",2)"}else{return null}}};e="_password";c={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"]};g={delU2FKey:[{title:"deleteU2FKey",icon:"trash"}],addU2FKey:[{title:"addU2FKey",icon:"plus"}],verifyU2FKey:[{title:"verifyU2FKey",icon:"check"}],home:[]};d=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);d.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(p,h,i,j,m){var n,l,k,o;p.links=links;p.menulinks=menulinks;p.staticPrefix=staticPrefix;p.scriptname=scriptname;p.formPrefix=formPrefix;p.availableLanguages=availableLanguages;p.waiting=true;p.showM=false;p.showT=true;p.data=[];p.currentScope=null;p.currentSession=null;p.menu=g;p.translateP=h.translateP;p.translate=h.translate;p.translateTitle=function(q){return h.translateField(q,"title")};o="global";p.menuClick=function(q){if(q.popup){window.open(q.popup)}else{if(!q.action){q.action=q.title}switch(typeof q.action){case"function":q.action(p.currentNode,p);break;case"string":p[q.action]();break;default:console.log(typeof q.action)}}return p.showM=false};p.deleteU2FKey=function(){p.waiting=true;m["delete"](scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.addU2FKey=function(){p.waiting=true;m.put(scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.verifyU2FKey=function(){p.waiting=true;m.post(scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.stoggle=function(q){var r;r=q.$modelValue;if(r.nodes.length===0){p.updateTree(r.value,r.nodes,r.level,r.over,r.query,r.count)}return q.toggle()};p.displaySession=function(r){var s,q;q=function(t){var y,A,E,C,G,J,B,I,H,O,F,K,x,w,u,z,N,M,v,L,D;A=function(P){return P};y=function(S,U){var Q,R,P,T;P=[];R=new RegExp(S);for(Q in t){T=t[Q];if(Q.match(R)&&T){P.push({title:Q,value:T});delete t[Q]}}if(P.length>0){return N.push({title:U,nodes:P})}};v=t._utime;B=t._session_id;for(O in t){D=t[O];if(!D){delete t[O]}else{if(typeof t==="string"&&D.match(/; /)){t[O]=D.split("; ")}if(typeof t[O]!=="object"){if(e.match(new RegExp("\b"+O+"\b"))){t[O]="********"}else{if(O.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){t[O]=p.localeDate(D)}else{if(O.match(/^(_startTime|_updateTime)$/)){t[O]=A(D)}}}}}}N=[];for(G in c){C=c[G];M=[];for(J=0,K=C.length;J<K;J++){E=C[J];if(t[E]){M.push({title:E,value:t[E]});delete t[E]}}if(M.length>0){N.push({title:"__"+G+"__",nodes:M})}}y("^openid","OpenID");y("^notification_(.+)","__notificationsDone__");if(t._loginHistory){L=[];if(t._loginHistory.successLogin){u=t._loginHistory.successLogin;for(I=0,x=u.length;I<x;I++){F=u[I];L.push({t:F._utime,title:p.localeDate(F._utime),value:"Success (IP "+F.ipAddr+")"})}}if(t._loginHistory.failedLogin){z=t._loginHistory.failedLogin;for(H=0,w=z.length;H<w;H++){F=z[H];L.push({t:F._utime,title:p.localeDate(F._utime),value:F.error+" (IP "+F.ipAddr+")"})}}delete t._loginHistory;L.sort(function(Q,P){return Q.t-P.t});N.push({title:"__loginHistory__",nodes:L})}L=[];for(O in t){D=t[O];L.push({title:O,value:D})}L.sort(function(Q,P){if(Q.title>P.title){return 1}else{if(Q.title<P.title){return -1}else{return 0}}});N.push({title:"__attributesAndMacros__",nodes:L});return{_utime:v,id:B,nodes:N}};p.currentScope=r;s=r.$modelValue.session;m.get(scriptname+"u2f/"+o+"/"+s).then(function(t){return p.currentSession=q(t.data)});return p.showT=false};p.localeDate=function(q){var r;r=new Date(q*1000);return r.toLocaleString()};p.getLanguage=function(q){p.lang=q;p.form="white";p.init();return p.showM=false};k=function(r,q,s){var t;t=q.match(/#\/(\w+)/);o="global";if(t===null){p.type="_whatToTrace"}else{if(t[1].match(/^(persistent)$/)){o=RegExp.$1;p.type="_session_uid"}else{p.type=t[1]}}return p.init()};p.$on("$locationChangeSuccess",k);n=0;p.updateTree=function(y,s,q,v,x,u){var w,r,t;p.waiting=true;r=a[p.type]?a[p.type]:p.type==="_updateTime"?a._startTime:a._whatToTrace;w=r[q](p.type,y,x);if(u>b&&f[p.type]){if(t=f[p.type](p.type,y,q,v,x)){v++;w=t;q=q-1}else{v=0}}else{v=0}return m.get(scriptname+"u2f/"+o+"?"+w).then(function(A){var D,B,z,E,C;D=A.data;if(D.result){C=D.values;for(B=0,z=C.length;B<z;B++){E=C[B];n++;E.id="node"+n;if(q<r.length-1){E.nodes=[];E.level=q+1;E.query=w;E.over=v;if(p.type.match(/^(?:start|update)Time$/)){E.title=E.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}s.push(E)}if(y===""){p.total=D.total}}return p.waiting=false},function(z){return p.waiting=false})};p.init=function(){p.waiting=true;p.data=[];return j.all([h.init(p.lang),p.updateTree("",p.data,0,0)]).then(function(){return p.waiting=false},function(q){return p.waiting=false})};l=i.path().match(/^\/(\w+)/);return p.type=l?l[1]:"_whatToTrace"}])}).call(this);
\ No newline at end of file

From ac0a35c9b80fb0f08161fe108d9abcef9d6bd1fa Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Mon, 5 Mar 2018 19:18:44 +0100
Subject: [PATCH 5/9] WIP - U2F manager module - Add U2F key

---
 .../lib/Lemonldap/NG/Manager/U2F.pm           | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/U2F.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/U2F.pm
index a08716c18..93c168b72 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/U2F.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/U2F.pm
@@ -73,8 +73,12 @@ sub u2f {
 
     # Case 1: only one session is required
     if ($session) {
-		#return $self->sendError( $req, 'on rentre dans la boucle', 666 );
 
+		my $params = $req->parameters();
+		
+		$self->sendError( $req, $self, 666 );
+		$self->sendError( $req, $self, 666 );
+		
         return $self->session( $req, $session, $skey );
     }
 
@@ -89,13 +93,14 @@ sub u2f {
     
 		
 		
-		#if ( $mod =~ /\b(?:PUT|POST)\b/ ) {
-			#eval 'use Crypt::U2F::Server::Simple';
-			#if ($@) {
-				#$self->error("Can't load U2F library: $@");
-				#return 0;
-			#}
+	#if ( $mod =~ /\b(?:PUT|POST)\b/ ) {
+		#$self->sendError( 'On rentre dand la boucle' );
+		#eval 'use Crypt::U2F::Server::Simple';
+		#if ($@) {
+			#$self->error("Can't load U2F library: $@");
+			#return 0;
 		#}
+	#}
 		
 		
 		

From ba6b87217bfab361b4a6f274d2db87216d6a0752 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Mon, 5 Mar 2018 19:26:51 +0100
Subject: [PATCH 6/9] update .gitignore

---
 .gitignore | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 8dd528420..ae03abf4b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
+.gitignore
 node_modules
-e2e-tests/
+e2e-tests/conf
 lemonldap-ng-common/MYMETA.json
 lemonldap-ng-common/MYMETA.yml
 lemonldap-ng-common/Makefile
@@ -19,6 +20,4 @@ lemonldap-ng-portal/MYMETA.json
 lemonldap-ng-portal/MYMETA.yml
 lemonldap-ng-portal/Makefile
 lemonldap-ng-portal/blib/
-lemonldap-ng-portal/t/
-.gitignore
 lemonldap-ng-portal/pm_to_blib

From 9fccff746982e83749563ea0bb79c657c2419dc1 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Wed, 7 Mar 2018 20:20:29 +0100
Subject: [PATCH 7/9] Fix some mistakes and display sessions with U2F key
 registered only

---
 .../lib/Lemonldap/NG/Manager/U2F.pm           | 250 +++---------------
 1 file changed, 36 insertions(+), 214 deletions(-)

diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/U2F.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/U2F.pm
index 93c168b72..ca4f50c1e 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/U2F.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/U2F.pm
@@ -11,7 +11,7 @@ use Lemonldap::NG::Common::Session;
 use Lemonldap::NG::Common::Conf::Constants;
 use Lemonldap::NG::Common::PSGI::Constants;
 use Lemonldap::NG::Common::Conf::ReConstants;
-use Lemonldap::NG::Common::IPv6;
+#use Lemonldap::NG::Common::IPv6;
 
 use feature 'state';
 
@@ -47,7 +47,7 @@ sub addRoutes {
 
       # ADD U2F KEY
       ->addRoute(
-        u2f => { ':sessionType' => { ':sessionId' => 'addU2FKey' } },
+        u2f => { ':sessionType' => { ':sessionId' => 'registerU2FKey' } },
         ['PUT']
       )
     
@@ -64,21 +64,34 @@ sub addRoutes {
     $self->{hiddenAttributes} //= "_password";
 }
 
-#######################
-# II. DISPLAY METHODS #
-#######################
+
+############################
+# II. REGISTRATION METHODS #
+############################
+
+sub registerU2FKey {
+
+	my ( $self, $req, $session, $skey ) = @_;
+
+	eval 'use Crypt::U2F::Server::Simple';
+	if ($@) {
+		$self->error("Can't load U2F library: $@");
+		return 0;
+	}
+		
+	return $self->addU2FKey( $req, $session, $skey );
+}
+
+
+########################
+# III. DISPLAY METHODS #
+########################
 
 sub u2f {
     my ( $self, $req, $session, $skey ) = @_;
 
     # Case 1: only one session is required
     if ($session) {
-
-		my $params = $req->parameters();
-		
-		$self->sendError( $req, $self, 666 );
-		$self->sendError( $req, $self, 666 );
-		
         return $self->session( $req, $session, $skey );
     }
 
@@ -86,73 +99,21 @@ sub u2f {
       or return $self->sendError( $req, undef, 400 );
     my $params = $req->parameters();
     my $type   = delete $params->{sessionType};
-    $type = $type eq 'global' ? 'SSO' : ucfirst($type);
+    $type = ucfirst($type);
 
     my $res;
     
-    
-		
-		
-	#if ( $mod =~ /\b(?:PUT|POST)\b/ ) {
-		#$self->sendError( 'On rentre dand la boucle' );
-		#eval 'use Crypt::U2F::Server::Simple';
-		#if ($@) {
-			#$self->error("Can't load U2F library: $@");
-			#return 0;
-		#}
-	#}
-		
-		
-		
-		#if ( $mod =~ /PUT/ ) {
-			 #my $challenge = $self->crypter->registrationChallenge;
-		#}
-		
-		#my $resp;
-        #unless ( $resp = $req->param('registration') ) {
-            #return $self->p->sendError( $req, 'Missing registration parameter',
-                #400 );
-        #}
-        #$self->logger->debug("Get registration data $resp");
-        #my ( $keyHandle, $userKey ) = $self->crypter->registrationVerify($resp);
-        #if ( $keyHandle and $userKey ) {
-            #$self->p->updatePersistentSession(
-                #$req,
-                #{
-                    #_u2fKeyHandle => $self->encode_base64url( $keyHandle, '' ),
-                    #_u2fUserKey   => $self->encode_base64url( $userKey,   '' )
-                #}
-            #);
-		#}
-		
-		
-		
-		
-    
-    
-    
-    
-    
-    
-    
-
     # Case 2: list of sessions
 
     my $whatToTrace = Lemonldap::NG::Handler::PSGI::Main->tsv->{whatToTrace};
 
     # 2.1 Get fields to require
-    my @fields = ( '_httpSessionType', $self->{ipField}, $whatToTrace );
+    my @fields = ( '_httpSessionType', $self->{ipField}, $whatToTrace, '_u2fKeyHandle' );
     if ( my $groupBy = $params->{groupBy} ) {
-        $groupBy =~ s/^substr\((\w+)(?:,\d+(?:,\d+)?)?\)$/$1/
-          or $groupBy =~ s/^net(?:4|6|)\(([\w:]+),\d+(?:,\d+)?\)$/$1/;
+        $groupBy =~ s/^substr\((\w+)(?:,\d+(?:,\d+)?)?\)$/$1/;
         $groupBy =~ s/^_whatToTrace$/$whatToTrace/o
           or push @fields, $groupBy;
     }
-    elsif ( my $order = $params->{orderBy} ) {
-        $order =~ s/^net(?:4|6|)\(([\w:]+)\)$/$1/;
-        $order =~ s/^_whatToTrace$/$whatToTrace/o
-          or push @fields, split( /, /, $order );
-    }
     else {
         push @fields, '_utime';
     }
@@ -169,10 +130,12 @@ sub u2f {
           : ( $s => $params->{$_} );
     } keys %$params;
     $filters{_session_kind} = $type;
+   # $filters{_u2fKeyHandle} = '';
     push @fields, keys(%filters);
     {
         my %seen;
         @fields = grep { !$seen{$_}++ } @fields;
+      #  @fields = grep { !/\w+/ } @fields;
     }
 
     # For now, only one argument can be passed to
@@ -232,62 +195,15 @@ sub u2f {
         }
     }
 
+	# Display sessions with U2F key registered only
+	foreach my $session ( keys %$res ) {
+		delete $res->{$session}
+		  unless ( defined $res->{$session}->{_u2fKeyHandle} and length $res->{$session}->{_u2fKeyHandle} )
+		}
+		
     my $total = ( keys %$res );
 
-    # 2.4 Special case doubleIp (users connected from more than 1 IP)
-    if ( defined $params->{doubleIp} ) {
-        my %r;
-
-        # 2.4.1 Store user IP addresses in %r
-        foreach my $id ( keys %$res ) {
-            my $entry = $res->{$id};
-            next if ( $entry->{_httpSessionType} );
-            $r{ $entry->{$whatToTrace} }->{ $entry->{ $self->{ipField} } }++;
-        }
-
-   # 2.4.2 Store sessions owned by users that has more than one IP address in $r
-        my $r;
-        $total = 0;
-        foreach my $k ( keys %$res ) {
-            my @tmp = keys %{ $r{ $res->{$k}->{$whatToTrace} } };
-            if ( @tmp > 1 ) {
-                $total += 1;
-                $res->{$k}->{_sessionId} = $k;
-                push @{ $r->{ $res->{$k}->{$whatToTrace} } }, $res->{$k};
-            }
-        }
-
-        # 2.4.3 Store these session in an array. Array elements are :
-        #       {
-        #           uid      => whatToTraceFieldValue,
-        #           sessions => [
-        #               { session => <session-id-1>, date => <_utime> },
-        #               { session => <session-id-2>, date => <_utime> },
-        #           ]
-        #       }
-        $res = [];
-        foreach my $uid ( sort keys %$r ) {
-            push @$res, {
-                value    => $uid,
-                count    => scalar( @{ $r->{$uid} } ),
-                sessions => [
-                    map {
-                        {
-                            session => $_->{_sessionId},
-                            date    => $_->{_utime}
-                        }
-                    } @{ $r->{$uid} }
-                ]
-            };
-        }
-    }
-
- # 2.4 Order and group by
- # $res will become an array ref here (except for doubleIp, already done below).
-
-    # If "groupBy" is asked, elements will be like:
-    #   { uid => 'foo.bar', count => 3 }
-    elsif ( my $group = $req->params('groupBy') ) {
+    if ( my $group = $req->params('groupBy') ) {
         my $r;
         $group =~ s/\b_whatToTrace\b/$whatToTrace/o;
 
@@ -303,46 +219,6 @@ sub u2f {
             $group = $field;
         }
 
-        # Subnets IPv4
-        elsif ( $group =~ /^net4\((\w+),(\d)\)$/ ) {
-            my $field = $1;
-            my $nb    = $2 - 1;
-            foreach my $k ( keys %$res ) {
-                if ( $res->{$k}->{$field} =~ /^((((\d+)\.\d+)\.\d+)\.\d+)$/ ) {
-                    my @d = ( $4, $3, $2, $1 );
-                    $r->{ $d[$nb] }++;
-                }
-            }
-            $group = $field;
-        }
-
-        # Subnets IPv6
-        elsif ( $group =~ /^net6\(([\w:]+),(\d)\)$/ ) {
-            my $field = $1;
-            my $bits  = $2;
-            foreach my $k ( keys %$res ) {
-                $r->{ net6( $res->{$k}->{$field}, $bits ) . "/$bits" }++
-                  if ( isIPv6( $res->{$k}->{$field} ) );
-            }
-        }
-
-        # Both IPv4 and IPv6
-        elsif ( $group =~ /^net\(([\w:]+),(\d+),(\d+)\)$/ ) {
-            my $field = $1;
-            my $bits  = $2;
-            my $nb    = $3 - 1;
-            foreach my $k ( keys %$res ) {
-                if ( isIPv6( $res->{$k}->{$field} ) ) {
-                    $r->{ net6( $res->{$k}->{$field}, $bits ) . "/$bits" }++;
-                }
-                elsif ( $res->{$k}->{$field} =~ /^((((\d+)\.\d+)\.\d+)\.\d+)$/ )
-                {
-                    my @d = ( $4, $3, $2, $1 );
-                    $r->{ $d[$nb] }++;
-                }
-            }
-        }
-
         # Simple field groupBy query
         elsif ( $group =~ /^\w+$/ ) {
             eval {
@@ -376,47 +252,6 @@ qq{Use of an uninitialized attribute "$group" to group sessions},
         ];
     }
 
-    # Else if "orderBy" is asked, $res elements will be like:
-    #   { uid => 'foo.bar', session => <sessionId> }
-    elsif ( my $f = $req->params('orderBy') ) {
-        my @fields = split /,/, $f;
-        my @r = map {
-            my $tmp = { session => $_ };
-            foreach my $f (@fields) {
-                my $s = $f;
-                $s =~ s/^net(?:4|6|)\(([\w:]+)\)$/$1/;
-                $tmp->{$s} = $res->{$_}->{$s};
-            }
-            $tmp
-        } keys %$res;
-        while ( my $f = pop @fields ) {
-            if ( $f =~ s/^net4\((\w+)\)$/$1/ ) {
-                @r = sort { cmpIPv4( $a->{$f}, $b->{$f} ); } @r;
-            }
-            elsif ( $f =~ s/^net6\(([:\w]+)\)$/$1/ ) {
-                @r = sort { expand6( $a->{$f} ) cmp expand6( $b->{$f} ); } @r;
-            }
-            elsif ( $f =~ s/^net\(([:\w]+)\)$/$1/ ) {
-                @r = sort {
-                    my $ip1 = $a->{$f};
-                    my $ip2 = $b->{$f};
-                    isIPv6($ip1)
-                      ? (
-                          isIPv6($ip2)
-                        ? expand6($ip1) cmp expand6($ip2)
-                        : -1
-                      )
-                      : isIPv6($ip2) ? 1
-                      :                cmpIPv4( $ip1, $ip2 );
-                } @r;
-            }
-            else {
-                @r = sort { $a->{$f} cmp $b->{$f} } @r;
-            }
-        }
-        $res = [@r];
-    }
-
     # Else, $res elements will be like:
     #   { session => <sessionId>, date => <timestamp> }
     else {
@@ -438,17 +273,4 @@ qq{Use of an uninitialized attribute "$group" to group sessions},
     );
 }
 
-sub cmpIPv4 {
-    my @a = split /\./, $_[0];
-    my @b = split /\./, $_[1];
-    my $cmp = 0;
-  F: for ( my $i = 0 ; $i < 4 ; $i++ ) {
-        if ( $a[$i] != $b[$i] ) {
-            $cmp = $a[$i] <=> $b[$i];
-            last F;
-        }
-    }
-    $cmp;
-}
-
 1;

From 10f640753b94fc934b06ec6f74c4a502cf649a5a Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Wed, 7 Mar 2018 23:29:42 +0100
Subject: [PATCH 8/9] Fix some mistakes & display sessions with U2F key
 registered only

---
 lemonldap-ng-manager/site/coffee/u2f.coffee               | 4 ++--
 lemonldap-ng-manager/site/htdocs/static/js/u2f.js         | 2 ++
 lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js     | 2 +-
 lemonldap-ng-manager/site/htdocs/static/languages/ar.json | 1 +
 lemonldap-ng-manager/site/htdocs/static/languages/en.json | 1 +
 lemonldap-ng-manager/site/htdocs/static/languages/fr.json | 1 +
 lemonldap-ng-manager/site/htdocs/static/languages/it.json | 1 +
 lemonldap-ng-manager/site/htdocs/static/languages/vi.json | 1 +
 lemonldap-ng-manager/site/templates/u2f.tpl               | 5 ++++-
 .../lib/Lemonldap/NG/Portal/2F/Register/U2F.pm            | 8 ++++----
 10 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/lemonldap-ng-manager/site/coffee/u2f.coffee b/lemonldap-ng-manager/site/coffee/u2f.coffee
index 04a0e2eb2..6ce76c229 100644
--- a/lemonldap-ng-manager/site/coffee/u2f.coffee
+++ b/lemonldap-ng-manager/site/coffee/u2f.coffee
@@ -231,8 +231,8 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
 							session[key] = $scope.localeDate value
 						else if key.match /^(_startTime|_updateTime)$/
 							session[key] = _stToStr value
-						#else if key.match /^(_u2fKeyHandle|_u2fUserKey)$/
-						#	session[key] = '########'
+						else if key.match /^(_u2fKeyHandle|_u2fUserKey)$/
+							session[key] = '########'
 			res = []
 
 			# 2. Push session keys in result, grouped by categories
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/u2f.js b/lemonldap-ng-manager/site/htdocs/static/js/u2f.js
index ffaab4960..816eb6fa6 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/u2f.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/u2f.js
@@ -260,6 +260,8 @@
                   session[key] = $scope.localeDate(value);
                 } else if (key.match(/^(_startTime|_updateTime)$/)) {
                   session[key] = _stToStr(value);
+                } else if (key.match(/^(_u2fKeyHandle|_u2fUserKey)$/)) {
+                  session[key] = '########';
                 }
               }
             }
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js b/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js
index b93a62765..877a8c671 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/u2f.min.js
@@ -1 +1 @@
-(function(){var c,e,d,b,g,f,a;b=25;a={_whatToTrace:[function(i,h){return"groupBy=substr("+i+",1)"},function(i,h){return i+"="+h+"*&groupBy="+i},function(i,h){return i+"="+h}],ipAddr:[function(i,h){return"groupBy=net("+i+",16,1)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",32,2)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",48,3)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",128,4)"},function(i,h){return i+"="+h+"&groupBy=_whatToTrace"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],_startTime:[function(i,h){return"groupBy=substr("+i+",8)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",10)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",11)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",12)"},function(i,h){return i+"="+h+"*&groupBy=_whatToTrace"},function(i,h,j){console.log(i);console.log(h);console.log(j);return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],doubleIp:[function(i,h){return i},function(i,h){return"_whatToTrace="+h+"&groupBy=ipAddr"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&ipAddr="+h)}]};f={_whatToTrace:function(i,h,k,j){if(k===1){return i+"="+h+"*&groupBy=substr("+i+","+(k+j+1)+")"}else{return null}},ipAddr:function(i,h,k,j){if(k>0&&k<4){return i+"="+h+"*&groupBy=net("+i+","+(16*k+4*(j+1))+",2)"}else{return null}}};e="_password";c={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"]};g={delU2FKey:[{title:"deleteU2FKey",icon:"trash"}],addU2FKey:[{title:"addU2FKey",icon:"plus"}],verifyU2FKey:[{title:"verifyU2FKey",icon:"check"}],home:[]};d=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);d.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(p,h,i,j,m){var n,l,k,o;p.links=links;p.menulinks=menulinks;p.staticPrefix=staticPrefix;p.scriptname=scriptname;p.formPrefix=formPrefix;p.availableLanguages=availableLanguages;p.waiting=true;p.showM=false;p.showT=true;p.data=[];p.currentScope=null;p.currentSession=null;p.menu=g;p.translateP=h.translateP;p.translate=h.translate;p.translateTitle=function(q){return h.translateField(q,"title")};o="global";p.menuClick=function(q){if(q.popup){window.open(q.popup)}else{if(!q.action){q.action=q.title}switch(typeof q.action){case"function":q.action(p.currentNode,p);break;case"string":p[q.action]();break;default:console.log(typeof q.action)}}return p.showM=false};p.deleteU2FKey=function(){p.waiting=true;m["delete"](scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.addU2FKey=function(){p.waiting=true;m.put(scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.verifyU2FKey=function(){p.waiting=true;m.post(scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.stoggle=function(q){var r;r=q.$modelValue;if(r.nodes.length===0){p.updateTree(r.value,r.nodes,r.level,r.over,r.query,r.count)}return q.toggle()};p.displaySession=function(r){var s,q;q=function(t){var y,A,E,C,G,J,B,I,H,O,F,K,x,w,u,z,N,M,v,L,D;A=function(P){return P};y=function(S,U){var Q,R,P,T;P=[];R=new RegExp(S);for(Q in t){T=t[Q];if(Q.match(R)&&T){P.push({title:Q,value:T});delete t[Q]}}if(P.length>0){return N.push({title:U,nodes:P})}};v=t._utime;B=t._session_id;for(O in t){D=t[O];if(!D){delete t[O]}else{if(typeof t==="string"&&D.match(/; /)){t[O]=D.split("; ")}if(typeof t[O]!=="object"){if(e.match(new RegExp("\b"+O+"\b"))){t[O]="********"}else{if(O.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){t[O]=p.localeDate(D)}else{if(O.match(/^(_startTime|_updateTime)$/)){t[O]=A(D)}}}}}}N=[];for(G in c){C=c[G];M=[];for(J=0,K=C.length;J<K;J++){E=C[J];if(t[E]){M.push({title:E,value:t[E]});delete t[E]}}if(M.length>0){N.push({title:"__"+G+"__",nodes:M})}}y("^openid","OpenID");y("^notification_(.+)","__notificationsDone__");if(t._loginHistory){L=[];if(t._loginHistory.successLogin){u=t._loginHistory.successLogin;for(I=0,x=u.length;I<x;I++){F=u[I];L.push({t:F._utime,title:p.localeDate(F._utime),value:"Success (IP "+F.ipAddr+")"})}}if(t._loginHistory.failedLogin){z=t._loginHistory.failedLogin;for(H=0,w=z.length;H<w;H++){F=z[H];L.push({t:F._utime,title:p.localeDate(F._utime),value:F.error+" (IP "+F.ipAddr+")"})}}delete t._loginHistory;L.sort(function(Q,P){return Q.t-P.t});N.push({title:"__loginHistory__",nodes:L})}L=[];for(O in t){D=t[O];L.push({title:O,value:D})}L.sort(function(Q,P){if(Q.title>P.title){return 1}else{if(Q.title<P.title){return -1}else{return 0}}});N.push({title:"__attributesAndMacros__",nodes:L});return{_utime:v,id:B,nodes:N}};p.currentScope=r;s=r.$modelValue.session;m.get(scriptname+"u2f/"+o+"/"+s).then(function(t){return p.currentSession=q(t.data)});return p.showT=false};p.localeDate=function(q){var r;r=new Date(q*1000);return r.toLocaleString()};p.getLanguage=function(q){p.lang=q;p.form="white";p.init();return p.showM=false};k=function(r,q,s){var t;t=q.match(/#\/(\w+)/);o="global";if(t===null){p.type="_whatToTrace"}else{if(t[1].match(/^(persistent)$/)){o=RegExp.$1;p.type="_session_uid"}else{p.type=t[1]}}return p.init()};p.$on("$locationChangeSuccess",k);n=0;p.updateTree=function(y,s,q,v,x,u){var w,r,t;p.waiting=true;r=a[p.type]?a[p.type]:p.type==="_updateTime"?a._startTime:a._whatToTrace;w=r[q](p.type,y,x);if(u>b&&f[p.type]){if(t=f[p.type](p.type,y,q,v,x)){v++;w=t;q=q-1}else{v=0}}else{v=0}return m.get(scriptname+"u2f/"+o+"?"+w).then(function(A){var D,B,z,E,C;D=A.data;if(D.result){C=D.values;for(B=0,z=C.length;B<z;B++){E=C[B];n++;E.id="node"+n;if(q<r.length-1){E.nodes=[];E.level=q+1;E.query=w;E.over=v;if(p.type.match(/^(?:start|update)Time$/)){E.title=E.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}s.push(E)}if(y===""){p.total=D.total}}return p.waiting=false},function(z){return p.waiting=false})};p.init=function(){p.waiting=true;p.data=[];return j.all([h.init(p.lang),p.updateTree("",p.data,0,0)]).then(function(){return p.waiting=false},function(q){return p.waiting=false})};l=i.path().match(/^\/(\w+)/);return p.type=l?l[1]:"_whatToTrace"}])}).call(this);
\ No newline at end of file
+(function(){var c,e,d,b,g,f,a;b=25;a={_whatToTrace:[function(i,h){return"groupBy=substr("+i+",1)"},function(i,h){return i+"="+h+"*&groupBy="+i},function(i,h){return i+"="+h}],ipAddr:[function(i,h){return"groupBy=net("+i+",16,1)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",32,2)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",48,3)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",128,4)"},function(i,h){return i+"="+h+"&groupBy=_whatToTrace"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],_startTime:[function(i,h){return"groupBy=substr("+i+",8)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",10)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",11)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",12)"},function(i,h){return i+"="+h+"*&groupBy=_whatToTrace"},function(i,h,j){console.log(i);console.log(h);console.log(j);return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],doubleIp:[function(i,h){return i},function(i,h){return"_whatToTrace="+h+"&groupBy=ipAddr"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&ipAddr="+h)}]};f={_whatToTrace:function(i,h,k,j){if(k===1){return i+"="+h+"*&groupBy=substr("+i+","+(k+j+1)+")"}else{return null}},ipAddr:function(i,h,k,j){if(k>0&&k<4){return i+"="+h+"*&groupBy=net("+i+","+(16*k+4*(j+1))+",2)"}else{return null}}};e="_password";c={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"]};g={delU2FKey:[{title:"deleteU2FKey",icon:"trash"}],addU2FKey:[{title:"addU2FKey",icon:"plus"}],verifyU2FKey:[{title:"verifyU2FKey",icon:"check"}],home:[]};d=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);d.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(p,h,i,j,m){var n,l,k,o;p.links=links;p.menulinks=menulinks;p.staticPrefix=staticPrefix;p.scriptname=scriptname;p.formPrefix=formPrefix;p.availableLanguages=availableLanguages;p.waiting=true;p.showM=false;p.showT=true;p.data=[];p.currentScope=null;p.currentSession=null;p.menu=g;p.translateP=h.translateP;p.translate=h.translate;p.translateTitle=function(q){return h.translateField(q,"title")};o="global";p.menuClick=function(q){if(q.popup){window.open(q.popup)}else{if(!q.action){q.action=q.title}switch(typeof q.action){case"function":q.action(p.currentNode,p);break;case"string":p[q.action]();break;default:console.log(typeof q.action)}}return p.showM=false};p.deleteU2FKey=function(){p.waiting=true;m["delete"](scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.addU2FKey=function(){p.waiting=true;m.put(scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.verifyU2FKey=function(){p.waiting=true;m.post(scriptname+"u2f/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;return p.waiting=false},function(q){p.currentSession=null;return p.waiting=false});return p.showT=true};p.stoggle=function(q){var r;r=q.$modelValue;if(r.nodes.length===0){p.updateTree(r.value,r.nodes,r.level,r.over,r.query,r.count)}return q.toggle()};p.displaySession=function(r){var s,q;q=function(t){var y,A,E,C,G,J,B,I,H,O,F,K,x,w,u,z,N,M,v,L,D;A=function(P){return P};y=function(S,U){var Q,R,P,T;P=[];R=new RegExp(S);for(Q in t){T=t[Q];if(Q.match(R)&&T){P.push({title:Q,value:T});delete t[Q]}}if(P.length>0){return N.push({title:U,nodes:P})}};v=t._utime;B=t._session_id;for(O in t){D=t[O];if(!D){delete t[O]}else{if(typeof t==="string"&&D.match(/; /)){t[O]=D.split("; ")}if(typeof t[O]!=="object"){if(e.match(new RegExp("\b"+O+"\b"))){t[O]="********"}else{if(O.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){t[O]=p.localeDate(D)}else{if(O.match(/^(_startTime|_updateTime)$/)){t[O]=A(D)}else{if(O.match(/^(_u2fKeyHandle|_u2fUserKey)$/)){t[O]="########"}}}}}}}N=[];for(G in c){C=c[G];M=[];for(J=0,K=C.length;J<K;J++){E=C[J];if(t[E]){M.push({title:E,value:t[E]});delete t[E]}}if(M.length>0){N.push({title:"__"+G+"__",nodes:M})}}y("^openid","OpenID");y("^notification_(.+)","__notificationsDone__");if(t._loginHistory){L=[];if(t._loginHistory.successLogin){u=t._loginHistory.successLogin;for(I=0,x=u.length;I<x;I++){F=u[I];L.push({t:F._utime,title:p.localeDate(F._utime),value:"Success (IP "+F.ipAddr+")"})}}if(t._loginHistory.failedLogin){z=t._loginHistory.failedLogin;for(H=0,w=z.length;H<w;H++){F=z[H];L.push({t:F._utime,title:p.localeDate(F._utime),value:F.error+" (IP "+F.ipAddr+")"})}}delete t._loginHistory;L.sort(function(Q,P){return Q.t-P.t});N.push({title:"__loginHistory__",nodes:L})}L=[];for(O in t){D=t[O];L.push({title:O,value:D})}L.sort(function(Q,P){if(Q.title>P.title){return 1}else{if(Q.title<P.title){return -1}else{return 0}}});N.push({title:"__attributesAndMacros__",nodes:L});return{_utime:v,id:B,nodes:N}};p.currentScope=r;s=r.$modelValue.session;m.get(scriptname+"u2f/"+o+"/"+s).then(function(t){return p.currentSession=q(t.data)});return p.showT=false};p.localeDate=function(q){var r;r=new Date(q*1000);return r.toLocaleString()};p.getLanguage=function(q){p.lang=q;p.form="white";p.init();return p.showM=false};k=function(r,q,s){var t;t=q.match(/#\/(\w+)/);o="global";if(t===null){p.type="_whatToTrace"}else{if(t[1].match(/^(persistent)$/)){o=RegExp.$1;p.type="_session_uid"}else{p.type=t[1]}}return p.init()};p.$on("$locationChangeSuccess",k);n=0;p.updateTree=function(y,s,q,v,x,u){var w,r,t;p.waiting=true;r=a[p.type]?a[p.type]:p.type==="_updateTime"?a._startTime:a._whatToTrace;w=r[q](p.type,y,x);if(u>b&&f[p.type]){if(t=f[p.type](p.type,y,q,v,x)){v++;w=t;q=q-1}else{v=0}}else{v=0}return m.get(scriptname+"u2f/"+o+"?"+w).then(function(A){var D,B,z,E,C;D=A.data;if(D.result){C=D.values;for(B=0,z=C.length;B<z;B++){E=C[B];n++;E.id="node"+n;if(q<r.length-1){E.nodes=[];E.level=q+1;E.query=w;E.over=v;if(p.type.match(/^(?:start|update)Time$/)){E.title=E.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}s.push(E)}if(y===""){p.total=D.total}}return p.waiting=false},function(z){return p.waiting=false})};p.init=function(){p.waiting=true;p.data=[];return j.all([h.init(p.lang),p.updateTree("",p.data,0,0)]).then(function(){return p.waiting=false},function(q){return p.waiting=false})};l=i.path().match(/^\/(\w+)/);return p.type=l?l[1]:"_whatToTrace"}])}).call(this);
\ No newline at end of file
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
index 97ac8c3d0..0b851ddc5 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@@ -729,6 +729,7 @@
 "u2fActivation":"تفعيل",
 "u2fAuthnLevel":"U2F  مستوى إثبات الهوية",
 "u2fSelfRegistration":"التسجيل الذاتي",
+"u2fSessions":"U2F sessions explorer",
 "uid":"المعرف",
 "unknownAttrOrMacro":"سمة غير معروفة أو ماكرو",
 "unknownError":"خطأ غير معروف",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/en.json b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
index 3dbb6f9dd..f974f5f78 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@@ -729,6 +729,7 @@
 "u2fActivation":"Activation",
 "u2fAuthnLevel":"U2F authentication level",
 "u2fSelfRegistration":"Self registration",
+"u2fSessions":"U2F sessions explorer",
 "uid":"Identifier",
 "unknownAttrOrMacro":"Unknown attribute or macro",
 "unknownError":"Unknown error",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
index d682ef14d..2894acec3 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@@ -729,6 +729,7 @@
 "u2fActivation":"Activation",
 "u2fAuthnLevel":"Niveau d'authentification U2F",
 "u2fSelfRegistration":"Auto-enregistrement",
+"u2fSessions":"Explorateur de sessions U2F",
 "uid":"Identifiant",
 "unknownAttrOrMacro":"Attribut ou macro inconnu",
 "unknownError":"Erreur inconnue",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/it.json b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
index 6d18fb1c2..1c785fc1c 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@@ -729,6 +729,7 @@
 "u2fActivation":"Attivazione",
 "u2fAuthnLevel":"Livello di autenticazione U2F",
 "u2fSelfRegistration":"Auto-registrazione",
+"u2fSessions":"U2F sessions explorer",
 "uid":"Identificatore",
 "unknownAttrOrMacro":"Attributo o macro sconosciuti",
 "unknownError":"Errore sconosciuto",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
index 3d5209ac7..0b2a6377c 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@@ -729,6 +729,7 @@
 "u2fActivation":"Kích hoạt",
 "u2fAuthnLevel":"Mức xác thực U2F",
 "u2fSelfRegistration":"Tự đăng ký ",
+"u2fSessions":"U2F sessions explorer",
 "uid":"Trình định danh",
 "unknownAttrOrMacro":"Thuộc tính hoặc macro chưa xác định",
 "unknownError":"Lỗi không xác định",
diff --git a/lemonldap-ng-manager/site/templates/u2f.tpl b/lemonldap-ng-manager/site/templates/u2f.tpl
index 14fb4d23c..1d475ef07 100644
--- a/lemonldap-ng-manager/site/templates/u2f.tpl
+++ b/lemonldap-ng-manager/site/templates/u2f.tpl
@@ -15,7 +15,7 @@
       <div class="navbar navbar-default">
         <div class="navbar-collapse">
           <ul class="nav navbar-nav" role="grid">
-            <li><a id="a-persistent" href="#/persistent" role="row"><i class="glyphicon glyphicon-exclamation-sign"></i> {{translate('persistentSessions')}}</a></li>
+            <li><a id="a-persistent" href="#/persistent" role="row"><i class="glyphicon glyphicon-exclamation-sign"></i> {{translate('u2fSessions')}}</a></li>
           </ul>
         </div>
       </div>
@@ -41,9 +41,12 @@
       <div class="lmmenu navbar navbar-default" ng-class="{'hidden-xs':!showM}">
         <div class="navbar-collapse" ng-class="{'collapse':!showM}" id="formmenu">
           <ul class="nav navbar-nav">            
+            <!--
             <li ng-if="currentSession" ng-repeat="button in menu.addU2FKey" ng-include="'menubutton.html'"></li>
             <li ng-if="currentSession" ng-repeat="button in menu.verifyU2FKey" ng-include="'menubutton.html'"></li>
+            -->
             <li ng-if="currentSession" ng-repeat="button in menu.delU2FKey" ng-include="'menubutton.html'"></li>
+            
             <li ng-if="currentSession===null" ng-repeat="button in menu.home" ng-include="'menubutton.html'"></li>
             <li uib-dropdown class="visible-xs">
               <a id="langmenu" name="menu" uib-dropdown-toggle data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Menu <span class="caret"></span></a>
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
index d51cdb191..8b1d9a195 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
@@ -116,7 +116,7 @@ sub run {
         elsif ( $err == 0 ) {
             return $self->p->sendError( $req, "noU2FKeyFound" );
         }
-        my $challenge = $req->data->{crypter}->authenticationChallenge;
+        my $challenge = $req->datas->{crypter}->authenticationChallenge;
         return [ 200, [ 'Content-Type' => 'application/json' ], [$challenge] ];
     }
     if ( $action eq 'signature' ) {
@@ -133,7 +133,7 @@ sub run {
             return $self->p->sendError( $req, "noU2FKeyFound" );
         }
         my $res =
-          ( $req->data->{crypter}->authenticationVerify($resp) ? 1 : 0 );
+          ( $req->datas->{crypter}->authenticationVerify($resp) ? 1 : 0 );
         return [
             200, [ 'Content-Type' => 'application/json' ],
             [qq'{"result":$res}']
@@ -150,11 +150,11 @@ sub loadUser {
     unless ( $kh and $uk ) {
         return 0;
     }
-    $req->data->{crypter} = $self->crypter(
+    $req->datas->{crypter} = $self->crypter(
         keyHandle => $self->decode_base64url($kh),
         publicKey => $self->decode_base64url($uk)
     );
-    unless ( $req->data->{crypter} ) {
+    unless ( $req->datas->{crypter} ) {
         my $error = Crypt::U2F::Server::Simple::lastError();
         return ( -1, $error );
     }

From 575620d08cb0d15a63a42f52ee95462902c3153e Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Wed, 7 Mar 2018 23:43:26 +0100
Subject: [PATCH 9/9] Update lang & hide U2F key attributs in sessions explorer

---
 lemonldap-ng-portal/site/htdocs/static/languages/en.json | 2 +-
 lemonldap-ng-portal/site/htdocs/static/languages/fr.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/en.json b/lemonldap-ng-portal/site/htdocs/static/languages/en.json
index 0a7077f5d..0085ea901 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/en.json
@@ -197,7 +197,7 @@
 "touchU2fDevice": "Please touch the flashing U2F device now.",
 "u2fFailed": "U2F verification failed. Retry or contact your administrator",
 "u2fPermission": "You may be prompted to allow the site permission to access your security keys. After granting permission, the device will start to blink.",
-"u2fRegistered": "Your key has been registered. CLICK TO VERIFY !",
+"u2fRegistered": "Your key has been registered.",
 "u2fUnregistered": "Your key has been unregistered.",
 "u2fSuccess": "Your key is successfully tested",
 "u2fWelcome": "U2F device management",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json
index 149560479..432ded1c6 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json
@@ -197,7 +197,7 @@
 "touchU2fDevice": "Poser votre doigt sur le périphérique U2F",
 "u2fFailed": "La vérification U2F a échoué, réessayez ou contactez votre administrateur",
 "u2fPermission": "Il est possible qu'on vous demande d'autoriser le site à accéder à votre clef. Après votre accord, la clef clignotera.",
-"u2fRegistered": "Votre clef a été enregistrée. CLIQUEZ SUR VÉRIFIER !",
+"u2fRegistered": "Votre clef a été enregistrée.",
 "u2fUnregistered": "Votre clef a été supprimée.",
 "u2fSuccess": "Votre clef est vérifiée",
 "u2fWelcome": "Gestion du périphérique U2F",