Use custom decrypt functions (#1956)
This commit is contained in:
Christophe Maudoux
parent
9c823b2e7f
commit
0ca649f106
6
COPYING
6
COPYING
|
|
@ -103,6 +103,12 @@ License: CC-3
|
||||||
Comment: This work, "sfa_manager.png", is a derivative of
|
Comment: This work, "sfa_manager.png", is a derivative of
|
||||||
"Noun project 1162.svg" by Christopher T. Howlett, under CC-BY-3.0.
|
"Noun project 1162.svg" by Christopher T. Howlett, under CC-BY-3.0.
|
||||||
|
|
||||||
|
Files: lemonldap-ng-portal/site/htdocs/static/common/icons/decryptValue.png
|
||||||
|
Copyright: Christophe Maudoux <chrmdx@gmail.com>
|
||||||
|
License: CC-3
|
||||||
|
Comment: This work, "decryptValue.png", is a derivative of
|
||||||
|
"secure.png" by Austin Condiff, under CC-BY-3.0.
|
||||||
|
|
||||||
Files: lemonldap-ng-portal/site/htdocs/static/common/icons/switchcontext_OFF.png
|
Files: lemonldap-ng-portal/site/htdocs/static/common/icons/switchcontext_OFF.png
|
||||||
Copyright: Christophe Maudoux <chrmdx@gmail.com>
|
Copyright: Christophe Maudoux <chrmdx@gmail.com>
|
||||||
License: CC-4
|
License: CC-4
|
||||||
|
|
|
||||||
|
|
@ -1100,6 +1100,11 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
||||||
'dbiUserUser' => {
|
'dbiUserUser' => {
|
||||||
'type' => 'text'
|
'type' => 'text'
|
||||||
},
|
},
|
||||||
|
'decryptValueFunctions' => {
|
||||||
|
'msgFail' => '__badCustomFuncName__',
|
||||||
|
'test' => qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/,
|
||||||
|
'type' => 'text'
|
||||||
|
},
|
||||||
'decryptValueRule' => {
|
'decryptValueRule' => {
|
||||||
'default' => 0,
|
'default' => 0,
|
||||||
'type' => 'boolOrExpr'
|
'type' => 'boolOrExpr'
|
||||||
|
|
|
||||||
|
|
@ -528,6 +528,13 @@ sub attributes {
|
||||||
documentation => 'Decrypt value activation rule',
|
documentation => 'Decrypt value activation rule',
|
||||||
flags => 'p',
|
flags => 'p',
|
||||||
},
|
},
|
||||||
|
decryptValueFunctions => {
|
||||||
|
type => 'text',
|
||||||
|
test => qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/,
|
||||||
|
msgFail => "__badCustomFuncName__",
|
||||||
|
documentation => 'Custom function used for decrypting values',
|
||||||
|
flags => 'p',
|
||||||
|
},
|
||||||
skipRenewConfirmation => {
|
skipRenewConfirmation => {
|
||||||
type => 'bool',
|
type => 'bool',
|
||||||
default => 0,
|
default => 0,
|
||||||
|
|
|
||||||
|
|
@ -718,6 +718,7 @@ sub tree {
|
||||||
form => 'simpleInputContainer',
|
form => 'simpleInputContainer',
|
||||||
nodes => [
|
nodes => [
|
||||||
'decryptValueRule',
|
'decryptValueRule',
|
||||||
|
'decryptValueFunctions',
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
|
||||||
|
|
@ -231,6 +231,7 @@
|
||||||
"dbiSchema":"مخطط",
|
"dbiSchema":"مخطط",
|
||||||
"dbiUserTable":"جدول المستخدم",
|
"dbiUserTable":"جدول المستخدم",
|
||||||
"decryptValue":"Decrypt value",
|
"decryptValue":"Decrypt value",
|
||||||
|
"decryptValueFunctions":"Decrypt functions",
|
||||||
"decryptValueRule":"Use rule",
|
"decryptValueRule":"Use rule",
|
||||||
"default":"الاعْتيادي",
|
"default":"الاعْتيادي",
|
||||||
"defaultRule":"القاعدة الاعتيادية ",
|
"defaultRule":"القاعدة الاعتيادية ",
|
||||||
|
|
|
||||||
|
|
@ -231,6 +231,7 @@
|
||||||
"dbiSchema":"Schema",
|
"dbiSchema":"Schema",
|
||||||
"dbiUserTable":"User table",
|
"dbiUserTable":"User table",
|
||||||
"decryptValue":"Decrypt value",
|
"decryptValue":"Decrypt value",
|
||||||
|
"decryptValueFunctions":"Decrypt functions",
|
||||||
"decryptValueRule":"Use rule",
|
"decryptValueRule":"Use rule",
|
||||||
"default":"Default",
|
"default":"Default",
|
||||||
"defaultRule":"Default rule",
|
"defaultRule":"Default rule",
|
||||||
|
|
|
||||||
|
|
@ -231,6 +231,7 @@
|
||||||
"dbiSchema":"Schema",
|
"dbiSchema":"Schema",
|
||||||
"dbiUserTable":"User table",
|
"dbiUserTable":"User table",
|
||||||
"decryptValue":"Decrypt value",
|
"decryptValue":"Decrypt value",
|
||||||
|
"decryptValueFunctions":"Decrypt functions",
|
||||||
"decryptValueRule":"Use rule",
|
"decryptValueRule":"Use rule",
|
||||||
"default":"Default",
|
"default":"Default",
|
||||||
"defaultRule":"Default rule",
|
"defaultRule":"Default rule",
|
||||||
|
|
|
||||||
|
|
@ -231,6 +231,7 @@
|
||||||
"dbiSchema":"Schéma",
|
"dbiSchema":"Schéma",
|
||||||
"dbiUserTable":"Table des utilisateurs",
|
"dbiUserTable":"Table des utilisateurs",
|
||||||
"decryptValue":"Déchiffrement",
|
"decryptValue":"Déchiffrement",
|
||||||
|
"decryptValueFunctions":"Fonctions de déchiffrement",
|
||||||
"decryptValueRule":"Règle d'utilisation",
|
"decryptValueRule":"Règle d'utilisation",
|
||||||
"default":"Défaut",
|
"default":"Défaut",
|
||||||
"defaultRule":"Règle par défaut",
|
"defaultRule":"Règle par défaut",
|
||||||
|
|
|
||||||
|
|
@ -231,6 +231,7 @@
|
||||||
"dbiSchema":"Schema",
|
"dbiSchema":"Schema",
|
||||||
"dbiUserTable":"Tabella utente",
|
"dbiUserTable":"Tabella utente",
|
||||||
"decryptValue":"Decrypt value",
|
"decryptValue":"Decrypt value",
|
||||||
|
"decryptValueFunctions":"Decrypt functions",
|
||||||
"decryptValueRule":"Use rule",
|
"decryptValueRule":"Use rule",
|
||||||
"default":"Predefinito",
|
"default":"Predefinito",
|
||||||
"defaultRule":"Regola predefinita",
|
"defaultRule":"Regola predefinita",
|
||||||
|
|
|
||||||
|
|
@ -231,6 +231,7 @@
|
||||||
"dbiSchema":"Giản đồ",
|
"dbiSchema":"Giản đồ",
|
||||||
"dbiUserTable":"Bảng người dùng",
|
"dbiUserTable":"Bảng người dùng",
|
||||||
"decryptValue":"Decrypt value",
|
"decryptValue":"Decrypt value",
|
||||||
|
"decryptValueFunctions":"Decrypt functions",
|
||||||
"decryptValueRule":"Use rule",
|
"decryptValueRule":"Use rule",
|
||||||
"default":"Mặc định",
|
"default":"Mặc định",
|
||||||
"defaultRule":"Quy tắc mặc định",
|
"defaultRule":"Quy tắc mặc định",
|
||||||
|
|
|
||||||
|
|
@ -231,6 +231,7 @@
|
||||||
"dbiSchema":"Schema",
|
"dbiSchema":"Schema",
|
||||||
"dbiUserTable":"用户表",
|
"dbiUserTable":"用户表",
|
||||||
"decryptValue":"Decrypt value",
|
"decryptValue":"Decrypt value",
|
||||||
|
"decryptValueFunctions":"Decrypt functions",
|
||||||
"decryptValueRule":"Use rule",
|
"decryptValueRule":"Use rule",
|
||||||
"default":"默认",
|
"default":"默认",
|
||||||
"defaultRule":"默认规则",
|
"defaultRule":"默认规则",
|
||||||
|
|
|
||||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -124,6 +124,15 @@ sub params {
|
||||||
$self->logger->debug("Display SwitchContext link -> $res{contextSwitching}")
|
$self->logger->debug("Display SwitchContext link -> $res{contextSwitching}")
|
||||||
if $res{contextSwitching};
|
if $res{contextSwitching};
|
||||||
|
|
||||||
|
# Display DecryptValue link if allowed
|
||||||
|
my $dvPlugin =
|
||||||
|
$self->p->loadedModules->{'Lemonldap::NG::Portal::Plugins::DecryptValue'};
|
||||||
|
$res{decryptValue} =
|
||||||
|
$dvPlugin
|
||||||
|
? $dvPlugin->displayLink( $req, $req->userData )
|
||||||
|
: '';
|
||||||
|
$self->logger->debug("Display DecryptValue link") if $res{decryptValue};
|
||||||
|
|
||||||
return %res;
|
return %res;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -81,7 +81,7 @@ sub display {
|
||||||
|
|
||||||
sub run {
|
sub run {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my $msg = '';
|
my ( $msg, $decryptedValue ) = ( '', '' );
|
||||||
|
|
||||||
# Check access rules
|
# Check access rules
|
||||||
unless ( $self->rule->( $req, $req->userData ) ) {
|
unless ( $self->rule->( $req, $req->userData ) ) {
|
||||||
|
|
@ -121,12 +121,43 @@ sub run {
|
||||||
}
|
}
|
||||||
|
|
||||||
my $cipheredValue = $req->param('cipheredValue') || '';
|
my $cipheredValue = $req->param('cipheredValue') || '';
|
||||||
my $decryptedValue =
|
$self->logger->debug("decryptValue tried with value: $cipheredValue");
|
||||||
$self->p->HANDLER->tsv->{cipher}->decrypt($cipheredValue)
|
|
||||||
if $cipheredValue;
|
|
||||||
|
|
||||||
$self->logger->debug("decryptValue try with : $cipheredValue");
|
if ($cipheredValue) {
|
||||||
$self->logger->debug("Decrypted value = $decryptedValue") if $decryptedValue;
|
if ( $self->{conf}->{decryptValueFunctions}
|
||||||
|
and $self->{conf}->{decryptValueFunctions} =~
|
||||||
|
qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/ )
|
||||||
|
{
|
||||||
|
foreach ( split( /\s+/, $self->{conf}->{decryptValueFunctions} ) ) {
|
||||||
|
$self->userLogger->notice(
|
||||||
|
"Try to decrypt value with function: $_");
|
||||||
|
/^([\w:{2}]*?)(?:::)?(?:\w+)$/;
|
||||||
|
eval "require Lemonldap::NG::Portal::$1";
|
||||||
|
$self->logger->debug("Unable to load decrypt module: $@")
|
||||||
|
if ($@);
|
||||||
|
$decryptedValue = eval "$_()" unless ($@);
|
||||||
|
$self->logger->debug(
|
||||||
|
$@
|
||||||
|
? "Unable to eval decrypt function: $@"
|
||||||
|
: "Decrypted value = $decryptedValue"
|
||||||
|
);
|
||||||
|
last if $decryptedValue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$self->userLogger->notice("Malformed decrypt functions")
|
||||||
|
if $self->{conf}->{decryptValueFunctions};
|
||||||
|
$self->userLogger->notice(
|
||||||
|
"Try to decrypt value with internal LL::NG decrypt function");
|
||||||
|
$decryptedValue =
|
||||||
|
$self->p->HANDLER->tsv->{cipher}->decrypt($cipheredValue);
|
||||||
|
$self->logger->debug(
|
||||||
|
$@
|
||||||
|
? "Unable to decrypt value: $@"
|
||||||
|
: "Decrypted value = $decryptedValue"
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
# Display form
|
# Display form
|
||||||
my $params = {
|
my $params = {
|
||||||
|
|
@ -155,4 +186,9 @@ sub run {
|
||||||
return $self->p->sendHtml( $req, 'decryptvalue', params => $params );
|
return $self->p->sendHtml( $req, 'decryptvalue', params => $params );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub displayLink {
|
||||||
|
my ( $self, $req ) = @_;
|
||||||
|
return $self->rule->( $req, $req->userData );
|
||||||
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
|
||||||
Binary file not shown.
|
After Width: | Height: | Size: 693 B |
|
|
@ -69,10 +69,16 @@
|
||||||
</TMPL_IF>
|
</TMPL_IF>
|
||||||
<TMPL_IF NAME="contextSwitching">
|
<TMPL_IF NAME="contextSwitching">
|
||||||
<li class="dropdown-item"><a href="/switchcontext" class="nav-link">
|
<li class="dropdown-item"><a href="/switchcontext" class="nav-link">
|
||||||
<img src="<TMPL_VAR NAME="STATIC_PREFIX">common/icons/switchcontext_<TMPL_VAR NAME="contextSwitching">.png" width="20" height="20" alt="refresh" />
|
<img src="<TMPL_VAR NAME="STATIC_PREFIX">common/icons/switchcontext_<TMPL_VAR NAME="contextSwitching">.png" width="20" height="20" alt="switchContext" />
|
||||||
<span trspan="contextSwitching_<TMPL_VAR NAME="contextSwitching">">contextSwitching_<TMPL_VAR NAME="contextSwitching"></span>
|
<span trspan="contextSwitching_<TMPL_VAR NAME="contextSwitching">">contextSwitching_<TMPL_VAR NAME="contextSwitching"></span>
|
||||||
</a></li>
|
</a></li>
|
||||||
</TMPL_IF>
|
</TMPL_IF>
|
||||||
|
<TMPL_IF NAME="decryptValue">
|
||||||
|
<li class="dropdown-item"><a href="/decryptvalue" class="nav-link">
|
||||||
|
<img src="<TMPL_VAR NAME="STATIC_PREFIX">common/icons/decryptValue.png" width="20" height="20" alt="decryptValue" />
|
||||||
|
<span trspan="decryptCipheredValue">decryptCipheredValue</span>
|
||||||
|
</a></li>
|
||||||
|
</TMPL_IF>
|
||||||
<li class="dropdown-item"><a href="/refresh" class="nav-link">
|
<li class="dropdown-item"><a href="/refresh" class="nav-link">
|
||||||
<img src="<TMPL_VAR NAME="STATIC_PREFIX">common/icons/arrow_refresh.png" width="16" height="16" alt="refresh" />
|
<img src="<TMPL_VAR NAME="STATIC_PREFIX">common/icons/arrow_refresh.png" width="16" height="16" alt="refresh" />
|
||||||
<span trspan="refreshrights">Refresh</span>
|
<span trspan="refreshrights">Refresh</span>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user