Dispatching attributes (#1658)

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm

@@ -28,7 +28,7 @@ sub defaultValues {
         'casAccessControlPolicy'        => 'none',
         'casAuthnLevel'                 => 1,
         'checkTime'                     => 600,
-        'checkUserHiddenAttributes'     => 'UA _2fDevices _loginHistory',
+        'checkUserHiddenAttributes'     => '_2fDevices _loginHistory hGroups',
         'checkXSS'                      => 1,
         'confirmFormMethod'             => 'post',
         'cookieName'                    => 'lemonldap',

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -780,7 +780,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
             'type'    => 'bool'
         },
         'checkUserHiddenAttributes' => {
-            'default' => 'UA _2fDevices _loginHistory',
+            'default' => '_2fDevices _loginHistory hGroups',
             'type'    => 'text'
         },
         'checkXSS' => {

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -586,7 +586,7 @@ sub attributes {
         },
         checkUserHiddenAttributes => {
             type          => 'text',
-            default       => 'UA _2fDevices _loginHistory',
+            default       => '_2fDevices _loginHistory hGroups',
             documentation => 'Attributes to hide in CheckUser plugin',
             flags         => 'p',
         },

lemonldap-ng-manager/site/htdocs/static/languages/ar.json

@@ -151,7 +151,7 @@
 "clickHereToForce":"انقر هنا لإجبار",
 "checkState":"Activation",
 "checkStateSecret":"Shared secret",
-"checkUsers":"Session check",
+"checkUsers":"Session Check",
 "checkUser":"Activation",
 "checkUserHiddenAttributes":"Hidden attributes",
 "checkUserDisplayPersistentInfo":"Display persistent session",

lemonldap-ng-manager/site/htdocs/static/languages/de.json

@@ -151,8 +151,8 @@
 "clickHereToForce":"Click here to force",
 "checkState":"Activation",
 "checkStateSecret":"Shared secret",
+"checkUsers":"Session Check",
 "choiceParams":"Choice parameters",
-"checkUsers":"Session check",
 "checkUser":"Activation",
 "checkUserHiddenAttributes":"Hidden attributes",
 "checkUserDisplayPersistentInfo":"Display persistent session",

lemonldap-ng-manager/site/htdocs/static/languages/en.json

@@ -151,7 +151,7 @@
 "clickHereToForce":"Click here to force",
 "checkState":"Activation",
 "checkStateSecret":"Shared secret",
-"checkUsers":"Session check",
+"checkUsers":"Session Check",
 "checkUser":"Activation",
 "checkUserHiddenAttributes":"Hidden attributes",
 "checkUserDisplayPersistentInfo":"Display persistent session",

lemonldap-ng-manager/site/htdocs/static/languages/fr.json

@@ -151,12 +151,12 @@
 "clickHereToForce":"Cliquer ici pour forcer",
 "checkState":"Activation",
 "checkStateSecret":"Secret partagé",
-"choiceParams":"Paramètres des choix",
 "checkUsers":"Vérification de session",
 "checkUser":"Activation",
 "checkUserHiddenAttributes":"Attributs masqués",
 "checkUserDisplayPersistentInfo":"Afficher les données de session persistante",
 "checkUserDisplayEmptyValues":"Afficher les valeurs nulles",
+"choiceParams":"Paramètres des choix",
 "chooseLogo":"Choisir le logo",
 "chooseSkin":"Choisir le thème",
 "combination":"Combinaison",

lemonldap-ng-manager/site/htdocs/static/languages/it.json

@@ -151,7 +151,7 @@
 "clickHereToForce":"Clicca qui per forzare",
 "checkState":"Attivazione",
 "checkStateSecret":"Segreto condiviso",
-"checkUsers":"Session check",
+"checkUsers":"Session Check",
 "checkUser":"Activation",
 "checkUserHiddenAttributes":"Hidden attributes",
 "checkUserDisplayPersistentInfo":"Display persistent session",

lemonldap-ng-manager/site/htdocs/static/languages/vi.json

@@ -151,7 +151,7 @@
 "clickHereToForce":"Nhấp vào đây để bắt buộc",
 "checkState":"Kích hoạt",
 "checkStateSecret":"Shared secret",
-"checkUsers":"Session check",
+"checkUsers":"Session Check",
 "checkUser":"Activation",
 "checkUserHiddenAttributes":"Hidden attributes",
 "checkUserDisplayPersistentInfo":"Display persistent session",

lemonldap-ng-manager/site/htdocs/static/languages/zh.json

@@ -151,7 +151,7 @@
 "clickHereToForce":"Click here to force",
 "checkState":"Activation",
 "checkStateSecret":"Shared secret",
-"checkUsers":"Session check",
+"checkUsers":"Session Check",
 "checkUser":"Activation",
 "checkUserHiddenAttributes":"Hidden attributes",
 "checkUserDisplayPersistentInfo":"Display persistent session",

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm

@@ -47,10 +47,10 @@ sub check {
     # Check access rule
     unless ( $self->accessCtrl( $req, 'checkuser' ) ) {
         $self->userLogger->error(
-            "$req->{user} not allowed to access /checkuser");
+            "user $req->{user} not allowed to access /checkuser");
         return $self->p->lmError( $req, 403 );
     }
-    $self->userLogger->notice("$req->{user} is allowed to access /checkuser");
+    $self->userLogger->notice("user $req->{user} is allowed to access /checkuser");
 
     # Check token
     if ( $self->conf->{requireToken} ) {
@@ -90,22 +90,29 @@ sub check {
         $attrs = {};
     }
     else {
+        $msg = 'checkUser';
 
         # Create an array of hashes for template loop
         $self->logger->debug("Delete hidden or empty attributes");
-        foreach my $k ( sort keys %$attrs ) {
+        if ( $self->conf->{checkUserDisplayEmptyValues} ) {
+            foreach my $k ( sort keys %$attrs ) {
 
-            # Ignore hidden attributes or empty values
-            if ( $self->conf->{checkUserDisplayEmptyValues} ) {
+                # Ignore hidden attributes
                 push @$array_attrs, { key => $k, value => $attrs->{$k} }
                     unless ( $self->hAttr =~ /\b$k\b/ );
             }
-            else {
+        }
+        else {
+            foreach my $k ( sort keys %$attrs ) {
+
+                # Ignore hidden attributes and empty values
                 push @$array_attrs, { key => $k, value => $attrs->{$k} }
                     unless ( $self->hAttr =~ /\b$k\b/ or !$attrs->{$k} );
             }
         }
-        $msg = 'checkUser';
+
+        # ARRAY_REF = [ A_REF GROUPS, A_REF MACROS, A_REF OTHERS ]
+        $array_attrs = $self->_splitAttributes($array_attrs);
     }
 
     # Check if user is allowed to access submitted URL and compute headers
@@ -148,7 +155,9 @@ sub check {
             ALERTE_AUTH =>
                 ( $auth eq 'allowed' ? 'alert-success' : 'alert-danger' ),
             HEADERS    => $array_hdrs,
-            ATTRIBUTES => $array_attrs,
+            ATTRIBUTES => $array_attrs->[2],
+            MACROS     => $array_attrs->[1],
+            GROUPS     => $array_attrs->[0],
             TOKEN      => $token,
         }
     );
@@ -160,10 +169,10 @@ sub display {
     # Check access rule
     unless ( $self->accessCtrl( $req, 'checkuser' ) ) {
         $self->userLogger->error(
-            "$req->{user} not allowed to access /checkuser");
+            "user $req->{user} not allowed to access /checkuser");
         return $self->p->lmError( $req, 403 );
     }
-    $self->userLogger->notice("$req->{user} is allowed to access /checkuser");
+    $self->userLogger->notice("user $req->{user} is allowed to access /checkuser");
     my $token = $self->ott->createToken( $req->sessionInfo );
 
     # Display form
@@ -225,4 +234,31 @@ sub _headers {
     return $self->p->HANDLER->checkHeaders( $req, $req->{sessionInfo} );
 }
 
+sub _splitAttributes {
+    my ( $self, $attrs ) = @_;
+    my ( $grps, $mcrs, $others ) = ( [], [], [] );
+    my $macros = $self->{conf}->{macros};
+    $self->logger->debug("Dispatching attributes...");
+    while (@$attrs) {
+        my $element = shift @$attrs;
+        my $ok      = 0;
+
+        if ( $element->{key} eq 'groups' ) {
+            my $separator = $self->{conf}->{multiValuesSeparator};
+            my @tmp = split /\Q$separator/, $element->{value};
+            $grps = [ map { { value => $_ } } sort @tmp ];
+            next;
+        }
+        foreach my $key ( sort keys %$macros ) {
+            if ( $element->{key} eq $key ) {
+                push @$mcrs, $element;
+                $ok = 1;
+                last;
+            }
+        }
+        push @$others, $element unless $ok;
+    }
+    return [ $grps, $mcrs, $others ];
+}
+
 1;

lemonldap-ng-portal/site/templates/bootstrap/checkuser.tpl

@@ -83,6 +83,49 @@
   </div>
 </TMPL_IF>
 
+<TMPL_IF NAME="MACROS">
+  <div class="card mb-3 border-secondary">
+  <div class="card-body table-responsive">
+  <table class="table table-hover">
+    <thead>
+      <tr class="align-middle"><span trspan="macros">MACROS</span></tr>
+      <tr>
+        <th class="align-middle"><span trspan="key">Key</span></th>
+        <th class="align-middle"><span trspan="value">Value</span></th>
+      </tr>
+    </thead>
+    <tbody>
+      <TMPL_LOOP NAME="MACROS">
+        <tr>
+          <td class="align-middle"><TMPL_VAR NAME="key"></td>
+          <td class="align-middle"><TMPL_VAR NAME="value"></td>
+        </tr>
+      </TMPL_LOOP>
+    </tbody>
+  </table>
+  </div>
+  </div>
+</TMPL_IF>
+
+<TMPL_IF NAME="GROUPS">
+  <div class="card mb-3 border-secondary">
+  <div class="card-body table-responsive">
+  <table class="table table-hover">
+    <thead>
+      <tr class="align-middle"><span trspan="groups_sso">GROUPS SSO</span></tr>
+    </thead>
+    <tbody>
+      <TMPL_LOOP NAME="GROUPS">
+        <tr>
+          <td class="align-middle"><TMPL_VAR NAME="value"></td>
+        </tr>
+      </TMPL_LOOP>
+    </tbody>
+  </table>
+  </div>
+  </div>
+</TMPL_IF>
+
   <div class="buttons">
     <button type="submit" class="btn btn-success">
       <span class="fa fa-sign-in"></span>