Commit 90ddec7c authored by Christophe Maudoux's avatar Christophe Maudoux

WIP - Optionaly let Ext2F module handle code generation (#1632)

parent 60e80fe1
......@@ -2,32 +2,46 @@ package Lemonldap::NG::Portal::2F::Ext2F;
use strict;
use Mouse;
use String::Random;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_BADCREDENTIALS
PE_ERROR
PE_FORMEMPTY
PE_OK
PE_SENDRESPONSE
PE_BADCREDENTIALS
PE_ERROR
PE_FORMEMPTY
PE_OK
PE_SENDRESPONSE
);
our $VERSION = '2.0.0';
our $VERSION = '2.0.3';
extends 'Lemonldap::NG::Portal::Main::SecondFactor';
# INITIALIZATION
has prefix => ( is => 'ro', default => 'ext' );
has random => ( is => 'rw' );
sub init {
my ($self) = @_;
foreach (qw(ext2FSendCommand ext2FValidateCommand)) {
unless ( $self->conf->{$_} ) {
$self->error("Missing $_ parameter, aborting");
return 0;
unless ( $self->conf->{ext2fCodeActivation} ) {
foreach (qw(ext2FSendCommand ext2FValidateCommand)) {
unless ( $self->conf->{$_} ) {
$self->error("Missing $_ parameter, aborting");
return 0;
}
}
$self->logo( $self->conf->{ext2fLogo} )
if ( $self->conf->{ext2fLogo} );
return $self->SUPER::init();
}
$self->logo( $self->conf->{ext2fLogo} ) if ( $self->conf->{ext2fLogo} );
return $self->SUPER::init();
if ( $self->conf->{ext2fCodeActivation}
and $self->conf->{ext2FSendCommand} )
{
$self->random( String::Random->new );
$self->logo( $self->conf->{ext2fLogo} )
if ( $self->conf->{ext2fLogo} );
return $self->SUPER::init();
}
return 0;
}
# RUNNING METHODS
......@@ -38,14 +52,23 @@ sub run {
my $checkLogins = $req->param('checkLogins');
$self->logger->debug("Ext2F checkLogins set") if ($checkLogins);
# Generate OTP to send
if ( $self->{random} ) {
my $code
= $self->random->randregex( $self->conf->{ext2fOTPActivation} );
$self->logger->debug("Generated ext2f code : $code");
$self->ott->updateToken( $token, __ext2fcode => $code );
}
# Prepare command and launch it
$self->logger->debug( 'Launching "Send" external 2F command -> '
. $self->conf->{ext2FSendCommand} );
if ( my $c =
$self->launch( $req->sessionInfo, $self->conf->{ext2FSendCommand} ) )
. $self->conf->{ext2FSendCommand} );
if ( my $c
= $self->launch( $req->sessionInfo, $self->conf->{ext2FSendCommand} )
)
{
$self->logger->error("External send command failed (code $c)");
return $self->p->do( $req, [ sub { PE_ERROR } ] );
return $self->p->do( $req, [ sub {PE_ERROR} ] );
}
# Prepare form
......@@ -67,24 +90,44 @@ sub run {
sub verify {
my ( $self, $req, $session ) = @_;
my $code;
unless ( $code = $req->param('code') ) {
my $usercode;
unless ( $usercode = $req->param('code') ) {
$self->userLogger->error('External 2F: no code');
return PE_FORMEMPTY;
}
# Prepare command and launch it
$self->logger->debug( 'Launching "Validate" external 2F command -> '
. $self->conf->{ext2FValidateCommand} );
$self->logger->debug(" code -> $code");
if ( my $c =
$self->launch( $session, $self->conf->{ext2FValidateCommand}, $code ) )
{
$self->userLogger->warn( 'Second factor failed for '
. $session->{ $self->conf->{whatToTrace} } );
return PE_BADCREDENTIALS;
unless ( $self->conf->{ext2fCodeActivation} ) {
# Prepare command and launch it
$self->logger->debug( 'Launching "Validate" external 2F command -> '
. $self->conf->{ext2FValidateCommand} );
$self->logger->debug(" code -> $usercode");
if (my $c = $self->launch(
$session, $self->conf->{ext2FValidateCommand}, $usercode
)
)
{
$self->userLogger->warn( 'Second factor failed for '
. $session->{ $self->conf->{whatToTrace} } );
$self->logger->error("External verify command failed (code $c)");
return PE_BADCREDENTIALS;
}
return PE_OK;
}
my $savedcode = $session->{__ext2fcode};
unless ($savedcode) {
$self->logger->error(
'Unable to find generated 2F code in token session');
return PE_ERROR;
}
PE_OK;
$self->logger->debug("Verifying Ext 2F code: $usercode VS $savedcode");
return PE_OK if ( $usercode eq $savedcode );
$self->userLogger->warn( 'Second factor failed for '
. $session->{ $self->conf->{whatToTrace} } );
return PE_BADCREDENTIALS;
}
# system() is used with an array to avoid shell injection
......@@ -102,3 +145,4 @@ sub launch {
}
1;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment