Update manager (#1161)

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm

@@ -23,9 +23,9 @@ our $doubleHashKeys = 'issuerDBGetParameters';
 our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustomAddParam|ombModule)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|CAS_proxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList)|SSLVarIf)';
 our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s';
 our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
-our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|Logout(?:SessionRequired|Type|Url)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|UserIDAttr)|ExportedVars)';
+our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|Logout(?:SessionRequired|Type|Url)|AccessTokenExpiration|R(?:edirectUris|ule)|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|ExportedVars)';
 our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
-our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
+our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
 our $virtualHostKeys = '(?:vhost(?:(?:Maintenanc|Typ)e|(?:Aliase|Http)s|Port)|(?:exportedHeader|locationRule)s|post)';
 
 our $authParameters = {

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -1721,6 +1721,25 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
         'oidcRPMetaDataOptionsRedirectUris' => {
             'type' => 'text'
         },
+        'oidcRPMetaDataOptionsRule' => {
+            'test' => sub {
+                my ( $val, $conf ) = @_;
+                my $s = '';
+
+                BEGIN {
+                    ${^WARNING_BITS} =
+"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55";
+                }
+                eval "$s $val";
+                my $err = join(
+                    '',
+                    grep( { $_ =~ /Undefined subroutine/ ? () : $_; }
+                        split( /\n/, $@, 0 ) )
+                );
+                return $err ? ( 1, "__badExpression__: $err" ) : 1;
+            },
+            'type' => 'text'
+        },
         'oidcRPMetaDataOptionsUserIDAttr' => {
             'type' => 'text'
         },
@@ -2701,6 +2720,25 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
             'default' => 0,
             'type'    => 'bool'
         },
+        'samlSPMetaDataOptionsRule' => {
+            'test' => sub {
+                my ( $val, $conf ) = @_;
+                my $s = '';
+
+                BEGIN {
+                    ${^WARNING_BITS} =
+"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55";
+                }
+                eval "$s $val";
+                my $err = join(
+                    '',
+                    grep( { $_ =~ /Undefined subroutine/ ? () : $_; }
+                        split( /\n/, $@, 0 ) )
+                );
+                return $err ? ( 1, "__badExpression__: $err" ) : 1;
+            },
+            'type' => 'text'
+        },
         'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => {
             'default' => 72000,
             'type'    => 'int'

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -379,9 +379,7 @@ sub attributes {
             type          => 'portalskin',
             default       => 'bootstrap',
             documentation => 'Name of portal skin',
-            select        => [
-                { k => 'bootstrap', v => 'Bootstrap' },
-            ],
+            select        => [ { k => 'bootstrap', v => 'Bootstrap' }, ],
         },
         portalSkinBackground => {
             type          => 'portalskinbackground',
@@ -1745,6 +1743,11 @@ sub attributes {
             type    => 'bool',
             default => 1,
         },
+        samlSPMetaDataOptionsRule => {
+            type          => 'text',
+            test          => $perlExpr,
+            documentation => 'Rule to grant access to this SP',
+        },
 
         # AUTH, USERDB and PASSWORD MODULES
         authentication => {
@@ -2525,6 +2528,12 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
         oidcOPMetaDataOptionsIcon         => { type => 'text', },
         oidcOPMetaDataOptionsStoreIDToken => { type => 'bool', default => 0 },
 
+        oidcRPMetaDataOptionsRule => {
+            type          => 'text',
+            test          => $perlExpr,
+            documentation => 'Rule to grant access to this SP',
+        },
+
         # OpenID Connect relying parties
         oidcRPMetaDataExportedVars => {
             type    => 'keyTextContainer',

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm

@@ -121,7 +121,8 @@ sub cTrees {
                         form  => 'simpleInputContainer',
                         nodes => [
                             "samlSPMetaDataOptionsEncryptionMode",
-                            "samlSPMetaDataOptionsEnableIDPInitiatedURL"
+                            "samlSPMetaDataOptionsEnableIDPInitiatedURL",
+                            "samlSPMetaDataOptionsRule",
                         ]
                     }
                 ]
@@ -208,6 +209,7 @@ sub cTrees {
                             'oidcRPMetaDataOptionsLogoutSessionRequired',
                         ]
                     },
+                    'oidcRPMetaDataOptionsRule',
                 ]
             },
             'oidcRPMetaDataOptionsExtraClaims',

lemonldap-ng-manager/site/htdocs/static/js/conftree.js

@@ -386,6 +386,11 @@ function templates(tpl,key) {
             "id" : "logout",
             "title" : "logout",
             "type" : "simpleInputContainer"
+         },
+         {
+            "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsRule",
+            "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsRule",
+            "title" : "oidcRPMetaDataOptionsRule"
          }
       ],
       "id" : "oidcRPMetaDataOptions",
@@ -879,6 +884,11 @@ function templates(tpl,key) {
                   "id" : tpl+"s/"+key+"/"+"samlSPMetaDataOptionsEnableIDPInitiatedURL",
                   "title" : "samlSPMetaDataOptionsEnableIDPInitiatedURL",
                   "type" : "bool"
+               },
+               {
+                  "get" : tpl+"s/"+key+"/"+"samlSPMetaDataOptionsRule",
+                  "id" : tpl+"s/"+key+"/"+"samlSPMetaDataOptionsRule",
+                  "title" : "samlSPMetaDataOptionsRule"
                }
             ],
             "id" : "samlSPMetaDataOptionsSecurity",

lemonldap-ng-manager/site/htdocs/static/languages/en.json

@@ -432,6 +432,7 @@
 "oidcRPMetaDataOptionsLogoutType": "Type",
 "oidcRPMetaDataOptionsLogoutUrl": "URL",
 "oidcOPMetaDataOptionsProtocol": "Protocol",
+"oidcRPMetaDataOptionsRule": "Access rule",
 "oidcOPMetaDataOptionsScope": "Scope",
 "oidcOPMetaDataOptionsStoreIDToken": "Store ID Token",
 "oidcOPMetaDataOptionsTokenEndpointAuthMethod": "Token endpoint authentication method",
@@ -771,6 +772,7 @@
 "samlSPMetaDataOptionsSessionNotOnOrAfterTimeout": "sessionNotOnOrAfter duration",
 "samlSPMetaDataOptionsNotOnOrAfterTimeout": "notOnOrAfter duration",
 "samlSPMetaDataOptionsForceUTF8": "Force UTF-8",
+"samlSPMetaDataOptionsRule": "Access rule",
 "samlIDPName": "SAML IDP Name",
 "samlServiceMetaData": "SAML 2 Service",
 "samlEntityID": "Entity Identifier",

lemonldap-ng-manager/site/htdocs/static/languages/fr.json

@@ -432,6 +432,7 @@
 "oidcRPMetaDataOptionsLogoutType": "Type",
 "oidcRPMetaDataOptionsLogoutUrl": "URL",
 "oidcOPMetaDataOptionsProtocol": "Protocole",
+"oidcRPMetaDataOptionsRule": "Règle d'accès",
 "oidcOPMetaDataOptionsScope": "Étendue",
 "oidcOPMetaDataOptionsStoreIDToken": "Conserver le jeton d'identité",
 "oidcOPMetaDataOptionsTokenEndpointAuthMethod": "Méthode d'authentification pour l'accès aux jetons",
@@ -771,6 +772,7 @@
 "samlSPMetaDataOptionsSessionNotOnOrAfterTimeout": "Durée sessionNotOnOrAfter",
 "samlSPMetaDataOptionsNotOnOrAfterTimeout": "Durée notOnOrAfter",
 "samlSPMetaDataOptionsForceUTF8": "Forcer l'UTF-8",
+"samlSPMetaDataOptionsRule": "Règle d'accès",
 "samlIDPName": "Nom du fournisseur d'identité SAML",
 "samlServiceMetaData": "Service SAML 2",
 "samlEntityID": "Identifiant d'entité",