worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Replace bool by boolOrExpr for sfRequired + partial revert (#1487)

Browse Source
environments/ppa-mbqj77/deployments/221
Xavier Guimard 7 years ago
parent 3ffc5c7410
commit bf7d85532d
5 changed files with 29 additions and 33 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
  2. 2
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
  3. 2
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
  4. 2
      lemonldap-ng-manager/site/htdocs/static/struct.json
  5. 55
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm

1
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
Unescape View File

@ -244,6 +244,7 @@ sub defaultValues {
'samlSPSSODescriptorWantAssertionsSigned' => 1,
'securedCookie' => 0,
'sfEngine' => '::2F::Engines::Default',
'sfRequired' => 0,
'slaveAuthnLevel' => 2,
'slaveExportedVars' => {},
'SMTPServer' => '',

2
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
Unescape View File

@ -3058,7 +3058,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
},
'sfRequired' => {
'default' => 0,
'type' => 'bool'
'type' => 'boolOrExpr'
},
'singleIP' => {
'default' => 0,

2
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
Unescape View File

@ -2282,7 +2282,7 @@ sub attributes {
documentation => 'Second factor engine',
},
sfRequired => {
type => 'bool',
type => 'boolOrExpr',
default => 0,
documentation => 'Second factor required',
},

2
lemonldap-ng-manager/site/htdocs/static/struct.json vendored
View File

File diff suppressed because one or more lines are too long

55
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
Unescape View File

@ -30,6 +30,8 @@ has sfModules => ( is => 'rw', default => sub { [] } );
has sfRModules => ( is => 'rw', default => sub { [] } );
has sfReq => ( is => 'rw' );
has ott => (
is => 'rw',
default => sub {
@ -86,6 +88,19 @@ sub init {
}
}
unless (
$self->sfReq(
$self->p->HANDLER->buildSub(
$self->p->HANDLER->substitute( $self->conf->{sfRequired} )
)
)
)
{
$self->error( 'Error in sfRequired rule'
. $self->p->HANDLER->tsv->{jail}->error );
return 0;
}
# Enable REST request only if more than 1 2F module is enabled
if ( @{ $self->{sfModules} } > 1 ) {
$self->addUnauthRoute( '2fchoice' => '_choice', ['POST'] );
@ -140,40 +155,20 @@ sub run {
unless (@am) {
# Except if 2FA is required, move to registration
if ( $self->conf->{sfRequired} ) {
if ( $self->sfReq->( $req, $req->sessionInfo ) ) {
$self->logger->debug("2F is required...");
$self->logger->debug(" -> Regiter 2F");
$req->pdata->{sfRegToken} =
$self->ott->createToken( $req->sessionInfo );
if ( @{ $self->sfModules } > 1 ) {
$self->logger->debug("More than one 2F is enabled");
$self->logger->debug(" -> Redirect to /2fregisters/");
$req->response(
[
302,
[ Location => $self->conf->{portal} . '/2fregisters' ],
[]
]
);
return PE_SENDRESPONSE;
}
else {
$self->logger->debug("Just one 2F is enabled");
$self->logger->debug( " -> Redirect to /2fregisters/"
. ${ $self->sfModules }[0]->{m}->prefix );
$req->response(
[
302,
[
Location => $self->conf->{portal}
. '/2fregisters/'
. ${ $self->sfModules }[0]->{m}->prefix
],
[]
]
);
return PE_SENDRESPONSE;
}
$self->logger->debug("Just one 2F is enabled");
$self->logger->debug(" -> Redirect to /2fregisters/");
$req->response(
[
302,
[ Location => $self->conf->{portal} . '/2fregisters/' ], []
]
);
return PE_SENDRESPONSE;
}
else {
return PE_OK;

Write Preview
Loading…
Cancel
Save