dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'v2.0'

Browse Source
This commit is contained in:
Xavier 2019-05-11 20:25:11 +02:00
commit 224307515f
90 changed files with 2697 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_example/etc/handler-apache2.4.conf
View File

@ -46,7 +46,7 @@ ErrorDocument 503 http://auth.__DNSDOMAIN__/lmerror/503
#</Location>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security 15768000
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

2
_example/etc/handler-apache2.X.conf
View File

@ -63,7 +63,7 @@ ErrorDocument 503 http://auth.__DNSDOMAIN__/lmerror/503
#</Location>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security 15768000
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

2
_example/etc/handler-apache2.conf
View File

@ -53,7 +53,7 @@ ErrorDocument 503 http://auth.__DNSDOMAIN__/lmerror/503
#</Location>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security 15768000
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

2
_example/etc/manager-apache2.4.conf
View File

@ -94,5 +94,5 @@
</Directory>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security 15768000
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

2
_example/etc/manager-apache2.X.conf
View File

@ -107,5 +107,5 @@
</Directory>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security 15768000
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

2
_example/etc/manager-apache2.conf
View File

@ -91,5 +91,5 @@
</Directory>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security 15768000
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

2
_example/etc/manager-nginx.conf
View File

@ -36,7 +36,7 @@ server {
#uwsgi_param SCRIPT_NAME $sc;
# Uncomment this if you use https only
#add_header Strict-Transport-Security "15768000";
#add_header Strict-Transport-Security "max-age=15768000";
}
location / {

2
_example/etc/portal-apache2.4.conf
View File

@ -103,6 +103,6 @@
</Location>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security 15768000
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

2
_example/etc/portal-apache2.X.conf
View File

@ -128,6 +128,6 @@
</Location>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security 15768000
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

2
_example/etc/portal-apache2.conf
View File

@ -104,6 +104,6 @@
</Location>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security 15768000
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

2
_example/etc/portal-nginx.conf
View File

@ -54,7 +54,7 @@ server {
try_files $uri $uri/ =404;
# Uncomment this if you use https only
#add_header Strict-Transport-Security max-age=15768000;
#add_header Strict-Transport-Security "max-age=15768000";
}
location /static/ {

2
_example/etc/test-apache2.4.conf
View File

@ -43,5 +43,5 @@ PerlModule Lemonldap::NG::Handler::ApacheMP2::Menu
</IfModule>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security 15768000
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

2
_example/etc/test-apache2.X.conf
View File

@ -43,5 +43,5 @@ PerlModule Lemonldap::NG::Handler::ApacheMP2::Menu
</IfModule>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security 15768000
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

2
_example/etc/test-apache2.conf
View File

@ -38,5 +38,5 @@ PerlModule Lemonldap::NG::Handler::ApacheMP2::Menu
</IfModule>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security 15768000
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

2
_example/etc/test-nginx.conf
View File

@ -86,7 +86,7 @@ server {
#fastcgi_param HTTP_COOKIE $lmcookie;
# Uncomment this if you use https only
#add_header Strict-Transport-Security "15768000";
#add_header Strict-Transport-Security "max-age=15768000";
# Set REMOTE_USER (for FastCGI apps only)
#fastcgi_param REMOTE_USER $lmremote_user;

13
lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/REST.pm
View File

@ -21,7 +21,7 @@ sub TIEHASH {
modified => 0,
};
foreach (
qw(baseUrl user password realm localStorage localStorageOptions lwpOpts lwpSslOpts)
qw(baseUrl user password realm localStorage localStorageOptions lwpOpts lwpSslOpts kind)
)
{
$self->{$_} = $args->{$_};
@ -116,8 +116,13 @@ sub ua {
sub getJson {
my $self = shift;
my $url = shift;
my $resp = $self->ua->get( $self->base . $url, @_ );
my $id = shift;
my $resp = $self->ua->get(
$self->base
. $id
. ( $self->{kind} ne 'SSO' ? "?kind=$self->{kind}" : '' ),
@_
);
if ( $resp->is_success ) {
my $res;
eval { $res = from_json( $resp->content, { allow_nonref => 1 } ) };
@ -155,7 +160,7 @@ sub get {
}
# No cache, use REST and set cache
my $res = $self->getJson("$id") or return 0;
my $res = $self->getJson($id) or return 0;
$self->{data} = $res;
$self->cache->set( "rest$id", $self->{data} ) if $self->{localStorage};

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/YAMLFile.pm
View File

@ -113,7 +113,7 @@ sub load {
$Lemonldap::NG::Common::Conf::msg .= "YAML fails to read file: $@ \n";
return undef;
}
foreach (keys $ret) {
foreach ( keys %$ret ) {
if ( $_ =~ $boolKeys ) {
$ret->{$_} = $ret->{$_} ? 1 : 0;
}

10
lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm
View File

@ -139,6 +139,14 @@ sub BUILD {
# Load session data into object
if ($data) {
if ( $self->kind and $data->{_session_kind} ) {
unless ( $data->{_session_kind} eq $self->kind ) {
$self->error(
"Session kind mismatch : $data->{_session_kind} is not "
. $self->kind );
return undef;
}
}
$self->_save_data($data);
$self->kind( $data->{_session_kind} );
$self->id( $data->{_session_id} );
@ -158,7 +166,7 @@ sub _tie_session {
if ( $self->storageModule =~ /^Lemonldap::NG::Common::Apache::Session/ )
{
tie %h, $self->storageModule, $self->id,
{ %{ $self->options }, %$options };
{ %{ $self->options }, %$options, kind => $self->kind };
}
else {
tie %h, 'Lemonldap::NG::Common::Apache::Session', $self->id,

5
lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm
View File

@ -248,7 +248,7 @@ sub getApacheSession {
Lemonldap::NG::Handler::PSGI::Main->tsv->{sessionCacheOptions},
id => $id,
force => $force,
kind => $mod->{kind},
( $id ? () : ( kind => $mod->{kind} ) ),
( $info ? ( info => $info ) : () ),
}
);
@ -271,6 +271,9 @@ sub getMod {
$self->error('Unknown (or unconfigured) session type');
return ();
}
if ( my $kind = $req->params('kind') ) {
$m->{kind} = $kind;
}
return $m;
}

6
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
View File

@ -377,15 +377,15 @@ sub headersInit {
$class->tsv->{headerList}->{$vhost} = [ keys %headers ];
my $sub = '';
foreach ( keys %headers ) {
my $val = $class->substitute( $headers{$_} );
$sub .= "('$_' => $val || ''),";
my $val = $class->substitute( $headers{$_} ) . " || ''";
$sub .= "('$_' => $val),";
}
unless ( $class->tsv->{forgeHeaders}->{$vhost} =
$class->buildSub($sub) )
{
$class->tsv->{maintenance}->{$vhost} = 1;
$class->logger->error( "$class Unable to forge headers: "
$class->logger->error( "$class Unable to forge $vhost headers: "
. $class->tsv->{jail}->error );
}
}

2
lemonldap-ng-manager/MANIFEST
View File

@ -203,6 +203,7 @@ t/05-rest-api.t
t/06-rest-api.t
t/07-utf8.t
t/10-save-unchanged-conf.t
t/11-save-appCat-changed-conf.t
t/11-save-changed-conf-with-confirmation.t
t/12-save-changed-conf.t
t/14-bad-changes-in-conf.t
@ -220,6 +221,7 @@ t/99-pod.t
t/conf/lmConf-1.json
t/jsonfiles/01-base-tree.json
t/jsonfiles/02-base-tree-all-nodes-opened.json
t/jsonfiles/03-base-tree-appCat-modifed.json
t/jsonfiles/11-modified-with-confirmation.json
t/jsonfiles/12-modified.json
t/jsonfiles/14-bad.json

3
lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
View File

@ -147,7 +147,8 @@ sub javascript {
return
'var formPrefix=staticPrefix+"forms/";var confPrefix=scriptname+"confs/";var viewPrefix=scriptname+"view/";'
. 'var allowDiff=' . "$res;"
. 'var impPrefix=' . "'" . $impPrefix . "'" . ';'
. 'var impPrefix=' . "'"
. $impPrefix . "'" . ';'
. 'var sessionTTL=' . "$ttl;"
. ( $self->links ? 'var links=' . to_json( $self->links ) . ';' : '' )
. (

23
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Parser.pm
View File

@ -536,23 +536,26 @@ sub _scanNodes {
}
);
@listCatRef = map { $_ ? $_ : () } @listCatRef;
@listCatNew = map { $_ ? $_ : () } @listCatNew;
@listCatRef = sort @listCatRef;
@listCatNew = sort @listCatNew;
hdebug( '# @listCatRef : ' . \@listCatRef );
hdebug( '# @listCatNew : ' . \@listCatNew );
for ( my $i = 0 ; $i < @listCatNew ; $i++ ) {
if ( not( defined $listCatRef[$i] )
or $listCatRef[$i] ne $listCatNew[$i] )
{
hdebug( '# @listCatRef : ', \@listCatRef );
hdebug( '# @listCatNew : ', \@listCatNew );
# Check for deleted
my @diff =
grep !${ { map { $_, 1 } @listCatNew } }{$_}, @listCatRef;
if ( scalar @diff ) {
$self->confChanged(1);
push @{ $self->changes },
{
key => $leaf->{id},
new => $listCatNew[$i],
old => $listCatRef[$i]
new => join( ', ', 'categoryList', @listCatNew ),
key => join( ', ', 'Deletes in cat(s)', @diff ),
old => join( ', ', 'categoryList', @listCatRef ),
};
}
}
}
next;
}

3
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
View File

@ -646,7 +646,8 @@ sub tests {
# Warn if Impersonation is enabled without prefix
impersonationPrefix => sub {
return 1 unless ( $conf->{impersonationRule} );
return ( 1, "Impersonation is enabled without real attributes prefix" )
return ( 1,
"Impersonation is enabled without real attributes prefix" )
unless ( $conf->{impersonationPrefix} );
# Return

3
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Zero.pm
View File

@ -162,7 +162,8 @@ sub zeroConf {
},
"manager.$domain" => {
'default' => '$uid eq "dwho" or $uid eq "rtyler"',
'(?#Configuration)^/(manager\.html|confs|$)' => '$uid eq "dwho"',
'(?#Configuration)^/(manager\.html|confs|$)' =>
'$uid eq "dwho"',
'(?#Sessions)/sessions' => '$uid eq "dwho" or $uid eq "rtyler"',
'(?#Notifications)/notifications' =>
'$uid eq "dwho" or $uid eq "rtyler"',

2
lemonldap-ng-manager/site/coffee/manager.coffee
View File

@ -695,6 +695,8 @@ llapp.controller 'TreeCtrl', [
node.data = parseInt(node.data, 10)
if node.type and node.type.match /^int$/
node.data = parseInt(node.data, 10)
if node.type and node.type.match /^select$/
node.data = node.data.toString()
# Split SAML types
else if node.type and node.type.match(/^(saml(Service|Assertion)|blackWhiteList)$/) and not (typeof node.data == 'object')
node.data = node.data.split ';'

3
lemonldap-ng-manager/site/htdocs/static/js/manager.js
View File

@ -842,6 +842,9 @@ This file contains:
}
if (node.type && node.type.match(/^int$/)) {
node.data = parseInt(node.data, 10);
}
if (node.type && node.type.match(/^select$/)) {
node.data = node.data.toString();
} else if (node.type && node.type.match(/^(saml(Service|Assertion)|blackWhiteList)$/) && !(typeof node.data === 'object')) {
node.data = node.data.split(';');
}

2
lemonldap-ng-manager/site/htdocs/static/js/manager.min.js vendored
View File

File diff suppressed because one or more lines are too long

4
lemonldap-ng-manager/site/htdocs/static/languages/de.json
View File

@ -254,7 +254,7 @@
"ext2fCodeActivation":"Code regex",
"ext2fAuthnLevel":"Authentication level",
"ext2fLogo":"Logo",
"ext2FSendCommand":"Send comand",
"ext2FSendCommand":"Send command",
"ext2FValidateCommand":"Validation command",
"facebookAppId":"Facebook application ID",
"facebookAppSecret":"Facebook application secret",
@ -758,7 +758,7 @@
"stateCheck":"State Check",
"stayConnected":"Persistent connections",
"successfullySaved":"Successfully saved",
"storePassword":"Store user password in session datas",
"storePassword":"Store user password in session",
"successLoginNumber":"Number of registered logins",
"sympaHandler":"Sympa",
"sympaMailKey":"Mail session key",

4
lemonldap-ng-manager/site/htdocs/static/languages/en.json
View File

@ -254,7 +254,7 @@
"ext2fCodeActivation":"Code regex",
"ext2fAuthnLevel":"Authentication level",
"ext2fLogo":"Logo",
"ext2FSendCommand":"Send comand",
"ext2FSendCommand":"Send command",
"ext2FValidateCommand":"Validation command",
"facebookAppId":"Facebook application ID",
"facebookAppSecret":"Facebook application secret",
@ -758,7 +758,7 @@
"stateCheck":"State Check",
"stayConnected":"Persistent connections",
"successfullySaved":"Successfully saved",
"storePassword":"Store user password in session datas",
"storePassword":"Store user password in session",
"successLoginNumber":"Number of registered logins",
"sympaHandler":"Sympa",
"sympaMailKey":"Mail session key",

20
lemonldap-ng-manager/site/htdocs/static/languages/fr.json
View File

@ -130,7 +130,7 @@
"casSrvMetaDataOptionsGateway":"Authentification transparente",
"casSrvMetaDataOptionsIcon":"Chemin de l'icône",
"casSrvMetaDataOptionsSortNumber":"Ordre",
"casSrvMetaDataOptionsRenew":"Renouveller l'authentification",
"casSrvMetaDataOptionsRenew":"Renouveler l'authentification",
"casSrvMetaDataOptionsProxiedServices":"Services mandatés",
"casSrvMetaDataOptionsUrl":"URL du serveur",
"casSrvMetaDataNodes":"Serveurs CAS",
@ -145,7 +145,7 @@
"cspImg":"Sources des images",
"cspScript":"Sources des scripts",
"cspStyle":"Sources des styles",
"cspConnect":"Destinations des requêtes Ajax",
"cspConnect":"Destinations des requêtes AJAX",
"cspFont":"Sources des polices",
"cfgLog":"Résumé",
"cfgVersion":"Version de la configuration",
@ -276,7 +276,7 @@
"generalParameters":"Paramètres généraux",
"globalStorage":"Module Apache::Session",
"globalStorageOptions":"Paramètres du module Apache::Session",
"gpgAuthnLevel":"Niveau d'authentication",
"gpgAuthnLevel":"Niveau d'authentification",
"gpgDb":"Base de données GPG",
"gpgParams":"Paramètres GPG",
"grantSessionRules":"Conditions d'ouverture",
@ -331,8 +331,8 @@
"issuerDBOpenIDConnectRule":"Règle d'utilisation",
"issuerParams":"Modules fournisseur",
"jsRedirect":"Message de redirection",
"jqueryButtonSelector":"Selecteur jQuery du bouton (optionnel)",
"jqueryFormSelector":"Selecteur jQuery du formulaire (optionnel)",
"jqueryButtonSelector":"Sélecteur jQuery du bouton (optionnel)",
"jqueryFormSelector":"Sélecteur jQuery du formulaire (optionnel)",
"jqueryUrl":"URL jQuery (optionnel)",
"key":"Clef de chiffrement",
"keys":"Clefs",
@ -623,13 +623,13 @@
"portalErrorOnExpiredSession":"Affiche une erreur si la session est expirée",
"portalErrorOnMailNotFound":"Affiche une erreur si le mail n'est pas trouvé",
"portalForceAuthn":"Authentification forcée",
"portalForceAuthnInterval":"Interval d'authentification forcée",
"portalForceAuthnInterval":"Intervalle d'authentification forcée",
"portalMenu":"Menu",
"portalModules":"Modules",
"portalOpenLinkInNewWindow":"Nouvelle fenêtre",
"portalOther":"Autres",
"portalParams":"Portail",
"portalPingInterval":"Interval du ping",
"portalPingInterval":"Intervalle du ping",
"portalRedirection":"Redirections du Portail",
"portalRequireOldPassword":"Ancien mot de passe requis",
"portalServers":"Serveurs du portail",
@ -656,7 +656,7 @@
"radiusParams":"Paramètres Radius",
"radiusSecret":"Secret partagé",
"radiusServer":"Nom d'hôte du serveur",
"randomPasswordRegexp":"Expression regulière pour la génération des mots de passe",
"randomPasswordRegexp":"Expression régulière pour la génération des mots de passe",
"readOnlyMode":"Mode lecture seule",
"redirectFormMethod":"Méthode du formulaire de redirection",
"redirection":"Redirections du Handler",
@ -679,7 +679,7 @@
"remotePortal":"URL du portail",
"replaceByFile":"Remplacer par le fichier",
"requireToken":"Exige un jeton pour les formulaires",
"restAuthnLevel":"Niveau d'authentication",
"restAuthnLevel":"Niveau d'authentification",
"restAuthUrl":"URL d'authentification",
"restConfigServer":"Serveur de configurations REST",
"restore":"Restaurer",
@ -905,7 +905,7 @@
"samlIDPMetaDataOptionsSecurity":"Sécurité",
"samlIDPMetaDataOptionsSortNumber":"Ordre",
"samlIDPMetaDataOptionsStoreSAMLToken":"Conserver le jeton SAML",
"samlIDPMetaDataOptionsRelayStateURL":"Pemettre une URL dans le RelayState",
"samlIDPMetaDataOptionsRelayStateURL":"Permettre une URL dans le RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribut contenant l'identité de l'utilisateur",
"samlSPMetaDataNodes":"Fournisseurs de service SAML",
"samlSPMetaDataXML":"Metadonnées",

6
lemonldap-ng-manager/site/htdocs/static/languages/it.json
View File

@ -509,8 +509,8 @@
"oidcRPMetaDataOptionsLogoutType":"Tipo",
"oidcRPMetaDataOptionsLogoutUrl":"URL",
"oidcOPMetaDataOptionsProtocol":"Protocollo",
"oidcRPMetaDataOptionsPublic":"Public client",
"oidcRPMetaDataOptionsRequirePKCE":"Require PKCE",
"oidcRPMetaDataOptionsPublic":"Cliente pubblico",
"oidcRPMetaDataOptionsRequirePKCE":"Richiedi PKCE",
"oidcRPMetaDataOptionsRule":"Regola di accesso",
"oidcOPMetaDataOptionsScope":"Scopo",
"oidcOPMetaDataOptionsStoreIDToken":"Immagazzina ID Token",
@ -716,7 +716,7 @@
"session_s":"sessione(i)",
"sessionDataToRemember":"Dati di sessione da memorizzare",
"sessionDeleted":"La sessione è stata rimossa",
"sessionExpired":"The session is expired",
"sessionExpired":"La sessione è scaduta",
"sessionParams":"Sessioni",
"sessionStartedAt":"La sessione è stata avviata",
"sessionStorage":"Conservazione di sessioni",

4
lemonldap-ng-manager/site/htdocs/static/languages/zh.json
View File

@ -254,7 +254,7 @@
"ext2fCodeActivation":"Code regex",
"ext2fAuthnLevel":"认证级别",
"ext2fLogo":"Logo",
"ext2FSendCommand":"Send comand",
"ext2FSendCommand":"Send command",
"ext2FValidateCommand":"Validation command",
"facebookAppId":"Facebook application ID",
"facebookAppSecret":"Facebook application secret",
@ -758,7 +758,7 @@
"stateCheck":"State Check",
"stayConnected":"Persistent connections",
"successfullySaved":"Successfully saved",
"storePassword":"Store user password in session datas",
"storePassword":"Store user password in session",
"successLoginNumber":"Number of registered logins",
"sympaHandler":"Sympa",
"sympaMailKey":"Mail session key",

70
lemonldap-ng-manager/t/11-save-appCat-changed-conf.t Normal file
View File

@ -0,0 +1,70 @@
# Verify that an unmodified configuration is rejected
use Data::Dumper;
use Test::More;
use strict;
use JSON;
require 't/test-lib.pm';
my @struct = qw[t/jsonfiles/03-base-tree-appCat-modifed.json];
my @desc = ('Changed conf with deleted Category');
my $confFiles = [ 't/conf/lmConf-1.json', 't/conf/lmConf-2.json' ];
sub body {
return 0 unless (@struct);
my $t = shift @struct;
return IO::File->new( $t, 'r' );
}
# Delete lmConf-2.json if exists
eval { unlink $confFiles->[1]; };
mkdir 't/sessions';
# Try to save a modified conf
while ( my $body = &body() ) {
my $desc = shift @desc;
my ( $res, $resBody );
ok(
$res =
&client->_post( '/confs/', 'cfgNum=1', $body, 'application/json' ),
"$desc: positive result"
);
ok( $res->[0] == 200, "$desc: result code is 200" )
or print STDERR Dumper($res);
ok(
$resBody = from_json( $res->[2]->[0] ),
"$desc: result body contains JSON text"
);
#print STDERR Dumper($resBody);
ok( $resBody->{result} == 1, "$desc: JSON response contains \"result:1\"" );
ok( @{ $resBody->{details}->{__changes__} } eq 1,
"$desc: conf has changed" )
or print STDERR Dumper($resBody);
ok(
$resBody->{details}->{__changes__}->[0]->{new} eq
'categoryList, Administration, Documentation',
"$desc: new key received"
) or print STDERR Dumper($resBody);
ok(
$resBody->{details}->{__changes__}->[0]->{old} eq
'categoryList, Administration, Documentation, Sample applications',
"$desc: old key received"
) or print STDERR Dumper($resBody);
ok(
$resBody->{details}->{__changes__}->[0]->{key} eq
'Deletes in cat(s), Sample applications',
"$desc: key received"
) or print STDERR Dumper($resBody);
ok( -e $confFiles->[1], "$desc: file is created" );
#print STDERR Dumper($resBody);
count(9);
}
eval { unlink $confFiles->[1]; rmdir 't/sessions'; };
done_testing( count() );
# Remove sessions directory
`rm -rf t/sessions`;

2
lemonldap-ng-manager/t/12-save-changed-conf.t
View File

@ -39,7 +39,7 @@ foreach my $i ( 0 .. 1 ) {
ok(
@{ $resBody->{details}->{__changes__} } == 20,
'JSON response contains 24 changes'
'JSON response contains 20 changes'
) or print STDERR Dumper($resBody);
#print STDERR Dumper($resBody);

2208
lemonldap-ng-manager/t/jsonfiles/03-base-tree-appCat-modifed.json Normal file
View File

File diff suppressed because it is too large Load Diff

2
lemonldap-ng-portal/MANIFEST
View File

@ -493,11 +493,13 @@ t/40-Notifications-XML-DBI.t
t/40-Notifications-XML-File.t
t/40-Notifications-XML-Server.t
t/41-Captcha.t
t/41-Token-Global-Storage.t
t/41-Token.t
t/42-Register-Demo-with-captcha.t
t/42-Register-Demo-with-token.t
t/42-Register-Demo.t
t/42-Register-LDAP.t
t/42-Register-Security.t
t/43-MailPasswordReset-Choice.t
t/43-MailPasswordReset-DBI.t
t/43-MailPasswordReset-LDAP.t

5
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OneTimeToken.pm
View File

@ -76,7 +76,8 @@ sub createToken {
else {
# Create a new session
my $tsession = $self->p->getApacheSession( undef, info => $infos );
my $tsession =
$self->p->getApacheSession( undef, info => $infos, kind => 'TOKEN' );
$self->logger->debug("Token $tsession->{id} created");
return $tsession->id;
}
@ -108,7 +109,7 @@ sub getToken {
else {
# Get token session
my $tsession = $self->p->getApacheSession($id);
my $tsession = $self->p->getApacheSession( $id, kind => 'TOKEN' );
unless ($tsession) {
$self->logger->notice("Bad (or expired) token $id");
return undef;

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Remote.pm
View File

@ -50,7 +50,7 @@ sub checkRemoteId {
cacheModule => $self->conf->{localSessionStorage},
cacheModuleOptions => $self->conf->{localSessionStorageOptions},
id => $rId,
kind => "REMOTE",
kind => "SSO",
}
);

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
View File

@ -331,7 +331,7 @@ sub autoRedirect {
# If $id is set to undef or if $args{force} is true, return a new session.
sub getApacheSession {
my ( $self, $id, %args ) = @_;
$args{kind} ||= "SSO";
$args{kind} //= "SSO";
if ($id) {
$self->logger->debug("Try to get $args{kind} session $id");
}

15
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDA.pm
View File

@ -31,9 +31,6 @@ sub changeUrldc {
$self->logger->debug('CDA request');
# Create CDA session
if ( my $cdaSession =
$self->p->getApacheSession( undef, kind => "CDA" ) )
{
my $cdaInfos = { '_utime' => time };
if ( $self->{conf}->{securedCookie} < 2 or $ssl ) {
$cdaInfos->{cookie_value} = $req->id;
@ -45,7 +42,12 @@ sub changeUrldc {
$cdaInfos->{cookie_name} = $self->{conf}->{cookieName} . "http";
}
$self->p->updateSession( $req, $cdaInfos, $cdaSession->id );
my $cdaSession =
$self->p->getApacheSession( undef, kind => "CDA", info => $cdaInfos );
unless ($cdaSession) {
$self->logger->error("Unable to create CDA session");
return PE_APACHESESSIONERROR;
}
# We are about to redirect the user to the CDA application,
# dismiss any previously stored redirections (#1650)
@ -58,11 +60,6 @@ sub changeUrldc {
$self->logger->debug( "CDA redirection to " . $req->{urldc} );
}
else {
$self->logger->error("Unable to create CDA session");
return PE_APACHESESSIONERROR;
}
}
PE_OK;
}

7
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
View File

@ -55,8 +55,10 @@ sub init {
sub run {
my ( $self, $req ) = @_;
my $savedHttpSession = $req->{sessionInfo}->{_httpSession} //= '';
my $spoofId = $req->param('spoofId') || $req->{user};
$self->logger->debug("No impersonation required") if ( $spoofId eq $req->{user} );
$self->logger->debug("No impersonation required")
if ( $spoofId eq $req->{user} );
my $statut = PE_OK;
if ( $spoofId !~ /$self->{conf}->{userControl}/o ) {
@ -139,6 +141,9 @@ sub run {
$self->p->updateSession( $req, $spoofSession );
$req->steps( [ $self->p->validSession, @{ $self->p->endAuth } ] );
# Restore _httpSession for double Cookies
$req->{sessionInfo}->{_httpSession} = $savedHttpSession
if $savedHttpSession;
return $statut;
}

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SOAPServer.pm
View File

@ -272,7 +272,7 @@ sub getAttributes {
my ( $self, $req, $id ) = @_;
die 'id is required' unless ($id);
my $session = $self->p->getApacheSession($id);
my $session = $self->p->getApacheSession( $id, kind => '' );
my @tmp = ();
unless ($session) {

4
lemonldap-ng-portal/site/htdocs/static/bootstrap/css/styles.css
View File

@ -159,3 +159,7 @@ div.oidc_consent_message > ul {
.fa.icon-blue {
color: blue;
}
.progress-bar-animated {
width: 100%;
}

2
lemonldap-ng-portal/site/htdocs/static/bootstrap/css/styles.min.css vendored
View File

@ -1 +1 @@
html,body{height:100%;background:radial-gradient(circle at 50% 0,#fff 0,#ddd 100%) no-repeat scroll 0 0 #ddd}#wrap{min-height:100%;height:auto;margin:0 auto -80px;padding:20px 0 80px}#footer{height:80px;background-color:#fff;background-color:rgba(255,255,255,0.9);text-align:center;padding-top:10px;overflow:hidden}#header img{background-color:#fff;background-color:rgba(255,255,255,0.8);margin-bottom:20px}.card,.navbar-light{background-color:#fff;background-color:rgba(255,255,255,0.9);background-image:none}.login,.password{text-align:center;padding:20px}div.form{margin:0 auto;max-width:330px}div.actions{margin:10px 0 0 0}div.actions a{margin-top:10px}.buttons{text-align:center;margin:10px 0 0 0;cursor:pointer}.btn{white-space:normal}.btn span.fa{padding-right:8px}li.ui-state-active{background-color:#fafafa;background-color:rgba(250,250,250,0.9)}#appslist,#password,#loginHistory,#logout,#oidcConsents{margin-top:20px}div.category{margin:10px 0;cursor:grab}div.application{margin:5px 0;overflow:hidden}div.application a,div.application a:hover{text-decoration:none}p.notifCheck label{margin-left:5px;margin-top:3px;display:inline-block}img.langicon{cursor:pointer}button.idploop{max-width:300px}button.idploop img{max-height:30px}div.oidc_consent_message>ul{text-align:left;list-style:circle}@media(min-width:768px){div.application{height:80px}div.application h4.appname{margin:0}#wrap{margin:0 auto -60px}#footer{height:60px}}.hiddenFrame{border:0;display:hidden;margin:0}.noborder{border:0}.max{width:100%}.link{cursor:pointer}.nodecor:hover,.nodecor:active.nodecor:focus{text-decoration:none}.fa.icon-blue{color:blue}
html,body{height:100%;background:radial-gradient(circle at 50% 0,#fff 0,#ddd 100%) no-repeat scroll 0 0 #ddd}#wrap{min-height:100%;height:auto;margin:0 auto -80px;padding:20px 0 80px}#footer{height:80px;background-color:#fff;background-color:rgba(255,255,255,0.9);text-align:center;padding-top:10px;overflow:hidden}#header img{background-color:#fff;background-color:rgba(255,255,255,0.8);margin-bottom:20px}.card,.navbar-light{background-color:#fff;background-color:rgba(255,255,255,0.9);background-image:none}.login,.password{text-align:center;padding:20px}div.form{margin:0 auto;max-width:330px}div.actions{margin:10px 0 0 0}div.actions a{margin-top:10px}.buttons{text-align:center;margin:10px 0 0 0;cursor:pointer}.btn{white-space:normal}.btn span.fa{padding-right:8px}li.ui-state-active{background-color:#fafafa;background-color:rgba(250,250,250,0.9)}#appslist,#password,#loginHistory,#logout,#oidcConsents{margin-top:20px}div.category{margin:10px 0;cursor:grab}div.application{margin:5px 0;overflow:hidden}div.application a,div.application a:hover{text-decoration:none}p.notifCheck label{margin-left:5px;margin-top:3px;display:inline-block}img.langicon{cursor:pointer}button.idploop{max-width:300px}button.idploop img{max-height:30px}div.oidc_consent_message>ul{text-align:left;list-style:circle}@media(min-width:768px){div.application{height:80px}div.application h4.appname{margin:0}#wrap{margin:0 auto -60px}#footer{height:60px}}.hiddenFrame{border:0;display:hidden;margin:0}.noborder{border:0}.max{width:100%}.link{cursor:pointer}.nodecor:hover,.nodecor:active.nodecor:focus{text-decoration:none}.fa.icon-blue{color:blue}.progress-bar-animated{width:100%}

2
lemonldap-ng-portal/site/htdocs/static/languages/ar.json
View File

@ -172,7 +172,7 @@
"noU2FKeyFound":"No U2F key found",
"oidcConsent":"التطبيق ٪s هل ترغب في معرفة:",
"oidcConsents":"OIDC consents",
"oidcConsentsFull":"OpenID-Connect consents",
"oidcConsentsFull":"OpenID Connect consents",
"openidAp":"هل توافق على تقديم الإعدادات التالية؟",
"openIdExample":"فمثلا:http://myopenid.org/toto",
"openidExchange":"هل تريد مصادقة نفسك على٪ s؟",

2
lemonldap-ng-portal/site/htdocs/static/languages/de.json
View File

@ -172,7 +172,7 @@
"noU2FKeyFound":"Kein U2F Schlüssel gefunden",
"oidcConsent":"Die Anwendung %s möchte wissen:",
"oidcConsents":"OIDC consents",
"oidcConsentsFull":"OpenID-Connect consents",
"oidcConsentsFull":"OpenID Connect consents",
"openidAp":"Stimmst du folgenden Parametern zu ?",
"openIdExample":"zum Beispiel: http://myopenid.org/toto",
"openidExchange":"Willst du dich bei %s authentifizieren ?",

10
lemonldap-ng-portal/site/htdocs/static/languages/en.json
View File

@ -45,12 +45,12 @@
"PE53":"SAML message destination is not correct",
"PE54":"SAML message conditions are not respected",
"PE55":"Identity provider initiated single sign on is not authorized",
"PE56":"An error occured during SAML single logout",
"PE56":"An error occurred during SAML single logout",
"PE57":"Error in SAML message signature management",
"PE58":"An error occured during SAML artifact use",
"PE58":"An error occurred during SAML artifact use",
"PE59":"Communication error with SAML sessions",
"PE60":"Problem when loading a service provider",
"PE61":"An error occured during SAML attributes exchange",
"PE61":"An error occurred during SAML attributes exchange",
"PE62":"This is an OpenID endpoint page",
"PE63":"You try to use an OpenID identity which is not yours",
"PE64":"A required attribute is not available",
@ -172,13 +172,13 @@
"noU2FKeyFound": "No U2F key found",
"oidcConsent":"The application %s would like to know:",
"oidcConsents": "OIDC consents",
"oidcConsentsFull":"OpenID-Connect consents",
"oidcConsentsFull":"OpenID Connect consents",
"openidAp":"Do you agree to provide the following parameters?",
"openIdExample":"for example:http://myopenid.org/toto",
"openidExchange":"Do you want to authenticate yourself on %s ?",
"openidPA":"Data usage policy is available at",
"openidRpns":"Parameter %s requested for federation isn't available",
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profil.",
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profile.",
"openSSOSession":"Open your SSO session",
"otherSessions":"Other active sessions",
"password": "Password",

4
lemonldap-ng-portal/site/htdocs/static/languages/es.json
View File

@ -172,13 +172,13 @@
"noU2FKeyFound":"No U2F key found",
"oidcConsent":"The application %s would like to know:",
"oidcConsents":"OIDC consents",
"oidcConsentsFull":"OpenID-Connect consents",
"oidcConsentsFull":"OpenID Connect consents",
"openidAp":"Do you agree to provide the following parameters?",
"openIdExample":"for example:http://myopenid.org/toto",
"openidExchange":"Do you want to authenticate yourself on %s ?",
"openidPA":"Data usage policy is available at",
"openidRpns":"Parameter %s requested for federation isn't available",
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profil.",
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profile.",
"openSSOSession":"Open your SSO session",
"otherSessions":"Other active sessions",
"password":"Password",

10
lemonldap-ng-portal/site/htdocs/static/languages/fi.json
View File

@ -45,12 +45,12 @@
"PE53":"SAML message destination is not correct",
"PE54":"SAML message conditions are not respected",
"PE55":"Identity provider initiated single sign on is not authorized",
"PE56":"An error occured during SAML single logout",
"PE56":"An error occurred during SAML single logout",
"PE57":"Error in SAML message signature management",
"PE58":"An error occured during SAML artifact use",
"PE58":"An error occurred during SAML artifact use",
"PE59":"Communication error with SAML sessions",
"PE60":"Problem when loading a service provider",
"PE61":"An error occured during SAML attributes exchange",
"PE61":"An error occurred during SAML attributes exchange",
"PE62":"This is an OpenID endpoint page",
"PE63":"You try to use an OpenID identity which is not yours",
"PE64":"A required attribute is not available",
@ -172,13 +172,13 @@
"noU2FKeyFound":"No U2F key found",
"oidcConsent":"The application %s would like to know:",
"oidcConsents":"OIDC consents",
"oidcConsentsFull":"OpenID-Connect consents",
"oidcConsentsFull":"OpenID Connect consents",
"openidAp":"Do you agree to provide the following parameters?",
"openIdExample":"for example:http://myopenid.org/toto",
"openidExchange":"Do you want to authenticate yourself on %s ?",
"openidPA":"Data usage policy is available at",
"openidRpns":"Parameter %s requested for federation isn't available",
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profil.",
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profile.",
"openSSOSession":"Open your SSO session",
"otherSessions":"Other active sessions",
"password":"Salasana",

4
lemonldap-ng-portal/site/htdocs/static/languages/fr.json
View File

@ -77,7 +77,7 @@
"PE85":"Le site souhaite une authentification plus récente (et le plugin UpgradeSession n'est pas chargé). Déconnectez-vous et réessayez",
"PE86":"Votre compte est verrouillé. Vous devez attendre 30s avant de vous ré-authentifier.",
"PE87":"Vous devez vous ré-authentifier pour pouvoir accéder au Portail",
"PE88":"une addresse email doit être renseignée pour pouvoir utiliser l'authentification à double facteurs.",
"PE88":"une adresse email doit être renseignée pour pouvoir utiliser l'authentification à double facteurs.",
"PE89":"Accès non autorisé au service SAML",
"PE90":"Accès non autorisé au service OIDC",
"PE91":"Accès non autorisé au service OID",
@ -172,7 +172,7 @@
"noU2FKeyFound": "Aucune clef U2F trouvée",
"oidcConsent":"L'application %s voudrait connaître :",
"oidcConsents": "Accords OIDC",
"oidcConsentsFull":"Accords OpenID-Connect",
"oidcConsentsFull":"Accords OpenID Connect",
"openidAp":"Consentez-vous à communiquer les paramètres suivants ?",
"openIdExample":"par exemple : http://myopenid.org/toto",
"openidExchange":"Souhaitez-vous vous identifier sur le site %s ?",

2
lemonldap-ng-portal/site/htdocs/static/languages/it.json
View File

@ -172,7 +172,7 @@
"noU2FKeyFound":"Nessuna chiave U2F trovata",
"oidcConsent":"L'applicazione %s vorrebbe sapere:",
"oidcConsents":"Consensi OIDC",
"oidcConsentsFull":"Consensi OpenID-Connect",
"oidcConsentsFull":"Consensi OpenID Connect",
"openidAp":"Accetti di fornire i seguenti parametri?",
"openIdExample":"per esempio:http://myopenid.org/toto",
"openidExchange":"Vuoi autenticarti su% s?",

4
lemonldap-ng-portal/site/htdocs/static/languages/nl.json
View File

@ -172,13 +172,13 @@
"noU2FKeyFound":"No U2F key found",
"oidcConsent":"The application %s would like to know:",
"oidcConsents":"OIDC consents",
"oidcConsentsFull":"OpenID-Connect consents",
"oidcConsentsFull":"OpenID Connect consents",
"openidAp":"Do you agree to provide the following parameters?",
"openIdExample":"for example:http://myopenid.org/toto",
"openidExchange":"Do you want to authenticate yourself on %s ?",
"openidPA":"Data usage policy is available at",
"openidRpns":"Parameter %s requested for federation isn't available",
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profil.",
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profile.",
"openSSOSession":"Open your SSO session",
"otherSessions":"Other active sessions",
"password":"Password",

4
lemonldap-ng-portal/site/htdocs/static/languages/pt.json
View File

@ -172,13 +172,13 @@
"noU2FKeyFound":"No U2F key found",
"oidcConsent":"The application %s would like to know:",
"oidcConsents":"OIDC consents",
"oidcConsentsFull":"OpenID-Connect consents",
"oidcConsentsFull":"OpenID Connect consents",
"openidAp":"Do you agree to provide the following parameters?",
"openIdExample":"for example:http://myopenid.org/toto",
"openidExchange":"Do you want to authenticate yourself on %s ?",
"openidPA":"Data usage policy is available at",
"openidRpns":"Parameter %s requested for federation isn't available",
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profil.",
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profile.",
"openSSOSession":"Open your SSO session",
"otherSessions":"Other active sessions",
"password":"Password",

4
lemonldap-ng-portal/site/htdocs/static/languages/ro.json
View File

@ -172,13 +172,13 @@
"noU2FKeyFound":"No U2F key found",
"oidcConsent":"The application %s would like to know:",
"oidcConsents":"OIDC consents",
"oidcConsentsFull":"OpenID-Connect consents",
"oidcConsentsFull":"OpenID Connect consents",
"openidAp":"Do you agree to provide the following parameters?",
"openIdExample":"for example:http://myopenid.org/toto",
"openidExchange":"Do you want to authenticate yourself on %s ?",
"openidPA":"Data usage policy is available at",
"openidRpns":"Parameter %s requested for federation isn't available",
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profil.",
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profile.",
"openSSOSession":"Open your SSO session",
"otherSessions":"Other active sessions",
"password":"Password",

2
lemonldap-ng-portal/site/htdocs/static/languages/vi.json
View File

@ -172,7 +172,7 @@
"noU2FKeyFound":"No U2F key found",
"oidcConsent":"Ứng dụng %s muốn biết:",
"oidcConsents":"OIDC consents",
"oidcConsentsFull":"OpenID-Connect consents",
"oidcConsentsFull":"OpenID Connect consents",
"openidAp":"Bạn đồng ý cung cấp các thông số sau?",
"openIdExample":"ví dụ: http: //myopenid.org/toto",
"openidExchange":"Bạn có muốn chứng thực mình trên%s không?",

10
lemonldap-ng-portal/site/htdocs/static/languages/zh.json
View File

@ -45,12 +45,12 @@
"PE53":"SAML message destination is not correct",
"PE54":"SAML message conditions are not respected",
"PE55":"Identity provider initiated single sign on is not authorized",
"PE56":"An error occured during SAML single logout",
"PE56":"An error occurred during SAML single logout",
"PE57":"Error in SAML message signature management",
"PE58":"An error occured during SAML artifact use",
"PE58":"An error occurred during SAML artifact use",
"PE59":"Communication error with SAML sessions",
"PE60":"Problem when loading a service provider",
"PE61":"An error occured during SAML attributes exchange",
"PE61":"An error occurred during SAML attributes exchange",
"PE62":"This is an OpenID endpoint page",
"PE63":"You try to use an OpenID identity which is not yours",
"PE64":"所需 attribute 不可用",
@ -172,13 +172,13 @@
"noU2FKeyFound":"No U2F key found",
"oidcConsent":"The application %s would like to know:",
"oidcConsents":"OIDC consents",
"oidcConsentsFull":"OpenID-Connect consents",
"oidcConsentsFull":"OpenID Connect consents",
"openidAp":"您是否同意提供以下参数?",
"openIdExample":"例如http://myopenid.org/toto",
"openidExchange":"Do you want to authenticate yourself on %s ?",
"openidPA":"数据使用条约可在此处了解",
"openidRpns":"Parameter %s requested for federation isn't available",
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profil.",
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profile.",
"openSSOSession":"Open your SSO session",
"otherSessions":"Other active sessions",
"password":"密码",

2
lemonldap-ng-portal/site/templates/bootstrap/redirect.tpl
View File

@ -16,7 +16,7 @@ form
</div>
<div class="card-body">
<div class="progress">
<div class="progress-bar progress-bar-striped progress-bar-animated" role="progressbar" aria-valuenow="100" aria-valuemin="0" aria-valuemax="100" style="width: 100%"></div>
<div class="progress-bar progress-bar-striped progress-bar-animated" role="progressbar" aria-valuenow="100" aria-valuemin="0" aria-valuemax="100"></div>
</div>
<noscript>
<div class="message message-warning alert">It appears that your browser does not support Javascript.</div>

15
lemonldap-ng-portal/t/01-AuthDemo.t
View File

@ -41,10 +41,9 @@ ok(
'Auth query'
);
count(1);
ok(
$res->[2]->[0] =~ /<span trmsg="5"><\/span><\/div>/,
'jdoe rejected with PE_BADCREDENTIALS'
) or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ /<span trmsg="5"><\/span><\/div>/,
'jdoe rejected with PE_BADCREDENTIALS' )
or print STDERR Dumper( $res->[2]->[0] );
count(1);
ok( $res->[2]->[0] =~ m%<span trspan="connect">Connect</span>%,
'Found connect button' )
@ -63,17 +62,15 @@ ok(
'Auth query'
);
count(1);
ok(
$res->[2]->[0] =~ /<span trmsg="5"><\/span><\/div>/,
'dwho rejected with PE_BADCREDENTIALS'
) or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ /<span trmsg="5"><\/span><\/div>/,
'dwho rejected with PE_BADCREDENTIALS' )
or print STDERR Dumper( $res->[2]->[0] );
count(1);
ok( $res->[2]->[0] =~ m%<span trspan="connect">Connect</span>%,
'Found connect button' )
or print STDERR Dumper( $res->[2]->[0] );
count(1);
# Try to authenticate with good password
# --------------------------------------
ok(

3
lemonldap-ng-portal/t/20-Auth-and-password-DBI-dynamic-hash.t
View File

@ -106,8 +106,7 @@ SKIP: {
$dbh->do(
"INSERT INTO users VALUES ('jsmith','{ssha512}wr0zU/I6f7U4bVoeOlJnNFbhF0a9np59LUeNnhokohVI/wiNzt8Y4JujfOfNQiGuiVgY+xrYggfmgpke6KdjxKS7W0GR1ZCe','John Smith')"
);
my $client = LLNG::Manager::Test->new(
{
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
useSafeJail => 1,

9
lemonldap-ng-portal/t/30-Auth-SAML-with-choice.t
View File

@ -67,9 +67,12 @@ SKIP: {
# IDP must be sorted
my @idp = map /val="http:\/\/(.+?)\/saml\/metadata">/g, $res->[2]->[0];
ok( $idp[0] eq 'auth.idp2.com', '1st = idp2' ) or print STDERR Dumper( \@idp );
ok( $idp[1] eq 'auth.idp2_z.com', '2nd = idp2_z' ) or print STDERR Dumper( \@idp );
ok( $idp[2] eq 'auth.idp3.com', '3rd = idp3' ) or print STDERR Dumper( \@idp );
ok( $idp[0] eq 'auth.idp2.com', '1st = idp2' )
or print STDERR Dumper( \@idp );
ok( $idp[1] eq 'auth.idp2_z.com', '2nd = idp2_z' )
or print STDERR Dumper( \@idp );
ok( $idp[2] eq 'auth.idp3.com', '3rd = idp3' )
or print STDERR Dumper( \@idp );
ok( $idp[3] eq 'auth.idp.com', '4th= idp' ) or print STDERR Dumper( \@idp );
ok(

13
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Metadata.t
View File

@ -27,12 +27,19 @@ SKIP: {
ok( $res = $issuer->_get('/saml/metadata/idp'), 'Get IDP metadata' );
ok( $res->[2]->[0] =~ m#^<\?xml version="1.0"\?>#s, 'Metadata is XML' );
ok( $res->[2]->[0] !~ m#<SPSSODescriptor#s, 'Metadata does not contain SP information' );
ok( $res->[2]->[0] =~ m#entityID="urn:example\.com"#s, 'IDP EntityID is overriden' );
ok(
$res->[2]->[0] !~ m#<SPSSODescriptor#s,
'Metadata does not contain SP information'
);
ok( $res->[2]->[0] =~ m#entityID="urn:example\.com"#s,
'IDP EntityID is overriden' );
ok( $res = $issuer->_get('/saml/metadata/sp'), 'Get SP metadata' );
ok( $res->[2]->[0] =~ m#^<\?xml version="1.0"\?>#s, 'Metadata is XML' );
ok( $res->[2]->[0] !~ m#<IDPSSODescriptor#s, 'Metadata does not contain IDP information' );
ok(
$res->[2]->[0] !~ m#<IDPSSODescriptor#s,
'Metadata does not contain IDP information'
);
#print STDERR Dumper($res);
}

3
lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t
View File

@ -138,9 +138,6 @@ SKIP: {
$spPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
my ( $host, $tmp );
( $url, $query ) = expectRedirection( $res,
qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# );

84
lemonldap-ng-portal/t/41-Token-Global-Storage.t Normal file
View File

@ -0,0 +1,84 @@
use Test::More;
use strict;
use IO::String;
require 't/test-lib.pm';
my $res;
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
useSafeJail => 1,
requireToken => '"Bad rule"',
tokenUseGlobalStorage => 1,
}
}
);
# Test normal first access
# ------------------------
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Unauth request' );
count(1);
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
ok( $query =~ /token=([^&]+)/, 'Token value' );
count(1);
my $token = $1;
$query =~ "token=$token";
# Try to auth without token
ok(
$res = $client->_post(
'/',
IO::String->new('user=dwho&password=dwho'),
length => 23
),
'Try to auth without token'
);
count(1);
expectReject($res);
# Try token as cookie value
ok( $res = $client->_get( '/', cookie => "lemonldap=$token" ),
'Try token as cookie' );
count(1);
expectReject($res);
# Try to auth with token
$query .= '&user=dwho&password=dwho';
ok(
$res =
$client->_post( '/', IO::String->new($query), length => length($query) ),
'Try to auth with token'
);
count(1);
expectOK($res);
my $id = expectCookie($res);
# Verify auth
ok( $res = $client->_get( '/', cookie => "lemonldap=$id" ), 'Verify auth' );
count(1);
expectOK($res);
# Try to reuse the same token
ok(
$res =
$client->_post( '/', IO::String->new($query), length => length($query) ),
'Try to reuse the same token'
);
expectReject($res);
ok(
$res = $client->_post(
'/', IO::String->new($query),
length => length($query),
accept => 'text/html'
),
'Verify that there is a new token'
);
expectForm( $res, '#', undef, 'token' );
count(2);
clean_sessions();
done_testing( count() );

3
lemonldap-ng-portal/t/42-Register-Demo-with-token.t
View File

@ -25,7 +25,8 @@ SKIP: {
portalDisplayRegister => 1,
registerDB => 'Demo',
captcha_register_enabled => 0,
requireToken => '!$env->{ipAddr} || $env->{ipAddr} ne "127.1.1.1"',
requireToken =>
'!$env->{ipAddr} || $env->{ipAddr} ne "127.1.1.1"',
}
}
);

78
lemonldap-ng-portal/t/42-Register-Security.t Normal file
View File

@ -0,0 +1,78 @@
use Test::More;
use strict;
use IO::String;
BEGIN {
eval {
require 't/test-lib.pm';
require 't/smtp.pm';
};
}
my $maintests = 5;
my ( $res, $user, $pwd );
SKIP: {
eval 'require Email::Sender::Simple';
if ($@) {
skip 'Missing dependencies', $maintests;
}
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
useSafeJail => 1,
portalDisplayRegister => 1,
authentication => 'Demo',
userDB => 'Same',
registerDB => 'Demo',
captcha_register_enabled => 0,
tokenUseGlobalStorage => 1,
}
}
);
# Test normal first access
# ------------------------
ok(
$res = $client->_get( '/register', accept => 'text/html' ),
'Unauth request',
);
my ( $host, $url, $query ) =
expectForm( $res, '#', undef, 'firstname', 'lastname', 'mail' );
ok(
$res = $client->_post(
'/register',
IO::String->new(
'firstname=fôo&lastname=bar&mail=foobar%40badwolf.org'),
length => 53,
accept => 'text/html'
),
'Ask to create account'
);
expectOK($res);
my $mail = mail();
ok( $mail =~ m#a href="http://auth.example.com/register\?(.*?)"#,
'Found register token' );
$query = $1;
ok( $query =~ /register_token=([^&]+)/, 'Found register_token' );
my $token = $1;
ok(
$res = $client->_get(
'/',
length => 23,
cookie => "lemonldap=$token",
),
'Try to authenticate'
);
expectReject($res);
}
count($maintests);
clean_sessions();
done_testing( count() );

9
lemonldap-ng-portal/t/67-CheckUser.t
View File

@ -95,8 +95,7 @@ count(1);
ok( $res->[2]->[0] =~ m%<td class="text-left">_user</td>%,
'Found attribute _user' )
or explain( $res->[2]->[0], 'Attribute _user' );
ok( $res->[2]->[0] =~ m%<td class="text-left">dwho</td>%,
'Found value dwho' )
ok( $res->[2]->[0] =~ m%<td class="text-left">dwho</td>%, 'Found value dwho' )
or explain( $res->[2]->[0], 'Value dwho' );
count(2);
@ -141,7 +140,8 @@ count(1);
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
or explain( $res->[2]->[0], 'trspan="checkUser"' );
ok( $res->[2]->[0] =~ m%value="http://test1.example.com/UriTesT"%, 'Found well formatted url' )
ok( $res->[2]->[0] =~ m%value="http://test1.example.com/UriTesT"%,
'Found well formatted url' )
or explain( $res->[2]->[0], 'Well formatted url' );
count(2);
@ -196,7 +196,8 @@ count(1);
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
or explain( $res->[2]->[0], 'trspan="checkUser"' );
ok( $res->[2]->[0] =~ m%value="http://test1.example.com:1234"%, 'Found well formatted url' )
ok( $res->[2]->[0] =~ m%value="http://test1.example.com:1234"%,
'Found well formatted url' )
or explain( $res->[2]->[0], 'Well formatted url' );
count(2);

3
lemonldap-ng-portal/t/68-Impersonation.t
View File

@ -269,7 +269,8 @@ ok( $res->[2]->[0] =~ m%<td class="text-left">testPrefix_groups</td>%,
or explain( $res->[2]->[0], 'testPrefix_groups' );
ok( $res->[2]->[0] =~ m%<td class="text-left">su</td>%, 'Found su' )
or explain( $res->[2]->[0], 'su' );
ok( $res->[2]->[0] =~ m%<td class="text-left">testPrefix_uid</td>%, 'Found testPrefix_uid' )
ok( $res->[2]->[0] =~ m%<td class="text-left">testPrefix_uid</td>%,
'Found testPrefix_uid' )
or explain( $res->[2]->[0], 'testPrefix_groups' );
ok( $res->[2]->[0] =~ m%<td class="text-left">rtyler</td>%, 'Found rtyler' )
or explain( $res->[2]->[0], 'su' );

3
lemonldap-ng-portal/t/75-2F-Registers.t
View File

@ -269,7 +269,8 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
or print STDERR Dumper($res);
# Two 2F devices must be registered
my @sf = map m%<span device=\'(TOTP|U2F)\' epoch=\'\d{10}\'%g, $res->[2]->[0];
my @sf = map m%<span device=\'(TOTP|U2F)\' epoch=\'\d{10}\'%g,
$res->[2]->[0];
ok( scalar @sf == 2, 'Two 2F devices found' )
or print STDERR Dumper($res);
ok( $sf[0] eq 'TOTP', 'TOTP device found' ) or print STDERR Dumper( \@sf );

1
lemonldap-ng-portal/t/separate-handler.pm
View File

@ -52,6 +52,7 @@ sub handler {
}
}
}
sub end_handler {
print $in "END\n";
}

2
scripts/generate-changelog.pl
View File

@ -12,7 +12,7 @@
use LWP::UserAgent;
use JSON;
my $milestone = '2.0.3';
my $milestone = '2.1.0';
my @cat = ( 'Bug', 'New feature', 'Improvement' );
open F, "$ENV{HOME}/.ow2-token" or die "Unable to get OW2 token ($!)";