worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Manager API - 2F get & delete routes/methods - #2033

Browse Source
lowercase-endpoints
Soisik Froger 6 years ago
parent c8e36a8899
commit 4e4f42460a
4 changed files with 277 additions and 16 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      lemonldap-ng-manager/MANIFEST
  2. 39
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api.pm
  3. 241
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/2F.pm
  4. 9
      lemonldap-ng-manager/t/04-2F-api.t

4
lemonldap-ng-manager/MANIFEST
Unescape View File

@ -1,5 +1,4 @@
.bowerrc
_d
bower.json
Changes
eg/manager.cgi
@ -203,6 +202,7 @@ site/htdocs/static/logos/fr.png
site/htdocs/static/logos/it.png
site/htdocs/static/logos/llng-icon-32.png
site/htdocs/static/logos/llng-logo-32.png
site/htdocs/static/logos/tr.png
site/htdocs/static/logos/vi.png
site/htdocs/static/logos/zh.png
site/htdocs/static/reverseTree.json
@ -221,7 +221,7 @@ site/templates/viewDiff.tpl
site/templates/viewer.tpl
t/02-HTML-template.t
t/03-HTML-forms.t
t/04-hello-api.t
t/04-2F-api.t
t/04-providers-api.t
t/05-rest-api.t
t/06-rest-api.t

39
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api.pm
Unescape View File

@ -5,7 +5,8 @@ use 5.10.0;
use utf8;
use Mouse;
extends 'Lemonldap::NG::Common::Conf::RESTServer';
extends 'Lemonldap::NG::Common::Conf::RESTServer',
'Lemonldap::NG::Common::Session::REST';
use Lemonldap::NG::Manager::Api::2F;
use Lemonldap::NG::Manager::Api::Providers::OidcRp;
@ -25,15 +26,6 @@ sub addRoutes {
# HTML template
$self->addRoute( 'api.html', undef, ['GET'] )
->addRoute(
api => {
v1 => {
hello => "helloworld",
},
},
['GET']
)
->addRoute(
api => {
v1 => {
@ -61,6 +53,17 @@ sub addRoutes {
},
},
},
secondFactor => {
':uid' => {
id => {
':id' => 'getSecondFactorsById'
},
type => {
':type' => 'getSecondFactorsByType'
},
'*' => 'getSecondFactors'
},
},
},
},
['GET']
@ -125,10 +128,26 @@ sub addRoutes {
sp => {':confKey' => 'deleteSamlSp'}
},
},
secondFactor => {
':uid' => {
id => {
':id' => 'deleteSecondFactorsById'
},
type => {
':type' => 'deleteSecondFactorsByType'
},
'*' => 'deleteSecondFactors'
},
},
},
},
['DELETE']
);
$self->setTypes($conf);
$self->{multiValuesSeparator} ||= '; ';
$self->{hiddenAttributes} //= "_password";
$self->{TOTPCheck} = $self->{U2FCheck} = $self->{UBKCheck} = '1';
}
1;

241
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/2F.pm
Unescape View File

@ -3,9 +3,244 @@ our $VERSION = '2.0.7';
package Lemonldap::NG::Manager::Api;
sub helloworld {
my ( $self, $req, @others ) = @_;
return [ 200, [], ["Hello world"]];
use 5.10.0;
use utf8;
use Mouse;
use JSON;
use Lemonldap::NG::Common::Session;
sub getSecondFactors {
my ( $self, $req ) = @_;
my ( $uid, $res);
$uid = $req->params('uid')
or return $self->sendError( $req, 'uid is missing', 400 );
$self->logger->debug("[API] 2F for $uid requested");
$res = $self->_get2F($uid);
unless ( $res->{res} eq 'ok' ) {
return $self->sendError( $req, $res->{msg}, $res->{code} );
}
return $self->sendJSONresponse( $req, $res->{secondFactors} );
}
sub getSecondFactorsByType {
my ( $self, $req ) = @_;
my ( $uid, $type, $res);
$uid = $req->params('uid')
or return $self->sendError( $req, 'Uid is missing', 400 );
$type = $req->params('type')
or return $self->sendError( $req, 'Type is missing', 400 );
$self->logger->debug("[API] 2F for $uid with type $type requested");
$res = $self->_get2F($uid, uc $type);
unless ( $res->{res} eq 'ok' ) {
return $self->sendError( $req, $res->{msg}, $res->{code} );
}
return $self->sendJSONresponse( $req, $res->{secondFactors} );
}
sub getSecondFactorsById {
my ( $self, $req ) = @_;
my ( $uid, $id, $res);
$uid = $req->params('uid')
or return $self->sendError( $req, 'uid is missing', 400 );
$id = $req->params('id')
or return $self->sendError( $req, 'id is missing', 400 );
$self->logger->debug("[API] 2F for $uid with id $id requested");
$res = $self->_get2F($uid, undef, $id);
unless ( $res->{res} eq 'ok' ) {
return $self->sendError( $req, $res->{msg}, $res->{code} );
}
return $self->sendJSONresponse( $req, $res->{secondFactors} );
}
sub deleteSecondFactors {
my ( $self, $req ) = @_;
my ( $uid, $res);
$uid = $req->params('uid')
or return $self->sendError( $req, 'uid is missing', 400 );
$self->logger->debug("[API] Delete all 2F for $uid requested");
$res = $self->_delete2F($uid);
unless ( $res->{res} eq 'ok' ) {
return $self->sendError( $req, $res->{msg}, $res->{code} );
}
return $self->sendJSONresponse( $req, { message => $res->{msg} } );
}
sub deleteSecondFactorsById {
my ( $self, $req ) = @_;
my ( $uid, $id, $res);
$uid = $req->params('uid')
or return $self->sendError( $req, 'uid is missing', 400 );
$id = $req->params('id')
or return $self->sendError( $req, 'id is missing', 400 );
$self->logger->debug("[API] Delete 2F for $uid with id $id requested");
$res = $self->_delete2F($uid, undef, $id);
unless ( $res->{res} eq 'ok' ) {
return $self->sendError( $req, $res->{msg}, $res->{code} );
}
return $self->sendJSONresponse( $req, { message => $res->{msg} } );
}
sub deleteSecondFactorsByType {
my ( $self, $req ) = @_;
my ( $uid, $type, $res);
$uid = $req->params('uid')
or return $self->sendError( $req, 'uid is missing', 400 );
$type = $req->params('type')
or return $self->sendError( $req, 'type is missing', 400 );
$self->logger->debug("[API] Delete all 2F for $uid with type $type requested");
$res = $self->_delete2F($uid, uc $type);
unless ( $res->{res} eq 'ok' ) {
return $self->sendError( $req, $res->{msg}, $res->{code} );
}
return $self->sendJSONresponse( $req, { message => $res->{msg} } );
}
sub _get2F {
my ( $self, $uid, $type, $id ) = @_;
my ($res, $psessions, @secondFactors);
if (defined $type) {
$res = $self->_checkType($type);
return $res if ($res->{res} ne 'ok');
}
$psessions = $self->_getPSessions2F($uid, ('_session_uid', '_2fDevices'));
foreach ( keys %{ $psessions } ) {
my $devices = from_json( $psessions->{$_}->{_2fDevices}, { allow_nonref => 1 } );
foreach my $device ( @{$devices} ) {
push @secondFactors, { id => $device->{epoch}, type => $device->{type}, name => $device->{name} }
unless (
( defined $type and $type ne $device->{type} )
or ( defined $id and $id ne $device->{epoch} )
);
}
}
return { res => 'ok', secondFactors => scalar @secondFactors ? @secondFactors : [] };
}
sub _getMod2F {
my ( $self ) = @_;
my $mod = $self->sessionTypes->{persistent};
$mod->{options}->{backend} = $mod->{module};
return $mod;
}
sub _getPSessions2F {
my ( $self, $uid, @fields ) = @_;
$self->logger->debug("Looking for psessions for uid $uid ...");
my $psessions = Lemonldap::NG::Common::Apache::Session->searchOn($self->_getMod2F->{options},
'_session_uid', $uid, @fields );
$self->logger->debug("Found " . scalar (keys %{ $psessions }) . " psessions for uid $uid.");
return $psessions;
}
sub getSession2F {
my ( $self, $sessionId ) = @_;
$self->logger->debug("Looking for session with sessionId $sessionId ...");
my $session = $self->getApacheSession( $self->_getMod2F, $sessionId );
$self->logger->debug(defined $session ? "Session $sessionId found." : " No session found for sessionId $sessionId");
return $session;
}
sub _delete2F {
my ( $self, $uid, $type, $id ) = @_;
my ($res, $psessions, $sessionId, $session, $devices, @keep, $total, $removed, $lremoved, $localStorage);
$localStorage = Lemonldap::NG::Handler::PSGI::Main->tsv->{refLocalStorage};
if (defined $type) {
$res = $self->_checkType($type);
return $res if ($res->{res} ne 'ok');
}
$psessions = $self->_getPSessions2F($uid, ('_session_uid', '_session_id', '_2fDevices'));
foreach ( keys %{ $psessions } ) {
$sessionId = $psessions->{$_}->{_session_id};
$session = $self->getSession2F( $sessionId )
or return { res => 'ko', code => 500, msg => $@ };
$self->logger->debug("Looking for 2F Device(s) attached to session $sessionId...");
if ( $session->data->{_2fDevices} ) {
$devices = from_json( $session->data->{_2fDevices}, { allow_nonref => 1 } );
$total = scalar @$devices;
$self->logger->debug("Found $total 2F devices attached to session $sessionId.");
@keep = ();
while (@$devices) {
my $element = shift @$devices;
push @keep, $element
if (( defined $type or defined $id ) and
(( defined $type and $type ne $element->{type} ) or
( defined $id and $id ne $element->{epoch} )));
}
$lremoved = $total - scalar @keep;
if ($lremoved > 0) {
# Update session
$self->logger->debug("Removing $lremoved 2F device(s) attached to session $sessionId ...");
$session->data->{_2fDevices} = to_json( \@keep );
$session->update( \%{ $session->data } );
# Delete local cache
if ( $localStorage and $localStorage->get($sessionId) ) {
$self->logger->debug("Delete local cache for $sessionId ...");
$localStorage->remove($sessionId);
} else {
$self->logger->debug("Local cache will not be cleared for $sessionId");
}
} else {
$self->logger->debug("No matching 2F devices attached to session $sessionId were selected for removal.");
}
} else {
$self->logger->debug("No 2F devices attached to session $sessionId were found.");
}
$removed += $lremoved;
}
return {
res => 'ok',
msg => $removed > 0 ? "Successful operation: " . $removed . " 2F were removed" : "No operation performed"
};
}
sub _checkType {
my ( $self, $type ) = @_;
return {res => "ko", code=> 405, msg => "Invalid input: Type \"$type\" does not exist. Allowed values for type are: \"U2F\", \"TOTP\" or \"UBK\"" }
unless ( $type =~ /\b(?:U2F|TOTP|UBK)\b/ );
return { res => "ok" };
}
1;

9
lemonldap-ng-manager/t/04-hello-api.t → lemonldap-ng-manager/t/04-2F-api.t
Unescape View File

@ -4,11 +4,18 @@ use Test::More;
use strict;
use JSON;
use IO::String;
use Lemonldap::NG::Common::Session;
eval { mkdir 't/sessions' };
`rm -rf t/sessions/*`;
require 't/test-lib.pm';
our $_json = JSON->new->allow_nonref;
my $res;
ok(
$res = &client->_get('/api/v1/hello', '')
$res = &client->_get('/api/v1/secondFactor/dwho', '')
,
"Request succeed"
);
Write Preview
Loading…
Cancel
Save