Support for multiple yubikeys.

48f93404 · Marek Wójtowicz · c9bf13aa · 48f93404
Commit 48f93404 authored Jun 30, 2021 by Marek Wójtowicz
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
@@ -86,7 +86,7 @@ sub init {

 sub _findYubikey {
    my ( $self, $req, $sessionInfo ) = @_;
-    my ( $yubikey, $_2fDevices );
+    my ( $yubikey, $_2fDevices, $code );

    # First, lookup from session attribute
    if ( $self->conf->{yubikey2fFromSessionAttribute} ) {
@@ -109,8 +109,14 @@ sub _findYubikey {
        $self->logger->debug("2F Device(s) found");
        $self->logger->debug("Reading Yubikey ...");

-        $yubikey = $_->{_yubikey}
-          foreach grep { $_->{type} eq 'UBK' } @$_2fDevices;
+        if ( $code = $req->param('code') ) {
+            $yubikey = $_->{_yubikey}
+              foreach grep { ($_->{type} eq 'UBK') and ( $_->{_yubikey} eq
+                substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ) ) } @$_2fDevices;
+        } else {
+            $yubikey = $_->{_yubikey}
+              foreach grep { $_->{type} eq 'UBK' } @$_2fDevices;
+        }
    }

    return $yubikey;
@@ -168,11 +174,7 @@ sub verify {
    # Verify OTP
    my $yubikey = $self->_findYubikey( $req, $session );

-    if (
-        index( $yubikey,
-            substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ) ) == -1
-      )
-    {
+    unless ( $yubikey ) {
        $self->userLogger->warn('Yubikey not registered');
        return PE_BADOTP;
    }