WIP - Optionaly let Ext2F module handle code generation (#1632)

90ddec7c · Christophe Maudoux · 60e80fe1 · 90ddec7c
Commit 90ddec7c authored Feb 14, 2019 by Christophe Maudoux 🐛
Hide whitespace changes
Inline Side-by-side

Showing with 73 additions and 29 deletions

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm +73 -29

No files found.
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm
@@ -2,32 +2,46 @@ package Lemonldap::NG::Portal::2F::Ext2F;

 use strict;
 use Mouse;
+use String::Random;
 use Lemonldap::NG::Portal::Main::Constants qw(
-  PE_BADCREDENTIALS
-  PE_ERROR
-  PE_FORMEMPTY
-  PE_OK
-  PE_SENDRESPONSE
+    PE_BADCREDENTIALS
+    PE_ERROR
+    PE_FORMEMPTY
+    PE_OK
+    PE_SENDRESPONSE
 );

-our $VERSION = '2.0.0';
+our $VERSION = '2.0.3';

 extends 'Lemonldap::NG::Portal::Main::SecondFactor';

 # INITIALIZATION

 has prefix => ( is => 'ro', default => 'ext' );
+has random => ( is => 'rw' );

 sub init {
    my ($self) = @_;
-    foreach (qw(ext2FSendCommand ext2FValidateCommand)) {
-        unless ( $self->conf->{$_} ) {
-            $self->error("Missing $_ parameter, aborting");
-            return 0;
+    unless ( $self->conf->{ext2fCodeActivation} ) {
+        foreach (qw(ext2FSendCommand ext2FValidateCommand)) {
+            unless ( $self->conf->{$_} ) {
+                $self->error("Missing $_ parameter, aborting");
+                return 0;
+            }
        }
+        $self->logo( $self->conf->{ext2fLogo} )
+            if ( $self->conf->{ext2fLogo} );
+        return $self->SUPER::init();
    }
-    $self->logo( $self->conf->{ext2fLogo} ) if ( $self->conf->{ext2fLogo} );
-    return $self->SUPER::init();
+    if (    $self->conf->{ext2fCodeActivation}
+        and $self->conf->{ext2FSendCommand} )
+    {
+        $self->random( String::Random->new );
+        $self->logo( $self->conf->{ext2fLogo} )
+            if ( $self->conf->{ext2fLogo} );
+        return $self->SUPER::init();
+    }
+    return 0;
 }

 # RUNNING METHODS
@@ -38,14 +52,23 @@ sub run {
    my $checkLogins = $req->param('checkLogins');
    $self->logger->debug("Ext2F checkLogins set") if ($checkLogins);

+    # Generate OTP to send
+    if ( $self->{random} ) {
+        my $code
+            = $self->random->randregex( $self->conf->{ext2fOTPActivation} );
+        $self->logger->debug("Generated ext2f code : $code");
+        $self->ott->updateToken( $token, __ext2fcode => $code );
+    }
+
    # Prepare command and launch it
    $self->logger->debug( 'Launching "Send" external 2F command -> '
-          . $self->conf->{ext2FSendCommand} );
-    if ( my $c =
-        $self->launch( $req->sessionInfo, $self->conf->{ext2FSendCommand} ) )
+            . $self->conf->{ext2FSendCommand} );
+    if ( my $c
+        = $self->launch( $req->sessionInfo, $self->conf->{ext2FSendCommand} )
+        )
    {
        $self->logger->error("External send command failed (code $c)");
-        return $self->p->do( $req, [ sub { PE_ERROR } ] );
+        return $self->p->do( $req, [ sub {PE_ERROR} ] );
    }

    # Prepare form
@@ -67,24 +90,44 @@ sub run {

 sub verify {
    my ( $self, $req, $session ) = @_;
-    my $code;
-    unless ( $code = $req->param('code') ) {
+    my $usercode;
+    unless ( $usercode = $req->param('code') ) {
        $self->userLogger->error('External 2F: no code');
        return PE_FORMEMPTY;
    }

-    # Prepare command and launch it
-    $self->logger->debug( 'Launching "Validate" external 2F command -> '
-          . $self->conf->{ext2FValidateCommand} );
-    $self->logger->debug(" code -> $code");
-    if ( my $c =
-        $self->launch( $session, $self->conf->{ext2FValidateCommand}, $code ) )
-    {
-        $self->userLogger->warn( 'Second factor failed for '
-              . $session->{ $self->conf->{whatToTrace} } );
-        return PE_BADCREDENTIALS;
+    unless ( $self->conf->{ext2fCodeActivation} ) {
+
+        # Prepare command and launch it
+        $self->logger->debug( 'Launching "Validate" external 2F command -> '
+                . $self->conf->{ext2FValidateCommand} );
+        $self->logger->debug(" code -> $usercode");
+        if (my $c = $self->launch(
+                $session, $self->conf->{ext2FValidateCommand}, $usercode
+            )
+            )
+        {
+            $self->userLogger->warn( 'Second factor failed for '
+                    . $session->{ $self->conf->{whatToTrace} } );
+            $self->logger->error("External verify command failed (code $c)");
+            return PE_BADCREDENTIALS;
+        }
+        return PE_OK;
+    }
+
+    my $savedcode = $session->{__ext2fcode};
+    unless ($savedcode) {
+        $self->logger->error(
+            'Unable to find generated 2F code in token session');
+        return PE_ERROR;
    }
-    PE_OK;
+
+    $self->logger->debug("Verifying Ext 2F code: $usercode VS $savedcode");
+    return PE_OK if ( $usercode eq $savedcode );
+
+    $self->userLogger->warn( 'Second factor failed for '
+            . $session->{ $self->conf->{whatToTrace} } );
+    return PE_BADCREDENTIALS;
 }

 # system() is used with an array to avoid shell injection
@@ -102,3 +145,4 @@ sub launch {
 }

 1;
+