U2F registration works (#1148)

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm

@@ -243,7 +243,6 @@ sub defaultValues {
         'timeoutActivityInterval'                 => 60,
         'trustedProxies'                          => '',
         'twitterAuthnLevel'                       => 1,
-        'u2fAppId'                                => 'Lemonldap::NG',
         'userControl'                             => '^[\\w\\.\\-@]+$',
         'userDB'                                  => 'Demo',
         'useRedirectOnError'                      => 1,

lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm

@@ -123,12 +123,7 @@ sub sendError {
     );
 
     # SOAP responses
-    if (
+    if ( $req->env->{HTTP_SOAPACTION} ) {
-        $req->accept =~ m#(?:application|text)/xml#
-        or (    $req->content_type
-            and $req->content_type =~ m#(?:application|text)/xml# )
-      )
-    {
         my $s = '<soapenv:Body>
  <soapenv:Fault>
   <Faultcode>soapenv:Client</Faultcode>

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -2830,9 +2830,9 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
             'default' => 0,
             'type'    => 'bool'
         },
-        'u2fAppId' => {
+        'u2fSelfRegistration' => {
-            'default' => 'Lemonldap::NG',
+            'default' => 0,
-            'type'    => 'text'
+            'type'    => 'bool'
         },
         'userControl' => {
             'default' => '^[\\w\\.\\-@]+$',

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -954,10 +954,10 @@ sub attributes {
             default       => 0,
             documentation => 'U2F activation',
         },
-        u2fAppId => {
+        u2fSelfRegistration => {
-            default       => 'Lemonldap::NG',
+            type          => 'bool',
-            type          => 'text',
+            default       => 0,
-            documentation => 'U2F application ID',
+            documentation => 'U2F self registration activation',
         },
 
         # Single session

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm

@@ -582,7 +582,7 @@ sub tree {
                         {
                             title => 'u2f',
                             form  => 'simpleInputContainer',
-                            nodes => [ 'u2fActivation', 'u2fAppId', ]
+                            nodes => [ 'u2fActivation', 'u2fSelfRegistration', ]
                         },
                         {
                             title => 'security',

lemonldap-ng-manager/site/static/languages/en.json

@@ -631,7 +631,7 @@
 "twitterSecret": "API secret",
 "u2f": "U2F",
 "u2fActivation": "Activation",
-"u2fAppId": "Application ID",
+"u2fSelfRegistration": "Self registration",
 "uid": "Identifier",
 "unknownAttrOrMacro": "Unknown attribute or macro",
 "unknownError": "Unknown error",

lemonldap-ng-manager/site/static/languages/fr.json

@@ -631,7 +631,7 @@
 "twitterSecret": "Secret de l'API",
 "u2f": "U2F",
 "u2fActivation": "Activation",
-"u2fAppId": "Identifiant de l'application",
+"u2fSelfRegistration": "Activation de l'enregistrement",
 "uid": "Identifiant",
 "unknownAttrOrMacro": "Attribut ou macro inconnu",
 "unknownError": "Erreur inconnue",

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm

@@ -76,7 +76,10 @@ sub enabledPlugins {
 
     # U2F
     if ( $self->conf->{u2fActivation} ) {
-        push @res, '::Register::U2F', '::Plugins::U2F';
+        push @res, '::Plugins::U2F';
+    }
+    if ( $self->conf->{u2fSelfRegistration} ) {
+        push @res, '::Register::U2F';
     }
 
     # Check if custom plugins are required

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Register/U2F.pm

@@ -9,6 +9,15 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
 
 has crypter => ( is => 'rw' );
 
+has origin => (
+    is      => 'rw',
+    default => sub {
+        my $p = $_[0]->{conf}->{portal};
+        $p =~ s#^(https?://[^/]+).*$#$1#;
+        return $p;
+    }
+);
+
 sub init {
     my ($self) = @_;
     eval 'use Crypt::U2F::Server::Simple';
@@ -19,8 +28,8 @@ sub init {
     unless (
         $self->crypter(
             Crypt::U2F::Server::Simple->new(
-                appId  => $self->conf->{u2fAppId},
+                appId  => $self->origin,
-                origin => $self->conf->{portal},
+                origin => $self->origin,
             )
         )
       )
@@ -36,30 +45,24 @@ sub run {
     my ( $self, $req ) = @_;
 
     # Check for registration response
-    if ( my $rd = $req->param('registration') ) {
+    if ( my $response = $req->param('registration') ) {
-        $self->lmLog( "Get registration data $rd", 'debug' );
+        $self->lmLog( "Get registration data $response", 'debug' );
-        my ( $keyHandle, $userKey ) = $self->crypter->registrationVerify($rd);
+        my ( $keyHandle, $userKey ) =
+          $self->crypter->registrationVerify($response);
         if ( $keyHandle and $userKey ) {
-            $self->lmLog( "Handle: $keyHandle, Key: $userKey", 'debug' );
             $self->p->updatePersistentSession( $req,
                 { _u2fHandle => $keyHandle, _u2fKey => $userKey } );
             return $self->p->sendHtml( $req, 'u2fregister',
                 params => { SUCCESS => 1 } );
         }
-        else {
+        $self->p->userError( 'U2F Registration failed: '
-            $self->lmLog(
+              . Crypt::U2F::Server::Simple::lastError() );
-                'U2F Registration failed: '
+        return $self->p->sendHtml( $req, 'u2fregister',
-                  . Crypt::U2F::Server::Simple::lastError(),
+            params => { FAILED => 1 } );
-                'notice'
-            );
-            return $self->p->sendHtml( $req, 'u2fregister',
-                params => { FAILED => 1 } );
-        }
     }
     my $challenge = $self->crypter->registrationChallenge;
     return $self->p->sendHtml( $req, 'u2fregister',
-        params =>
+        params => { CHALLENGE => $challenge, APPID => $self->origin } );
-          { CHALLENGE => $challenge, APPID => $self->conf->{u2fAppId} } );
 }
 
 1;

lemonldap-ng-portal/site/coffee/u2fregistration.coffee

@@ -3,9 +3,11 @@ LemonLDAP::NG U2F registration script
 ###
 
 register = ->
-	request =
+	request = [
 		challenge: window.datas.challenge
 		version: 'U2F_V2'
+	]
+	console.log 'Register: ', request
 	u2f.register window.datas.appId, request, [], (data) ->
 		$('#bind-data').val JSON.stringify data
 		$('#bind-form').submit()

lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.js

@@ -9,10 +9,13 @@ LemonLDAP::NG U2F registration script
 
   register = function() {
     var request;
-    request = {
+    request = [
-      challenge: window.datas.challenge,
+      {
-      version: 'U2F_V2'
+        challenge: window.datas.challenge,
-    };
+        version: 'U2F_V2'
+      }
+    ];
+    console.log('Register: ', request);
     return u2f.register(window.datas.appId, request, [], function(data) {
       $('#bind-data').val(JSON.stringify(data));
       return $('#bind-form').submit();

lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js

@@ -1 +1 @@
-(function(){var a;a=function(){var b;b={challenge:window.datas.challenge,version:"U2F_V2"};return u2f.register(window.datas.appId,b,[],function(c){$("#bind-data").val(JSON.stringify(c));return $("#bind-form").submit()})};$(document).ready(function(){return setTimeout(a,1000)})}).call(this);
+(function(){var a;a=function(){var b;b=[{challenge:window.datas.challenge,version:"U2F_V2"}];console.log("Register: ",b);return u2f.register(window.datas.appId,b,[],function(c){$("#bind-data").val(JSON.stringify(c));return $("#bind-form").submit()})};$(document).ready(function(){return setTimeout(a,1000)})}).call(this);