Rule is not parsed -> convert to bool & be more consistent (#1605)

This commit is contained in:
Christophe Maudoux 2020-10-12 15:38:57 +02:00
parent d76438b1e8
commit 1c574f03da
15 changed files with 20 additions and 21 deletions

View File

@ -30,7 +30,7 @@ use constant DEFAULTCONFBACKENDOPTIONS => (
dirName => '/usr/local/lemonldap-ng/data/conf',
);
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:State|User|XSS)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:State|User|XSS)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );

View File

@ -236,12 +236,11 @@ sub defaultValues {
'passwordResetAllowedRetries' => 3,
'persistentSessionAttributes' =>
'_loginHistory _2fDevices notification_',
'port' => -1,
'portal' => 'http://auth.example.com/',
'portalAntiFrame' => 1,
'portalCheckLogins' => 1,
'portalDisplayAppslist' => 1,
'portalDisplayCertificateResetByMail' => 0,
'port' => -1,
'portal' => 'http://auth.example.com/',
'portalAntiFrame' => 1,
'portalCheckLogins' => 1,
'portalDisplayAppslist' => 1,
'portalDisplayChangePassword' => '$_auth =~ /^(LDAP|DBI|Demo)$/',
'portalDisplayGeneratePassword' => 1,
'portalDisplayLoginHistory' => 1,

View File

@ -2610,7 +2610,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
},
'portalDisplayCertificateResetByMail' => {
'default' => 0,
'type' => 'boolOrExpr'
'type' => 'bool'
},
'portalDisplayChangePassword' => {
'default' => '$_auth =~ /^(LDAP|DBI|Demo)$/',

View File

@ -1085,9 +1085,9 @@ sub attributes {
documentation => 'Display logout tab in portal',
},
portalDisplayCertificateResetByMail => {
type => 'boolOrExpr',
type => 'bool',
default => 0,
documentation => 'Display Certificate Reset by mail tab in portal',
documentation => 'Display certificate reset by mail button in portal',
},
portalDisplayRegister => {
default => 1,

View File

@ -159,7 +159,6 @@
"certificateResetByMailStep2Subject":"Confirmation mail subject",
"certificateResetByMailStep2Body":"Confirmation mail content",
"certificateResetByMailValidityDelay":"Minimum duration before expiration",
"portalDisplayCertificateResetByMail":"Reset your certificate",
"contentSecurityPolicy":"السياسة الأمنية للمحتوى",
"contextSwitching":"Switch context another user",
"contextSwitchingAllowed2fModifications":"Allow 2FA modifications",
@ -728,6 +727,7 @@
"portalCustomCss":"تخصيص ملف CSS",
"portalCustomization":"التخصيص",
"portalDisplayAppslist":"قائمة التطبيقات",
"portalDisplayCertificateResetByMail":"Reset your certificate",
"portalDisplayChangePassword":"تغيير كلمة المرور",
"portalDisplayGeneratePassword":"Display generate password box",
"portalDisplayLoginHistory":"سجل تسجيل الدخول",

View File

@ -159,7 +159,6 @@
"certificateResetByMailStep2Subject":"Confirmation mail subject",
"certificateResetByMailStep2Body":"Confirmation mail content",
"certificateResetByMailValidityDelay":"Minimum duration before expiration",
"portalDisplayCertificateResetByMail":"Reset your certificate",
"contentSecurityPolicy":"Content security policy",
"contextSwitching":"Switch context another user",
"contextSwitchingAllowed2fModifications":"Allow 2FA modifications",
@ -728,6 +727,7 @@
"portalCustomCss":"Custom CSS file",
"portalCustomization":"Customization",
"portalDisplayAppslist":"Applications list",
"portalDisplayCertificateResetByMail":"Reset your certificate",
"portalDisplayChangePassword":"Password change",
"portalDisplayGeneratePassword":"Display generate password box",
"portalDisplayLoginHistory":"Login History",

View File

@ -159,7 +159,6 @@
"certificateResetByMailStep2Subject":"Confirmation mail subject",
"certificateResetByMailStep2Body":"Confirmation mail content",
"certificateResetByMailValidityDelay":"Minimum duration before expiration",
"portalDisplayCertificateResetByMail":"Reset your certificate",
"contentSecurityPolicy":"Content security policy",
"contextSwitching":"Switch context another user",
"contextSwitchingAllowed2fModifications":"Allow 2FA modifications",
@ -728,6 +727,7 @@
"portalCustomCss":"Custom CSS file",
"portalCustomization":"Customization",
"portalDisplayAppslist":"Applications list",
"portalDisplayCertificateResetByMail":"Reset your certificate",
"portalDisplayChangePassword":"Password change",
"portalDisplayGeneratePassword":"Display generate password box",
"portalDisplayLoginHistory":"Login History",

View File

@ -159,7 +159,6 @@
"certificateResetByMailStep2Subject":"Sujet du message de confirmation",
"certificateResetByMailStep2Body":"Contenu du message de confirmation",
"certificateResetByMailValidityDelay":"Durée minimun avant expiration",
"portalDisplayCertificateResetByMail":"Réinitialiser votre certificat",
"contentSecurityPolicy":"Politique de sécurité de contenu",
"contextSwitching":"Endossement d'identité",
"contextSwitchingAllowed2fModifications":"Autoriser les modifications des SF",
@ -728,6 +727,7 @@
"portalCustomCss":"Fichier CSS personnalisé",
"portalCustomization":"Personnalisation",
"portalDisplayAppslist":"Liste des applications",
"portalDisplayCertificateResetByMail":"Réinitialisation du certificat",
"portalDisplayChangePassword":"Changement de mot de passe",
"portalDisplayGeneratePassword":"Afficher la boite de génération du mot de passe",
"portalDisplayLoginHistory":"Historique des connexions",

View File

@ -159,7 +159,6 @@
"certificateResetByMailStep2Subject":"Soggetto della mail di conferma",
"certificateResetByMailStep2Body":"Confirmation mail content",
"certificateResetByMailValidityDelay":"Minimum duration before expiration",
"portalDisplayCertificateResetByMail":"Reset your certificate",
"contentSecurityPolicy":"Politica di protezione dei contenuti",
"contextSwitching":"Switch context another user",
"contextSwitchingAllowed2fModifications":"Allow 2FA modifications",
@ -728,6 +727,7 @@
"portalCustomCss":"Custom CSS file",
"portalCustomization":"Personalizzazione",
"portalDisplayAppslist":"Lista delle applicazioni",
"portalDisplayCertificateResetByMail":"Reset your certificate",
"portalDisplayChangePassword":"Cambio password",
"portalDisplayGeneratePassword":"Display generate password box",
"portalDisplayLoginHistory":"Cronologia login",

View File

@ -159,7 +159,6 @@
"certificateResetByMailStep2Subject":"Temat wiadomości potwierdzającej",
"certificateResetByMailStep2Body":"Treść wiadomości potwierdzającej",
"certificateResetByMailValidityDelay":"Minimalny czas do wygaśnięcia",
"portalDisplayCertificateResetByMail":"Zresetuj swój certyfikat",
"contentSecurityPolicy":"Polityka bezpieczeństwa treści",
"contextSwitching":"Przełącz kontekst innego użytkownika",
"contextSwitchingAllowed2fModifications":"Allow 2FA modifications",
@ -728,6 +727,7 @@
"portalCustomCss":"Niestandardowy plik CSS",
"portalCustomization":"Dostosowywanie",
"portalDisplayAppslist":"Lista aplikacji",
"portalDisplayCertificateResetByMail":"Zresetuj swój certyfikat",
"portalDisplayChangePassword":"Zmiana hasła",
"portalDisplayGeneratePassword":"Wyświetl pole generowania hasła",
"portalDisplayLoginHistory":"Historia logowania",

View File

@ -159,7 +159,6 @@
"certificateResetByMailStep2Subject":"Doğrulama e-postası konusu",
"certificateResetByMailStep2Body":"Doğrulama e-postası içeriği",
"certificateResetByMailValidityDelay":"Sona ermeden önceki minimum süre",
"portalDisplayCertificateResetByMail":"Sertifikanızı sıfırlayın",
"contentSecurityPolicy":"İçerik güvenlik ilkesi",
"contextSwitching":"İçeriği başka bir kullanıcıyla değiştir",
"contextSwitchingAllowed2fModifications":"Allow 2FA modifications",
@ -728,6 +727,7 @@
"portalCustomCss":"Özelleştirilmiş CSS dosyası",
"portalCustomization":"Özelleştirme",
"portalDisplayAppslist":"Uygulamalar listesi",
"portalDisplayCertificateResetByMail":"Sertifikanızı sıfırlayın",
"portalDisplayChangePassword":"Parola değişimi",
"portalDisplayGeneratePassword":"Parola oluşturma kutusunu görüntüle",
"portalDisplayLoginHistory":"Giriş Geçmişi",

View File

@ -159,7 +159,6 @@
"certificateResetByMailStep2Subject":"Xác nhận chủ đề thư",
"certificateResetByMailStep2Body":"Xác nhận nội dung thư",
"certificateResetByMailValidityDelay":"Minimum duration before expiration",
"portalDisplayCertificateResetByMail":"Reset your certificate",
"contentSecurityPolicy":"Chính sách bảo mật nội dung",
"contextSwitching":"Switch context another user",
"contextSwitchingAllowed2fModifications":"Allow 2FA modifications",
@ -728,6 +727,7 @@
"portalCustomCss":"Tùy chỉnh tệp CSS",
"portalCustomization":"Tùy chỉnh",
"portalDisplayAppslist":"Danh sách ứng dụng",
"portalDisplayCertificateResetByMail":"Reset your certificate",
"portalDisplayChangePassword":"Thay đổi mật khẩu",
"portalDisplayGeneratePassword":"Display generate password box",
"portalDisplayLoginHistory":"Lịch sử đăng nhập",

View File

@ -159,7 +159,6 @@
"certificateResetByMailStep2Subject":"Confirmation mail subject",
"certificateResetByMailStep2Body":"Confirmation mail content",
"certificateResetByMailValidityDelay":"Minimum duration before expiration",
"portalDisplayCertificateResetByMail":"Reset your certificate",
"contentSecurityPolicy":"Content security policy",
"contextSwitching":"Switch context another user",
"contextSwitchingAllowed2fModifications":"Allow 2FA modifications",
@ -728,6 +727,7 @@
"portalCustomCss":"Custom CSS file",
"portalCustomization":"Customization",
"portalDisplayAppslist":"Applications list",
"portalDisplayCertificateResetByMail":"Reset your certificate",
"portalDisplayChangePassword":"Password change",
"portalDisplayGeneratePassword":"Display generate password box",
"portalDisplayLoginHistory":"Login History",

File diff suppressed because one or more lines are too long

View File

@ -45,7 +45,7 @@
</TMPL_IF>
<TMPL_IF NAME="DISPLAY_UPDATECERTIF">
<a class="btn btn-primary" href="<TMPL_VAR NAME="MAILCERTIF_URL">?skin=<TMPL_VAR NAME="SKIN"><TMPL_IF NAME="key">&<TMPL_VAR NAME="CHOICE_PARAM">=<TMPL_VAR NAME="key"></TMPL_IF><TMPL_IF NAME="AUTH_URL">&url=<TMPL_VAR NAME="AUTH_URL"></TMPL_IF>">
<a class="btn btn-secondary" href="<TMPL_VAR NAME="MAILCERTIF_URL">?skin=<TMPL_VAR NAME="SKIN"><TMPL_IF NAME="key">&<TMPL_VAR NAME="CHOICE_PARAM">=<TMPL_VAR NAME="key"></TMPL_IF><TMPL_IF NAME="AUTH_URL">&url=<TMPL_VAR NAME="AUTH_URL"></TMPL_IF>">
<span class="fa fa-refresh"></span>
<span trspan="certificateReset">Reset my certificate</span>
</a>