Update ConfTree (#1699)

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm

@@ -65,6 +65,7 @@ sub defaultValues {
               'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
             'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
         },
+        'gpgAuthnLevel'                 => 3,
         'gpgDb'                         => '',
         'groups'                        => {},
         'handlerInternalCache'          => 15,
@@ -216,6 +217,7 @@ sub defaultValues {
         },
         'requireToken'     => 1,
         'rest2fActivation' => 0,
+        'restAuthnLevel'   => 2,
         'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
           'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
         'samlAuthnContextMapKerberos'                   => 4,

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm

@@ -42,18 +42,18 @@ our $authParameters = {
   dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash dbiDynamicHashEnabled dbiDynamicHashValidSchemes dbiDynamicHashValidSaltedSchemes dbiDynamicHashNewPasswordScheme)],
   demoParams => [qw(demoExportedVars)],
   facebookParams => [qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret facebookUserField)],
-  gpgParams => [qw(gpgDb)],
+  gpgParams => [qw(gpgAuthnLevel gpgDb)],
-  kerberosParams => [qw(krbKeytab krbByJs krbAuthnLevel krbRemoveDomain)],
+  kerberosParams => [qw(krbAuthnLevel krbKeytab krbByJs krbRemoveDomain)],
   ldapParams => [qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupDecodeSearchedValue ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue ldapAllowResetExpiredPassword)],
   linkedinParams => [qw(linkedInAuthnLevel linkedInClientID linkedInClientSecret linkedInFields linkedInUserField linkedInScope)],
   nullParams => [qw(nullAuthnLevel)],
   oidcParams => [qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)],
   openidParams => [qw(openIdAuthnLevel openIdExportedVars openIdSecret openIdIDPList)],
-  pamParams => [qw(pamService pamAuthnLevel)],
+  pamParams => [qw(pamAuthnLevel pamService)],
-  proxyParams => [qw(proxyAuthService proxySessionService remoteCookieName proxyAuthnLevel proxyUseSoap)],
+  proxyParams => [qw(proxyAuthnLevel proxyAuthService proxySessionService remoteCookieName proxyUseSoap)],
   radiusParams => [qw(radiusAuthnLevel radiusSecret radiusServer)],
   remoteParams => [qw(remotePortal remoteCookieName remoteGlobalStorage remoteGlobalStorageOptions)],
-  restParams => [qw(restAuthUrl restUserDBUrl restPwdConfirmUrl restPwdModifyUrl)],
+  restParams => [qw(restAuthnLevel restAuthUrl restUserDBUrl restPwdConfirmUrl restPwdModifyUrl)],
   slaveParams => [qw(slaveAuthnLevel slaveExportedVars slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent)],
   sslParams => [qw(SSLAuthnLevel SSLVar SSLVarIf sslByAjax sslHost)],
   twitterParams => [qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName twitterUserField)],

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -1158,6 +1158,10 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
             },
             'type' => 'keyTextContainer'
         },
+        'gpgAuthnLevel' => {
+            'default' => 3,
+            'type'    => 'int'
+        },
         'gpgDb' => {
             'default' => '',
             'type'    => 'text'
@@ -2518,6 +2522,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
             'test'       => qr/^\w+$/,
             'type'       => 'url'
         },
+        'restAuthnLevel' => {
+            'default' => 2,
+            'type'    => 'int'
+        },
         'restAuthUrl' => {
             'type' => 'url'
         },

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -1570,6 +1570,11 @@ sub attributes {
             type          => 'bool',
             documentation => 'Enable REST config server',
         },
+        restAuthnLevel => {
+            type          => 'int',
+            default       => 2,
+            documentation => 'REST authentication level',
+        },
 
         # SOAP server
         soapSessionServer => {
@@ -2791,6 +2796,11 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
             default       => '',
             documentation => 'GPG keys database',
         },
+        gpgAuthnLevel => {
+            type          => 'int',
+            default       => 3,
+            documentation => 'GPG authentication level',
+        },
 
         # Radius
         radiusAuthnLevel => {

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm

@@ -220,8 +220,8 @@ sub tree {
                             form  => 'simpleInputContainer',
                             help  => 'authkerberos.html',
                             nodes => [
-                                'krbKeytab',     'krbByJs',
+                                'krbAuthnLevel', 'krbKeytab',
-                                'krbAuthnLevel', 'krbRemoveDomain'
+                                'krbByJs',       'krbRemoveDomain'
                             ]
                         },
                         {
@@ -325,15 +325,15 @@ sub tree {
                             title => 'gpgParams',
                             help  => 'authgpg.html',
                             form  => 'simpleInputContainer',
-                            nodes => ['gpgDb'],
+                            nodes => [ 'gpgAuthnLevel', 'gpgDb' ],
                         },
                         {
                             title => 'proxyParams',
                             help  => 'authproxy.html',
                             form  => 'simpleInputContainer',
                             nodes => [
-                                'proxyAuthService', 'proxySessionService',
+                                'proxyAuthnLevel',     'proxyAuthService',
-                                'remoteCookieName', 'proxyAuthnLevel',
+                                'proxySessionService', 'remoteCookieName',
                                 'proxyUseSoap'
                             ]
                         },
@@ -341,7 +341,7 @@ sub tree {
                             title => 'pamParams',
                             help  => 'authpam.html',
                             form  => 'simpleInputContainer',
-                            nodes => [ 'pamService', 'pamAuthnLevel', ]
+                            nodes => [ 'pamAuthnLevel', 'pamService' ]
                         },
                         {
                             title => 'radiusParams',
@@ -357,8 +357,9 @@ sub tree {
                             help  => 'authrest.html',
                             form  => 'simpleInputContainer',
                             nodes => [
-                                'restAuthUrl',       'restUserDBUrl',
+                                'restAuthnLevel', 'restAuthUrl',
-                                'restPwdConfirmUrl', 'restPwdModifyUrl'
+                                'restUserDBUrl',  'restPwdConfirmUrl',
+                                'restPwdModifyUrl'
                             ]
                         },
                         {