diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
index d764d10e0..d40fc584a 100644
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
@@ -348,16 +348,18 @@ sub sessionStorageInit {
if ( $conf->{status} ) {
my $params = "";
if ( $class->tsv->{sessionCacheModule} ) {
- require Data::Dumper;
- $params = ' '
- . $class->tsv->{sessionCacheModule} . ','
- . Data::Dumper->new( [ $class->tsv->{sessionCacheOptions} ] )
- ->Terse(1)->Indent(0)->Dump; # To send params on one line
+ $params = ' ' . join(
+ ',',
+ $class->tsv->{sessionCacheModule} . map {
+ "$_ => "
+ . $class->tsv->{sessionCacheOptions}->{$_}
+ } keys %{ $class->tsv->{sessionCacheOptions} // {} }
+ );
}
$class->tsv->{statusPipe}->print("RELOADCACHE $params\n");
}
}
- return 1;
+return 1;
}
## @imethod void headersInit(hashRef args)
diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
index 10136c77e..4239fe1a4 100644
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
@@ -147,7 +147,9 @@ sub run {
# ACCOUNTING (1. Inform web server)
$class->set_user( $req, $session->{ $class->tsv->{whatToTrace} } );
- $class->set_custom( $req, $session->{ $class->tsv->{customToTrace} } );
+ $class->set_custom( $req, $session->{ $class->tsv->{customToTrace} } )
+ if $class->tsv->{customToTrace}
+ and $session->{ $class->tsv->{customToTrace} };
# AUTHORIZATION
return ( $class->forbidden( $req, $session ), $session )
@@ -409,7 +411,7 @@ sub fetchId {
my $value =
$lookForHttpCookie
? ( $t =~ /${cn}http=([^,; ]+)/o ? $1 : 0 )
- : ( $t =~ /$cn=([^,; ]+)/o ? $1 : 0 );
+ : ( $t =~ /$cn=([^,; ]+)/o ? $1 : 0 );
if ( $value && $lookForHttpCookie && $class->tsv->{securedCookie} == 3 ) {
$value = $class->tsv->{cipher}->decryptHex( $value, "http" );
diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST
index 7bd1fc157..f5507c077 100644
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@@ -332,6 +332,7 @@ site/htdocs/static/common/modules/Kerberos.png
site/htdocs/static/common/modules/LinkedIn.png
site/htdocs/static/common/modules/OpenIDConnect.png
site/htdocs/static/common/modules/SAML.png
+site/htdocs/static/common/modules/Slave.png
site/htdocs/static/common/modules/SSL.png
site/htdocs/static/common/modules/Twitter.png
site/htdocs/static/common/modules/WebID.png
@@ -496,7 +497,7 @@ t/32-Auth-and-issuer-OIDC-implicit.t
t/32-Auth-and-issuer-OIDC-sorted.t
t/32-CAS-10.t
t/32-OIDC-RP-rule.t
-t/32-OIDC-Token-Spoof.t
+t/32-OIDC-Token-Security.t
t/33-Auth-and-issuer-OpenID2.t
t/34-Auth-Proxy-and-REST-Server.t
t/34-Auth-Proxy-and-SOAP-Server.t
@@ -567,7 +568,7 @@ t/66-CDA-with-REST.t
t/66-CDA-with-SOAP.t
t/66-CDA.t
t/67-CheckUser-with-Global-token.t
-t/67-Checkuser-with-Impersonation-and-whatToTrace.t
+t/67-CheckUser-with-Impersonation-and-whatToTrace.t
t/67-CheckUser-with-issuer-SAML-POST.t
t/67-CheckUser-with-token.t
t/67-CheckUser.t
@@ -604,6 +605,7 @@ t/77-2F-Mail-with-global-storage.t
t/77-2F-Mail.t
t/78-2F-Upgrade.t
t/90-Translations.t
+t/99-Dont-load-Dumper.t
t/99-pod.t
t/gpghome/key.asc
t/gpghome/openpgp-revocs.d/9482CEFB055809CBAFE6D71AAB2D5542891D1677.rev
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm
index d2ac3cb14..e9c19da3a 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm
@@ -3,7 +3,6 @@ package Lemonldap::NG::Portal::Lib::Notifications::JSON;
use strict;
use Mouse;
use JSON qw(from_json);
-use Data::Dumper;
our $VERSION = '2.0.6';
@@ -260,7 +259,8 @@ sub notificationServer {
return $self->p->sendError( $req, "Unable to decode JSON file: $@",
400 )
if ($@);
- $self->p->logger->debug( "Notification $notif: " . Dumper($json) );
+ $self->p->logger->debug(
+ "Notification $notif: " . $notifs->{$notif} );
if ($ref) {
push( @$res,
map { "$_" => $json->{$_} },
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
index b1f592cef..f9db0d717 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@@ -8,7 +8,6 @@ package Lemonldap::NG::Portal::Main;
use strict;
use Mouse;
use JSON;
-use Data::Dumper;
has skinRules => ( is => 'rw' );
@@ -126,8 +125,9 @@ sub display {
# 1.3 There is a message to display
elsif ( my $info = $req->info ) {
$self->logger->debug('Display: info detected');
- $self->logger->debug(
- 'Hidden values -> ' . Dumper( $req->{portalHiddenFormValues} ) );
+ $self->logger->debug('Hidden values :');
+ $self->logger->debug( " $_: " . $req->{portalHiddenFormValues}->{$_} )
+ for keys %{ $req->{portalHiddenFormValues} // {} };
$skinfile = 'info';
%templateParams = (
MAIN_LOGO => $self->conf->{portalMainLogo},
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index d0b6f81c4..dfa76bf7f 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -758,10 +758,12 @@ sub cookie {
sub _dump {
my ( $self, $variable ) = @_;
- require Data::Dumper;
- $Data::Dumper::Indent = 0;
- $Data::Dumper::Useperl = 1;
- $self->logger->debug( "Dump: " . Data::Dumper::Dumper($variable) );
+ if ( $self->conf->{logLevel} eq 'debug' ) {
+ require Data::Dumper;
+ $Data::Dumper::Indent = 0;
+ $Data::Dumper::Useperl = 1;
+ $self->logger->debug( "Dump: " . Data::Dumper::Dumper($variable) );
+ }
return;
}
@@ -813,11 +815,11 @@ sub sendHtml {
'Pragma' => 'no-cache', # HTTP 1.0
'Expires' => '0'; # Proxies
- my @cors = split /;/, $self->cors;
if ( $self->conf->{corsEnabled} ) {
+ my @cors = split /;/, $self->cors;
push @{ $res->[1] }, @cors;
- $self->logger->debug(
- "Apply following CORS policy : " . Data::Dumper::Dumper( \@cors ) );
+ $self->logger->debug('Apply following CORS policy :');
+ $self->logger->debug(" $_") for @cors;
}
# Set authorized URL for POST
@@ -1002,7 +1004,7 @@ sub registerLogin {
}
my $history = $req->sessionInfo->{_loginHistory} ||= {};
- my $type = ( $req->authResult > 0 ? 'failed' : 'success' ) . 'Login';
+ my $type = ( $req->authResult > 0 ? 'failed' : 'success' ) . 'Login';
$history->{$type} ||= [];
$self->logger->debug("Current login saved into $type");
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
index 8cac6abd3..d7e3215c5 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
@@ -40,7 +40,7 @@ sub hAttr {
sub init {
my ($self) = @_;
my $hd = $self->p->HANDLER;
- $self->addAuthRoute( checkuser => 'check', ['POST'] );
+ $self->addAuthRoute( checkuser => 'check', ['POST'] );
$self->addAuthRouteWithRedirect( checkuser => 'display', ['GET'] );
# Parse identity rule
@@ -175,10 +175,10 @@ sub check {
? 'checkUserMerged'
: 'checkUser';
if ($compute) {
- $msg = 'checkUserComputeSession';
+ $msg = 'checkUserComputeSession';
$attrs->{authenticationLevel} = $authLevel;
$attrs->{_auth} = $authMode;
-
+
if ( $self->conf->{impersonationRule} ) {
$self->logger->debug("Map real attributes...");
my %realAttrs = map {
@@ -272,7 +272,7 @@ sub check {
}
sub display {
- my ( $self, $req ) = @_;
+ my ( $self, $req ) = @_;
my ( $attrs, $array_attrs ) = ( {}, [] );
$self->logger->debug("Display current session data...");
@@ -422,8 +422,8 @@ sub _splitAttributes {
$self->logger->debug("Dispatching attributes...");
while (@$attrs) {
my $element = shift @$attrs;
- $self->logger->debug(
- 'Processing element: ' . Data::Dumper::Dumper($element) );
+ $self->logger->debug( "Processing element: $element->{key} => "
+ . ( $element->{value} // '' ) );
my $ok = 0;
if ( $element->{key} eq 'groups' ) {
$self->logger->debug('Key "groups" found');
@@ -452,14 +452,15 @@ sub _splitAttributes {
my $prefix = "$self->{conf}->{impersonationPrefix}";
while (@$others) {
my $element = shift @$others;
- $self->logger->debug(
- 'Processing attribute: ' . Data::Dumper::Dumper($element) );
+ $self->logger->debug( "Processing attribute $element->{key} => "
+ . ( $element->{value} // '' ) );
if ( $element->{key} =~ /^$prefix.+$/ ) {
push @$realAttrs, $element;
$self->logger->debug(' -> Real attribute');
}
else {
push @$spoofedAttrs, $element;
+
#$self->logger->debug(' -> Spoofed attribute');
}
}
diff --git a/lemonldap-ng-portal/t/67-Checkuser-with-Impersonation-and-whatToTrace.t b/lemonldap-ng-portal/t/67-CheckUser-with-Impersonation-and-whatToTrace.t
similarity index 100%
rename from lemonldap-ng-portal/t/67-Checkuser-with-Impersonation-and-whatToTrace.t
rename to lemonldap-ng-portal/t/67-CheckUser-with-Impersonation-and-whatToTrace.t
diff --git a/lemonldap-ng-portal/t/67-CheckUser-with-issuer-SAML-POST.t b/lemonldap-ng-portal/t/67-CheckUser-with-issuer-SAML-POST.t
index 116be0784..03f1f4b8d 100644
--- a/lemonldap-ng-portal/t/67-CheckUser-with-issuer-SAML-POST.t
+++ b/lemonldap-ng-portal/t/67-CheckUser-with-issuer-SAML-POST.t
@@ -166,7 +166,6 @@ SKIP: {
expectAuthenticatedAs( $res, 'davros@badguy.org@idp' );
# Simple SP access
- my $res;
ok(
$res = $sp->_get(
'/', accept => 'text/html',
@@ -179,7 +178,7 @@ SKIP: {
$res->[1],
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
);
- my ( $host, $url, $s ) =
+ ( $host, $url, $s ) =
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
'SAMLRequest' );
@@ -195,7 +194,7 @@ SKIP: {
'Post SAML request to IdP'
);
expectOK($res);
- my $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
+ $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
# Try to authenticate with an authorized user to IdP
$s = "user=french&password=french&$s";
@@ -254,7 +253,8 @@ SKIP: {
),
'CheckUser form',
);
- my ( $host, $url, $query ) =
+ my $query;
+ ( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%%,
'Found trspan="checkUser"' )
@@ -263,10 +263,14 @@ SKIP: {
or explain( $res->[2]->[0], 'Attribute uid' );
ok( $res->[2]->[0] =~ m%| french | %, 'Found value french' )
or explain( $res->[2]->[0], 'Value french' );
- ok( $res->[2]->[0] =~ m%_lassoSessionDump | %, 'Found attribute _lassoSessionDump' )
+ ok( $res->[2]->[0] =~ m%_lassoSessionDump | %,
+ 'Found attribute _lassoSessionDump' )
or explain( $res->[2]->[0], 'Attribute _lassoSessionDump' );
- ok( $res->[2]->[0] =~ m%ProviderID="http://auth.idp.com/saml/metadata" AssertionID=%, 'Found ProviderID & AssertionID values' )
- or explain( $res->[2]->[0], 'Provider & Assertion Ids' );
+ ok(
+ $res->[2]->[0] =~
+ m%ProviderID="http://auth.idp.com/saml/metadata" AssertionID=%,
+ 'Found ProviderID & AssertionID values'
+ ) or explain( $res->[2]->[0], 'Provider & Assertion Ids' );
count(6);
# CheckUser request with an unknown user
@@ -301,7 +305,7 @@ m%
%,
'POST checkuser'
);
- my ( $host, $url, $query ) =
+ ( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%%,
'Found trspan="checkUser"' )
diff --git a/lemonldap-ng-portal/t/67-CheckUser.t b/lemonldap-ng-portal/t/67-CheckUser.t
index 3aa878dca..2f0ff431f 100644
--- a/lemonldap-ng-portal/t/67-CheckUser.t
+++ b/lemonldap-ng-portal/t/67-CheckUser.t
@@ -197,7 +197,7 @@ ok(
);
count(3);
-my ( $host, $url, $query ) =
+( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%%, 'Found trspan="checkUser"' )
or explain( $res->[2]->[0], 'trspan="checkUser"' );
diff --git a/lemonldap-ng-portal/t/99-Dont-load-Dumper.t b/lemonldap-ng-portal/t/99-Dont-load-Dumper.t
new file mode 100644
index 000000000..157eb5eb4
--- /dev/null
+++ b/lemonldap-ng-portal/t/99-Dont-load-Dumper.t
@@ -0,0 +1,6 @@
+use Test::More tests => 2;
+
+use_ok('Lemonldap::NG::Portal::Main');
+
+eval { Data::Dumper::Dumper( {} ) };
+ok( $@, "Portal don't depends on Data::Dumper" );