Commit bf7d8553 authored by Xavier Guimard's avatar Xavier Guimard

Replace bool by boolOrExpr for sfRequired + partial revert (#1487)

parent 3ffc5c74
...@@ -244,6 +244,7 @@ sub defaultValues { ...@@ -244,6 +244,7 @@ sub defaultValues {
'samlSPSSODescriptorWantAssertionsSigned' => 1, 'samlSPSSODescriptorWantAssertionsSigned' => 1,
'securedCookie' => 0, 'securedCookie' => 0,
'sfEngine' => '::2F::Engines::Default', 'sfEngine' => '::2F::Engines::Default',
'sfRequired' => 0,
'slaveAuthnLevel' => 2, 'slaveAuthnLevel' => 2,
'slaveExportedVars' => {}, 'slaveExportedVars' => {},
'SMTPServer' => '', 'SMTPServer' => '',
......
...@@ -3058,7 +3058,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.] ...@@ -3058,7 +3058,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
}, },
'sfRequired' => { 'sfRequired' => {
'default' => 0, 'default' => 0,
'type' => 'bool' 'type' => 'boolOrExpr'
}, },
'singleIP' => { 'singleIP' => {
'default' => 0, 'default' => 0,
......
...@@ -2282,7 +2282,7 @@ sub attributes { ...@@ -2282,7 +2282,7 @@ sub attributes {
documentation => 'Second factor engine', documentation => 'Second factor engine',
}, },
sfRequired => { sfRequired => {
type => 'bool', type => 'boolOrExpr',
default => 0, default => 0,
documentation => 'Second factor required', documentation => 'Second factor required',
}, },
......
This source diff could not be displayed because it is too large. You can view the blob instead.
...@@ -30,6 +30,8 @@ has sfModules => ( is => 'rw', default => sub { [] } ); ...@@ -30,6 +30,8 @@ has sfModules => ( is => 'rw', default => sub { [] } );
has sfRModules => ( is => 'rw', default => sub { [] } ); has sfRModules => ( is => 'rw', default => sub { [] } );
has sfReq => ( is => 'rw' );
has ott => ( has ott => (
is => 'rw', is => 'rw',
default => sub { default => sub {
...@@ -86,6 +88,19 @@ sub init { ...@@ -86,6 +88,19 @@ sub init {
} }
} }
unless (
$self->sfReq(
$self->p->HANDLER->buildSub(
$self->p->HANDLER->substitute( $self->conf->{sfRequired} )
)
)
)
{
$self->error( 'Error in sfRequired rule'
. $self->p->HANDLER->tsv->{jail}->error );
return 0;
}
# Enable REST request only if more than 1 2F module is enabled # Enable REST request only if more than 1 2F module is enabled
if ( @{ $self->{sfModules} } > 1 ) { if ( @{ $self->{sfModules} } > 1 ) {
$self->addUnauthRoute( '2fchoice' => '_choice', ['POST'] ); $self->addUnauthRoute( '2fchoice' => '_choice', ['POST'] );
...@@ -140,40 +155,20 @@ sub run { ...@@ -140,40 +155,20 @@ sub run {
unless (@am) { unless (@am) {
# Except if 2FA is required, move to registration # Except if 2FA is required, move to registration
if ( $self->conf->{sfRequired} ) { if ( $self->sfReq->( $req, $req->sessionInfo ) ) {
$self->logger->debug("2F is required..."); $self->logger->debug("2F is required...");
$self->logger->debug(" -> Regiter 2F"); $self->logger->debug(" -> Regiter 2F");
$req->pdata->{sfRegToken} = $req->pdata->{sfRegToken} =
$self->ott->createToken( $req->sessionInfo ); $self->ott->createToken( $req->sessionInfo );
if ( @{ $self->sfModules } > 1 ) { $self->logger->debug("Just one 2F is enabled");
$self->logger->debug("More than one 2F is enabled"); $self->logger->debug(" -> Redirect to /2fregisters/");
$self->logger->debug(" -> Redirect to /2fregisters/"); $req->response(
$req->response( [
[ 302,
302, [ Location => $self->conf->{portal} . '/2fregisters/' ], []
[ Location => $self->conf->{portal} . '/2fregisters' ], ]
[] );
] return PE_SENDRESPONSE;
);
return PE_SENDRESPONSE;
}
else {
$self->logger->debug("Just one 2F is enabled");
$self->logger->debug( " -> Redirect to /2fregisters/"
. ${ $self->sfModules }[0]->{m}->prefix );
$req->response(
[
302,
[
Location => $self->conf->{portal}
. '/2fregisters/'
. ${ $self->sfModules }[0]->{m}->prefix
],
[]
]
);
return PE_SENDRESPONSE;
}
} }
else { else {
return PE_OK; return PE_OK;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment