From 48f934045e0055b104a934182425a1e6bbc0ab53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20W=C3=B3jtowicz?= <marek.wojtowicz@agh.edu.pl>
Date: Wed, 30 Jun 2021 20:33:50 +0000
Subject: [PATCH 1/2] Support for multiple yubikeys.

---
 .../lib/Lemonldap/NG/Portal/2F/Yubikey.pm      | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
index d1d8f06c2..786795a48 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
@@ -86,7 +86,7 @@ sub init {
 
 sub _findYubikey {
     my ( $self, $req, $sessionInfo ) = @_;
-    my ( $yubikey, $_2fDevices );
+    my ( $yubikey, $_2fDevices, $code );
 
     # First, lookup from session attribute
     if ( $self->conf->{yubikey2fFromSessionAttribute} ) {
@@ -109,8 +109,14 @@ sub _findYubikey {
         $self->logger->debug("2F Device(s) found");
         $self->logger->debug("Reading Yubikey ...");
 
-        $yubikey = $_->{_yubikey}
-          foreach grep { $_->{type} eq 'UBK' } @$_2fDevices;
+        if ( $code = $req->param('code') ) {
+            $yubikey = $_->{_yubikey}
+              foreach grep { ($_->{type} eq 'UBK') and ( $_->{_yubikey} eq
+                substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ) ) } @$_2fDevices;
+        } else {
+            $yubikey = $_->{_yubikey}
+              foreach grep { $_->{type} eq 'UBK' } @$_2fDevices;
+        }
     }
 
     return $yubikey;
@@ -168,11 +174,7 @@ sub verify {
     # Verify OTP
     my $yubikey = $self->_findYubikey( $req, $session );
 
-    if (
-        index( $yubikey,
-            substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ) ) == -1
-      )
-    {
+    unless ( $yubikey ) {
         $self->userLogger->warn('Yubikey not registered');
         return PE_BADOTP;
     }

From 80a364839a3d00988c9b9e40af8e4927818d593d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20W=C3=B3jtowicz?= <marek.wojtowicz@agh.edu.pl>
Date: Thu, 1 Jul 2021 11:36:44 +0000
Subject: [PATCH 2/2] Fix yubikey from session.

---
 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
index 786795a48..c940c306a 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
@@ -174,7 +174,11 @@ sub verify {
     # Verify OTP
     my $yubikey = $self->_findYubikey( $req, $session );
 
-    unless ( $yubikey ) {
+    if (
+        index( $yubikey,
+            substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ) ) == -1
+       )    
+    {
         $self->userLogger->warn('Yubikey not registered');
         return PE_BADOTP;
     }