Update manager (#1161)

This commit is contained in:
Xavier Guimard 2017-03-22 20:47:09 +00:00
parent 7e81e1b1e0
commit 0595f729e2
8 changed files with 70 additions and 7 deletions

View File

@ -23,9 +23,9 @@ our $doubleHashKeys = 'issuerDBGetParameters';
our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustomAddParam|ombModule)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|CAS_proxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList)|SSLVarIf)';
our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s';
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|Logout(?:SessionRequired|Type|Url)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|UserIDAttr)|ExportedVars)';
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|Logout(?:SessionRequired|Type|Url)|AccessTokenExpiration|R(?:edirectUris|ule)|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|ExportedVars)';
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
our $virtualHostKeys = '(?:vhost(?:(?:Maintenanc|Typ)e|(?:Aliase|Http)s|Port)|(?:exportedHeader|locationRule)s|post)';
our $authParameters = {

View File

@ -1721,6 +1721,25 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
'oidcRPMetaDataOptionsRedirectUris' => {
'type' => 'text'
},
'oidcRPMetaDataOptionsRule' => {
'test' => sub {
my ( $val, $conf ) = @_;
my $s = '';
BEGIN {
${^WARNING_BITS} =
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55";
}
eval "$s $val";
my $err = join(
'',
grep( { $_ =~ /Undefined subroutine/ ? () : $_; }
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
},
'type' => 'text'
},
'oidcRPMetaDataOptionsUserIDAttr' => {
'type' => 'text'
},
@ -2701,6 +2720,25 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 0,
'type' => 'bool'
},
'samlSPMetaDataOptionsRule' => {
'test' => sub {
my ( $val, $conf ) = @_;
my $s = '';
BEGIN {
${^WARNING_BITS} =
"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55";
}
eval "$s $val";
my $err = join(
'',
grep( { $_ =~ /Undefined subroutine/ ? () : $_; }
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
},
'type' => 'text'
},
'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => {
'default' => 72000,
'type' => 'int'

View File

@ -379,9 +379,7 @@ sub attributes {
type => 'portalskin',
default => 'bootstrap',
documentation => 'Name of portal skin',
select => [
{ k => 'bootstrap', v => 'Bootstrap' },
],
select => [ { k => 'bootstrap', v => 'Bootstrap' }, ],
},
portalSkinBackground => {
type => 'portalskinbackground',
@ -1745,6 +1743,11 @@ sub attributes {
type => 'bool',
default => 1,
},
samlSPMetaDataOptionsRule => {
type => 'text',
test => $perlExpr,
documentation => 'Rule to grant access to this SP',
},
# AUTH, USERDB and PASSWORD MODULES
authentication => {
@ -2525,6 +2528,12 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
oidcOPMetaDataOptionsIcon => { type => 'text', },
oidcOPMetaDataOptionsStoreIDToken => { type => 'bool', default => 0 },
oidcRPMetaDataOptionsRule => {
type => 'text',
test => $perlExpr,
documentation => 'Rule to grant access to this SP',
},
# OpenID Connect relying parties
oidcRPMetaDataExportedVars => {
type => 'keyTextContainer',

View File

@ -121,7 +121,8 @@ sub cTrees {
form => 'simpleInputContainer',
nodes => [
"samlSPMetaDataOptionsEncryptionMode",
"samlSPMetaDataOptionsEnableIDPInitiatedURL"
"samlSPMetaDataOptionsEnableIDPInitiatedURL",
"samlSPMetaDataOptionsRule",
]
}
]
@ -208,6 +209,7 @@ sub cTrees {
'oidcRPMetaDataOptionsLogoutSessionRequired',
]
},
'oidcRPMetaDataOptionsRule',
]
},
'oidcRPMetaDataOptionsExtraClaims',

View File

@ -386,6 +386,11 @@ function templates(tpl,key) {
"id" : "logout",
"title" : "logout",
"type" : "simpleInputContainer"
},
{
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsRule",
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsRule",
"title" : "oidcRPMetaDataOptionsRule"
}
],
"id" : "oidcRPMetaDataOptions",
@ -879,6 +884,11 @@ function templates(tpl,key) {
"id" : tpl+"s/"+key+"/"+"samlSPMetaDataOptionsEnableIDPInitiatedURL",
"title" : "samlSPMetaDataOptionsEnableIDPInitiatedURL",
"type" : "bool"
},
{
"get" : tpl+"s/"+key+"/"+"samlSPMetaDataOptionsRule",
"id" : tpl+"s/"+key+"/"+"samlSPMetaDataOptionsRule",
"title" : "samlSPMetaDataOptionsRule"
}
],
"id" : "samlSPMetaDataOptionsSecurity",

File diff suppressed because one or more lines are too long

View File

@ -432,6 +432,7 @@
"oidcRPMetaDataOptionsLogoutType": "Type",
"oidcRPMetaDataOptionsLogoutUrl": "URL",
"oidcOPMetaDataOptionsProtocol": "Protocol",
"oidcRPMetaDataOptionsRule": "Access rule",
"oidcOPMetaDataOptionsScope": "Scope",
"oidcOPMetaDataOptionsStoreIDToken": "Store ID Token",
"oidcOPMetaDataOptionsTokenEndpointAuthMethod": "Token endpoint authentication method",
@ -771,6 +772,7 @@
"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout": "sessionNotOnOrAfter duration",
"samlSPMetaDataOptionsNotOnOrAfterTimeout": "notOnOrAfter duration",
"samlSPMetaDataOptionsForceUTF8": "Force UTF-8",
"samlSPMetaDataOptionsRule": "Access rule",
"samlIDPName": "SAML IDP Name",
"samlServiceMetaData": "SAML 2 Service",
"samlEntityID": "Entity Identifier",

View File

@ -432,6 +432,7 @@
"oidcRPMetaDataOptionsLogoutType": "Type",
"oidcRPMetaDataOptionsLogoutUrl": "URL",
"oidcOPMetaDataOptionsProtocol": "Protocole",
"oidcRPMetaDataOptionsRule": "Règle d'accès",
"oidcOPMetaDataOptionsScope": "Étendue",
"oidcOPMetaDataOptionsStoreIDToken": "Conserver le jeton d'identité",
"oidcOPMetaDataOptionsTokenEndpointAuthMethod": "Méthode d'authentification pour l'accès aux jetons",
@ -771,6 +772,7 @@
"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout": "Durée sessionNotOnOrAfter",
"samlSPMetaDataOptionsNotOnOrAfterTimeout": "Durée notOnOrAfter",
"samlSPMetaDataOptionsForceUTF8": "Forcer l'UTF-8",
"samlSPMetaDataOptionsRule": "Règle d'accès",
"samlIDPName": "Nom du fournisseur d'identité SAML",
"samlServiceMetaData": "Service SAML 2",
"samlEntityID": "Identifiant d'entité",