diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm index 83048105401b0f4e18287bdb902635d9a10439e6..07819d74c6ac0e25211e59216e3ba7354ccd4663 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm @@ -15,7 +15,7 @@ use Lemonldap::NG::Portal::Main::Constants qw( PE_SENDRESPONSE ); -our $VERSION = '2.0.10'; +our $VERSION = '2.0.15'; extends qw( Lemonldap::NG::Portal::Main::SecondFactor @@ -30,14 +30,11 @@ has logo => ( is => 'rw', default => 'totp.png' ); sub init { my ($self) = @_; - # If self registration is enabled and "activation" is just set to - # "enabled", replace the rule to detect if user has registered its key - if ( $self->conf->{totp2fSelfRegistration} - and $self->conf->{totp2fActivation} eq '1' ) - { - $self->conf->{totp2fActivation} = - '$_2fDevices && $_2fDevices =~ /"type":\s*"TOTP"/s'; - } + # If "activation" is just set to "enabled", + # replace the rule to detect if user has registered its key + $self->conf->{totp2fActivation} = 'has2f("TOTP")' + if $self->conf->{totp2fActivation} eq '1'; + return $self->SUPER::init(); } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm index cc766bb12c7eb8d3e15654b3977489182060b36f..0792faa75398ecc80e59bffffeaab69c20e85ee1 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm @@ -16,7 +16,7 @@ use Lemonldap::NG::Portal::Main::Constants qw( PE_BADCREDENTIALS ); -our $VERSION = '2.0.12'; +our $VERSION = '2.0.15'; extends qw( Lemonldap::NG::Portal::Main::SecondFactor @@ -32,14 +32,11 @@ has logo => ( is => 'rw', default => 'u2f.png' ); sub init { my ($self) = @_; - # If self registration is enabled and "activation" is just set to - # "enabled", replace the rule to detect if user has registered its key - if ( $self->conf->{u2fSelfRegistration} - and $self->conf->{u2fActivation} eq '1' ) - { - $self->conf->{u2fActivation} = - '$_2fDevices && $_2fDevices =~ /"type":\s*"U2F"/s'; - } + # If "activation" is just set to "enabled", + # replace the rule to detect if user has registered its key + $self->conf->{u2fActivation} = 'has2f("U2F")' + if $self->conf->{u2fActivation} eq '1'; + return 0 unless ( $self->Lemonldap::NG::Portal::Main::SecondFactor::init() and $self->Lemonldap::NG::Portal::Lib::U2F::init() ); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/UTOTP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/UTOTP.pm index 778f685e62bd3286a338e40183c71ab69f0755d7..6f2dc615aa32fa652cf1aad545c71b5100fce644 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/UTOTP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/UTOTP.pm @@ -6,7 +6,7 @@ use JSON qw(from_json to_json); use Lemonldap::NG::Portal::Main::Constants qw( ); -our $VERSION = '2.0.8'; +our $VERSION = '2.0.15'; extends 'Lemonldap::NG::Portal::Main::SecondFactor'; @@ -26,16 +26,9 @@ use Lemonldap::NG::Portal::Main::Constants qw( sub init { my ($self) = @_; - if ( ( - $self->conf->{totp2fSelfRegistration} - or $self->conf->{u2fSelfRegistration} - ) - and $self->conf->{utotp2fActivation} eq '1' - ) - { - $self->conf->{utotp2fActivation} = - '$_2fDevices && $_2fDevices =~ /"type":\s*"(?:TOTP|U2F)"/s'; - } + $self->conf->{utotp2fActivation} = 'has2f("TOTP") or has2f("U2F")' + if ( $self->conf->{utotp2fActivation} eq '1' ); + foreach (qw(U2F TOTP)) { # Arg "noRoute" is set for sub 2F modules to avoid enabling direct diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm index ff27e4eea854b07241200e08194a950015f67a41..6f05c72ed64da8f24c98764d6d331f912ea07bd2 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/WebAuthn.pm @@ -31,15 +31,12 @@ has logo => ( is => 'rw', default => 'webauthn.png' ); sub init { my ($self) = @_; - # If self registration is enabled and "activation" is just set to - # "enabled", replace the rule to detect if user has registered its key - if ( $self->conf->{webauthn2fSelfRegistration} - and $self->conf->{webauthn2fActivation} eq '1' ) - { - $self->conf->{webauthn2fActivation} = 'has2f("WebAuthn")'; - } - return 0 - unless ( $self->Lemonldap::NG::Portal::Main::SecondFactor::init() ); + # If "activation" is just set to "enabled", + # replace the rule to detect if user has registered its key + $self->conf->{webauthn2fActivation} = 'has2f("WebAuthn")' + if $self->conf->{webauthn2fActivation} eq '1'; + + return 0 unless $self->SUPER::init(); return 1; } diff --git a/lemonldap-ng-portal/t/01-WebAuthn.t b/lemonldap-ng-portal/t/01-WebAuthn.t index 1e7d4632da3555f2eef3f5b338160033121becd3..e52ba7e90bad5c370c473edf041faa69769234e8 100644 --- a/lemonldap-ng-portal/t/01-WebAuthn.t +++ b/lemonldap-ng-portal/t/01-WebAuthn.t @@ -40,7 +40,7 @@ ENDKEY ini => { logLevel => 'error', useSafeJail => 1, - webauthn2fSelfRegistration => 1, + webauthn2fSelfRegistration => 0, webauthn2fActivation => 1, webauthn2fUserCanRemoveKey => 1, } diff --git a/lemonldap-ng-portal/t/70-2F-TOTP-with-TTL.t b/lemonldap-ng-portal/t/70-2F-TOTP-with-TTL.t index b4d12be91823649003db473e798f60a3187db1e5..0f04fd935c1ee5bbbabef22ada769c2893dcd63e 100644 --- a/lemonldap-ng-portal/t/70-2F-TOTP-with-TTL.t +++ b/lemonldap-ng-portal/t/70-2F-TOTP-with-TTL.t @@ -15,7 +15,7 @@ SKIP: { my $client = LLNG::Manager::Test->new( { ini => { logLevel => 'error', - totp2fSelfRegistration => 1, + totp2fSelfRegistration => '$uid eq "dwho"', totp2fActivation => 1, totp2fTTL => 120, sfManagerRule => 0, diff --git a/lemonldap-ng-portal/t/73-2F-UTOTP-TOTP-and-U2F-with-History.t b/lemonldap-ng-portal/t/73-2F-UTOTP-TOTP-and-U2F-with-History.t index d07cb632acb3aecdfebcb77077130a8d261575b9..fcf9e3864085f3ea0bd873addfc1adfdf774952f 100644 --- a/lemonldap-ng-portal/t/73-2F-UTOTP-TOTP-and-U2F-with-History.t +++ b/lemonldap-ng-portal/t/73-2F-UTOTP-TOTP-and-U2F-with-History.t @@ -22,7 +22,6 @@ SKIP: { logLevel => 'error', utotp2fActivation => 1, totp2fSelfRegistration => 1, - u2fSelfRegistration => 1, u2fSelfRegistration => '$_2fDevices =~ /"type":\s*"(?:TOTP|U2F)"/s', loginHistoryEnabled => 1, diff --git a/lemonldap-ng-portal/t/78-2F-UpgradeOnly-without-2F.t b/lemonldap-ng-portal/t/78-2F-UpgradeOnly-without-2F.t index 40ed69840a5c031833d7f5954b1b7f9f9d6559fc..43acfaff27d3d0e6f893cbf394b2c17d00220f97 100644 --- a/lemonldap-ng-portal/t/78-2F-UpgradeOnly-without-2F.t +++ b/lemonldap-ng-portal/t/78-2F-UpgradeOnly-without-2F.t @@ -79,7 +79,7 @@ SKIP: { expectCookie( $res, 'lemonldappdata' ); # A message warns the user that they do not have any 2FA available - expectPortalError( $res, 83 ); + expectPortalError( $res, 103 ); $query = 'user=rtyler&password=rtyler'; ok(