Commit 581f0e4c authored by Xavier Guimard's avatar Xavier Guimard

Portal part of reauthentication (#1204)

parent 050cf20c
......@@ -2984,6 +2984,10 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
'default' => 0,
'type' => 'bool'
},
'upgradeSession' => {
'default' => 0,
'type' => 'bool'
},
'userControl' => {
'default' => '^[\\w\\.\\-@]+$',
'type' => 'pcre'
......
......@@ -973,6 +973,13 @@ sub attributes {
documentation => 'Register session timeout',
},
# Upgrade session
upgradeSession => {
type => 'bool',
default => 0,
documentation => 'Upgrade session activation',
},
# U2F
u2fActivation => {
type => 'boolOrExpr',
......
......@@ -602,6 +602,7 @@ sub tree {
'registerDoneSubject'
]
},
'upgradeSession',
{
title => 'u2f',
help => 'u2f.html',
......
......@@ -677,6 +677,7 @@
"unsecuredCookie": "Unsecured cookie",
"up": "Move up",
"uploadDenied": "Upload denied",
"upgradeSession": "Session upgrade",
"uri": "URI",
"url": "URL",
"use": "Use",
......
......@@ -677,6 +677,7 @@
"unsecuredCookie": "Cookie non sécurisé",
"up": "Monter",
"uploadDenied": "Téléchargement refusé",
"upgradeSession": "Ré-authentification",
"uri": "URI",
"url": "URL",
"use": "Usage",
......
......@@ -260,6 +260,7 @@ site/templates/bootstrap/register.tpl
site/templates/bootstrap/standardform.tpl
site/templates/bootstrap/u2fcheck.tpl
site/templates/bootstrap/u2fregister.tpl
site/templates/bootstrap/upgradesession.tpl
site/templates/bootstrap/yubikeyform.tpl
site/templates/common/bullet_go.png
site/templates/common/key.png
......
......@@ -140,7 +140,7 @@ sub display {
}
# 2.3 Case : user authenticated but an error was returned (bas url,...)
elsif ( $req->userData and %{ $req->userData } ) {
elsif ( not $req->datas->{noerror} and $req->userData and %{ $req->userData } ) {
$skinfile = 'error';
%templateParams = (
AUTH_ERROR => $req->error,
......
......@@ -24,6 +24,7 @@ our @pList = (
notification => '::Plugins::Notifications',
portalCheckLogins => '::Plugins::History',
stayConnected => '::Plugins::StayConnected',
upgradeSession => '::Plugins::Upgrade',
);
##@method list enabledPlugins
......
......@@ -2,7 +2,11 @@ package Lemonldap::NG::Portal::Plugins::Upgrade;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(PE_CONFIRM PE_OK);
use Lemonldap::NG::Portal::Main::Constants qw(
PE_CONFIRM
PE_OK
PE_TOKENEXPIRED
);
our $VERSION = '2.0.0';
......@@ -10,32 +14,67 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
# INITIALIZATION
has ott => (
is => 'rw',
default => sub {
my $ott =
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
$ott->timeout( $_[0]->{conf}->{formTimeout} );
return $ott;
}
);
sub init {
my ($self) = @_;
$self->addAuthRoute(upgradesession => 'ask', ['GET']);
$self->addAuthRoute(upgradesession => 'confirm', ['POST']);
$self->addAuthRoute( upgradesession => 'ask', ['GET'] );
$self->addAuthRoute( upgradesession => 'confirm', ['POST'] );
}
# RUNNING METHOD
sub ask {
my ( $self, $req ) = @_;
if($req->param('upgrading') ) {
# Check if auth is already running
if ( $req->param('upgrading') ) {
# verify token
return $self->confirm($req);
}
# Display form
return $self->p->sendHtml(
$req,
'upgradesession',
params => {
CONFIRMKEY => $self->p->stamp,
PORTAL => $self->conf->{portal},
URL => $req->param('url'),
}
);
}
sub confirm {
my ( $self, $req ) = @_;
my $ok;
if($req->param('upgrading') ) {
# verify token and set $ok to 1
my $upg;
if ( my $t = $req->param('upgrading') ) {
if ( $self->ott->getToken($t) ) {
$upg = 1;
}
else {
return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] );
}
}
if ( $ok or $req->param('confirm') == 1 ) {
$self->p->setHiddenFormValue(); # Insert token
$req->steps(['controlUrl']);
my $res = $self->p->process($req);
return $self->p->do( $req, [ sub { $res } ] ) if($res);
if ( $upg or $req->param('confirm') == 1 ) {
$req->datas->{noerror} = 1;
$self->p->setHiddenFormValue(
$req,
upgrading => $self->ott->createToken,
''
); # Insert token
return $self->p->login($req);
}
else {
......
......@@ -96,6 +96,7 @@
"accountCreationSuccess":"Your account was successfully created.",
"anotherInformation":"Another information:",
"areYouSure":"Are you sure?",
"askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate ?",
"authPortal":"Authentication portal",
"authRemaining":"%s authentications remaining, change your password!",
"autoAccept":"Automatically accept in 30 seconds",
......@@ -190,6 +191,7 @@
"u2fSuccess": "Your key is successfully tested",
"unableToGetU2FKey": "Unable to access to your key. Retry or contact your administrator",
"updateCdc": "Update Common Domain Cookie",
"upgradeSession":"Upgrade session",
"user":"User",
"useYubikey":"use your Yubikey",
"verify": "Verify",
......
......@@ -96,6 +96,7 @@
"accountCreationSuccess":"Votre compte a bien été créé.",
"anotherInformation":"Une autre information :",
"areYouSure":"Êtes vous sûr ?",
"askToUpgrade":"Cette application nécessite un plus haut niveau d'authentification. Voulez-vous vous réauthentifier ?",
"authPortal":"Portail d'authentification",
"authRemaining":"%s authentifications restantes, changez votre mot de passe !",
"autoAccept":"Acceptation automatique dans 30 secondes",
......@@ -190,6 +191,7 @@
"u2fSuccess": "Votre clef est vérifiée",
"unableToGetU2FKey": "Impossible d'accéder à la clef, réessayez ou contactez votre administrateur",
"updateCdc": "Mise à jour du cookie de domaine commun",
"upgradeSession":"Se réauthentifier",
"user":"Utilisateur",
"useYubikey":"utilisez votre Yubikey",
"verify": "Verifier",
......
......@@ -17,5 +17,3 @@
</form>
<TMPL_INCLUDE NAME="footer.tpl">
<TMPL_INCLUDE NAME="header.tpl">
<div class="message message-positive alert"><span trspan="askToUpgrade"></span></div>
<form action="/upgradesession" method="post" class="password" role="form">
<div class="form">
<div class="form-group input-group">
<input type="hidden" name="confirm" value="<TMPL_VAR NAME="CONFIRMKEY">">
<input type="hidden" name="url" value="<TMPL_VAR NAME="URL">">
</div>
</div>
<div class="buttons">
<button type="submit" class="btn btn-success">
<span class="glyphicon glyphicon-log-in"></span>
<span trspan="upgradeSession">Upgrade session</span>
</button>
<a href="<TMPL_VAR NAME="PORTAL_URL">" class="btn btn-primary" role="button">
<span class="glyphicon glyphicon-home"></span>&nbsp;
<span trspan="goToPortal">Go to portal</span>
</a>
</div>
</form>
<TMPL_INCLUDE NAME="footer.tpl">
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment