Add u2fAuthnLevel (#1148)

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -2837,6 +2837,9 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
             'default' => 0,
             'type'    => 'bool'
         },
+        'u2fAuthnLevel' => {
+            'type' => 'int'
+        },
         'u2fSelfRegistration' => {
             'default' => 0,
             'type'    => 'bool'

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -951,6 +951,11 @@ sub attributes {
             default       => 0,
             documentation => 'U2F self registration activation',
         },
+        u2fAuthnLevel => {
+            type => 'int',
+            documentation =>
+              'Authentication level for users authentified by password+U2F'
+        },
 
         # Single session
         notifyDeleted => {

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm

@@ -589,7 +589,10 @@ sub tree {
                             title => 'u2f',
                             help  => 'u2f.html',
                             form  => 'simpleInputContainer',
-                            nodes => [ 'u2fActivation', 'u2fSelfRegistration', ]
+                            nodes => [
+                                'u2fActivation', 'u2fSelfRegistration',
+                                'u2fAuthnLevel'
+                            ]
                         },
                     ]
                 },

lemonldap-ng-manager/site/htdocs/static/languages/en.json

@@ -642,6 +642,7 @@
 "type": "Type",
 "u2f": "U2F",
 "u2fActivation": "Activation",
+"u2fAuthnLevel": "U2F authentication level",
 "u2fSelfRegistration": "Self registration",
 "uid": "Identifier",
 "unknownAttrOrMacro": "Unknown attribute or macro",

lemonldap-ng-manager/site/htdocs/static/languages/fr.json

@@ -642,6 +642,7 @@
 "type": "Type",
 "u2f": "U2F",
 "u2fActivation": "Activation",
+"u2fAuthnLevel": "Niveau d'authentification U2F",
 "u2fSelfRegistration": "Activation de l'enregistrement",
 "uid": "Identifiant",
 "unknownAttrOrMacro": "Attribut ou macro inconnu",

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/U2F.pm

@@ -4,6 +4,7 @@
 # have registered their U2F key
 package Lemonldap::NG::Portal::Plugins::U2F;
 
+use 5.16.0;
 use strict;
 use Mouse;
 use Lemonldap::NG::Portal::Main::Constants qw(
@@ -99,12 +100,14 @@ sub verify {
             return $self->fail($req);
         }
         if ( $self->crypter->authenticationVerify($resp) ) {
-            $req->id( $req->sessionInfo->{_u2fRealSession} );
-            delete $req->sessionInfo->{_u2fRealSession};
+            $req->id( delete $req->sessionInfo->{_u2fRealSession} );
             $self->p->rebuildCookies($req);
             $req->mustRedirect(1);
-            $self->userLogger->info( 'U2F signature verified for '
+            $self->userLogger->notice( 'U2F signature verified for '
                   . $req->sessionInfo->{ $self->conf->{whatToTrace} } );
+            if ( my $l = $self->conf->{u2fAuthnLevel} ) {
+                $self->p->updateSession( $req, { authenticationLevel => $l } );
+            }
             return $self->p->do( $req, [ sub { PE_OK } ] );
         }
         else {
@@ -147,7 +150,8 @@ sub loadUser {
     {
         $self->crypter->{keyHandle} = $self->decode_base64url($kh);
         $self->crypter->{publicKey} = $self->decode_base64url($uk);
-        unless ( $self->crypter->setKeyHandle and $self->crypter->setPublicKey )
+        unless ($self->crypter->setKeyHandle
+            and $self->crypter->setPublicKey )
         {
             $self->logger->error(
                 'U2F error: ' . Crypt::U2F::Server::u2fclib_getError() );