Commit a018a10f authored by Yadd's avatar Yadd
Browse files

Fix Yubikey errors (#1399)

parent 91818247
Pipeline #1186 passed with stage
in 2 minutes and 13 seconds
......@@ -18,6 +18,14 @@ server {
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
# OU TO USE uWSGI
#include /etc/nginx/uwsgi_params;
#uwsgi_pass 127.0.0.1:5000;
#uwsgi_pass_request_body off;
#uwsgi_param CONTENT_LENGTH "";
#uwsgi_param HOST $http_host;
#uwsgi_param X_ORIGINAL_URI $request_uri;
}
# Client requests
......
......@@ -5,7 +5,6 @@ use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_FORMEMPTY
PE_ERROR
PE_OK
);
our $VERSION = '2.0.0';
......@@ -36,17 +35,36 @@ sub run {
if ( $otp and length($otp) > 12 ) {
my $keys = $req->userData->{_yubikeys} || '';
$keys .= ( $keys ? ', ' : '' )
. substr( $otp, 0, $self->conf->{yubikeyPublicIDSize} );
. substr( $otp, 0, $self->conf->{yubikey2fPublicIDSize} );
$self->p->updatePersistentSession( $req, { _yubikeys => $keys } );
return $self->p->sendHtml(
$req, 'error',
params => {
RAW_ERROR => 'yourKeyIsRegistered',
AUTH_ERROR_TYPE => 'positive',
}
);
}
else {
$self->userLogger->error('Yubikey 2F: no code');
return PE_FORMEMPTY;
return $self->p->sendHtml(
$req, 'error',
params => {
AUTH_ERROR => PE_FORMEMPTY,
AUTH_ERROR_TYPE => 'positive',
}
);
}
}
else {
$self->userLogger->error("Unknown Yubikey action $action");
return PE_ERROR;
return $self->p->sendHtml(
$req, 'error',
params => {
AUTH_ERROR => PE_ERROR,
AUTH_ERROR_TYPE => 'positive',
}
);
}
}
......
......@@ -36,8 +36,7 @@ sub init {
unless ($self->conf->{yubikey2fClientID}
and $self->conf->{yubikey2fSecretKey} )
{
$self->logger->error(
"Missing mandatory parameters (Client ID and secret key)");
$self->error('Missing mandatory parameters (Client ID and secret key)');
return 0;
}
$self->conf->{yubikey2fPublicIDSize} ||= 12;
......@@ -92,8 +91,8 @@ sub verify {
# Verify OTP
if (
index( substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ),
$session->{_yubikeys} ) == -1
index( $session->{_yubikeys},
substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ) ) == -1
)
{
$self->userLogger->warn('Yubikey not registered');
......
......@@ -3,6 +3,9 @@
<TMPL_IF AUTH_ERROR>
<div class="message message-<TMPL_VAR NAME="AUTH_ERROR_TYPE"> alert"><span trmsg="<TMPL_VAR NAME="AUTH_ERROR">"></span></div>
</TMPL_IF>
<TMPL_IF RAW_ERROR>
<div class="message message-<TMPL_VAR NAME="AUTH_ERROR_TYPE"> alert"><span trspan="<TMPL_VAR NAME="RAW_ERROR">"></span></div>
</TMPL_IF>
<TMPL_IF ERROR403>
<div class="message message-negative alert">
<span trspan="accessDenied">You have no access authorization for this application</span>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment