lib/Lemonldap/NG/Portal/2F/WebAuthn.pm


            
              1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
              # WebAuthn second factor authentication
#
# This plugin handle authentications to ask WebAuthn second factor for users that
# have registered their WebAuthn authenticators
package Lemonldap::NG::Portal::2F::WebAuthn;
use strict;
use Mouse;
use JSON qw(from_json to_json);
use MIME::Base64 qw(encode_base64url decode_base64url);
use Crypt::URandom;
use Lemonldap::NG::Portal::Main::Constants qw(
  PE_OK
  PE_ERROR
  PE_SENDRESPONSE
  PE_BADCREDENTIALS
);
our $VERSION = '2.0.16';
extends 'Lemonldap::NG::Portal::Main::SecondFactor';
with 'Lemonldap::NG::Portal::Lib::WebAuthn';
# INITIALIZATION
has rule   => ( is => 'rw' );
has prefix => ( is => 'ro', default => 'webauthn' );
has logo   => ( is => 'rw', default => 'webauthn.png' );
sub init {
    my ($self) = @_;
    # If "activation" is just set to "enabled",
    # replace the rule to detect if user has registered its key
    $self->conf->{webauthn2fActivation} = 'has2f("WebAuthn")'
      if $self->conf->{webauthn2fActivation} eq '1';
    return $self->SUPER::init() ? 1 : 0;
}
# RUNNING METHODS
# Main method
sub run {
    my ( $self, $req, $token ) = @_;
    my $request = $self->generateChallenge( $req, $req->sessionInfo );
    unless ($request) {
        $self->logger->error(
            $self->prefix . '2f: no registered device for ' . $req->user );
        return PE_ERROR;
    }
    $self->ott->updateToken( $token, _webauthn_request => $request );
    # Prepare form
    my ( $checkLogins, $stayConnected ) = $self->getFormParams($req);
    my $tmp = $self->p->sendHtml(
        $req,
        'webauthn2fcheck',
        params => {
            DATA          => to_json( { request => $request } ),
            TOKEN         => $token,
            CHECKLOGINS   => $checkLogins,
            STAYCONNECTED => $stayConnected
        }
    );
    $req->response($tmp);
    return PE_SENDRESPONSE;
}
sub verify {
    my ( $self, $req, $session ) = @_;
    my $user            = $session->{ $self->conf->{whatToTrace} };
    my $credential_json = $req->param('credential');
    unless ($credential_json) {
        $self->logger->error(
            $self->prefix . '2f: missing signature parameter' );
        return PE_ERROR;
    }
    my $signature_options = $session->{_webauthn_request};
    delete $session->{_webauthn_request};
    my $validation_result = eval {
        $self->validateAssertion( $req, $session, $signature_options,
            $credential_json );
    };
    if ($@) {
        $self->logger->error(
            $self->prefix . "2f: validation error for $user ($@)" );
        return PE_ERROR;
    }
    if ( $validation_result->{success} == 1 ) {
        return PE_OK;
    }
    else {
        $self->logger->error(
            $self->prefix . "2f: validation did not return success for $user" );
        return PE_ERROR;
    }
}
1;

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)