Differentiate renew and upgrade in Upgrade plugin (#2124)

2020-06-09 22:01:16 +02:00 · 2020-06-09 22:01:16 +02:00 · f69babadef
commit f69babadef
parent c183675651
18 changed files with 111 additions and 64 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@ -266,12 +266,15 @@ sub display {
    elsif ( $req->error == PE_UPGRADESESSION ) {
        $skinfile       = 'upgradesession';
        %templateParams = (
-            MAIN_LOGO  => $self->conf->{portalMainLogo},
-            LANGS      => $self->conf->{showLanguages},
-            MSG        => 'askToUpgrade',
-            CONFIRMKEY => $self->stamp,
-            PORTAL     => $self->conf->{portal},
-            URL        => $req->data->{_url},
+            MAIN_LOGO    => $self->conf->{portalMainLogo},
+            LANGS        => $self->conf->{showLanguages},
+            FORMACTION   => '/upgradesession',
+            MSG          => 'askToUpgrade',
+            PORTALBUTTON => 1,
+            BUTTON       => 'upgradeSession',
+            CONFIRMKEY   => $self->stamp,
+            PORTAL       => $self->conf->{portal},
+            URL          => $req->data->{_url},
            (
                $req->data->{customScript}
                ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
@ -279,16 +282,20 @@ sub display {
            ),
        );
    }
+
    # renew uses the same plugin as upgrade, but first factor is mandatory
    elsif ( $req->error == PE_RENEWSESSION ) {
        $skinfile       = 'upgradesession';
        %templateParams = (
-            MAIN_LOGO  => $self->conf->{portalMainLogo},
-            LANGS      => $self->conf->{showLanguages},
-            MSG        => 'askToRenew',
-            CONFIRMKEY => $self->stamp,
-            PORTAL     => $self->conf->{portal},
-            URL        => $req->data->{_url},
+            MAIN_LOGO    => $self->conf->{portalMainLogo},
+            LANGS        => $self->conf->{showLanguages},
+            FORMACTION   => '/renewsession',
+            MSG          => 'askToRenew',
+            CONFIRMKEY   => $self->stamp,
+            PORTAL       => $self->conf->{portal},
+            PORTALBUTTON => 1,
+            BUTTON       => 'renewSession',
+            URL          => $req->data->{_url},
            (
                $req->data->{customScript}
                ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
@ -299,12 +306,14 @@ sub display {

    # Looks a lot like upgradesession, but no portal logo
    elsif ( $req->error == PE_MUSTAUTHN ) {
-        $skinfile       = 'updatesession';
+        $skinfile       = 'upgradesession';
        %templateParams = (
            MAIN_LOGO  => $self->conf->{portalMainLogo},
            LANGS      => $self->conf->{showLanguages},
+            FORMACTION => '/renewsession',
            MSG        => 'PE87',
            CONFIRMKEY => $self->stamp,
+            BUTTON     => 'renewSession',
            PORTAL     => $self->conf->{portal},
            URL        => $req->data->{_url},
            (
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm
@ -32,14 +32,38 @@ sub init {
            "-> Upgrade tokens will be stored into global storage");
        $self->ott->cache(undef);
    }
-    $self->addAuthRoute( upgradesession => 'ask',     ['GET'] );
-    $self->addAuthRoute( upgradesession => 'confirm', ['POST'] );
+    $self->addAuthRoute( upgradesession => 'askUpgrade',     ['GET'] );
+    $self->addAuthRoute( upgradesession => 'confirmUpgrade', ['POST'] );
+    $self->addAuthRoute( renewsession   => 'askRenew',       ['GET'] );
+    $self->addAuthRoute( renewsession   => 'confirmRenew',   ['POST'] );
+}
+
+sub askUpgrade {
+    my ( $self, $req ) = @_;
+    $self->ask( $req, '/upgradesession', 'askToUpgrade', 'upgradeSession' );
+}
+
+sub askRenew {
+    my ( $self, $req ) = @_;
+    $self->ask( $req, '/renewsession', 'askToRenew', 'renewSession' );
+}
+
+sub confirmUpgrade {
+    my ( $self, $req ) = @_;
+
+    # sfOnlyUpgrade feature can only be used during session renew
+    return $self->confirm( $req, $self->conf->{sfOnlyUpgrade} );
+}
+
+sub confirmRenew {
+    my ( $self, $req ) = @_;
+    return $self->confirm($req);
 }

 # RUNNING METHOD

 sub ask {
-    my ( $self, $req ) = @_;
+    my ( $self, $req, $url, $message, $buttonlabel ) = @_;

    # Check if auth is already running
    if ( $req->param('upgrading') or $req->param('kerberos') ) {
@ -53,19 +77,21 @@ sub ask {
        $req,
        'upgradesession',
        params => {
-            MAIN_LOGO  => $self->conf->{portalMainLogo},
-            LANGS      => $self->conf->{showLanguages},
-            MSG        => 'askToUpgrade',
-            CONFIRMKEY => $self->p->stamp,
-            PORTAL     => $self->conf->{portal},
-            URL        => $req->param('url'),
+            MAIN_LOGO    => $self->conf->{portalMainLogo},
+            LANGS        => $self->conf->{showLanguages},
+            FORMACTION   => $url,
+            PORTALBUTTON => 1,
+            MSG          => $message,
+            BUTTON       => $buttonlabel,
+            CONFIRMKEY   => $self->p->stamp,
+            PORTAL       => $self->conf->{portal},
+            URL          => $req->param('url'),
        }
    );
 }

 sub confirm {
-    my ( $self, $req ) = @_;
-
+    my ( $self, $req, $sfOnly ) = @_;
    my $upg;

    if ( $req->param('kerberos') ) {
@ -86,12 +112,28 @@ sub confirm {
    return $self->p->do( $req, [ sub { $res } ] ) if ($res);
    if ( $upg or $req->param('confirm') == 1 ) {
        $req->data->{noerror} = 1;
-        $self->p->setHiddenFormValue(
-            $req,
-            upgrading => $self->ott->createToken,
-            '', 0
-        );    # Insert token
-        return $self->p->login($req);
+
+        if ($sfOnly) {
+
+            # Short circuit the first part of login, only do a 2FA step
+            return $self->p->do(
+                $req,
+                [
+                    'importHandlerData',      'secondFactor',
+                    @{ $self->p->afterData }, $self->p->validSession,
+                    @{ $self->p->endAuth },
+                ]
+            );
+        }
+        else {
+            $self->p->setHiddenFormValue(
+                $req,
+                upgrading => $self->ott->createToken,
+                '', 0
+            );    # Insert token
+                  # Do a regular login
+            return $self->p->login($req);
+        }
    }
    else {
        # Go to portal
--- a/lemonldap-ng-portal/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/ar.json
@ -249,6 +249,7 @@
 "registerRequestAlreadyIssued":"تم إصدار طلب تسجيل لهذا الحساب من قبل",
 "rememberChoice":"تذكر اختياري",
 "removeOtherSessions":"إزالة الجلسات الأخرى",
+"renewSession":"Renew session",
 "resendConfirmMail":"هل تريد إعادة إرسال رسالة التأكيد؟",
 "resentConfirm":"هل تريد إعادة إرسال رسالة التأكيد؟",
 "resetCertificateOK":"Your certificate has been successfully reset!",
@ -315,4 +316,4 @@
 "yourProfile":"Know your profile",
 "yourTotpKey":"Your TOTP key",
 "yubikey2f":"Yubikey"
-}
+}
--- a/lemonldap-ng-portal/site/htdocs/static/languages/de.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/de.json
@ -249,6 +249,7 @@
 "registerRequestAlreadyIssued":"Eine Registrierungsanforderung für dieses Konto wurde bereits gestellt am",
 "rememberChoice":"Meine Auswahl merken",
 "removeOtherSessions":"Andere Sitzungen löschen",
+"renewSession":"Renew session",
 "resendConfirmMail":"Bestätigungsmail erneuert senden ?",
 "resentConfirm":"Möchtest du, dass die Bestätigungsmail erneut gesendet wird ?",
 "resetCertificateOK":"Your certificate has been successfully reset!",
@ -315,4 +316,4 @@
 "yourProfile":"Know your profile",
 "yourTotpKey":"Your TOTP key",
 "yubikey2f":"Yubikey"
-}
+}
--- a/lemonldap-ng-portal/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/en.json
@ -249,6 +249,7 @@
 "registerRequestAlreadyIssued":"A register request for this account was already issued on ",
 "rememberChoice":"Remember my choice",
 "removeOtherSessions":"Remove other sessions",
+"renewSession":"Renew session",
 "resendConfirmMail":"Resend confirmation mail?",
 "resentConfirm":"Do you want the confirmation mail to be resent?",
 "resetCertificateOK":"Your certificate has been successfully reset!",
--- a/lemonldap-ng-portal/site/htdocs/static/languages/es.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/es.json
@ -249,6 +249,7 @@
 "registerRequestAlreadyIssued":"Ya fue expedida una solicitud de registro para esta cuenta",
 "rememberChoice":"Recordar mi elección",
 "removeOtherSessions":"Suprimir las otras sesiones",
+"renewSession":"Renew session",
 "resendConfirmMail":"¿Reenviar e-mail de confirmación?",
 "resentConfirm":"¿Desea que el e-mail de confirmación sea reenviado?",
 "resetCertificateOK":"Su certificado ha sido reiniciado con éxito",
@ -315,4 +316,4 @@
 "yourProfile":"Conozca su perfil",
 "yourTotpKey":"Su llave TOTP",
 "yubikey2f":"Yubikey"
-}
+}
--- a/lemonldap-ng-portal/site/htdocs/static/languages/fi.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/fi.json
@ -249,6 +249,7 @@
 "registerRequestAlreadyIssued":"A register request for this account was already issued on ",
 "rememberChoice":"Muista valintani",
 "removeOtherSessions":"Remove other sessions",
+"renewSession":"Renew session",
 "resendConfirmMail":"Uudelleen lähetä vahvistus sähköposti?",
 "resentConfirm":"Do you want the confirmation mail to be resent?",
 "resetCertificateOK":"Your certificate has been successfully reset!",
@ -315,4 +316,4 @@
 "yourProfile":"Know your profile",
 "yourTotpKey":"Your TOTP key",
 "yubikey2f":"Yubikey"
-}
+}
--- a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json
@ -249,6 +249,7 @@
 "registerRequestAlreadyIssued":"Une demande de création pour ce compte a déjà été faite le ",
 "rememberChoice":"Se souvenir de mon choix",
 "removeOtherSessions":"Fermer les autres sessions",
+"renewSession":"Renouveller la session",
 "resendConfirmMail":"Renvoyer le mail de confirmation ?",
 "resentConfirm":"Voulez-vous que le message de confirmation soit renvoyé ?",
 "resetCertificateOK":"Votre certificat a bien été réinitialisé!",
--- a/lemonldap-ng-portal/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/it.json
@ -249,6 +249,7 @@
 "registerRequestAlreadyIssued":"Una richiesta di registrazione per questo conto é già stata rilasciata il",
 "rememberChoice":"Ricordarsi della mia scelta",
 "removeOtherSessions":"Rimuovere altre sessioni",
+"renewSession":"Renew session",
 "resendConfirmMail":"Inviare nuovamente mail di conferma?",
 "resentConfirm":"Vuoi inviare di nuovo la mail di conferma?",
 "resetCertificateOK":"Your certificate has been successfully reset!",
@ -315,4 +316,4 @@
 "yourProfile":"Know your profile",
 "yourTotpKey":"La tua chiave TOTP",
 "yubikey2f":"Yubikey"
-}
+}
--- a/lemonldap-ng-portal/site/htdocs/static/languages/nl.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/nl.json
@ -249,6 +249,7 @@
 "registerRequestAlreadyIssued":"A register request for this account was already issued on ",
 "rememberChoice":"Remember my choice",
 "removeOtherSessions":"Remove other sessions",
+"renewSession":"Renew session",
 "resendConfirmMail":"Resend confirmation mail?",
 "resentConfirm":"Do you want the confirmation mail to be resent?",
 "resetCertificateOK":"Your certificate has been successfully reset!",
@ -315,4 +316,4 @@
 "yourProfile":"Know your profile",
 "yourTotpKey":"Your TOTP key",
 "yubikey2f":"Yubikey"
-}
+}
--- a/lemonldap-ng-portal/site/htdocs/static/languages/pl.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/pl.json
@ -249,6 +249,7 @@
 "registerRequestAlreadyIssued":"Wniosek o rejestrację tego konta został już złożony w dniu ",
 "rememberChoice":"Zapamiętaj mój wybór",
 "removeOtherSessions":"Usuń inne sesje",
+"renewSession":"Renew session",
 "resendConfirmMail":"Czy wysłać ponownie wiadomość z potwierdzeniem?",
 "resentConfirm":"Czy chcesz, aby wiadomość z potwierdzeniem została ponownie wysłana?",
 "resetCertificateOK":"Twój certyfikat został pomyślnie zresetowany!",
@ -315,4 +316,4 @@
 "yourProfile":"Twój profil",
 "yourTotpKey":"Twój klucz TOTP",
 "yubikey2f":"Yubikey"
-}
+}
--- a/lemonldap-ng-portal/site/htdocs/static/languages/pt.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/pt.json
@ -249,6 +249,7 @@
 "registerRequestAlreadyIssued":"A register request for this account was already issued on ",
 "rememberChoice":"Remember my choice",
 "removeOtherSessions":"Remove other sessions",
+"renewSession":"Renew session",
 "resendConfirmMail":"Resend confirmation mail?",
 "resentConfirm":"Do you want the confirmation mail to be resent?",
 "resetCertificateOK":"Your certificate has been successfully reset!",
@ -315,4 +316,4 @@
 "yourProfile":"Know your profile",
 "yourTotpKey":"Your TOTP key",
 "yubikey2f":"Yubikey"
-}
+}
--- a/lemonldap-ng-portal/site/htdocs/static/languages/ro.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/ro.json
@ -249,6 +249,7 @@
 "registerRequestAlreadyIssued":"A register request for this account was already issued on ",
 "rememberChoice":"Remember my choice",
 "removeOtherSessions":"Remove other sessions",
+"renewSession":"Renew session",
 "resendConfirmMail":"Resend confirmation mail?",
 "resentConfirm":"Do you want the confirmation mail to be resent?",
 "resetCertificateOK":"Your certificate has been successfully reset!",
@ -315,4 +316,4 @@
 "yourProfile":"Know your profile",
 "yourTotpKey":"Your TOTP key",
 "yubikey2f":"Yubikey"
-}
+}
--- a/lemonldap-ng-portal/site/htdocs/static/languages/tr.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/tr.json
@ -249,6 +249,7 @@
 "registerRequestAlreadyIssued":"Bu hesap için kayıt olma isteği zaten şu tarihte alındı:",
 "rememberChoice":"Seçimimi hatırla",
 "removeOtherSessions":"Diğer oturumları sil",
+"renewSession":"Renew session",
 "resendConfirmMail":"Doğrulama e-postasını tekrar gönder?",
 "resentConfirm":"Onay e-postasının tekrar gönderilmesini ister misiniz?",
 "resetCertificateOK":"Sertifikanız başarıyla sıfırlandı!",
@ -315,4 +316,4 @@
 "yourProfile":"Profilini bil",
 "yourTotpKey":"TOTP anahtarınız",
 "yubikey2f":"Yubikey"
-}
+}
--- a/lemonldap-ng-portal/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/vi.json
@ -249,6 +249,7 @@
 "registerRequestAlreadyIssued":"Yêu cầu đăng ký cho tài khoản này đã được cấp phát",
 "rememberChoice":"Hãy nhớ sự lựa chọn của tôi",
 "removeOtherSessions":"Xóa các phiên khác",
+"renewSession":"Renew session",
 "resendConfirmMail":"Gửi lại thư xác nhận?",
 "resentConfirm":"Bạn có muốn gửi lại thư xác nhận không?",
 "resetCertificateOK":"Your certificate has been successfully reset!",
@ -315,4 +316,4 @@
 "yourProfile":"Know your profile",
 "yourTotpKey":"Your TOTP key",
 "yubikey2f":"Yubikey"
-}
+}
--- a/lemonldap-ng-portal/site/htdocs/static/languages/zh.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/zh.json
@ -249,6 +249,7 @@
 "registerRequestAlreadyIssued":"此账户已存在一个注册请求",
 "rememberChoice":"记住我的选择",
 "removeOtherSessions":"移除其他会话",
+"renewSession":"Renew session",
 "resendConfirmMail":"重新发送确认邮件？",
 "resentConfirm":"您想确认邮件被重新发送吗？",
 "resetCertificateOK":"Your certificate has been successfully reset!",
@ -315,4 +316,4 @@
 "yourProfile":"Know your profile",
 "yourTotpKey":"Your TOTP key",
 "yubikey2f":"Yubikey"
-}
+}
--- a/lemonldap-ng-portal/site/templates/bootstrap/updatesession.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/updatesession.tpl
@ -1,20 +0,0 @@
-<TMPL_INCLUDE NAME="header.tpl">
-
-<div id="errorcontent" class="container">
-
-<div class="message message-positive alert"><span trspan="<TMPL_VAR NAME="MSG">"></span></div>
-
-<form id="upgrd" action="/upgradesession" method="post" class="password" role="form">
-  <input type="hidden" name="confirm" value="<TMPL_VAR NAME="CONFIRMKEY">">
-  <input type="hidden" name="url" value="<TMPL_VAR NAME="URL">">
-  <div class="buttons">
-    <button type="submit" class="btn btn-success">
-      <span class="fa fa-sign-in"></span>
-      <span trspan="upgradeSession">Upgrade session</span>
-    </button>
-  </div>
-</form>
-
-</div>
-
-<TMPL_INCLUDE NAME="footer.tpl">
--- a/lemonldap-ng-portal/site/templates/bootstrap/upgradesession.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/upgradesession.tpl
@ -4,18 +4,20 @@

 <div class="message message-positive alert"><span trspan="<TMPL_VAR NAME="MSG">"></span></div>

-<form id="upgrd" action="/upgradesession" method="post" class="password" role="form">
+<form id="upgrd" action="<TMPL_VAR NAME="FORMACTION">" method="post" class="password" role="form">
  <input type="hidden" name="confirm" value="<TMPL_VAR NAME="CONFIRMKEY">">
  <input type="hidden" name="url" value="<TMPL_VAR NAME="URL">">
  <div class="buttons">
    <button type="submit" class="btn btn-success">
      <span class="fa fa-sign-in"></span>
-      <span trspan="upgradeSession">Upgrade session</span>
+      <span trspan="<TMPL_VAR NAME="BUTTON">">Upgrade session</span>
    </button>
+    <TMPL_IF NAME="PORTALBUTTON">
    <a href="<TMPL_VAR NAME="PORTAL_URL">" class="btn btn-primary" role="button">
      <span class="fa fa-home"></span>
      <span trspan="goToPortal">Go to portal</span>
    </a>
+    </TMPL_IF>
  </div>
 </form>