NAME

Lemonldap::NG::Portal::Main::SecondFactor - Base class for Lemonldap::NG::Portal second factor plugins.

SYNOPSIS

package Lemonldap::NG::Portal::2F::MySecondFactor;
use Mouse;
# Import used constants
use Lemonldap::NG::Portal::Main::Constants qw(
  PE_OK
  PE_BADCREDENTIALS
  PE_SENDRESPONSE
);
extends 'Lemonldap::NG::Portal::Main::SecondFactor';

# INITIALIZATION

# Prefix that will be used in parameter names. The form used to enter the
# second factor must post its result to "/my2fcheck" (if "my" is the prefix).
has prefix => ( is => 'ro', default => 'my' );
# Optional logo
has logo => ( is => 'rw', default => 'mylogo.png' );

# Required init method
sub init {
    my ($self) = @_;
    # Insert here initialization process
    #
    # If self registration is enabled and "activation" is set to "enabled",
    # replace the rule to detect if user has registered a device key.
    # The rule must be like this :
    # By example :
    $self->conf->{u2fActivation} = '$_2fDevices =~ /"type":\s*"U2F"/s'
    # Optionally, the rule can be : '$_2fDevices and $_2fDevices =~ /"type":\s*"U2F"/s'
    # to avoid warning due to undef variable
    #
    # Required call:
    return $self->SUPER::init();
}

# RUNNING METHODS

# Required 2nd factor send method
sub run {
    my ( $self, $req, $token ) = @_;
    # $token must be inserted in a hidden input in your form with the name
    # "token"
    ...
    # A LLNG constant must be returned. Example:
    $req->response($my_psgi_response)
    return PE_SENDRESPONSE;
}
# Required 2nd factor verify method
sub verify {
    my ( $self, $req, $session ) = @_;
    # Use $req->param('field') to get POST responses
    ...
    if ($result eq $goodResult) {
      return PE_OK;
    }
    else {
      return PE_BADCREDENTIALS
    }
}

Enable your plugin in lemonldap-ng.ini, section [portal]:

<prefix>2fActivation (required): 1, 0 or a rule
<prefix>2fAuthnLevel (optional): change authentication level for users authenticated by this plugin

Example:

[portal]
customPlugins = Lemonldap::NG::Portal::2F::MyPlugin
my2fActivation = 1
my2fAuthnLevel = 4

DESCRIPTION

Lemonldap::NG::Portal::Main::SecondFactor provides a simple framework to build Lemonldap::NG second authentication factor plugin.

See Lemonldap::NG::Portal::Plugins::2F::* packages for examples.

SEE ALSO

http://lemonldap-ng.org

OTHER POD FILES

Writing an authentication module: Lemonldap::NG::Portal::Auth
Writing a UserDB module: Lemonldap::NG::Portal::UserDB
Writing a second factor module: Lemonldap::NG::Portal::Main::SecondFactor
Writing an issuer module: Lemonldap::NG::Portal::Main::Issuer
Writing another plugin: Lemonldap::NG::Portal::Main::Plugin
Request object: Lemonldap::NG::Portal::Main::Request
Adding parameters in the manager: Lemonldap::NG::Manager::Build

AUTHORS

LemonLDAP::NG team http://lemonldap-ng.org/team

BUG REPORT

Use OW2 system to report bug or ask for features: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues

DOWNLOAD

Lemonldap::NG is available at https://lemonldap-ng.org/download

COPYRIGHT AND LICENSE

See COPYING file for details.

This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.