TOTP Manager part (#1359)

7 years ago · 2d58b3f9f6
parent 344b9db804
commit 2d58b3f9f6
12 changed files with 123 additions and 18 deletions
--- a/fastcgi-server/man/llng-fastcgi-server.1p
+++ b/fastcgi-server/man/llng-fastcgi-server.1p
@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "llng-fastcgi-server 1"
-.TH llng-fastcgi-server 1 "2017-11-11" "perl v5.26.1" "User Contributed Perl Documentation"
+.TH llng-fastcgi-server 1 "2018-02-18" "perl v5.26.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@ -165,6 +165,8 @@ Each parameter can be set by an option or a environment variable.
 .IX Item "--engine -e ($ENV{ENGINE}): Plack::Handler engine, default to FCGI"
 .IP "\-\-socket \-s ($ENV{\s-1SOCKET\s0}): Unix socket" 4
 .IX Item "--socket -s ($ENV{SOCKET}): Unix socket"
+.IP "\-\-listen \-l ($ENV{\s-1LISTEN\s0}): Listening address (\s-1HOST:PORT, :PORT,\s0 or \s-1PATH\s0)" 4
+.IX Item "--listen -l ($ENV{LISTEN}): Listening address (HOST:PORT, :PORT, or PATH)"
 .IP "\-\-customFunctionsFile \-f ($ENV{\s-1CUSTOM_FUNCTIONS_FILE\s0}): file to load for custom functions" 4
 .IX Item "--customFunctionsFile -f ($ENV{CUSTOM_FUNCTIONS_FILE}): file to load for custom functions"
 .ie n .IP "\-\-plackOptions: other options to pass to Plack. This multi-valued parameter must have ""key=value"" values." 4
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
@ -242,6 +242,9 @@ sub defaultValues {
        'timeout'                                 => 72000,
        'timeoutActivity'                         => 0,
        'timeoutActivityInterval'                 => 60,
+        'totp2fActivation'                        => 0,
+        'totp2fInterval'                          => 30,
+        'totp2fRange'                             => 1,
        'trustedProxies'                          => '',
        'twitterAuthnLevel'                       => 1,
        'u2fActivation'                           => 0,
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@ -3123,6 +3123,25 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
            'default' => 0,
            'type'    => 'bool'
        },
+        'totp2fActivation' => {
+            'default' => 0,
+            'type'    => 'boolOrExpr'
+        },
+        'totp2fAuthnLevel' => {
+            'type' => 'int'
+        },
+        'totp2fInterval' => {
+            'default' => 30,
+            'type'    => 'int'
+        },
+        'totp2fRange' => {
+            'default' => 1,
+            'type'    => 'int'
+        },
+        'totpSelfRegistration' => {
+            'default' => 0,
+            'type'    => 'bool'
+        },
        'trustedDomains' => {
            'type' => 'text'
        },
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@ -106,8 +106,8 @@ sub types {
        select => {
            test => sub {
                my $test =
-                  grep (
-                    { $_ eq $_[0] } map ( { $_->{k} } @{ $_[2]->{select} } ) );
+                  grep ( { $_ eq $_[0] }
+                    map ( { $_->{k} } @{ $_[2]->{select} } ) );
                return $test
                  ? 1
                  : ( 1, "Invalid value '$_[0]' for this select" );
@ -1030,6 +1030,33 @@ sub attributes {
              'Authentication level for users authentified by password+U2F'
        },

+        # TOTP second factor
+        totp2fActivation => {
+            type          => 'boolOrExpr',
+            default       => 0,
+            documentation => 'TOTP activation',
+        },
+        totpSelfRegistration => {
+            type          => 'bool',
+            default       => 0,
+            documentation => 'TOTP self registration activation',
+        },
+        totp2fAuthnLevel => {
+            type => 'int',
+            documentation =>
+              'Authentication level for users authentified by password+TOTP'
+        },
+        totp2fInterval => {
+            type          => 'int',
+            default       => 30,
+            documentation => 'TOTP interval',
+        },
+        totp2fRange => {
+            type          => 'int',
+            default       => 1,
+            documentation => 'TOTP range (number of interval to test)',
+        },
+
        # External second factor
        ext2fActivation => {
            type          => 'boolOrExpr',
@ -1180,7 +1207,7 @@ sub attributes {
                        grep { $_ =~ /Undefined subroutine/ ? () : $_ }
                          split( /\n/, $@ ) );
                    return $err ? ( 1, "__badExpression__: $err" ) : (1);
-                  }
+                }
            },
            documentation => 'Virtualhost headers',
        },
@ -2167,8 +2194,9 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
        radiusServer => { type => 'text', },

        # REST
-        restAuthUrl       => { type => 'url' },
-        restUserDBUrl     => { type => 'url' },
+        restAuthUrl   => { type => 'url' },
+        restUserDBUrl => { type => 'url' },
+
        # TODO: add restMailDBUrl
        restPwdConfirmUrl => { type => 'url' },
        restPwdModifyUrl  => { type => 'url' },
@ -2290,14 +2318,14 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
            default       => 2,
            documentation => 'DBI authentication level',
        },
-        dbiAuthChain       => { type => 'text', },
-        dbiAuthUser        => { type => 'text', },
-        dbiAuthPassword    => { type => 'password', },
-        dbiUserChain       => { type => 'text', },
-        dbiUserUser        => { type => 'text', },
-        dbiUserPassword    => { type => 'password', },
-        dbiAuthTable       => { type => 'text', },
-        dbiUserTable       => { type => 'text', },
+        dbiAuthChain    => { type => 'text', },
+        dbiAuthUser     => { type => 'text', },
+        dbiAuthPassword => { type => 'password', },
+        dbiUserChain    => { type => 'text', },
+        dbiUserUser     => { type => 'text', },
+        dbiUserPassword => { type => 'password', },
+        dbiAuthTable    => { type => 'text', },
+        dbiUserTable    => { type => 'text', },

        # TODO: add dbiMailCol
        dbiAuthLoginCol    => { type => 'text', },
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
@ -209,7 +209,10 @@ sub tree {
                        {
                            title => 'kerberosParams',
                            help  => 'authkerberos.html',
-                            nodes => [ 'krbKeytab', 'krbByJs', 'krbAuthnLevel', 'krbRemoveDomain' ]
+                            nodes => [
+                                'krbKeytab',     'krbByJs',
+                                'krbAuthnLevel', 'krbRemoveDomain'
+                            ]
                        },
                        {
                            title => 'ldapParams',
@ -641,6 +644,11 @@ sub tree {
                            help  => 'autoSignin.html',
                            nodes => ['autoSigninRules'],
                        },
+                    ]
+                },
+                {
+                    title => 'secondFactors',
+                    nodes => [
                        {
                            title => 'u2f',
                            help  => 'u2f.html',
@ -650,6 +658,16 @@ sub tree {
                                'u2fAuthnLevel'
                            ]
                        },
+                        {
+                            title => 'totp',
+                            help  => 'totp.html',
+                            form  => 'simpleInputContainer',
+                            nodes => [
+                                'totp2fActivation', 'totpSelfRegistration',
+                                'totp2fAuthnLevel', 'totp2fInterval',
+                                'totp2fRange',
+                            ]
+                        },
                        {
                            title => 'external2f',
                            help  => 'external2f.html',
--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@ -644,6 +644,7 @@
 "save": "حفظ",
 "saveReport": "احفظ التقرير",
 "savingConfirmation": "حفظ التأكيد",
+"secondFactors": "Second factors",
 "securedCookie": "ملفات تعريف الارتباط المضمونة (سسل)",
 "security": "الحماية",
 "serverError": "خطأ في جهاز الخادم",
@ -699,6 +700,12 @@
 "timeoutActivity": "مهلة نشاط الجلسات",
 "timeoutActivityInterval": "فترة تحديث الجلسات",
 "tokenUseGlobalStorage": "استخدام سعة التخزين العامة",
+"totp":"TOTP",
+"totp2fActivation":"Activation",
+"totp2fAuthnLevel":"TOTP authentication level",
+"totp2fInterval":"Interval",
+"totp2fRange":"Range of attempts",
+"totpSelfRegistration":"Self registration",
 "trustedDomains": "النطاقات الموثوق بها",
 "trustedProxies": "عناوين الآي بي البروكسي الموثوق بها",
 "twitterAppName": "اسم التطبيق",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@ -644,6 +644,7 @@
 "save": "Save",
 "saveReport": "Save report",
 "savingConfirmation": "Saving confirmation",
+"secondFactors": "Second factors",
 "securedCookie": "Secured Cookie (SSL)",
 "security": "Security",
 "serverError": "Server error",
@ -699,6 +700,12 @@
 "timeoutActivity": "Sessions activity timeout",
 "timeoutActivityInterval": "Sessions update interval",
 "tokenUseGlobalStorage": "Use global storage",
+"totp":"TOTP",
+"totp2fActivation":"Activation",
+"totp2fAuthnLevel":"TOTP authentication level",
+"totp2fInterval":"Interval",
+"totp2fRange":"Range of attempts",
+"totpSelfRegistration":"Self registration",
 "trustedDomains": "Trusted domains",
 "trustedProxies": "Trusted proxies IP",
 "twitterAppName": "Application name",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@ -643,6 +643,7 @@
 "Same": "Identique",
 "save": "Sauver",
 "saveReport": "Rapport de sauvegarde",
+"secondFactors": "Second facteurs",
 "savingConfirmation": "Confirmation de sauvegarde",
 "securedCookie": "Cookie sécurisé (HTTPS)",
 "security": "Sécurité",
@ -699,6 +700,12 @@
 "timeoutActivity": "Délai d'expiration des sessions",
 "timeoutActivityInterval": "Intervalle de mise à jour des sessions",
 "tokenUseGlobalStorage": "Utiliser le cache global",
+"totp":"TOTP",
+"totp2fActivation":"Activation",
+"totp2fAuthnLevel":"Niceau d'authentification TOTP",
+"totp2fInterval":"Intervalle",
+"totp2fRange":"Nombre d'intervalles à tester",
+"totpSelfRegistration":"Auto-enregistrement",
 "trustedDomains": "Domaines approuvés",
 "trustedProxies": "IP des proxys de confiance",
 "twitterAppName": "Nom de l'application",
@ -710,7 +717,7 @@
 "u2f": "U2F",
 "u2fActivation": "Activation",
 "u2fAuthnLevel": "Niveau d'authentification U2F",
-"u2fSelfRegistration": "Activation de l'enregistrement",
+"u2fSelfRegistration": "Auto-enregistrement",
 "uid": "Identifiant",
 "unknownAttrOrMacro": "Attribut ou macro inconnu",
 "unknownError": "Erreur inconnue",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@ -644,6 +644,7 @@
 "save": "Salva",
 "saveReport": "Salva report",
 "savingConfirmation": "Salvataggio della conferma",
+"secondFactors": "Second factors",
 "securedCookie": "Cookie protetti (SSL)",
 "security": "Sicurezza",
 "serverError": "Errore del server",
@ -699,6 +700,12 @@
 "timeoutActivity": "Timeout attività di sessioni",
 "timeoutActivityInterval": "Intervallo di aggiornamento delle sessioni",
 "tokenUseGlobalStorage": "Utilizza lo storage globale",
+"totp":"TOTP",
+"totp2fActivation":"Activation",
+"totp2fAuthnLevel":"TOTP authentication level",
+"totp2fInterval":"Interval",
+"totp2fRange":"Range of attempts",
+"totpSelfRegistration":"Self registration",
 "trustedDomains": "Domini attendibili",
 "trustedProxies": "IP proxy attendibili",
 "twitterAppName": "Nome dell'applicazione",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@ -644,6 +644,7 @@
 "save": "Lưu",
 "saveReport": "Lưu báo cáo",
 "savingConfirmation": "Lưu xác nhận",
+"secondFactors": "Second factors",
 "securedCookie": "Cookie bảo mật (SSL)",
 "security": "An ninh",
 "serverError": "Lỗi máy chủ",
@ -699,6 +700,12 @@
 "timeoutActivity": "Thời gian chờ của các hoạt động phiên",
 "timeoutActivityInterval": "Khoảng thời gian cập nhật phiên",
 "tokenUseGlobalStorage": "Sử dụng lưu trữ toàn cục",
+"totp":"TOTP",
+"totp2fActivation":"Activation",
+"totp2fAuthnLevel":"TOTP authentication level",
+"totp2fInterval":"Interval",
+"totp2fRange":"Range of attempts",
+"totpSelfRegistration":"Self registration",
 "trustedDomains": "Miền tin cậy",
 "trustedProxies": "proxies IP tin cậy",
 "twitterAppName": "Tên ứng dụng",
--- a/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
+++ b/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
--- a/lemonldap-ng-manager/site/htdocs/static/struct.json
+++ b/lemonldap-ng-manager/site/htdocs/static/struct.json