worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Code cleaning & refactoring

Browse Source
Moo
Christophe Maudoux 5 years ago
parent d37943e757
commit 055ec69b92
9 changed files with 71 additions and 125 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 41
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
  2. 49
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm
  3. 43
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
  4. 20
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm
  5. 3
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm
  6. 14
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm
  7. 7
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
  8. 14
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm
  9. 5
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/REST.pm

41
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
Unescape View File

@ -22,7 +22,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_NO_SECOND_FACTORS
);
our $VERSION = '2.0.9';
our $VERSION = '2.0.10';
extends 'Lemonldap::NG::Portal::Main::Plugin';
with 'Lemonldap::NG::Portal::Lib::OverConf';
@ -177,12 +177,10 @@ sub init {
# Registration base
$self->addAuthRoute( '2fregisters' => '_displayRegister', ['GET'] );
$self->addAuthRoute( '2fregisters' => 'register', ['POST'] );
if ( $self->conf->{sfRequired} ) {
$self->addUnauthRoute(
'2fregisters' => 'restoreSession',
[ 'GET', 'POST' ]
);
}
$self->addUnauthRoute(
'2fregisters' => 'restoreSession',
[ 'GET', 'POST' ]
) if ( $self->conf->{sfRequired} );
}
return 1;
}
@ -236,11 +234,11 @@ sub run {
$self->logger->error("Bad encoding in _2fDevices: $@");
return PE_ERROR;
}
$self->logger->debug(" -> 2F Device(s) found");
my $now = time();
my $removed = 0;
$self->logger->debug("Looking for expired 2F device(s)...");
my $removed = 0;
my $now = time();
foreach my $device (@$_2fDevices) {
my $type = lc( $device->{type} );
$type =~ s/2f$//i;
@ -449,14 +447,10 @@ sub _displayRegister {
if ($tpl) {
my ($m) =
grep { $_->{m}->prefix eq $tpl } @{ $self->sfRModules };
unless ($m) {
return $self->p->sendError( $req,
'Inexistent register module', 400 );
}
unless ( $m->{r}->( $req, $req->userData ) ) {
return $self->p->sendError( $req,
'Registration not authorized', 403 );
}
return $self->p->sendError( $req, 'Inexistent register module', 400 )
unless $m;
return $self->p->sendError( $req, 'Registration not authorized', 403 )
unless $m->{r}->( $req, $req->userData );
return $self->p->sendHtml(
$req,
$m->{m}->template,
@ -481,15 +475,13 @@ sub _displayRegister {
};
}
}
if (
return [ 302, [ Location => $self->conf->{portal} . $am[0]->{URL} ], [] ]
if (
@am == 1
and not( $req->userData->{_2fDevices}
or $req->data->{sfRegRequired} )
)
{
return [ 302, [ Location => $self->conf->{portal} . $am[0]->{URL} ],
[] ];
}
);
# Retrieve user all second factors
my $_2fDevices =
@ -506,7 +498,6 @@ sub _displayRegister {
my $action = '';
foreach
my $type ( split /,\s*/, $self->conf->{available2FSelfRegistration} )
{
foreach (@$_2fDevices) {
$_->{type} =~ s/^UBK$/Yubikey/;

49
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm
Unescape View File

@ -5,19 +5,16 @@ use strict;
use Mouse;
use JSON qw(from_json to_json);
our $VERSION = '2.0.8';
our $VERSION = '2.0.10';
extends 'Lemonldap::NG::Portal::Main::Plugin', 'Lemonldap::NG::Common::TOTP';
# INITIALIZATION
has prefix => ( is => 'rw', default => 'totp' );
has prefix => ( is => 'rw', default => 'totp' );
has template => ( is => 'ro', default => 'totp2fregister' );
has logo => ( is => 'rw', default => 'totp.png' );
has ott => (
has logo => ( is => 'rw', default => 'totp.png' );
has ott => (
is => 'rw',
lazy => 1,
default => sub {
@ -35,10 +32,9 @@ sub init {
sub run {
my ( $self, $req, $action ) = @_;
my $user = $req->userData->{ $self->conf->{whatToTrace} };
unless ($user) {
return $self->p->sendError( $req,
'No ' . $self->conf->{whatToTrace} . ' found in user data', 500 );
}
return $self->p->sendError( $req,
'No ' . $self->conf->{whatToTrace} . ' found in user data', 500 )
unless $user;
# Verification that user has a valid TOTP app
if ( $action eq 'verify' ) {
@ -102,7 +98,6 @@ sub run {
$self->logger->debug('TOTP code verified');
# Now code is verified, let's store the master key in persistent data
my $secret = '';
# Reading existing 2FDevices
@ -124,7 +119,7 @@ sub run {
}
# Reading existing TOTP
my @totp2f = grep { $_->{type} eq "TOTP" } @$_2fDevices;
my @totp2f = grep { $_->{type} eq 'TOTP' } @$_2fDevices;
unless (@totp2f) {
$self->logger->debug("No TOTP Device found");
@ -135,22 +130,16 @@ sub run {
# Loading TOTP secret
$self->logger->debug("Reading TOTP secret if exists ...");
$secret = $_->{_secret} foreach (@totp2f);
if ( $token->{_totp2fSecret} eq $secret ) {
return $self->p->sendError( $req, 'totpExistingKey', 200 );
}
return $self->p->sendError( $req, 'totpExistingKey', 200 )
if ( $token->{_totp2fSecret} eq $secret );
### USER CAN ONLY REGISTER ONE TOTP ###
# Delete TOTP previously registered
my @keep = ();
while (@$_2fDevices) {
my $element = shift @$_2fDevices;
$self->logger->debug("Looking for TOTP to delete ...");
push @keep, $element unless ( $element->{type} eq "TOTP" );
}
$self->logger->debug("Looking for TOTP to delete...");
my $size = my @keep =
map { $_->{type} eq 'TOTP' ? () : $_ } @$_2fDevices;
# Check if user can register one more device
my $size = @keep;
my $maxSize = $self->conf->{max2FDevices};
$self->logger->debug("Nbr 2FDevices = $size / $maxSize");
if ( $size >= $maxSize ) {
@ -167,7 +156,6 @@ sub run {
_secret => $token->{_totp2fSecret},
epoch => $epoch
};
$self->logger->debug(
"Append 2F Device : { type => 'TOTP', name => $TOTPName }");
$self->p->updatePersistentSession( $req,
@ -279,7 +267,7 @@ sub run {
# Read existing 2FDevices
$self->logger->debug("Loading 2F Devices ...");
my $_2fDevices;
my ( $_2fDevices, $TOTPName );
if ( $req->userData->{_2fDevices} ) {
$_2fDevices = eval {
from_json( $req->userData->{_2fDevices},
@ -296,11 +284,10 @@ sub run {
}
# Delete TOTP 2F device
my $TOTPName;
foreach (@$_2fDevices) {
$TOTPName = $_->{name} if $_->{epoch} eq $epoch;
}
@$_2fDevices = grep { $_->{epoch} ne $epoch } @$_2fDevices;
@$_2fDevices = map {
if ( $_->{epoch} eq $epoch ) { $TOTPName = $_->{name}; () }
else { $_ }
} @$_2fDevices;
$self->logger->debug(
"Delete 2F Device : { type => 'TOTP', epoch => $epoch, name => $TOTPName }"
);

43
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
Unescape View File

@ -5,18 +5,16 @@ use strict;
use Mouse;
use JSON qw(from_json to_json);
our $VERSION = '2.0.8';
our $VERSION = '2.0.10';
extends 'Lemonldap::NG::Portal::Main::Plugin',
'Lemonldap::NG::Portal::Lib::U2F';
# INITIALIZATION
has prefix => ( is => 'rw', default => 'u' );
has prefix => ( is => 'rw', default => 'u' );
has template => ( is => 'ro', default => 'u2fregister' );
has logo => ( is => 'rw', default => 'u2f.png' );
has logo => ( is => 'rw', default => 'u2f.png' );
sub init {
my ($self) = @_;
@ -30,10 +28,10 @@ sub init {
sub run {
my ( $self, $req, $action ) = @_;
my $user = $req->userData->{ $self->conf->{whatToTrace} };
unless ($user) {
return $self->p->sendError( $req,
'No ' . $self->conf->{whatToTrace} . ' found in user data', 500 );
}
return $self->p->sendError( $req,
'No ' . $self->conf->{whatToTrace} . ' found in user data', 500 )
unless $user;
if ( $action eq 'register' ) {
@ -50,7 +48,6 @@ sub run {
return $self->p->sendError( $req, "Corrupted session", 500 );
}
}
else {
$self->logger->debug("No 2F Device found");
$_2fDevices = [];
@ -115,7 +112,6 @@ sub run {
500 );
}
}
else {
$self->logger->debug("No 2F Device found");
$_2fDevices = [];
@ -182,13 +178,6 @@ sub run {
}
# Get registered keys
# my @rk;
# foreach ( @{ $req->data->{crypter} } ) {
# my $k = push @rk,
# { keyHandle => $_->{keyHandle}, version => $data->{version} };
# }
my @rk =
map { { keyHandle => $_->{keyHandle}, version => $data->{version} } }
@{ $req->data->{crypter} };
@ -230,10 +219,6 @@ sub run {
return $self->p->sendError( $req, "U2FAnswerError" );
}
# my $crypter;
# foreach ( @{ $req->data->{crypter} } ) {
# $crypter = $_ if ( $_->{keyHandle} eq $data->{keyHandle} );
# }
$crypter = $_
foreach grep { $_->{keyHandle} eq $data->{keyHandle} }
@{ $req->data->{crypter} };
@ -246,7 +231,6 @@ sub run {
if ( not $crypter->setChallenge($challenge) ) {
$self->logger->error(
$@ ? $@ : Crypt::U2F::Server::Simple::lastError() );
return $self->p->sendError( $req, "U2FServerError" );
}
@ -287,15 +271,10 @@ sub run {
}
# Delete U2F device
# my $keyName;
# foreach (@$_2fDevices) {
# $keyName = $_->{name} if $_->{epoch} eq $epoch;
# }
$keyName = $_->{name}
foreach grep { $_->{epoch} eq $epoch } @$_2fDevices;
@$_2fDevices = grep { $_->{epoch} ne $epoch } @$_2fDevices;
@$_2fDevices = map {
if ( $_->{epoch} eq $epoch ) { $keyName = $_->{name}; () }
else { $_ }
} @$_2fDevices;
$self->logger->debug(
"Delete 2F Device : { type => 'U2F', epoch => $epoch, name => $keyName }"
);

20
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm
Unescape View File

@ -9,17 +9,15 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_ERROR
);
our $VERSION = '2.0.8';
our $VERSION = '2.0.10';
extends 'Lemonldap::NG::Portal::Main::Plugin';
# INITIALIZATION
has prefix => ( is => 'rw', default => 'yubikey' );
has prefix => ( is => 'rw', default => 'yubikey' );
has template => ( is => 'ro', default => 'yubikey2fregister' );
has logo => ( is => 'rw', default => 'yubikey.png' );
has logo => ( is => 'rw', default => 'yubikey.png' );
sub init {
my ($self) = @_;
@ -120,7 +118,6 @@ sub run {
_yubikey => $key,
epoch => $epoch
};
$self->logger->debug(
"Append 2F Device : { type => 'UBK', name => $UBKName }");
$self->p->updatePersistentSession( $req,
@ -162,7 +159,7 @@ sub run {
# Read existing 2FDevices
$self->logger->debug("Looking for 2F Devices ...");
my $_2fDevices;
my ( $_2fDevices, $UBKName );
if ( $req->userData->{_2fDevices} ) {
$_2fDevices = eval {
from_json( $req->userData->{_2fDevices},
@ -179,11 +176,10 @@ sub run {
}
# Delete Yubikey device
my $UBKName;
foreach (@$_2fDevices) {
$UBKName = $_->{name} if $_->{epoch} eq $epoch;
}
@$_2fDevices = grep { $_->{epoch} ne $epoch } @$_2fDevices;
@$_2fDevices = map {
if ( $_->{epoch} eq $epoch ) { $UBKName = $_->{name}; () }
else { $_ }
} @$_2fDevices;
$self->logger->debug(
"Delete 2F Device : { type => 'UBK', epoch => $epoch, name => $UBKName }"
);

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm
Unescape View File

@ -15,7 +15,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_SENDRESPONSE
);
our $VERSION = '2.0.8';
our $VERSION = '2.0.10';
extends 'Lemonldap::NG::Portal::Main::SecondFactor',
'Lemonldap::NG::Common::TOTP';
@ -23,7 +23,6 @@ extends 'Lemonldap::NG::Portal::Main::SecondFactor',
# INITIALIZATION
has prefix => ( is => 'ro', default => 'totp' );
has logo => ( is => 'rw', default => 'totp.png' );
sub init {

14
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm
Unescape View File

@ -16,7 +16,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_U2FFAILED
);
our $VERSION = '2.0.8';
our $VERSION = '2.0.10';
extends 'Lemonldap::NG::Portal::Main::SecondFactor',
'Lemonldap::NG::Portal::Lib::U2F';
@ -24,9 +24,7 @@ extends 'Lemonldap::NG::Portal::Main::SecondFactor',
# INITIALIZATION
has rule => ( is => 'rw' );
has prefix => ( is => 'ro', default => 'u' );
has logo => ( is => 'rw', default => 'u2f.png' );
sub init {
@ -109,6 +107,7 @@ sub run {
sub verify {
my ( $self, $req, $session ) = @_;
my $crypter;
# Check U2F signature
if ( my $resp = $req->param('signature')
@ -136,10 +135,9 @@ sub verify {
$req->error(PE_ERROR);
return $self->fail($req);
}
my $crypter;
foreach ( @{ $req->data->{crypter} } ) {
$crypter = $_ if ( $_->{keyHandle} eq $data->{keyHandle} );
}
$crypter = $_
foreach grep { $_->{keyHandle} eq $data->{keyHandle} }
@{ $req->data->{crypter} };
unless ($crypter) {
$self->userLogger->error("Unregistered U2F key");
$req->error(PE_BADCREDENTIALS);
@ -245,7 +243,7 @@ sub loadUser {
'U2F error: ' . Crypt::U2F::Server::u2fclib_getError() );
}
}
return -1 unless (@crypters);
return -1 unless @crypters;
$req->data->{crypter} = \@crypters;
return 1;

7
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
Unescape View File

@ -15,16 +15,14 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_SENDRESPONSE
);
our $VERSION = '2.0.9';
our $VERSION = '2.0.10';
extends 'Lemonldap::NG::Portal::Main::SecondFactor';
# INITIALIZATION
has prefix => ( is => 'ro', default => 'yubikey' );
has logo => ( is => 'rw', default => 'yubikey.png' );
has yubi => ( is => 'rw' );
sub init {
@ -88,8 +86,7 @@ sub init {
sub _findYubikey {
my ( $self, $req, $sessionInfo ) = @_;
my $yubikey;
my $_2fDevices;
my ( $yubikey, $_2fDevices );
# First, lookup from session attribute
if ( $self->conf->{yubikey2fFromSessionAttribute} ) {

14
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm
Unescape View File

@ -115,10 +115,7 @@ sub getUser {
my ( $self, $req, %args ) = @_;
$self->validateLdap;
unless ( $self->ldap ) {
return PE_LDAPCONNECTFAILED;
}
return PE_LDAPCONNECTFAILED unless $self->ldap;
$self->bind();
@ -144,7 +141,10 @@ sub getUser {
return PE_BADCREDENTIALS;
}
unless ( $req->data->{ldapentry} = $mesg->entry(0) ) {
$self->userLogger->warn("$req->{user} was not found in LDAP directory (".$req->address.")");
$self->userLogger->warn(
"$req->{user} was not found in LDAP directory ("
. $req->address
. ")" );
eval { $self->p->_authentication->setSecurity($req) };
return PE_BADCREDENTIALS;
}
@ -168,8 +168,8 @@ sub bind {
my $self = shift;
$self->validateLdap;
return undef unless ( $self->ldap );
return undef unless $self->ldap;
my $msg = $self->ldap->bind(@_);
if ( $msg->code ) {
$self->logger->error( $msg->error );

5
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/REST.pm
Unescape View File

@ -28,9 +28,8 @@ sub restCall {
$hreq->header( 'Content-Type' => 'application/json' );
$hreq->content( to_json($content) );
my $resp = $self->ua->request($hreq);
unless ( $resp->is_success ) {
die $resp->status_line;
}
die $resp->status_line unless $resp->is_success;
my $res = eval { from_json( $resp->content ) };
die "Bad REST response: $@" if ($@);
if ( ref($res) ne "HASH" ) {

Write Preview
Loading…
Cancel
Save