From c209edf250a55c19eb81ae6992a69eacc41a76c0 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Fri, 24 Nov 2023 10:49:56 +0100 Subject: [PATCH] Remove Authen::OATH dependency * We already check the validity of our TOTP alg in lemonldap-ng-common/t/37-Common-TOTP.pm * Users can generate TOTPs with any password manager or with the oathtool comand, making totp-client.pl unnecessary --- debian/control | 1 - ...T-sessions-with-AuthBasic-handler-with-2FA.t | 5 ----- .../t/38-No-persistent-session.t | 4 ---- .../t/70-2F-TOTP-8-with-global-storage.t | 17 +++-------------- lemonldap-ng-portal/t/70-2F-TOTP-encryption.t | 17 +++-------------- lemonldap-ng-portal/t/70-2F-TOTP-with-LDAP.t | 4 ---- lemonldap-ng-portal/t/70-2F-TOTP-with-Range.t | 4 ---- scripts/README.md | 1 - scripts/totp-client.pl | 16 ---------------- 9 files changed, 6 insertions(+), 63 deletions(-) delete mode 100755 scripts/totp-client.pl diff --git a/debian/control b/debian/control index 585d6d6a41..29e75ba663 100644 --- a/debian/control +++ b/debian/control @@ -8,7 +8,6 @@ Build-Depends: debhelper (>= 10), Build-Depends-Indep: fonts-urw-base35 | gsfonts , libapache-session-perl , libauth-yubikey-webclient-perl , - libauthen-oath-perl , libauthen-radius-perl , libcache-cache-perl , libclass-xsaccessor-perl , diff --git a/lemonldap-ng-portal/t/35-REST-sessions-with-AuthBasic-handler-with-2FA.t b/lemonldap-ng-portal/t/35-REST-sessions-with-AuthBasic-handler-with-2FA.t index 58282c66c6..86274e0090 100644 --- a/lemonldap-ng-portal/t/35-REST-sessions-with-AuthBasic-handler-with-2FA.t +++ b/lemonldap-ng-portal/t/35-REST-sessions-with-AuthBasic-handler-with-2FA.t @@ -25,11 +25,6 @@ SKIP: { if ($@) { skip 'Convert::Base32 is missing', $maintests; } - eval { require Authen::OATH }; - if ($@) { - skip 'Authen::OATH is missing', $maintests; - } - ok( $p = issuer(), 'Issuer portal' ); # BEGIN TESTS diff --git a/lemonldap-ng-portal/t/38-No-persistent-session.t b/lemonldap-ng-portal/t/38-No-persistent-session.t index b245c2003f..06e24dcd28 100644 --- a/lemonldap-ng-portal/t/38-No-persistent-session.t +++ b/lemonldap-ng-portal/t/38-No-persistent-session.t @@ -11,10 +11,6 @@ SKIP: { if ($@) { skip 'Convert::Base32 is missing', $maintests; } - eval { require Authen::OATH }; - if ($@) { - skip 'Authen::OATH is missing', $maintests; - } require Lemonldap::NG::Common::TOTP; my $client = LLNG::Manager::Test->new( diff --git a/lemonldap-ng-portal/t/70-2F-TOTP-8-with-global-storage.t b/lemonldap-ng-portal/t/70-2F-TOTP-8-with-global-storage.t index e9e28f565d..5b67e2cb6d 100644 --- a/lemonldap-ng-portal/t/70-2F-TOTP-8-with-global-storage.t +++ b/lemonldap-ng-portal/t/70-2F-TOTP-8-with-global-storage.t @@ -4,17 +4,13 @@ use strict; use IO::String; require 't/test-lib.pm'; -my $maintests = 28; +my $maintests = 26; SKIP: { eval { require Convert::Base32 }; if ($@) { skip 'Convert::Base32 is missing', $maintests; } - eval { require Authen::OATH }; - if ($@) { - skip 'Authen::OATH is missing', $maintests; - } require Lemonldap::NG::Common::TOTP; my $client = LLNG::Manager::Test->new( @@ -132,16 +128,9 @@ SKIP: { expectForm( $res, undef, '/totp2fcheck', 'token' ); # Generate TOTP with LLNG - my $totp; - ok( $totp = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 8 ), + ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 8 ), 'LLNG Code' ); - # Generate TOTP with an external application to validate LLNG TOTP formula - my $oath = Authen::OATH->new( digits => 8 ); - ok( $code = $oath->totp($key), 'Ext. App Code' ); - ok( $code == $totp, 'Both TOTP match' ) - or explain( [ $code, $totp ], 'LLNG and Ext. App TOTP mismatch' ); - $query =~ s/code=/code=$code/; ok( $res = $client->_post( @@ -173,7 +162,7 @@ SKIP: { expectForm( $res, undef, '/totp2fcheck', 'token' ); # Generate TOTP with LLNG - ok( $totp = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 8 ), + ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 8 ), 'LLNG Code' ); $query =~ s/code=/code=$code/; diff --git a/lemonldap-ng-portal/t/70-2F-TOTP-encryption.t b/lemonldap-ng-portal/t/70-2F-TOTP-encryption.t index ae4680011e..832d9d3281 100644 --- a/lemonldap-ng-portal/t/70-2F-TOTP-encryption.t +++ b/lemonldap-ng-portal/t/70-2F-TOTP-encryption.t @@ -5,17 +5,13 @@ use IO::String; use JSON qw/from_json to_json/; require 't/test-lib.pm'; -my $maintests = 31; +my $maintests = 29; SKIP: { eval { require Convert::Base32 }; if ($@) { skip 'Convert::Base32 is missing', $maintests; } - eval { require Authen::OATH }; - if ($@) { - skip 'Authen::OATH is missing', $maintests; - } require Lemonldap::NG::Common::TOTP; my $client = LLNG::Manager::Test->new( @@ -133,16 +129,9 @@ SKIP: { expectForm( $res, undef, '/totp2fcheck', 'token' ); # Generate TOTP with LLNG - my $totp; - ok( $totp = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ), + ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ), 'LLNG Code' ); - # Generate TOTP with an external application to validate LLNG TOTP formula - my $oath = Authen::OATH->new( digits => 6 ); - ok( $code = $oath->totp($key), 'Ext. App Code' ); - ok( $code == $totp, 'Both TOTP match' ) - or explain( [ $code, $totp ], 'LLNG and Ext. App TOTP mismatch' ); - $query =~ s/code=/code=$code/; ok( $res = $client->_post( @@ -174,7 +163,7 @@ SKIP: { expectForm( $res, undef, '/totp2fcheck', 'token' ); # Generate TOTP with LLNG - ok( $totp = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ), + ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ), 'LLNG Code' ); $query =~ s/code=/code=$code/; diff --git a/lemonldap-ng-portal/t/70-2F-TOTP-with-LDAP.t b/lemonldap-ng-portal/t/70-2F-TOTP-with-LDAP.t index 20e7858326..101be176e1 100644 --- a/lemonldap-ng-portal/t/70-2F-TOTP-with-LDAP.t +++ b/lemonldap-ng-portal/t/70-2F-TOTP-with-LDAP.t @@ -13,10 +13,6 @@ SKIP: { if ($@) { skip 'Convert::Base32 is missing', $maintests; } - eval { require Authen::OATH }; - if ($@) { - skip 'Authen::OATH is missing', $maintests; - } skip 'LLNGTESTLDAP is not set', $maintests unless ( $ENV{LLNGTESTLDAP} ); require 't/test-ldap.pm'; diff --git a/lemonldap-ng-portal/t/70-2F-TOTP-with-Range.t b/lemonldap-ng-portal/t/70-2F-TOTP-with-Range.t index 55e844f969..5aed989ae1 100644 --- a/lemonldap-ng-portal/t/70-2F-TOTP-with-Range.t +++ b/lemonldap-ng-portal/t/70-2F-TOTP-with-Range.t @@ -13,10 +13,6 @@ SKIP: { if ($@) { skip 'Convert::Base32 is missing', $maintests; } - eval { require Authen::OATH }; - if ($@) { - skip 'Authen::OATH is missing', $maintests; - } require Lemonldap::NG::Common::TOTP; my $client = LLNG::Manager::Test->new( diff --git a/scripts/README.md b/scripts/README.md index f3fa8c3024..35ffbd6c22 100644 --- a/scripts/README.md +++ b/scripts/README.md @@ -14,7 +14,6 @@ LLNG team scripts ## Other tools * `testConfBackend.pl`: test a new configuration backend * `test-perf.pl`: little script to test Portal/Handler performance -* `totp-client.pl`: TOTP app to replace FreeOTP for TOTP tests * `run-ldap`: Launch an LDAP server (port 19389) and stop it when a key is pressed. It uses Portal test LDAP server. ## Old unmaintained scripts diff --git a/scripts/totp-client.pl b/scripts/totp-client.pl deleted file mode 100755 index 7d1a63e5df..0000000000 --- a/scripts/totp-client.pl +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/perl -w - -use Authen::OATH; -use Convert::Base32 qw( decode_base32 ); - -unless ( $ARGV[0] ) { - print STDERR "Usage $0 \n"; - exit 1; -} - -my $oath = Authen::OATH->new(); -my $totp = $oath->totp( decode_base32( $ARGV[0] ) ); - -print "$totp\n"; - -1; -- GitLab