Force reAuth from 2fManager (#2714)
This commit is contained in:
parent
50c312acc3
commit
f6f9fe29cf
|
@ -207,9 +207,11 @@ sub init {
|
|||
sub run {
|
||||
my ( $self, $req ) = @_;
|
||||
my $checkLogins = $req->param('checkLogins');
|
||||
my $forceUpgrade = $req->param('forceUpgrade');
|
||||
my $stayconnected = $req->param('stayconnected');
|
||||
my $spoofId = $req->param('spoofId') || '';
|
||||
$self->logger->debug("2F checkLogins set") if ($checkLogins);
|
||||
$self->logger->debug("2F checkLogins set") if $checkLogins;
|
||||
$self->logger->debug("2F forceUgrade set") if $forceUpgrade;
|
||||
|
||||
# Skip 2F unless a module has been registered
|
||||
unless ( @{ $self->sfModules } ) {
|
||||
|
@ -226,7 +228,7 @@ sub run {
|
|||
|
||||
# Skip 2F if authnLevel is already high enough
|
||||
if (
|
||||
$self->conf->{sfOnlyUpgrade}
|
||||
$self->conf->{sfOnlyUpgrade} && !$forceUpgrade
|
||||
and ( ( $req->pdata->{targetAuthnLevel} || 0 ) <=
|
||||
( $req->sessionInfo->{authenticationLevel} || 0 ) )
|
||||
)
|
||||
|
@ -502,7 +504,8 @@ sub _displayRegister {
|
|||
return [ 302, [ Location => $self->conf->{portal} . $am[0]->{URL} ], [] ]
|
||||
if (
|
||||
@am == 1
|
||||
and not( $req->userData->{_2fDevices} && $req->userData->{_2fDevices} =~ /\w+/
|
||||
and not( $req->userData->{_2fDevices}
|
||||
&& $req->userData->{_2fDevices} =~ /\w+/
|
||||
or $req->data->{sfRegRequired} )
|
||||
);
|
||||
|
||||
|
|
|
@ -73,6 +73,7 @@ sub ask {
|
|||
if ( $req->param('upgrading') or $req->param('kerberos') );
|
||||
|
||||
my $url = $req->param('url') || '';
|
||||
my $forceUpgrade = $req->param('forceUpgrade') || '';
|
||||
my $action = ( $message =~ /^askTo(\w+)$/ )[0];
|
||||
$self->logger->debug(" -> $action required");
|
||||
$self->logger->debug(" -> Skip confirmation is enabled")
|
||||
|
@ -91,6 +92,7 @@ sub ask {
|
|||
BUTTON => $buttonlabel,
|
||||
CONFIRMKEY => $self->p->stamp,
|
||||
PORTAL => $self->conf->{portal},
|
||||
FORCEUPGRADE => $forceUpgrade,
|
||||
URL => $url,
|
||||
(
|
||||
$self->conf->{"skip${action}Confirmation"}
|
||||
|
|
|
@ -90,7 +90,7 @@
|
|||
|
||||
<div class="buttons">
|
||||
<TMPL_IF NAME="DISPLAY_UPG">
|
||||
<a href="<TMPL_VAR NAME="PORTAL_URL">upgradesession?url=<TMPL_VAR NAME="SFREGISTERS_URL">" class="btn btn-success" role="button">
|
||||
<a href="<TMPL_VAR NAME="PORTAL_URL">upgradesession?forceUpgrade=1&url=<TMPL_VAR NAME="SFREGISTERS_URL">" class="btn btn-success" role="button">
|
||||
<span class="fa fa-sign-in"></span>
|
||||
<span trspan="upgradeSession">Upgrade session</span>
|
||||
</a>
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
|
||||
<form id="upgrd" action="<TMPL_VAR NAME="FORMACTION">" method="post" class="password" role="form">
|
||||
<input type="hidden" name="confirm" value="<TMPL_VAR NAME="CONFIRMKEY">">
|
||||
<input type="hidden" id="forceUpgrade" name="forceUpgrade" value="<TMPL_VAR NAME="FORCEUPGRADE">" />
|
||||
<input type="hidden" name="url" value="<TMPL_VAR NAME="URL">">
|
||||
<div class="buttons">
|
||||
<button type="submit" class="btn btn-success">
|
||||
|
|
Loading…
Reference in New Issue