dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

U2F update (#1148)

Browse Source 
Broken for now (pb with session->update)
This commit is contained in:
Xavier Guimard 2017-02-20 17:30:58 +00:00
parent 4b5e081e18
commit ffd769e780
6 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
TODO-2.0.md
View File

@ -1,3 +1,4 @@
* Don't generate token for /?js
* Update notification doc
* securize SOAP session creation by cipher
* write REST method to create session with an id

2
e2e-tests/lemonldap-ng.ini
View File

@ -23,6 +23,8 @@ portalSkin = bootstrap
staticPrefix = /static
languages = fr, en
templateDir = __pwd__/lemonldap-ng-portal/site/templates
u2fActivation = 1
u2fSelfRegistration = 1
[handler]

12
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/U2F.pm
View File

@ -70,8 +70,7 @@ sub check {
if ( my $res = $self->loadUser($req) ) {
return PE_ERROR if ( $res == -1 );
$req->sessionInfo->{_u2fRealSession} = $req->id;
my $token = $self->ott->createToken($req);
my $token = $self->ott->createToken( { req => $req } );
my $challenge = $self->crypter->authenticationChallenge;
my $tmp = $self->p->sendHtml(
@ -108,8 +107,14 @@ sub verify {
$req->error(PE_TOKENEXPIRED);
return $self->fail($req);
}
unless ( $oldReq = $oldReq->{req} ) {
$self->logger->error('Bad token: no request');
$req->error(PE_ERROR);
return $self->fail($req);
}
bless $oldReq, 'Lemonldap::NG::Portal::Main::Request';
if ( my $resp = $req->param('signature') ) {
unless ( $self->loadUser($req) == 1 ) {
unless ( $self->loadUser($oldReq) == 1 ) {
$req->error(PE_ERROR);
return $self->fail($req);
}
@ -120,7 +125,6 @@ sub verify {
$req->mustRedirect(1);
$self->userLogger->info( 'U2F signature verified for '
. $req->sessionInfo->{ $self->conf->{whatToTrace} } );
bless $oldReq, 'Lemonldap::NG::Portal::Main::Request';
return $self->p->do( $oldReq,
[ $self->p->sessionDatas, @{ $self->p->afterDatas } ] );
}

2
lemonldap-ng-portal/site/coffee/u2fregistration.coffee
View File

@ -43,7 +43,7 @@ register = ->
if resp.error
setMsg 'u2fFailed', 'warning'
else if resp.result
setMsg 'u2fSuccess', 'positive'
setMsg 'u2fRegistered', 'positive'
error: (j, status, err) ->
console.log 'error', err

2
lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.js
View File

@ -52,7 +52,7 @@ LemonLDAP::NG U2F registration script
if (resp.error) {
return setMsg('u2fFailed', 'warning');
} else if (resp.result) {
return setMsg('u2fSuccess', 'positive');
return setMsg('u2fRegistered', 'positive');
}
},
error: function(j, status, err) {

2
lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js vendored
View File

@ -1 +1 @@
(function(){var a,b,c;b=function(d,e){$("#msg").html(window.translate(d));$("#color").removeClass("message-positive message-warning alert-success alert-warning");$("#color").addClass("message-"+e);if(e==="positive"){e="success"}return $("#color").addClass("alert-"+e)};a=function(){return $.ajax({type:"POST",url:portal+"u2fregister/register",data:{},dataType:"json",error:function(e,d,f){return console.log("Error",f)},success:function(d){var e;e=[{challenge:d.challenge,version:d.version}];b("touchU2fDevice","positive");$("#u2fPermission").show();return u2f.register(d.appId,e,[],function(f){$("#u2fPermission").hide();if(f.errorCode){return b("unableToGetU2FKey","warning")}else{return $.ajax({type:"POST",url:portal+"u2fregister/registration",data:{registration:JSON.stringify(f)},dataType:"json",success:function(g){if(g.error){return b("u2fFailed","warning")}else{if(g.result){return b("u2fSuccess","positive")}}},error:function(h,g,i){return console.log("error",i)}})}})}})};c=function(){return $.ajax({type:"POST",url:portal+"u2fregister/verify",data:{},dataType:"json",error:function(e,d,f){return console.log("Error",f)},success:function(d){var e;e=[{keyHandle:d.keyHandle,version:d.version}];b("touchU2fDevice","positive");return u2f.sign(d.appId,d.challenge,e,function(f){if(f.errorCode){return b("unableToGetU2FKey","warning")}else{return $.ajax({type:"POST",url:portal+"u2fregister/signature",data:{signature:JSON.stringify(f)},dataType:"json",success:function(g){if(g.error){return b("u2fFailed","warning")}else{if(g.result){return b("u2fSuccess","positive")}}},error:function(h,g,i){return console.log("error",i)}})}})}})};$(document).ready(function(){$("#u2fPermission").hide();$("#register").on("click",a);$("#verify").on("click",c);return $("#goback").attr("href",portal)})}).call(this);
(function(){var a,b,c;b=function(d,e){$("#msg").html(window.translate(d));$("#color").removeClass("message-positive message-warning alert-success alert-warning");$("#color").addClass("message-"+e);if(e==="positive"){e="success"}return $("#color").addClass("alert-"+e)};a=function(){return $.ajax({type:"POST",url:portal+"u2fregister/register",data:{},dataType:"json",error:function(e,d,f){return console.log("Error",f)},success:function(d){var e;e=[{challenge:d.challenge,version:d.version}];b("touchU2fDevice","positive");$("#u2fPermission").show();return u2f.register(d.appId,e,[],function(f){$("#u2fPermission").hide();if(f.errorCode){return b("unableToGetU2FKey","warning")}else{return $.ajax({type:"POST",url:portal+"u2fregister/registration",data:{registration:JSON.stringify(f)},dataType:"json",success:function(g){if(g.error){return b("u2fFailed","warning")}else{if(g.result){return b("u2fRegistered","positive")}}},error:function(h,g,i){return console.log("error",i)}})}})}})};c=function(){return $.ajax({type:"POST",url:portal+"u2fregister/verify",data:{},dataType:"json",error:function(e,d,f){return console.log("Error",f)},success:function(d){var e;e=[{keyHandle:d.keyHandle,version:d.version}];b("touchU2fDevice","positive");return u2f.sign(d.appId,d.challenge,e,function(f){if(f.errorCode){return b("unableToGetU2FKey","warning")}else{return $.ajax({type:"POST",url:portal+"u2fregister/signature",data:{signature:JSON.stringify(f)},dataType:"json",success:function(g){if(g.error){return b("u2fFailed","warning")}else{if(g.result){return b("u2fSuccess","positive")}}},error:function(h,g,i){return console.log("error",i)}})}})}})};$(document).ready(function(){$("#u2fPermission").hide();$("#register").on("click",a);$("#verify").on("click",c);return $("#goback").attr("href",portal)})}).call(this);