### # 2ndFA Session explorer ### setMsg = (msg, level) -> $('#msg').html window.translate msg $('#color').removeClass 'message-positive message-warning alert-success alert-warning' $('#color').addClass "message-#{level}" level = 'success' if level == 'positive' $('#color').addClass "alert-#{level}" displayError = (j, status, err) -> console.log 'Error', err res = JSON.parse j.responseText if res and res.error res = res.error.replace /.* /, '' console.log 'Returned error', res setMsg res, 'warning' # Max number of session to display (see overScheme) max = 25 # Queries to do each type of display: each array item corresponds to the depth # of opened nodes in the tree schemes = _whatToTrace: [ (t,v) -> "groupBy=substr(#{t},1)" (t,v) -> "#{t}=#{v}*&groupBy=#{t}" (t,v) -> "#{t}=#{v}" ] _startTime: [ (t,v) -> "groupBy=substr(#{t},8)" (t,v) -> "#{t}=#{v}*&groupBy=substr(#{t},10)" (t,v) -> "#{t}=#{v}*&groupBy=substr(#{t},11)" (t,v) -> "#{t}=#{v}*&groupBy=substr(#{t},12)" (t,v) -> "#{t}=#{v}*&groupBy=_whatToTrace" (t,v,q) -> console.log t console.log v console.log q q.replace(/\&groupBy.*$/, '') + "&_whatToTrace=#{v}" ] overScheme = _whatToTrace: (t,v,level,over) -> if level == 1 "#{t}=#{v}*&groupBy=substr(#{t},#{(level+over+1)})" else null ipAddr: (t,v,level,over) -> if level > 0 and level < 4 "#{t}=#{v}*&groupBy=net(#{t},#{16*level+4*(over+1)},2)" else null hiddenAttributes = '_password' # Attributes to group in session display categories = dateTitle: ['_utime', '_startTime', '_updateTime', '_lastAuthnUTime', '_lastSeen'] connectionTitle: ['ipAddr', '_timezone', '_url'] authenticationTitle:['_session_id', '_user', '_password', 'authenticationLevel'] modulesTitle: ['_auth', '_userDB', '_passwordDB', '_issuerDB', '_authChoice', '_authMulti', '_userDBMulti'] saml: ['_idp', '_idpConfKey', '_samlToken', '_lassoSessionDump', '_lassoIdentityDump'] groups: ['groups', 'hGroups'] ldap: ['dn'] BrowserID: ['_browserIdAnswer', '_browserIdAnswerRaw'] OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token'] # Menu entries menu = delU2FKey: [ title: 'deleteU2FKey' icon: 'trash' ] addU2FKey: [ title: 'addU2FKey' icon: 'plus' ] verifyU2FKey: [ title: 'verifyU2FKey' icon: 'check' ] delTOTPKey: [ title: 'deleteTOTPKey' icon: 'trash' ] addTOTPKey: [ title: 'addTOTPKey' icon: 'plus' ] verifyTOTPKey: [ title: 'verifyTOTPKey' icon: 'check' ] home: [] ### # AngularJS applications ### llapp = angular.module 'llngSessionsExplorer', ['ui.tree', 'ui.bootstrap', 'llApp'] # Main controller llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location', '$q', '$http', ($scope, $translator, $location, $q, $http) -> $scope.links = links $scope.menulinks = menulinks $scope.staticPrefix = staticPrefix $scope.scriptname = scriptname $scope.formPrefix = formPrefix $scope.availableLanguages = availableLanguages $scope.waiting = true $scope.showM = false $scope.showT = true $scope.data = [] $scope.currentScope = null $scope.currentSession = null $scope.menu = menu $scope.searchString = '' # Import translations functions $scope.translateP = $translator.translateP $scope.translate = $translator.translate $scope.translateTitle = (node) -> $translator.translateField node, 'title' sessionType = 'global' # Handle menu items $scope.menuClick = (button) -> if button.popup window.open button.popup else button.action = button.title unless button.action switch typeof button.action when 'function' button.action $scope.currentNode, $scope when 'string' $scope[button.action]() else console.log typeof button.action $scope.showM = false ## SESSIONS MANAGEMENT # Search 2FA sessions $scope.search2FA = (clear) -> if clear $scope.searchString = '' $scope.currentSession = null $scope.data = [] $scope.updateTree2 '', $scope.data, 0, 0 # Delete U2F key $scope.deleteU2FKey = -> $scope.waiting = true $http['delete']("#{scriptname}sfa/#{sessionType}/#{$scope.currentSession.id}?Key=U2F").then (response) -> $scope.currentSession = null $scope.currentScope.remove() $scope.waiting = false , (resp) -> $scope.currentSession = null $scope.currentScope.remove() $scope.waiting = false $scope.showT = false # Delete TOTP key $scope.deleteTOTPKey = -> $scope.waiting = true $http['delete']("#{scriptname}sfa/#{sessionType}/#{$scope.currentSession.id}?Key=TOTP").then (response) -> $scope.currentSession = null $scope.currentScope.remove() $scope.waiting = false , (resp) -> $scope.currentSession = null $scope.currentScope.remove() $scope.waiting = false $scope.showT = false # Add U2F key $scope.addU2FKey = -> $scope.waiting = true $http['put']("#{scriptname}sfa/#{sessionType}/#{$scope.currentSession.id}?Key=U2F").then (response) -> $scope.currentSession = null $scope.currentScope.remove() $scope.waiting = false , (resp) -> $scope.currentSession = null $scope.currentScope.remove() $scope.waiting = false $scope.showT = false # Add TOTP key $scope.addTOTPKey = -> $scope.waiting = true $http['put']("#{scriptname}sfa/#{sessionType}/#{$scope.currentSession.id}?Key=TOTP").then (response) -> $scope.currentSession = null $scope.currentScope.remove() $scope.waiting = false , (resp) -> $scope.currentSession = null $scope.currentScope.remove() $scope.waiting = false $scope.showT = false # Verify U2F key $scope.verifyU2FKey = -> $scope.waiting = true $http['post']("#{scriptname}sfa/#{sessionType}/#{$scope.currentSession.id}?Key=U2F").then (response) -> $scope.currentSession = null $scope.currentScope.remove() $scope.waiting = false , (resp) -> $scope.currentSession = null $scope.currentScope.remove() $scope.waiting = false $scope.showT = true # Verify TOTP key $scope.verifyTOTPKey = -> $scope.waiting = true $http['post']("#{scriptname}sfa/#{sessionType}/#{$scope.currentSession.id}?Key=TOTP").then (response) -> $scope.currentSession = null $scope.currentScope.remove() $scope.waiting = false , (resp) -> $scope.currentSession = null $scope.currentScope.remove() $scope.waiting = false $scope.showT = true # Open node $scope.stoggle = (scope) -> node = scope.$modelValue if node.nodes.length == 0 $scope.updateTree node.value, node.nodes, node.level, node.over, node.query, node.count scope.toggle() # Display selected session $scope.displaySession = (scope) -> # Private functions # Session preparation transformSession = (session) -> _stToStr = (s) -> s _insert = (re, title) -> tmp = [] reg = new RegExp(re) for key,value of session if key.match(reg) and value tmp.push title: key value: value delete session[key] if tmp.length > 0 res.push title: title nodes: tmp time = session._utime id = session._session_id # 1. Replace values if needed for key, value of session unless value delete session[key] else if typeof session == 'string' and value.match(/; /) session[key] = value.split '; ' if typeof session[key] != 'object' if hiddenAttributes.match(new RegExp('\b' + key + '\b')) session[key] = '********' else if key.match /^(_utime|_lastAuthnUTime|_lastSeen|notification)$/ session[key] = $scope.localeDate value else if key.match /^(_startTime|_updateTime)$/ session[key] = _stToStr value #else if key.match /^(_u2fKeyHandle|_u2fUserKey|_totp2fSecret)$/ # session[key] = '##########' res = [] # 2. Push session keys in result, grouped by categories for category, attrs of categories subres = [] for attr in attrs if session[attr] subres.push title: attr value: session[attr] delete session[attr] if subres.length >0 res.push title: "__#{category}__" nodes: subres # 3. Add OpenID and notifications already notified _insert '^openid', 'OpenID' _insert '^notification_(.+)', '__notificationsDone__' # 4. Add session history if exists if session._loginHistory tmp = [] if session._loginHistory.successLogin for l in session._loginHistory.successLogin tmp.push t: l._utime title: $scope.localeDate l._utime value: "Success (IP #{l.ipAddr})" if session._loginHistory.failedLogin for l in session._loginHistory.failedLogin tmp.push t: l._utime title: $scope.localeDate l._utime value: "#{l.error} (IP #{l.ipAddr})" delete session._loginHistory tmp.sort (a,b) -> a.t - b.t res.push title: '__loginHistory__' nodes: tmp # 5. Other keys (attributes and macros) tmp = [] for key, value of session tmp.push title: key value: value tmp.sort (a,b) -> if a.title > b.title then 1 else if a.title < b.title then -1 else 0 res.push title: '__attributesAndMacros__' nodes: tmp return { _utime: time id: id nodes: res } $scope.currentScope = scope sessionId = scope.$modelValue.session $http.get("#{scriptname}sfa/#{sessionType}/#{sessionId}").then (response) -> $scope.currentSession = transformSession response.data $scope.showT = false $scope.localeDate = (s) -> d = new Date(s * 1000) return d.toLocaleString() # Function to change interface language $scope.getLanguage = (lang) -> $scope.lang = lang $scope.form = 'white' $scope.init() $scope.showM = false # URI local path management pathEvent = (event, next, current) -> n = next.match /#\/(\w+)/ sessionType = 'global' if n == null $scope.type = '_whatToTrace' else if n[1].match /^(persistent)$/ sessionType = RegExp.$1 $scope.type = '_session_uid' else $scope.type = n[1] $scope.init() $scope.$on '$locationChangeSuccess', pathEvent # Functions to update tree: download value of opened subkey autoId = 0 $scope.updateTree = (value, node, level, over, currentQuery, count) -> $scope.waiting = true # Query scheme selection: # - if defined above scheme = if schemes[$scope.type] schemes[$scope.type] # - _updateTime must be displayed as startDate else if $scope.type == '_updateTime' schemes._startTime # - default to _whatToTrace scheme else schemes._whatToTrace # Build query using schemes query = scheme[level] $scope.type, value, currentQuery # If number of session exceeds "max" and overScheme exists, call it if count > max and overScheme[$scope.type] if tmp = overScheme[$scope.type] $scope.type, value, level, over, currentQuery over++ query = tmp level = level - 1 else over = 0 else over = 0 # Launch HTTP query $http.get("#{scriptname}sfa/#{sessionType}?#{query}&U2FCheck=#{$scope.U2FCheck}&TOTPCheck=#{$scope.TOTPCheck}").then (response) -> data = response.data if data.result for n in data.values autoId++ n.id = "node#{autoId}" if level < scheme.length - 1 n.nodes = [] n.level = level + 1 n.query = query n.over = over # Date display in tree if $scope.type.match /^(?:start|update)Time$/ n.title = n.value # 12 digits -> 12:34 .replace(/^(\d{8})(\d{2})(\d{2})$/,'$2:$3') # 11 digits -> 12:30 .replace(/^(\d{8})(\d{2})(\d)$/,'$2:$30') # 10 digits -> 12h .replace(/^(\d{8})(\d{2})$/,'$2h') # 8 digits -> 2016-03-15 .replace(/^(\d{4})(\d{2})(\d{2})/,'$1-$2-$3') node.push n $scope.total = data.total if value == '' $scope.waiting = false , (resp) -> $scope.waiting = false # Functions to filter U2F sessions tree : download value of opened subkey $scope.updateTree2 = (value, node, level, over, currentQuery, count) -> $scope.waiting = true # Query scheme selection: # - if defined above scheme = if schemes[$scope.type] schemes[$scope.type] # - _updateTime must be displayed as startDate else if $scope.type == '_updateTime' schemes._startTime # - default to _whatToTrace scheme else schemes._whatToTrace # Build query using schemes query = scheme[level] $scope.type, value, currentQuery # If number of session exceeds "max" and overScheme exists, call it if count > max and overScheme[$scope.type] if tmp = overScheme[$scope.type] $scope.type, value, level, over, currentQuery over++ query = tmp level = level - 1 else over = 0 else over = 0 # Launch HTTP $http.get("#{scriptname}sfa/#{sessionType}?_session_uid=#{$scope.searchString}*&groupBy=substr(_session_uid,#{$scope.searchString.length})&U2FCheck=#{$scope.U2FCheck}&TOTPCheck=#{$scope.TOTPCheck}").then (response) -> data = response.data if data.result for n in data.values autoId++ n.id = "node#{autoId}" if level < scheme.length - 1 n.nodes = [] n.level = level + 1 n.query = query n.over = over # Date display in tree if $scope.type.match /^(?:start|update)Time$/ n.title = n.value # 12 digits -> 12:34 .replace(/^(\d{8})(\d{2})(\d{2})$/,'$2:$3') # 11 digits -> 12:30 .replace(/^(\d{8})(\d{2})(\d)$/,'$2:$30') # 10 digits -> 12h .replace(/^(\d{8})(\d{2})$/,'$2h') # 8 digits -> 2016-03-15 .replace(/^(\d{4})(\d{2})(\d{2})/,'$1-$2-$3') node.push n $scope.total = data.total if value == '' $scope.waiting = false , (resp) -> $scope.waiting = false # Intialization function # Simply set $scope.waiting to false during $translator and tree root # initialization $scope.init = -> $scope.waiting = true $scope.data = [] $q.all [ $translator.init $scope.lang $scope.updateTree '', $scope.data, 0, 0 ] .then -> $scope.waiting = false , (resp) -> $scope.waiting = false # Query scheme initialization # Default to '_whatToTrace' c = $location.path().match /^\/(\w+)/ $scope.type = if c then c[1] else '_whatToTrace' ]