Commit 85c6ad24 authored by Christophe Maudoux's avatar Christophe Maudoux

WIP - Append PortalForceReAuthn (#1507)

parent 107b0386
......@@ -179,6 +179,8 @@ sub defaultValues {
'portalDisplayRegister' => 1,
'portalErrorOnExpiredSession' => 1,
'portalForceAuthnInterval' => 5,
'portalForceReAuthn' => 1,
'portalForceReAuthnTempo' => 300,
'portalPingInterval' => 60000,
'portalRequireOldPassword' => 1,
'portalSkin' => 'bootstrap',
......
......@@ -2169,6 +2169,14 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 5,
'type' => 'int'
},
'portalForceReAuthn' => {
'default' => 1,
'type' => 'bool'
},
'portalForceReAuthnTempo' => {
'default' => 300,
'type' => 'int'
},
'portalOpenLinkInNewWindow' => {
'default' => 0,
'type' => 'bool'
......
......@@ -556,6 +556,17 @@ sub attributes {
type => 'bool',
documentation => 'Check XSS',
},
portalForceReAuthn => {
default => 1,
type => 'bool',
documentation => 'Enable force reAuthentification to access to Portal',
},
portalForceReAuthnTempo => {
default => 300,
type => 'int',
documentation =>
'Portal force reAuthentification -> Tempo before try again',
},
bruteForceProtection => {
default => 1,
type => 'bool',
......
......@@ -92,6 +92,7 @@ use constant {
PE_UNAUTHORIZEDPARTNER => 84,
PE_RENEWSESSION => 85,
PE_WAIT => 86,
PE_MUSTREAUTHN => 87,
};
# EXPORTER PARAMETERS
......@@ -117,7 +118,7 @@ our @EXPORT_OK = qw( PE_SENDRESPONSE PE_INFO PE_REDIRECT PE_DONE PE_OK
PE_RADIUSCONNECTFAILED PE_MUST_SUPPLY_OLD_PASSWORD PE_FORBIDDENIP
PE_CAPTCHAERROR PE_CAPTCHAEMPTY PE_REGISTERFIRSTACCESS PE_REGISTERFORMEMPTY
PE_REGISTERALREADYEXISTS PE_NOTOKEN PE_TOKENEXPIRED HANDLER PE_U2FFAILED
PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE PE_WAIT
PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE PE_WAIT PE_MUSTREAUTHN
);
our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );
......
......@@ -24,6 +24,7 @@ our @pList = (
upgradeSession => '::Plugins::Upgrade',
autoSigninRules => '::Plugins::AutoSignin',
checkState => '::Plugins::CheckState',
portalForceReAuthn => '::Plugins::PortalForceReAuthn',
);
##@method list enabledPlugins
......
package Lemonldap::NG::Portal::Plugins::PortalForceReAuthn;
use Data::Dumper;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_MUSTREAUTHN);
our $VERSION = '2.0.0';
extends 'Lemonldap::NG::Portal::Main::Plugin';
# INITIALIZATION
use constant forAuthUser => 'run';
sub init {1}
# RUNNING METHOD
sub run {
my ( $self, $req ) = @_;
my $portalURL = $self->conf->{portal};
my $HTTP_HOST = $req->env->{HTTP_HOST};
$self->logger->debug( "Portal URL -> " . Dumper($portalURL) );
$self->logger->debug( "HTTP_HOST -> " . Dumper($HTTP_HOST) );
if ( $req->env->{HTTP_HOST} and $portalURL =~ qr#\Q$HTTP_HOST# ) {
my $delta = time() - $req->{sessionInfo}->{_utime};
$self->logger->debug( "Delta with last Authn -> " . $delta );
$delta <= $self->conf->{portalForceReAuthnTempo}
? return PE_OK
: return PE_MUSTREAUTHN;
}
}
1;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment