Commit 522d8a88 authored by Christophe Maudoux's avatar Christophe Maudoux

Check 2F name

parent 3ae96fcb
...@@ -67,8 +67,12 @@ sub run { ...@@ -67,8 +67,12 @@ sub run {
my $TOTPName = $req->param('TOTPName'); my $TOTPName = $req->param('TOTPName');
my $epoch = time(); my $epoch = time();
# Set default name if empty and truncate name if too long # Set default name if empty, check characters and truncate name if too long
$TOTPName ||= $epoch; $TOTPName ||= $epoch;
unless ( $TOTPName =~ /^[\w]+$/ ) {
$self->userLogger->error('TOTP name with bad character(s)');
return $self->p->sendError( $req, 'badName', 200 );
}
$TOTPName = $TOTPName =
substr( $TOTPName, 0, $self->conf->{max2FDevicesNameLength} ); substr( $TOTPName, 0, $self->conf->{max2FDevicesNameLength} );
$self->logger->debug("TOTP name : $TOTPName"); $self->logger->debug("TOTP name : $TOTPName");
......
...@@ -119,8 +119,12 @@ sub run { ...@@ -119,8 +119,12 @@ sub run {
my $keyName = $req->param('keyName'); my $keyName = $req->param('keyName');
my $epoch = time(); my $epoch = time();
# Set default name if empty and truncate name if too long # Set default name if empty, check characters and truncate name if too long
$keyName ||= $epoch; $keyName ||= $epoch;
unless ( $keyName =~ /^[\w]+$/ ) {
$self->userLogger->error('U2F name with bad character(s)');
return $self->p->sendError( $req, 'badName', 200 );
}
$keyName = $keyName =
substr( $keyName, 0, $self->conf->{max2FDevicesNameLength} ); substr( $keyName, 0, $self->conf->{max2FDevicesNameLength} );
$self->logger->debug("Key name : $keyName"); $self->logger->debug("Key name : $keyName");
......
...@@ -36,8 +36,12 @@ sub run { ...@@ -36,8 +36,12 @@ sub run {
my $UBKName = $req->param('UBKName'); my $UBKName = $req->param('UBKName');
my $epoch = time(); my $epoch = time();
# Set default name if empty and truncate name if too long # Set default name if empty, check characters and truncate name if too long
$UBKName ||= $epoch; $UBKName ||= $epoch;
unless ( $UBKName =~ /^[\w]+$/ ) {
$self->userLogger->error('Yubikey name with bad character(s)');
return $self->p->sendError( $req, 'badName', 200 );
}
$UBKName = substr( $UBKName, 0, $self->conf->{max2FDevicesNameLength} ); $UBKName = substr( $UBKName, 0, $self->conf->{max2FDevicesNameLength} );
$self->logger->debug("Yubikey name : $UBKName"); $self->logger->debug("Yubikey name : $UBKName");
...@@ -66,7 +70,7 @@ sub run { ...@@ -66,7 +70,7 @@ sub run {
$_2fDevices = []; $_2fDevices = [];
} }
# Search if the Yubikey has been already registered # Search if the Yubikey is already registered
my $SameUBKFound = 0; my $SameUBKFound = 0;
foreach (@$_2fDevices) { foreach (@$_2fDevices) {
$self->logger->debug("Reading Yubikeys ..."); $self->logger->debug("Reading Yubikeys ...");
...@@ -77,7 +81,7 @@ sub run { ...@@ -77,7 +81,7 @@ sub run {
} }
if ($SameUBKFound) { if ($SameUBKFound) {
$self->userLogger->error("Yubikey already registered !"); $self->userLogger->error("Yubikey already registered!");
return $self->p->sendHtml( return $self->p->sendHtml(
$req, 'error', $req, 'error',
params => { params => {
......
...@@ -51,7 +51,9 @@ register = -> ...@@ -51,7 +51,9 @@ register = ->
dataType: 'json' dataType: 'json'
success: (resp) -> success: (resp) ->
if resp.error if resp.error
setMsg 'u2fFailed', 'warning' if resp.error.match /badName/
setMsg 'badName', 'warning'
else setMsg 'u2fFailed', 'warning'
else if resp.result else if resp.result
setMsg 'yourKeyIsRegistered', 'positive' setMsg 'yourKeyIsRegistered', 'positive'
error: displayError error: displayError
......
// Generated by CoffeeScript 1.10.0 // Generated by CoffeeScript 1.12.7
/* /*
LemonLDAP::NG U2F registration script LemonLDAP::NG U2F registration script
...@@ -61,7 +61,11 @@ LemonLDAP::NG U2F registration script ...@@ -61,7 +61,11 @@ LemonLDAP::NG U2F registration script
dataType: 'json', dataType: 'json',
success: function(resp) { success: function(resp) {
if (resp.error) { if (resp.error) {
return setMsg('u2fFailed', 'warning'); if (resp.error.match(/badName/)) {
return setMsg('badName', 'warning');
} else {
return setMsg('u2fFailed', 'warning');
}
} else if (resp.result) { } else if (resp.result) {
return setMsg('yourKeyIsRegistered', 'positive'); return setMsg('yourKeyIsRegistered', 'positive');
} }
......
(function(){var a,b,c,d;c=function(e,f){$("#msg").html(window.translate(e));$("#color").removeClass("message-positive message-warning alert-success alert-warning");$("#color").addClass("message-"+f);if(f==="positive"){f="success"}return $("#color").addClass("alert-"+f)};a=function(f,e,h){var g;console.log("Error",h);g=JSON.parse(f.responseText);if(g&&g.error){g=g.error.replace(/.* /,"");console.log("Returned error",g);return c(g,"warning")}};b=function(){return $.ajax({type:"POST",url:portal+"2fregisters/u/register",data:{},dataType:"json",error:a,success:function(e){var f;f=[{challenge:e.challenge,version:e.version}];c("touchU2fDevice","positive");$("#u2fPermission").show();return u2f.register(e.appId,f,[],function(g){$("#u2fPermission").hide();if(g.errorCode){return c(g.error,"warning")}else{return $.ajax({type:"POST",url:portal+"2fregisters/u/registration",data:{registration:JSON.stringify(g),challenge:JSON.stringify(e),keyName:$("#keyName").val()},dataType:"json",success:function(h){if(h.error){return c("u2fFailed","warning")}else{if(h.result){return c("yourKeyIsRegistered","positive")}}},error:a})}})}})};d=function(){return $.ajax({type:"POST",url:portal+"2fregisters/u/verify",data:{},dataType:"json",error:a,success:function(e){c("touchU2fDevice","positive");return u2f.sign(e.appId,e.challenge,e.registeredKeys,function(f){if(f.errorCode){return c("unableToGetKey","warning")}else{return $.ajax({type:"POST",url:portal+"2fregisters/u/signature",data:{signature:JSON.stringify(f),challenge:e.challenge},dataType:"json",success:function(g){if(g.error){return c("u2fFailed","warning")}else{if(g.result){return c("yourKeyIsVerified","positive")}}},error:function(h,g,i){return console.log("error",i)}})}})}})};$(document).ready(function(){$("#u2fPermission").hide();$("#register").on("click",b);$("#verify").on("click",d);return $("#goback").attr("href",portal)})}).call(this); (function(){var displayError,register,setMsg,verify;setMsg=function(msg,level){$("#msg").html(window.translate(msg));$("#color").removeClass("message-positive message-warning alert-success alert-warning");$("#color").addClass("message-"+level);if(level==="positive"){level="success"}return $("#color").addClass("alert-"+level)};displayError=function(j,status,err){var res;console.log("Error",err);res=JSON.parse(j.responseText);if(res&&res.error){res=res.error.replace(/.* /,"");console.log("Returned error",res);return setMsg(res,"warning")}};register=function(){return $.ajax({type:"POST",url:portal+"2fregisters/u/register",data:{},dataType:"json",error:displayError,success:function(ch){var request;request=[{challenge:ch.challenge,version:ch.version}];setMsg("touchU2fDevice","positive");$("#u2fPermission").show();return u2f.register(ch.appId,request,[],function(data){$("#u2fPermission").hide();if(data.errorCode){return setMsg(data.error,"warning")}else{return $.ajax({type:"POST",url:portal+"2fregisters/u/registration",data:{registration:JSON.stringify(data),challenge:JSON.stringify(ch),keyName:$("#keyName").val()},dataType:"json",success:function(resp){if(resp.error){if(resp.error.match(/badName/)){return setMsg("badName","warning")}else{return setMsg("u2fFailed","warning")}}else if(resp.result){return setMsg("yourKeyIsRegistered","positive")}},error:displayError})}})}})};verify=function(){return $.ajax({type:"POST",url:portal+"2fregisters/u/verify",data:{},dataType:"json",error:displayError,success:function(ch){setMsg("touchU2fDevice","positive");return u2f.sign(ch.appId,ch.challenge,ch.registeredKeys,function(data){if(data.errorCode){return setMsg("unableToGetKey","warning")}else{return $.ajax({type:"POST",url:portal+"2fregisters/u/signature",data:{signature:JSON.stringify(data),challenge:ch.challenge},dataType:"json",success:function(resp){if(resp.error){return setMsg("u2fFailed","warning")}else if(resp.result){return setMsg("yourKeyIsVerified","positive")}},error:function(j,status,err){return console.log("error",err)}})}})}})};$(document).ready(function(){$("#u2fPermission").hide();$("#register").on("click",register);$("#verify").on("click",verify);return $("#goback").attr("href",portal)})}).call(this);
\ No newline at end of file
...@@ -101,6 +101,7 @@ ...@@ -101,6 +101,7 @@
"back2CasUrl":"التطبيق الذي قمت بتسجيل الخروج منه للتو قد وفرت وصلة قد ترغب في أن تتبعها", "back2CasUrl":"التطبيق الذي قمت بتسجيل الخروج منه للتو قد وفرت وصلة قد ترغب في أن تتبعها",
"back2Portal":"العودة إلى البوابة", "back2Portal":"العودة إلى البوابة",
"badCode":"Bad code", "badCode":"Bad code",
"badName":"Bad name",
"cancel":"إلغاء", "cancel":"إلغاء",
"captcha":"كلمة التحقق أو الكابتشا ", "captcha":"كلمة التحقق أو الكابتشا ",
"changeKey": "Generate new key", "changeKey": "Generate new key",
...@@ -151,7 +152,8 @@ ...@@ -151,7 +152,8 @@
"mail":"البريد", "mail":"البريد",
"mailSent2":"تم إرسال رسالة إلى عنوان بريدك الإلكتروني.", "mailSent2":"تم إرسال رسالة إلى عنوان بريدك الإلكتروني.",
"maintenanceMode":"هذا التطبيق في صيانة، يرجى محاولة الاتصال في وقت لاحق", "maintenanceMode":"هذا التطبيق في صيانة، يرجى محاولة الاتصال في وقت لاحق",
"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!", "maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!!!",
"missingCode":"Code is missing",
"name":"Name", "name":"Name",
"newMessages":"رسالة جديدة (رسائل)", "newMessages":"رسالة جديدة (رسائل)",
"newPassword":"كلمة مرور جديدة", "newPassword":"كلمة مرور جديدة",
......
...@@ -101,6 +101,7 @@ ...@@ -101,6 +101,7 @@
"back2CasUrl":"The application you just logged out of has provided a link it would like you to follow", "back2CasUrl":"The application you just logged out of has provided a link it would like you to follow",
"back2Portal":"Go back to portal", "back2Portal":"Go back to portal",
"badCode":"Bad code", "badCode":"Bad code",
"badName":"Bad name",
"cancel":"Cancel", "cancel":"Cancel",
"captcha":"Captcha", "captcha":"Captcha",
"changeKey": "Generate new key", "changeKey": "Generate new key",
...@@ -152,6 +153,7 @@ ...@@ -152,6 +153,7 @@
"mailSent2":"A message has been sent to your mail address.", "mailSent2":"A message has been sent to your mail address.",
"maintenanceMode":"This application is in maintenance, please try to connect later", "maintenanceMode":"This application is in maintenance, please try to connect later",
"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!", "maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!",
"missingCode":"Code is missing",
"name":"Name", "name":"Name",
"newMessages":"New message(s)", "newMessages":"New message(s)",
"newPassword":"New password", "newPassword":"New password",
......
...@@ -101,6 +101,7 @@ ...@@ -101,6 +101,7 @@
"back2CasUrl":"The application you just logged out of has provided a link it would like you to follow", "back2CasUrl":"The application you just logged out of has provided a link it would like you to follow",
"back2Portal":"Go back to portal", "back2Portal":"Go back to portal",
"badCode":"Bad code", "badCode":"Bad code",
"badName":"Bad name",
"cancel":"Cancel", "cancel":"Cancel",
"captcha":"Captcha", "captcha":"Captcha",
"changeKey": "Generate new key", "changeKey": "Generate new key",
...@@ -151,7 +152,8 @@ ...@@ -151,7 +152,8 @@
"mail":"Mail", "mail":"Mail",
"mailSent2":"A message has been sent to your mail address.", "mailSent2":"A message has been sent to your mail address.",
"maintenanceMode":"This application is in maintenance, please try to connect later", "maintenanceMode":"This application is in maintenance, please try to connect later",
"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!", "maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!!!",
"missingCode":"Code is missing",
"name":"Name", "name":"Name",
"newMessages":"New message(s)", "newMessages":"New message(s)",
"newPassword":"New password", "newPassword":"New password",
......
...@@ -102,6 +102,7 @@ ...@@ -102,6 +102,7 @@
"back2Portal":"Go back to portal", "back2Portal":"Go back to portal",
"badCode":"Bad code", "badCode":"Bad code",
"cancel":"Cancel", "cancel":"Cancel",
"badName":"Bad name",
"captcha":"Captcha", "captcha":"Captcha",
"changeKey": "Generate new key", "changeKey": "Generate new key",
"changePwd":"Change your password", "changePwd":"Change your password",
...@@ -152,6 +153,7 @@ ...@@ -152,6 +153,7 @@
"mailSent2":"A message has been sent to your mail address.", "mailSent2":"A message has been sent to your mail address.",
"maintenanceMode":"This application is in maintenance, please try to connect later", "maintenanceMode":"This application is in maintenance, please try to connect later",
"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!", "maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!",
"missingCode":"Code is missing",
"name":"Name", "name":"Name",
"newMessages":"New message(s)", "newMessages":"New message(s)",
"newPassword":"New password", "newPassword":"New password",
......
...@@ -101,6 +101,7 @@ ...@@ -101,6 +101,7 @@
"back2CasUrl":"Le service duquel vous arrivez a fourni un lien que vous êtes invité à suivre", "back2CasUrl":"Le service duquel vous arrivez a fourni un lien que vous êtes invité à suivre",
"back2Portal":"Retourner au portail", "back2Portal":"Retourner au portail",
"badCode":"Mauvais code", "badCode":"Mauvais code",
"badName":"Bad name",
"cancel":"Annuler", "cancel":"Annuler",
"captcha":"Captcha", "captcha":"Captcha",
"changeKey": "Générer une nouvelle clef", "changeKey": "Générer une nouvelle clef",
...@@ -152,7 +153,8 @@ ...@@ -152,7 +153,8 @@
"mailSent2":"Un message a été envoyé à votre adresse mail.", "mailSent2":"Un message a été envoyé à votre adresse mail.",
"maintenanceMode":"Cette application est en maintenance, merci de réessayer plus tard", "maintenanceMode":"Cette application est en maintenance, merci de réessayer plus tard",
"name":"Nom", "name":"Nom",
"maxNumberof2FDevicesReached":"Nombre maximum de second facteurs atteint !!!", "maxNumberof2FDevicesReached":"Nombre maximum de seconds facteurs atteint !!!",
"missingCode":"Code is missing",
"newMessages":"Nouveaux messages", "newMessages":"Nouveaux messages",
"newPassword":"Nouveau mot de passe", "newPassword":"Nouveau mot de passe",
"newPwdSentTo":"Une confirmation a été envoyée à votre adresse mail.", "newPwdSentTo":"Une confirmation a été envoyée à votre adresse mail.",
......
...@@ -152,6 +152,7 @@ ...@@ -152,6 +152,7 @@
"mailSent2":"Vi é stato inviato un messaggio via mail", "mailSent2":"Vi é stato inviato un messaggio via mail",
"maintenanceMode":"Questa applicazione è in manutenzione, prova a connetterti più tardi", "maintenanceMode":"Questa applicazione è in manutenzione, prova a connetterti più tardi",
"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!!!", "maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!!!",
"missingCode":"Code is missing",
"name":"Name", "name":"Name",
"newMessages":"Nuovo(i) messaggio(i)", "newMessages":"Nuovo(i) messaggio(i)",
"newPassword":"Nuova password", "newPassword":"Nuova password",
......
...@@ -101,6 +101,7 @@ ...@@ -101,6 +101,7 @@
"back2CasUrl":"The application you just logged out of has provided a link it would like you to follow", "back2CasUrl":"The application you just logged out of has provided a link it would like you to follow",
"back2Portal":"Go back to portal", "back2Portal":"Go back to portal",
"badCode":"Bad code", "badCode":"Bad code",
"badName":"Bad name",
"cancel":"Cancel", "cancel":"Cancel",
"captcha":"Captcha", "captcha":"Captcha",
"changeKey": "Generate new key", "changeKey": "Generate new key",
...@@ -151,7 +152,8 @@ ...@@ -151,7 +152,8 @@
"mail":"Mail", "mail":"Mail",
"mailSent2":"A message has been sent to your mail address.", "mailSent2":"A message has been sent to your mail address.",
"maintenanceMode":"This application is in maintenance, please try to connect later", "maintenanceMode":"This application is in maintenance, please try to connect later",
"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!", "maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!!!",
"missingCode":"Code is missing",
"name":"Name", "name":"Name",
"newMessages":"New message(s)", "newMessages":"New message(s)",
"newPassword":"New password", "newPassword":"New password",
......
...@@ -101,6 +101,7 @@ ...@@ -101,6 +101,7 @@
"back2CasUrl":"The application you just logged out of has provided a link it would like you to follow", "back2CasUrl":"The application you just logged out of has provided a link it would like you to follow",
"back2Portal":"Go back to portal", "back2Portal":"Go back to portal",
"badCode":"Bad code", "badCode":"Bad code",
"badName":"Bad name",
"cancel":"Cancel", "cancel":"Cancel",
"captcha":"Captcha", "captcha":"Captcha",
"changeKey": "Generate new key", "changeKey": "Generate new key",
...@@ -151,7 +152,8 @@ ...@@ -151,7 +152,8 @@
"mail":"Mail", "mail":"Mail",
"mailSent2":"A message has been sent to your mail address.", "mailSent2":"A message has been sent to your mail address.",
"maintenanceMode":"This application is in maintenance, please try to connect later", "maintenanceMode":"This application is in maintenance, please try to connect later",
"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!", "maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!!!",
"missingCode":"Code is missing",
"name":"Name", "name":"Name",
"newMessages":"New message(s)", "newMessages":"New message(s)",
"newPassword":"New password", "newPassword":"New password",
......
...@@ -101,6 +101,7 @@ ...@@ -101,6 +101,7 @@
"back2CasUrl":"The application you just logged out of has provided a link it would like you to follow", "back2CasUrl":"The application you just logged out of has provided a link it would like you to follow",
"back2Portal":"Go back to portal", "back2Portal":"Go back to portal",
"badCode":"Bad code", "badCode":"Bad code",
"badName":"Bad name",
"cancel":"Cancel", "cancel":"Cancel",
"captcha":"Captcha", "captcha":"Captcha",
"changeKey": "Generate new key", "changeKey": "Generate new key",
...@@ -151,7 +152,8 @@ ...@@ -151,7 +152,8 @@
"mail":"Mail", "mail":"Mail",
"mailSent2":"A message has been sent to your mail address.", "mailSent2":"A message has been sent to your mail address.",
"maintenanceMode":"This application is in maintenance, please try to connect later", "maintenanceMode":"This application is in maintenance, please try to connect later",
"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!", "maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!!!",
"missingCode":"Code is missing",
"name":"Name", "name":"Name",
"newMessages":"New message(s)", "newMessages":"New message(s)",
"newPassword":"New password", "newPassword":"New password",
......
...@@ -101,6 +101,7 @@ ...@@ -101,6 +101,7 @@
"back2CasUrl":"Ứng dụng bạn vừa đăng xuất đã cung cấp một liên kết mà bạn muốn theo dõi", "back2CasUrl":"Ứng dụng bạn vừa đăng xuất đã cung cấp một liên kết mà bạn muốn theo dõi",
"back2Portal":"Quay lại cổng thông tin", "back2Portal":"Quay lại cổng thông tin",
"badCode":"Bad code", "badCode":"Bad code",
"badName":"Bad name",
"cancel":"Hủy", "cancel":"Hủy",
"captcha":"Captcha", "captcha":"Captcha",
"changeKey": "Generate new key", "changeKey": "Generate new key",
...@@ -151,7 +152,8 @@ ...@@ -151,7 +152,8 @@
"mail":"Thư", "mail":"Thư",
"mailSent2":"Một tin nhắn đã được gửi đến địa chỉ thư của bạn.", "mailSent2":"Một tin nhắn đã được gửi đến địa chỉ thư của bạn.",
"maintenanceMode":"Ứng dụng này đang trong quá trình bảo trì, hãy thử kết nối sau", "maintenanceMode":"Ứng dụng này đang trong quá trình bảo trì, hãy thử kết nối sau",
"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached !!!", "maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!!!",
"missingCode":"Code is missing",
"name":"Name", "name":"Name",
"newMessages":"(Các) tin nhắn mới", "newMessages":"(Các) tin nhắn mới",
"newPassword":"Mật khẩu mới", "newPassword":"Mật khẩu mới",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment