Dispatching attributes (#1658)
This commit is contained in:
parent
f857f1a8a7
commit
1f5c7a83a9
|
@ -28,7 +28,7 @@ sub defaultValues {
|
|||
'casAccessControlPolicy' => 'none',
|
||||
'casAuthnLevel' => 1,
|
||||
'checkTime' => 600,
|
||||
'checkUserHiddenAttributes' => 'UA _2fDevices _loginHistory',
|
||||
'checkUserHiddenAttributes' => '_2fDevices _loginHistory hGroups',
|
||||
'checkXSS' => 1,
|
||||
'confirmFormMethod' => 'post',
|
||||
'cookieName' => 'lemonldap',
|
||||
|
|
|
@ -780,7 +780,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'type' => 'bool'
|
||||
},
|
||||
'checkUserHiddenAttributes' => {
|
||||
'default' => 'UA _2fDevices _loginHistory',
|
||||
'default' => '_2fDevices _loginHistory hGroups',
|
||||
'type' => 'text'
|
||||
},
|
||||
'checkXSS' => {
|
||||
|
|
|
@ -586,7 +586,7 @@ sub attributes {
|
|||
},
|
||||
checkUserHiddenAttributes => {
|
||||
type => 'text',
|
||||
default => 'UA _2fDevices _loginHistory',
|
||||
default => '_2fDevices _loginHistory hGroups',
|
||||
documentation => 'Attributes to hide in CheckUser plugin',
|
||||
flags => 'p',
|
||||
},
|
||||
|
|
|
@ -151,7 +151,7 @@
|
|||
"clickHereToForce":"انقر هنا لإجبار",
|
||||
"checkState":"Activation",
|
||||
"checkStateSecret":"Shared secret",
|
||||
"checkUsers":"Session check",
|
||||
"checkUsers":"Session Check",
|
||||
"checkUser":"Activation",
|
||||
"checkUserHiddenAttributes":"Hidden attributes",
|
||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
||||
|
|
|
@ -151,8 +151,8 @@
|
|||
"clickHereToForce":"Click here to force",
|
||||
"checkState":"Activation",
|
||||
"checkStateSecret":"Shared secret",
|
||||
"checkUsers":"Session Check",
|
||||
"choiceParams":"Choice parameters",
|
||||
"checkUsers":"Session check",
|
||||
"checkUser":"Activation",
|
||||
"checkUserHiddenAttributes":"Hidden attributes",
|
||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
||||
|
|
|
@ -151,7 +151,7 @@
|
|||
"clickHereToForce":"Click here to force",
|
||||
"checkState":"Activation",
|
||||
"checkStateSecret":"Shared secret",
|
||||
"checkUsers":"Session check",
|
||||
"checkUsers":"Session Check",
|
||||
"checkUser":"Activation",
|
||||
"checkUserHiddenAttributes":"Hidden attributes",
|
||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
||||
|
|
|
@ -151,12 +151,12 @@
|
|||
"clickHereToForce":"Cliquer ici pour forcer",
|
||||
"checkState":"Activation",
|
||||
"checkStateSecret":"Secret partagé",
|
||||
"choiceParams":"Paramètres des choix",
|
||||
"checkUsers":"Vérification de session",
|
||||
"checkUser":"Activation",
|
||||
"checkUserHiddenAttributes":"Attributs masqués",
|
||||
"checkUserDisplayPersistentInfo":"Afficher les données de session persistante",
|
||||
"checkUserDisplayEmptyValues":"Afficher les valeurs nulles",
|
||||
"choiceParams":"Paramètres des choix",
|
||||
"chooseLogo":"Choisir le logo",
|
||||
"chooseSkin":"Choisir le thème",
|
||||
"combination":"Combinaison",
|
||||
|
|
|
@ -151,7 +151,7 @@
|
|||
"clickHereToForce":"Clicca qui per forzare",
|
||||
"checkState":"Attivazione",
|
||||
"checkStateSecret":"Segreto condiviso",
|
||||
"checkUsers":"Session check",
|
||||
"checkUsers":"Session Check",
|
||||
"checkUser":"Activation",
|
||||
"checkUserHiddenAttributes":"Hidden attributes",
|
||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
||||
|
|
|
@ -151,7 +151,7 @@
|
|||
"clickHereToForce":"Nhấp vào đây để bắt buộc",
|
||||
"checkState":"Kích hoạt",
|
||||
"checkStateSecret":"Shared secret",
|
||||
"checkUsers":"Session check",
|
||||
"checkUsers":"Session Check",
|
||||
"checkUser":"Activation",
|
||||
"checkUserHiddenAttributes":"Hidden attributes",
|
||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
||||
|
|
|
@ -151,7 +151,7 @@
|
|||
"clickHereToForce":"Click here to force",
|
||||
"checkState":"Activation",
|
||||
"checkStateSecret":"Shared secret",
|
||||
"checkUsers":"Session check",
|
||||
"checkUsers":"Session Check",
|
||||
"checkUser":"Activation",
|
||||
"checkUserHiddenAttributes":"Hidden attributes",
|
||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -47,10 +47,10 @@ sub check {
|
|||
# Check access rule
|
||||
unless ( $self->accessCtrl( $req, 'checkuser' ) ) {
|
||||
$self->userLogger->error(
|
||||
"$req->{user} not allowed to access /checkuser");
|
||||
"user $req->{user} not allowed to access /checkuser");
|
||||
return $self->p->lmError( $req, 403 );
|
||||
}
|
||||
$self->userLogger->notice("$req->{user} is allowed to access /checkuser");
|
||||
$self->userLogger->notice("user $req->{user} is allowed to access /checkuser");
|
||||
|
||||
# Check token
|
||||
if ( $self->conf->{requireToken} ) {
|
||||
|
@ -90,22 +90,29 @@ sub check {
|
|||
$attrs = {};
|
||||
}
|
||||
else {
|
||||
$msg = 'checkUser';
|
||||
|
||||
# Create an array of hashes for template loop
|
||||
$self->logger->debug("Delete hidden or empty attributes");
|
||||
foreach my $k ( sort keys %$attrs ) {
|
||||
if ( $self->conf->{checkUserDisplayEmptyValues} ) {
|
||||
foreach my $k ( sort keys %$attrs ) {
|
||||
|
||||
# Ignore hidden attributes or empty values
|
||||
if ( $self->conf->{checkUserDisplayEmptyValues} ) {
|
||||
# Ignore hidden attributes
|
||||
push @$array_attrs, { key => $k, value => $attrs->{$k} }
|
||||
unless ( $self->hAttr =~ /\b$k\b/ );
|
||||
}
|
||||
else {
|
||||
}
|
||||
else {
|
||||
foreach my $k ( sort keys %$attrs ) {
|
||||
|
||||
# Ignore hidden attributes and empty values
|
||||
push @$array_attrs, { key => $k, value => $attrs->{$k} }
|
||||
unless ( $self->hAttr =~ /\b$k\b/ or !$attrs->{$k} );
|
||||
}
|
||||
}
|
||||
$msg = 'checkUser';
|
||||
|
||||
# ARRAY_REF = [ A_REF GROUPS, A_REF MACROS, A_REF OTHERS ]
|
||||
$array_attrs = $self->_splitAttributes($array_attrs);
|
||||
}
|
||||
|
||||
# Check if user is allowed to access submitted URL and compute headers
|
||||
|
@ -148,7 +155,9 @@ sub check {
|
|||
ALERTE_AUTH =>
|
||||
( $auth eq 'allowed' ? 'alert-success' : 'alert-danger' ),
|
||||
HEADERS => $array_hdrs,
|
||||
ATTRIBUTES => $array_attrs,
|
||||
ATTRIBUTES => $array_attrs->[2],
|
||||
MACROS => $array_attrs->[1],
|
||||
GROUPS => $array_attrs->[0],
|
||||
TOKEN => $token,
|
||||
}
|
||||
);
|
||||
|
@ -160,10 +169,10 @@ sub display {
|
|||
# Check access rule
|
||||
unless ( $self->accessCtrl( $req, 'checkuser' ) ) {
|
||||
$self->userLogger->error(
|
||||
"$req->{user} not allowed to access /checkuser");
|
||||
"user $req->{user} not allowed to access /checkuser");
|
||||
return $self->p->lmError( $req, 403 );
|
||||
}
|
||||
$self->userLogger->notice("$req->{user} is allowed to access /checkuser");
|
||||
$self->userLogger->notice("user $req->{user} is allowed to access /checkuser");
|
||||
my $token = $self->ott->createToken( $req->sessionInfo );
|
||||
|
||||
# Display form
|
||||
|
@ -225,4 +234,31 @@ sub _headers {
|
|||
return $self->p->HANDLER->checkHeaders( $req, $req->{sessionInfo} );
|
||||
}
|
||||
|
||||
sub _splitAttributes {
|
||||
my ( $self, $attrs ) = @_;
|
||||
my ( $grps, $mcrs, $others ) = ( [], [], [] );
|
||||
my $macros = $self->{conf}->{macros};
|
||||
$self->logger->debug("Dispatching attributes...");
|
||||
while (@$attrs) {
|
||||
my $element = shift @$attrs;
|
||||
my $ok = 0;
|
||||
|
||||
if ( $element->{key} eq 'groups' ) {
|
||||
my $separator = $self->{conf}->{multiValuesSeparator};
|
||||
my @tmp = split /\Q$separator/, $element->{value};
|
||||
$grps = [ map { { value => $_ } } sort @tmp ];
|
||||
next;
|
||||
}
|
||||
foreach my $key ( sort keys %$macros ) {
|
||||
if ( $element->{key} eq $key ) {
|
||||
push @$mcrs, $element;
|
||||
$ok = 1;
|
||||
last;
|
||||
}
|
||||
}
|
||||
push @$others, $element unless $ok;
|
||||
}
|
||||
return [ $grps, $mcrs, $others ];
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
@ -83,6 +83,49 @@
|
|||
</div>
|
||||
</TMPL_IF>
|
||||
|
||||
<TMPL_IF NAME="MACROS">
|
||||
<div class="card mb-3 border-secondary">
|
||||
<div class="card-body table-responsive">
|
||||
<table class="table table-hover">
|
||||
<thead>
|
||||
<tr class="align-middle"><span trspan="macros">MACROS</span></tr>
|
||||
<tr>
|
||||
<th class="align-middle"><span trspan="key">Key</span></th>
|
||||
<th class="align-middle"><span trspan="value">Value</span></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<TMPL_LOOP NAME="MACROS">
|
||||
<tr>
|
||||
<td class="align-middle"><TMPL_VAR NAME="key"></td>
|
||||
<td class="align-middle"><TMPL_VAR NAME="value"></td>
|
||||
</tr>
|
||||
</TMPL_LOOP>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
</TMPL_IF>
|
||||
|
||||
<TMPL_IF NAME="GROUPS">
|
||||
<div class="card mb-3 border-secondary">
|
||||
<div class="card-body table-responsive">
|
||||
<table class="table table-hover">
|
||||
<thead>
|
||||
<tr class="align-middle"><span trspan="groups_sso">GROUPS SSO</span></tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<TMPL_LOOP NAME="GROUPS">
|
||||
<tr>
|
||||
<td class="align-middle"><TMPL_VAR NAME="value"></td>
|
||||
</tr>
|
||||
</TMPL_LOOP>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
</TMPL_IF>
|
||||
|
||||
<div class="buttons">
|
||||
<button type="submit" class="btn btn-success">
|
||||
<span class="fa fa-sign-in"></span>
|
||||
|
|
Loading…
Reference in New Issue