2016-03-29 23:09:55 +02:00
|
|
|
# This module loads known enabled plugins. To add custom modules, just add them
|
|
|
|
|
# into "plugins" list in lemonldap-ng.ini, section "portal"
|
|
|
|
|
package Lemonldap::NG::Portal::Main::Plugins;
|
|
|
|
|
|
2021-11-10 22:37:52 +01:00
|
|
|
our $VERSION = '2.0.14';
|
2016-03-29 23:09:55 +02:00
|
|
|
|
2016-04-07 23:31:56 +02:00
|
|
|
package Lemonldap::NG::Portal::Main;
|
|
|
|
|
|
|
|
|
|
use strict;
|
2017-02-04 08:55:44 +01:00
|
|
|
use Mouse;
|
|
|
|
|
|
|
|
|
|
# Plugins enabled by a simple boolean value (ordered list)
|
|
|
|
|
#
|
2018-08-29 13:16:15 +02:00
|
|
|
# Developers: 2FA must be loaded before Notifications
|
2019-11-10 23:16:24 +01:00
|
|
|
# Developers: GlobalLogout must be the last loaded plugin
|
2017-02-04 08:55:44 +01:00
|
|
|
our @pList = (
|
2020-04-29 19:33:39 +02:00
|
|
|
portalDisplayResetPassword => '::Plugins::MailPasswordReset',
|
|
|
|
|
portalDisplayCertificateResetByMail => '::Plugins::CertificateResetByMail',
|
|
|
|
|
portalStatus => '::Plugins::Status',
|
|
|
|
|
cda => '::Plugins::CDA',
|
|
|
|
|
notification => '::Plugins::Notifications',
|
|
|
|
|
stayConnected => '::Plugins::StayConnected',
|
2020-10-31 22:10:14 +01:00
|
|
|
portalCheckLogins => '::Plugins::History',
|
2020-04-29 19:33:39 +02:00
|
|
|
bruteForceProtection => '::Plugins::BruteForceProtection',
|
|
|
|
|
grantSessionRules => '::Plugins::GrantSession',
|
|
|
|
|
upgradeSession => '::Plugins::Upgrade',
|
|
|
|
|
autoSigninRules => '::Plugins::AutoSignin',
|
|
|
|
|
checkState => '::Plugins::CheckState',
|
|
|
|
|
portalForceAuthn => '::Plugins::ForceAuthn',
|
|
|
|
|
checkUser => '::Plugins::CheckUser',
|
2021-02-12 17:37:02 +01:00
|
|
|
checkDevOps => '::Plugins::CheckDevOps',
|
2020-04-29 19:33:39 +02:00
|
|
|
contextSwitchingRule => '::Plugins::ContextSwitching',
|
|
|
|
|
decryptValueRule => '::Plugins::DecryptValue',
|
2020-12-20 17:31:50 +01:00
|
|
|
findUser => '::Plugins::FindUser',
|
2021-08-10 17:02:45 +02:00
|
|
|
newLocationWarning => '::Plugins::NewLocationWarning',
|
2022-02-16 17:43:29 +01:00
|
|
|
adaptativeAuthenticationLevelRules =>
|
2020-10-02 15:05:15 +02:00
|
|
|
'::Plugins::AdaptativeAuthenticationLevel',
|
|
|
|
|
refreshSessions => '::Plugins::Refresh',
|
2021-01-31 13:27:45 +01:00
|
|
|
crowdsec => '::Plugins::CrowdSec',
|
2021-11-10 22:37:52 +01:00
|
|
|
globalLogoutRule => '::Plugins::GlobalLogout',
|
2017-02-04 08:55:44 +01:00
|
|
|
);
|
2016-04-07 23:31:56 +02:00
|
|
|
|
2016-03-29 23:09:55 +02:00
|
|
|
##@method list enabledPlugins
|
|
|
|
|
#
|
|
|
|
|
#@return list of enabled plugins
|
|
|
|
|
sub enabledPlugins {
|
|
|
|
|
my ($self) = @_;
|
2017-02-17 08:40:18 +01:00
|
|
|
my $conf = $self->conf;
|
2016-03-29 23:09:55 +02:00
|
|
|
my @res;
|
|
|
|
|
|
2016-06-12 18:52:37 +02:00
|
|
|
# Search for Issuer* modules enabled
|
2016-06-10 13:03:13 +02:00
|
|
|
foreach my $key (qw(SAML OpenID CAS OpenIDConnect Get)) {
|
2017-02-17 08:40:18 +01:00
|
|
|
if ( $conf->{"issuerDB${key}Activation"} ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("Issuer${key} enabled");
|
2016-06-12 18:52:37 +02:00
|
|
|
push @res, "::Issuer::$key";
|
2016-03-29 23:09:55 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-17 08:40:18 +01:00
|
|
|
# Load single session
|
|
|
|
|
push @res, '::Plugins::SingleSession'
|
|
|
|
|
if ( $conf->{singleSession}
|
|
|
|
|
or $conf->{singleIP}
|
|
|
|
|
or $conf->{singleUserByIP}
|
|
|
|
|
or $conf->{notifyOther} );
|
|
|
|
|
|
2020-04-29 19:33:39 +02:00
|
|
|
# Load static plugin list
|
|
|
|
|
for ( my $i = 0 ; $i < @pList ; $i += 2 ) {
|
2021-01-28 11:28:14 +01:00
|
|
|
my $pluginConf = $conf->{ $pList[$i] };
|
|
|
|
|
if ( ref($pluginConf) eq "HASH" ) {
|
|
|
|
|
|
|
|
|
|
# Do not load plugin if config is an empty hash
|
|
|
|
|
push @res, $pList[ $i + 1 ] if %{$pluginConf};
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
push @res, $pList[ $i + 1 ] if $pluginConf;
|
|
|
|
|
}
|
2020-04-29 19:33:39 +02:00
|
|
|
}
|
|
|
|
|
|
2016-03-29 23:09:55 +02:00
|
|
|
# Check if SOAP is enabled
|
2017-01-08 09:42:16 +01:00
|
|
|
push @res, '::Plugins::SOAPServer'
|
2017-02-17 08:40:18 +01:00
|
|
|
if ( $conf->{soapSessionServer}
|
|
|
|
|
or $conf->{soapConfigServer} );
|
2017-01-07 21:37:07 +01:00
|
|
|
|
2021-11-10 22:37:52 +01:00
|
|
|
# Add REST (check is done by plugin itself)
|
2017-01-09 07:11:28 +01:00
|
|
|
push @res, '::Plugins::RESTServer';
|
2016-03-29 23:09:55 +02:00
|
|
|
|
2021-02-10 22:27:12 +01:00
|
|
|
# Check if password is enabled
|
2017-02-17 08:40:18 +01:00
|
|
|
if ( my $p = $conf->{passwordDB} ) {
|
2021-02-10 22:27:12 +01:00
|
|
|
push @res, "::Password::$p";
|
2016-07-07 23:55:23 +02:00
|
|
|
}
|
2016-03-31 22:08:43 +02:00
|
|
|
|
2017-02-04 08:55:44 +01:00
|
|
|
# Check if register is enabled
|
|
|
|
|
push @res, '::Plugins::Register'
|
2017-02-17 08:40:18 +01:00
|
|
|
if ( $conf->{registerDB} and $conf->{registerDB} ne 'Null' );
|
2017-02-02 22:48:32 +01:00
|
|
|
|
2016-03-29 23:09:55 +02:00
|
|
|
# Check if custom plugins are required
|
2017-02-17 08:40:18 +01:00
|
|
|
if ( $conf->{customPlugins} ) {
|
|
|
|
|
$self->logger->debug( 'Custom plugins: ' . $conf->{customPlugins} );
|
2021-11-16 22:45:25 +01:00
|
|
|
push @res, grep ( /\w+/, split( /[,\s]+/, $conf->{customPlugins} ) );
|
2016-03-29 23:09:55 +02:00
|
|
|
}
|
2021-11-10 22:37:52 +01:00
|
|
|
|
|
|
|
|
# Impersonation overwrites req->step and pops 'afterData' EP.
|
|
|
|
|
# Static and custom 'afterData' plugins will be never launched
|
|
|
|
|
# if they are loaded after Impersonation.
|
|
|
|
|
# This plugin must be the last 'afterData' loaded plugin. Fix #2655
|
|
|
|
|
push @res, '::Plugins::Impersonation'
|
|
|
|
|
if $conf->{impersonationRule};
|
|
|
|
|
|
2016-04-03 18:51:23 +02:00
|
|
|
return @res;
|
2016-03-29 23:09:55 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
1;
|
