parent
f567d169f2
commit
081699b29e
|
@ -129,7 +129,7 @@
|
|||
.\" ========================================================================
|
||||
.\"
|
||||
.IX Title "llng-fastcgi-server 1"
|
||||
.TH llng-fastcgi-server 1 "2017-10-20" "perl v5.26.0" "User Contributed Perl Documentation"
|
||||
.TH llng-fastcgi-server 1 "2017-10-26" "perl v5.26.0" "User Contributed Perl Documentation"
|
||||
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
||||
.\" way too many mistakes in technical documents.
|
||||
.if n .ad l
|
||||
|
|
|
@ -23,7 +23,7 @@ use constant HANDLERSECTION => "handler";
|
|||
use constant MANAGERSECTION => "manager";
|
||||
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
|
||||
use constant APPLYSECTION => "apply";
|
||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va))r|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|re(?:moteGlobalStorageOption|loadUrl)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustomAddParam|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:uthChoiceModules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va))r|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|re(?:moteGlobalStorageOption|loadUrl)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustomAddParam|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||
|
||||
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
|
||||
|
||||
|
|
|
@ -22,7 +22,7 @@ our $specialNodeHash = {
|
|||
};
|
||||
|
||||
our $doubleHashKeys = 'issuerDBGetParameters';
|
||||
our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustomAddParam|ombModule)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
|
||||
our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustomAddParam|ombModule)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
|
||||
our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
|
||||
our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:Servic|Rul)e|ExportedVars)';
|
||||
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|Gateway|Renew|Icon|Url)|ExportedVars)';
|
||||
|
|
|
@ -604,6 +604,9 @@ sub attributes {
|
|||
'AuthLDAPFilter' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'autoSigninRules' => {
|
||||
'type' => 'keyTextContainer'
|
||||
},
|
||||
'captcha_login_enabled' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
|
|
|
@ -1108,6 +1108,12 @@ sub attributes {
|
|||
'List of attributes to export by SOAP or REST servers',
|
||||
},
|
||||
|
||||
# AutoSignin
|
||||
autoSigninRules => {
|
||||
type => 'keyTextContainer',
|
||||
documentation => 'List of auto signin rules',
|
||||
},
|
||||
|
||||
## Virtualhosts
|
||||
|
||||
# Fake attribute: used by manager REST API to agglomerate all other
|
||||
|
@ -1145,7 +1151,7 @@ sub attributes {
|
|||
},
|
||||
msgFail => '__badExpression__',
|
||||
},
|
||||
keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
|
||||
keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
|
||||
keyMsgFail => '__badHostname__',
|
||||
default => {
|
||||
default => 'deny',
|
||||
|
@ -1153,9 +1159,9 @@ sub attributes {
|
|||
documentation => 'Virtualhost rules',
|
||||
},
|
||||
exportedHeaders => {
|
||||
type => 'keyTextContainer',
|
||||
help => 'writingrulesand_headers.html#headers',
|
||||
keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
|
||||
type => 'keyTextContainer',
|
||||
help => 'writingrulesand_headers.html#headers',
|
||||
keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
|
||||
keyMsgFail => '__badHostname__',
|
||||
test => {
|
||||
keyTest => qr/^(?=[^\-])[\w\-]+(?<=[^-])$/,
|
||||
|
@ -1174,10 +1180,10 @@ sub attributes {
|
|||
documentation => 'Virtualhost headers',
|
||||
},
|
||||
post => {
|
||||
type => 'postContainer',
|
||||
help => 'formreplay.html',
|
||||
test => sub { 1 },
|
||||
keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
|
||||
type => 'postContainer',
|
||||
help => 'formreplay.html',
|
||||
test => sub { 1 },
|
||||
keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
|
||||
keyMsgFail => '__badHostname__',
|
||||
documentation => 'Virtualhost urls/Datas to post',
|
||||
},
|
||||
|
|
|
@ -631,6 +631,11 @@ sub tree {
|
|||
]
|
||||
},
|
||||
'upgradeSession',
|
||||
{
|
||||
title => 'autoSignin',
|
||||
help => 'autoSignin.html',
|
||||
nodes => ['autoSigninRules'],
|
||||
},
|
||||
{
|
||||
title => 'u2f',
|
||||
help => 'u2f.html',
|
||||
|
|
|
@ -63,6 +63,8 @@
|
|||
"authorizedValues": "القيم المعتمدة",
|
||||
"authParams": "معايير إثبات الهوية",
|
||||
"auto": "تلقائي",
|
||||
"autoSignin": "Auto Signin",
|
||||
"autoSigninRules": "Rules",
|
||||
"backtoportal": "العودة إلى البوابة",
|
||||
"badCasProxyId": "معرف خدمة بروكسي كاس غير صالح",
|
||||
"badChoiceKey": "اسم مفتاح سيئ في قائمة الاختيارات",
|
||||
|
|
|
@ -63,6 +63,8 @@
|
|||
"authorizedValues": "Authorized values",
|
||||
"authParams": "Authentication parameters",
|
||||
"auto": "Automatic",
|
||||
"autoSignin": "Auto Signin",
|
||||
"autoSigninRules": "Rules",
|
||||
"backtoportal": "Back to portal",
|
||||
"badCasProxyId": "Bad CAS proxied service identifier",
|
||||
"badChoiceKey": "Bad key name in Choice menu",
|
||||
|
|
|
@ -63,6 +63,8 @@
|
|||
"authorizedValues": "Valeurs autorisées",
|
||||
"authParams": "Paramètres d'authentification",
|
||||
"auto": "Automatique",
|
||||
"autoSignin": "Connexion automatique",
|
||||
"autoSigninRules": "Règles",
|
||||
"backtoportal": "Retour au portail",
|
||||
"badCasProxyId": "Mauvais identifiant de service proxy CAS",
|
||||
"badChoiceKey": "Mauvais nom de clef dans le menu Choice",
|
||||
|
|
|
@ -63,6 +63,8 @@
|
|||
"authorizedValues": "Valori autorizzati",
|
||||
"authParams": "Parametri di autenticazione",
|
||||
"auto": "Automatico",
|
||||
"autoSignin": "Auto Signin",
|
||||
"autoSigninRules": "Rules",
|
||||
"backtoportal": "Torna al portale",
|
||||
"badCasProxyId": "Identificatore di servizio difettoso CAS proxy",
|
||||
"badChoiceKey": "Nome chiave errato nel menu Scelta",
|
||||
|
|
|
@ -63,6 +63,8 @@
|
|||
"authorizedValues": "Các giá trị được ủy quyền",
|
||||
"authParams": "Thông số xác thực",
|
||||
"auto": "Tự động",
|
||||
"autoSignin": "Auto Signin",
|
||||
"autoSigninRules": "Rules",
|
||||
"backtoportal": "Quay lại cổng thông tin",
|
||||
"badCasProxyId": "Dịch vụ định danh đệm bởi CAS không hợp lệ",
|
||||
"badChoiceKey": "Tên khoá không hợp lệ trong trình đơn Chọn",
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -332,6 +332,7 @@ t/23-Auth-and-password-REST.t
|
|||
t/24-AuthApache.t
|
||||
t/24-AuthKerberos.t
|
||||
t/25-AuthSlave.t
|
||||
t/25-AutoSignin.t
|
||||
t/26-AuthRemote.t
|
||||
t/27-AuthProxy.t
|
||||
t/28-AuthChoice.t
|
||||
|
|
|
@ -24,6 +24,7 @@ our @pList = (
|
|||
stayConnected => '::Plugins::StayConnected',
|
||||
grantSessionRule => '::Plugins::GrantSession',
|
||||
upgradeSession => '::Plugins::Upgrade',
|
||||
autoSigninRules => '::Plugins::AutoSignin',
|
||||
);
|
||||
|
||||
##@method list enabledPlugins
|
||||
|
|
|
@ -21,17 +21,16 @@ has rules => ( is => 'rw', default => sub { [] } );
|
|||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
if ( my $rules = $self->conf->{autoLoginRules} ) {
|
||||
if ( my $rules = $self->conf->{autoSigninRules} ) {
|
||||
my $safe = Safe->new;
|
||||
foreach my $r ( sort keys %$rules ) {
|
||||
my $sub = $safe->reval("sub{my(\$env)=\@_;return ($r)}");
|
||||
foreach my $id ( sort keys %$rules ) {
|
||||
my $sub = $safe->reval('sub{my($env)=@_;return ('.$rules->{$id}.')}');
|
||||
if ($@) {
|
||||
$self->error(qq'Bad Autologin rule "$r": $@');
|
||||
$self->error('Bad Autologin rule "'.$rules->{$id}.': $@');
|
||||
return 0;
|
||||
}
|
||||
my $name = $rules->{$r};
|
||||
$name =~ s/^\s*([\w\-\@]+)\s*/$1/;
|
||||
push @{ $self->rules }, [ $sub, $name ];
|
||||
$id =~ s/^\s*([\w\-\@]+)\s*/$1/;
|
||||
push @{ $self->rules }, [ $sub, $id ];
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
|
@ -44,12 +43,14 @@ sub check {
|
|||
|
||||
foreach ( @{ $self->rules } ) {
|
||||
my ( $test, $name ) = @$_;
|
||||
$self->logger->debug("Autosignin: testing user $name");
|
||||
if ( $test->( $req->env ) ) {
|
||||
$req->user($name);
|
||||
my @steps =
|
||||
grep { !ref $_ and $_ !~ /^(?:extractFormInfo|authenticate)$/ }
|
||||
@{ $req->steps };
|
||||
$req->steps( \@steps );
|
||||
$self->userLogger->notice("Autosignin for $name");
|
||||
return PE_OK;
|
||||
}
|
||||
}
|
||||
|
|
31
lemonldap-ng-portal/t/25-AutoSignin.t
Normal file
31
lemonldap-ng-portal/t/25-AutoSignin.t
Normal file
|
@ -0,0 +1,31 @@
|
|||
use Test::More;
|
||||
use strict;
|
||||
|
||||
require 't/test-lib.pm';
|
||||
|
||||
my $res;
|
||||
|
||||
my $client = LLNG::Manager::Test->new(
|
||||
{
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
autoSigninRules => {
|
||||
dwho => '$env->{REMOTE_ADDR} =~ /^127/',
|
||||
},
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
ok( $res = $client->_get( '/', ), 'Auth query' );
|
||||
count(1);
|
||||
expectOK($res);
|
||||
my $id = expectCookie($res);
|
||||
|
||||
ok( $res = $client->_get( '/', ip => '192.168.1.1' ), 'Bad query' );
|
||||
count(1);
|
||||
expectReject($res);
|
||||
clean_sessions();
|
||||
|
||||
done_testing( count() );
|
|
@ -334,10 +334,12 @@ sub _get {
|
|||
'Mozilla/5.0 (VAX-4000; rv:36.0) Gecko/20350101 Firefox',
|
||||
'PATH_INFO' => $path,
|
||||
( $args{referer} ? ( REFERER => $args{referer} ) : () ),
|
||||
'REMOTE_ADDR' => '127.0.0.1',
|
||||
(
|
||||
$args{remote_user}
|
||||
? ( 'REMOTE_USER' => $args{remote_user} )
|
||||
$args{ip} ? ( 'REMOTE_ADDR' => $args{ip} )
|
||||
: ( 'REMOTE_ADDR' => '127.0.0.1' )
|
||||
),
|
||||
(
|
||||
$args{remote_user} ? ( 'REMOTE_USER' => $args{remote_user} )
|
||||
: ()
|
||||
),
|
||||
'REQUEST_METHOD' => $args{method} || 'GET',
|
||||
|
|
Loading…
Reference in New Issue
Block a user