Fix Yubikey errors (#1399)

7 years ago · a018a10fb1
parent 9181824755
commit a018a10fb1
4 changed files with 36 additions and 8 deletions
--- a/e2e-tests/test-nginx.conf
+++ b/e2e-tests/test-nginx.conf
@ -18,6 +18,14 @@ server {

    # Keep original request (LLNG server will received /llauth)
    fastcgi_param X_ORIGINAL_URI  $request_uri;
+
+    # OU TO USE uWSGI
+    #include /etc/nginx/uwsgi_params;
+    #uwsgi_pass 127.0.0.1:5000;
+    #uwsgi_pass_request_body  off;
+    #uwsgi_param CONTENT_LENGTH "";
+    #uwsgi_param HOST $http_host;
+    #uwsgi_param X_ORIGINAL_URI  $request_uri;
  }

  # Client requests
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm
@ -5,7 +5,6 @@ use Mouse;
 use Lemonldap::NG::Portal::Main::Constants qw(
  PE_FORMEMPTY
  PE_ERROR
-  PE_OK
 );

 our $VERSION = '2.0.0';
@ -36,17 +35,36 @@ sub run {
        if ( $otp and length($otp) > 12 ) {
            my $keys = $req->userData->{_yubikeys} || '';
            $keys .= ( $keys ? ', ' : '' )
-              . substr( $otp, 0, $self->conf->{yubikeyPublicIDSize} );
+              . substr( $otp, 0, $self->conf->{yubikey2fPublicIDSize} );
            $self->p->updatePersistentSession( $req, { _yubikeys => $keys } );
+            return $self->p->sendHtml(
+                $req, 'error',
+                params => {
+                    RAW_ERROR      => 'yourKeyIsRegistered',
+                    AUTH_ERROR_TYPE => 'positive',
+                }
+            );
        }
        else {
            $self->userLogger->error('Yubikey 2F: no code');
-            return PE_FORMEMPTY;
+            return $self->p->sendHtml(
+                $req, 'error',
+                params => {
+                    AUTH_ERROR      => PE_FORMEMPTY,
+                    AUTH_ERROR_TYPE => 'positive',
+                }
+            );
        }
    }
    else {
        $self->userLogger->error("Unknown Yubikey action $action");
-        return PE_ERROR;
+        return $self->p->sendHtml(
+            $req, 'error',
+            params => {
+                AUTH_ERROR      => PE_ERROR,
+                AUTH_ERROR_TYPE => 'positive',
+            }
+        );
    }
 }

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm
@ -36,8 +36,7 @@ sub init {
    unless ($self->conf->{yubikey2fClientID}
        and $self->conf->{yubikey2fSecretKey} )
    {
-        $self->logger->error(
-            "Missing mandatory parameters (Client ID and secret key)");
+        $self->error('Missing mandatory parameters (Client ID and secret key)');
        return 0;
    }
    $self->conf->{yubikey2fPublicIDSize} ||= 12;
@ -92,8 +91,8 @@ sub verify {

    # Verify OTP
    if (
-        index( substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ),
-            $session->{_yubikeys} ) == -1
+        index( $session->{_yubikeys},
+            substr( $code, 0, $self->conf->{yubikey2fPublicIDSize} ) ) == -1
      )
    {
        $self->userLogger->warn('Yubikey not registered');
--- a/lemonldap-ng-portal/site/templates/bootstrap/error.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/error.tpl
@ -3,6 +3,9 @@
  <TMPL_IF AUTH_ERROR>
    <div class="message message-<TMPL_VAR NAME="AUTH_ERROR_TYPE"> alert"><span trmsg="<TMPL_VAR NAME="AUTH_ERROR">"></span></div>
  </TMPL_IF>
+  <TMPL_IF RAW_ERROR>
+    <div class="message message-<TMPL_VAR NAME="AUTH_ERROR_TYPE"> alert"><span trspan="<TMPL_VAR NAME="RAW_ERROR">"></span></div>
+  </TMPL_IF>
  <TMPL_IF ERROR403>
    <div class="message message-negative alert">
      <span trspan="accessDenied">You have no access authorization for this application</span>