Merge branch 'v2.0'
This commit is contained in:
Christophe Maudoux
commit
3b3c1bff16
|
|
@ -240,6 +240,7 @@ Architecture: all
|
|||
Depends: ${misc:Depends},
|
||||
${perl:Depends},
|
||||
libconvert-pem-perl,
|
||||
libregexp-common-perl,
|
||||
libcrypt-openssl-rsa-perl,
|
||||
liblemonldap-ng-handler-perl (= ${binary:Version}),
|
||||
lemonldap-ng-fastcgi-server (= ${binary:Version}) | lemonldap-ng-uwsgi-app (= ${binary:Version}) | apache2 | httpd-cgi
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
|
||||
.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
|
||||
.\"
|
||||
.\" Standard preamble:
|
||||
.\" ========================================================================
|
||||
|
|
@ -54,20 +54,16 @@
|
|||
.\" Avoid warning from groff about undefined register 'F'.
|
||||
.de IX
|
||||
..
|
||||
.nr rF 0
|
||||
.if \n(.g .if rF .nr rF 1
|
||||
.if (\n(rF:(\n(.g==0)) \{\
|
||||
. if \nF \{\
|
||||
. de IX
|
||||
. tm Index:\\$1\t\\n%\t"\\$2"
|
||||
.if !\nF .nr F 0
|
||||
.if \nF>0 \{\
|
||||
. de IX
|
||||
. tm Index:\\$1\t\\n%\t"\\$2"
|
||||
..
|
||||
. if !\nF==2 \{\
|
||||
. nr % 0
|
||||
. nr F 2
|
||||
. \}
|
||||
. if !\nF==2 \{\
|
||||
. nr % 0
|
||||
. nr F 2
|
||||
. \}
|
||||
.\}
|
||||
.rr rF
|
||||
.\"
|
||||
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
|
||||
.\" Fear. Run. Save yourself. No user-serviceable parts.
|
||||
|
|
@ -133,7 +129,7 @@
|
|||
.\" ========================================================================
|
||||
.\"
|
||||
.IX Title "llng-fastcgi-server 8"
|
||||
.TH llng-fastcgi-server 8 "2019-12-13" "perl v5.30.0" "User Contributed Perl Documentation"
|
||||
.TH llng-fastcgi-server 8 "2020-01-24" "perl v5.26.1" "User Contributed Perl Documentation"
|
||||
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
||||
.\" way too many mistakes in technical documents.
|
||||
.if n .ad l
|
||||
|
|
|
|||
|
|
@ -260,6 +260,7 @@ sub defaultValues {
|
|||
'rest2fActivation' => 0,
|
||||
'restAuthnLevel' => 2,
|
||||
'restClockTolerance' => 15,
|
||||
'sameSite' => 'None',
|
||||
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
|
||||
'samlAuthnContextMapKerberos' => 4,
|
||||
|
|
|
|||
|
|
@ -265,7 +265,7 @@ sub _delete2FFromSessions {
|
|||
. " 2F device(s) attached to sessionId $_ ..." );
|
||||
$session->data->{_2fDevices} = to_json( \@keep );
|
||||
$session->update( $session->data );
|
||||
|
||||
|
||||
# Delete from local cache
|
||||
if ( $session->{options}->{localStorage} ) {
|
||||
$module = $session->{options}->{localStorage};
|
||||
|
|
@ -309,9 +309,10 @@ sub _delete2F {
|
|||
return $res if ( $res->{res} ne 'ok' );
|
||||
$removed = $res->{removed} || {};
|
||||
|
||||
my $whatToTrace = Lemonldap::NG::Handler::PSGI::Main->tsv->{whatToTrace};
|
||||
$res =
|
||||
$self->_delete2FFromSessions( $uid, $type, $id, $self->_getSSOMod, 'SSO',
|
||||
'uid' );
|
||||
$whatToTrace );
|
||||
return $res if ( $res->{res} ne 'ok' );
|
||||
$res->{removed} ||= {};
|
||||
|
||||
|
|
|
|||
|
|
@ -2805,6 +2805,23 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'restUserDBUrl' => {
|
||||
'type' => 'url'
|
||||
},
|
||||
'sameSite' => {
|
||||
'default' => 'None',
|
||||
'select' => [ {
|
||||
'k' => 'Strict',
|
||||
'v' => 'Strict'
|
||||
},
|
||||
{
|
||||
'k' => 'Lax',
|
||||
'v' => 'Lax'
|
||||
},
|
||||
{
|
||||
'k' => 'None',
|
||||
'v' => 'None'
|
||||
}
|
||||
],
|
||||
'type' => 'select'
|
||||
},
|
||||
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => {
|
||||
'default' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
|
||||
|
|
|
|||
|
|
@ -1088,6 +1088,17 @@ sub attributes {
|
|||
documentation => 'Cookie securisation method',
|
||||
flags => 'hp',
|
||||
},
|
||||
sameSite => {
|
||||
type => 'select',
|
||||
select => [
|
||||
{ k => 'Strict', v => 'Strict' },
|
||||
{ k => 'Lax', v => 'Lax' },
|
||||
{ k => 'None', v => 'None' },
|
||||
],
|
||||
default => 'None',
|
||||
documentation => 'Cookie SameSite value',
|
||||
flags => 'hp',
|
||||
},
|
||||
|
||||
# Viewer
|
||||
viewerHiddenKeys => {
|
||||
|
|
|
|||
|
|
@ -538,7 +538,8 @@ sub tree {
|
|||
nodes => [
|
||||
'cookieName', '*domain',
|
||||
'cda', 'securedCookie',
|
||||
'httpOnly', 'cookieExpiration'
|
||||
'httpOnly', 'cookieExpiration',
|
||||
'sameSite',
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -202,7 +202,7 @@ sub _copyAppList {
|
|||
my ( $self, $conf ) = @_;
|
||||
my %res;
|
||||
if ( $conf->{type} eq 'category' ) {
|
||||
foreach ( grep { $_ !~ /^(?:catname|type)$/ } keys %$conf ) {
|
||||
foreach ( grep { $_ !~ /^(?:catname|type|order)$/ } keys %$conf ) {
|
||||
my @tmp = _copyAppList( $self, $conf->{$_} );
|
||||
$res{ $tmp[0] } = $tmp[1];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -142,7 +142,10 @@ llapp.controller 'NotificationsExplorerCtrl', [ '$scope', '$translator', '$locat
|
|||
|
||||
$scope.getLanguage = (lang) ->
|
||||
$scope.lang = lang
|
||||
$scope.form = 'white'
|
||||
if $scope.form.date
|
||||
$scope.form.date = new Date()
|
||||
else
|
||||
$scope.form = 'white'
|
||||
$scope.init()
|
||||
$scope.showM = false
|
||||
|
||||
|
|
@ -172,22 +175,23 @@ llapp.controller 'NotificationsExplorerCtrl', [ '$scope', '$translator', '$locat
|
|||
over = 0
|
||||
|
||||
# Launch HTTP query
|
||||
$http.get("#{scriptname}notifications/#{$scope.type}?#{query}").then (response) ->
|
||||
data = response.data
|
||||
if data.result
|
||||
for n in data.values
|
||||
autoId++
|
||||
n.id = "node#{autoId}"
|
||||
if level < scheme.length - 1
|
||||
n.nodes = []
|
||||
n.level = level + 1
|
||||
n.query = query
|
||||
n.over = over
|
||||
node.push n
|
||||
$scope.total = data.total if value == ''
|
||||
$scope.waiting = false
|
||||
, (resp) ->
|
||||
$scope.waiting = false
|
||||
if $scope.type == 'done' || $scope.type == 'actives'
|
||||
$http.get("#{scriptname}notifications/#{$scope.type}?#{query}").then (response) ->
|
||||
data = response.data
|
||||
if data.result
|
||||
for n in data.values
|
||||
autoId++
|
||||
n.id = "node#{autoId}"
|
||||
if level < scheme.length - 1
|
||||
n.nodes = []
|
||||
n.level = level + 1
|
||||
n.query = query
|
||||
n.over = over
|
||||
node.push n
|
||||
$scope.total = data.total if value == ''
|
||||
$scope.waiting = false
|
||||
, (resp) ->
|
||||
$scope.waiting = false
|
||||
|
||||
$scope.displayNotification = (scope) ->
|
||||
$scope.waiting = true
|
||||
|
|
@ -202,7 +206,11 @@ llapp.controller 'NotificationsExplorerCtrl', [ '$scope', '$translator', '$locat
|
|||
reference: node.reference
|
||||
condition: node.condition
|
||||
if $scope.type == 'actives'
|
||||
$scope.currentNotification.notifications = response.data.notifications
|
||||
notif = JSON.parse response.data.notifications
|
||||
$scope.currentNotification.text = notif.text
|
||||
$scope.currentNotification.title = notif.title
|
||||
$scope.currentNotification.subtitle = notif.subtitle
|
||||
$scope.currentNotification.notifications = response.data.notifications
|
||||
else
|
||||
$scope.currentNotification.done = response.data.done
|
||||
$scope.waiting = false
|
||||
|
|
|
|||
|
|
@ -159,7 +159,11 @@
|
|||
};
|
||||
$scope.getLanguage = function(lang) {
|
||||
$scope.lang = lang;
|
||||
$scope.form = 'white';
|
||||
if ($scope.form.date) {
|
||||
$scope.form.date = new Date();
|
||||
} else {
|
||||
$scope.form = 'white';
|
||||
}
|
||||
$scope.init();
|
||||
return $scope.showM = false;
|
||||
};
|
||||
|
|
@ -190,31 +194,33 @@
|
|||
} else {
|
||||
over = 0;
|
||||
}
|
||||
return $http.get(scriptname + "notifications/" + $scope.type + "?" + query).then(function(response) {
|
||||
var data, i, len, n, ref;
|
||||
data = response.data;
|
||||
if (data.result) {
|
||||
ref = data.values;
|
||||
for (i = 0, len = ref.length; i < len; i++) {
|
||||
n = ref[i];
|
||||
autoId++;
|
||||
n.id = "node" + autoId;
|
||||
if (level < scheme.length - 1) {
|
||||
n.nodes = [];
|
||||
n.level = level + 1;
|
||||
n.query = query;
|
||||
n.over = over;
|
||||
if ($scope.type === 'done' || $scope.type === 'actives') {
|
||||
return $http.get(scriptname + "notifications/" + $scope.type + "?" + query).then(function(response) {
|
||||
var data, i, len, n, ref;
|
||||
data = response.data;
|
||||
if (data.result) {
|
||||
ref = data.values;
|
||||
for (i = 0, len = ref.length; i < len; i++) {
|
||||
n = ref[i];
|
||||
autoId++;
|
||||
n.id = "node" + autoId;
|
||||
if (level < scheme.length - 1) {
|
||||
n.nodes = [];
|
||||
n.level = level + 1;
|
||||
n.query = query;
|
||||
n.over = over;
|
||||
}
|
||||
node.push(n);
|
||||
}
|
||||
if (value === '') {
|
||||
$scope.total = data.total;
|
||||
}
|
||||
node.push(n);
|
||||
}
|
||||
if (value === '') {
|
||||
$scope.total = data.total;
|
||||
}
|
||||
}
|
||||
return $scope.waiting = false;
|
||||
}, function(resp) {
|
||||
return $scope.waiting = false;
|
||||
});
|
||||
return $scope.waiting = false;
|
||||
}, function(resp) {
|
||||
return $scope.waiting = false;
|
||||
});
|
||||
}
|
||||
};
|
||||
$scope.displayNotification = function(scope) {
|
||||
var node, notificationId;
|
||||
|
|
@ -226,12 +232,17 @@
|
|||
notificationId = node.uid + "_" + node.reference;
|
||||
}
|
||||
$http.get(scriptname + "notifications/" + $scope.type + "/" + notificationId).then(function(response) {
|
||||
var notif;
|
||||
$scope.currentNotification = {
|
||||
uid: node.uid,
|
||||
reference: node.reference,
|
||||
condition: node.condition
|
||||
};
|
||||
if ($scope.type === 'actives') {
|
||||
notif = JSON.parse(response.data.notifications);
|
||||
$scope.currentNotification.text = notif.text;
|
||||
$scope.currentNotification.title = notif.title;
|
||||
$scope.currentNotification.subtitle = notif.subtitle;
|
||||
$scope.currentNotification.notifications = response.data.notifications;
|
||||
} else {
|
||||
$scope.currentNotification.done = response.data.done;
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -795,6 +795,7 @@
|
|||
"rules":"القواعد",
|
||||
"rulesAuthnLevel":"Required auth levels",
|
||||
"Same":"نفسه",
|
||||
"sameSite":"Cookie SameSite value",
|
||||
"save":"حفظ",
|
||||
"saveReport":"احفظ التقرير",
|
||||
"savingConfirmation":"حفظ التأكيد",
|
||||
|
|
@ -861,15 +862,18 @@
|
|||
"stayConnected":"الاتصالات المستمرة",
|
||||
"successfullySaved":"تم الحفظ بنجاح",
|
||||
"storePassword":"تخزين كلمة مرور المستخدم في بيانات الجلسة",
|
||||
"subtitle":"Subtitle",
|
||||
"successLoginNumber":"عدد تسجيلات الدخول المسجلة",
|
||||
"sympaHandler":"لطيف",
|
||||
"sympaMailKey":"مفتاح جلسة البريد",
|
||||
"sympaSecret":"سر مشترك",
|
||||
"syntaxError":"خطأ في التركيبة",
|
||||
"syslog":"سيسلوغ facility",
|
||||
"text":"Text",
|
||||
"timeout":"مهلة الجلسات",
|
||||
"timeoutActivity":"مهلة نشاط الجلسات",
|
||||
"timeoutActivityInterval":"فترة تحديث الجلسات",
|
||||
"title":"Title",
|
||||
"tokenUseGlobalStorage":"استخدام سعة التخزين العامة",
|
||||
"totp2f":"TOTP",
|
||||
"totp2fActivation":"تفعيل",
|
||||
|
|
|
|||
|
|
@ -795,6 +795,7 @@
|
|||
"rules":"Regeln",
|
||||
"rulesAuthnLevel":"Required auth levels",
|
||||
"Same":"Same",
|
||||
"sameSite":"Cookie SameSite value",
|
||||
"save":"Save",
|
||||
"saveReport":"Save report",
|
||||
"savingConfirmation":"Saving confirmation",
|
||||
|
|
@ -861,15 +862,18 @@
|
|||
"stayConnected":"Persistent connections",
|
||||
"successfullySaved":"Successfully saved",
|
||||
"storePassword":"Store user password in session",
|
||||
"subtitle":"Subtitle",
|
||||
"successLoginNumber":"Number of registered logins",
|
||||
"sympaHandler":"Sympa",
|
||||
"sympaMailKey":"Mail session key",
|
||||
"sympaSecret":"Shared secret",
|
||||
"syntaxError":"Syntax Error",
|
||||
"syslog":"Syslog facility",
|
||||
"text":"Text",
|
||||
"timeout":"Sessions timeout",
|
||||
"timeoutActivity":"Sessions activity timeout",
|
||||
"timeoutActivityInterval":"Sessions update interval",
|
||||
"title":"Title",
|
||||
"tokenUseGlobalStorage":"Use global storage",
|
||||
"totp2f":"TOTP",
|
||||
"totp2fActivation":"Activation",
|
||||
|
|
|
|||
|
|
@ -795,6 +795,7 @@
|
|||
"rules":"Rules",
|
||||
"rulesAuthnLevel":"Required auth levels",
|
||||
"Same":"Same",
|
||||
"sameSite":"Cookie SameSite value",
|
||||
"save":"Save",
|
||||
"saveReport":"Save report",
|
||||
"savingConfirmation":"Saving confirmation",
|
||||
|
|
@ -861,15 +862,18 @@
|
|||
"stayConnected":"Persistent connections",
|
||||
"successfullySaved":"Successfully saved",
|
||||
"storePassword":"Store user password in session",
|
||||
"subtitle":"Subtitle",
|
||||
"successLoginNumber":"Number of registered logins",
|
||||
"sympaHandler":"Sympa",
|
||||
"sympaMailKey":"Mail session key",
|
||||
"sympaSecret":"Shared secret",
|
||||
"syntaxError":"Syntax Error",
|
||||
"syslog":"Syslog facility",
|
||||
"text":"Text",
|
||||
"timeout":"Sessions timeout",
|
||||
"timeoutActivity":"Sessions activity timeout",
|
||||
"timeoutActivityInterval":"Sessions update interval",
|
||||
"title":"Title",
|
||||
"tokenUseGlobalStorage":"Use global storage",
|
||||
"totp2f":"TOTP",
|
||||
"totp2fActivation":"Activation",
|
||||
|
|
|
|||
|
|
@ -795,6 +795,7 @@
|
|||
"rules":"Règles",
|
||||
"rulesAuthnLevel":"Niveaux auth requis",
|
||||
"Same":"Identique",
|
||||
"sameSite":"Valeur SameSite du cookie",
|
||||
"save":"Sauver",
|
||||
"saveReport":"Rapport de sauvegarde",
|
||||
"savingConfirmation":"Confirmation de sauvegarde",
|
||||
|
|
@ -861,15 +862,18 @@
|
|||
"stayConnected":"Connexions persistantes",
|
||||
"successfullySaved":"Sauvegarde effectuée",
|
||||
"storePassword":"Stocke le mot de passe de l'utilisateur en session",
|
||||
"subtitle":"Sous-titre",
|
||||
"successLoginNumber":"Nombre de connexions mémorisées",
|
||||
"sympaHandler":"Sympa",
|
||||
"sympaMailKey":"Clef de session pour le mail",
|
||||
"sympaSecret":"Secret partagé",
|
||||
"syntaxError":"Erreur de syntaxe",
|
||||
"syslog":"Facilité syslog",
|
||||
"text":"Texte",
|
||||
"timeout":"Durée de vie maximale des sessions",
|
||||
"timeoutActivity":"Délai d'expiration des sessions",
|
||||
"timeoutActivityInterval":"Intervalle de mise à jour des sessions",
|
||||
"title":"Titre",
|
||||
"tokenUseGlobalStorage":"Utiliser le cache global",
|
||||
"totp2f":"TOTP",
|
||||
"totp2fActivation":"Activation",
|
||||
|
|
|
|||
|
|
@ -795,6 +795,7 @@
|
|||
"rules":"Regole",
|
||||
"rulesAuthnLevel":"Required auth levels",
|
||||
"Same":"Stesso",
|
||||
"sameSite":"Cookie SameSite value",
|
||||
"save":"Salva",
|
||||
"saveReport":"Salva report",
|
||||
"savingConfirmation":"Salvataggio della conferma",
|
||||
|
|
@ -861,15 +862,18 @@
|
|||
"stayConnected":"Connessioni persistenti",
|
||||
"successfullySaved":"Salvato con successo",
|
||||
"storePassword":"Memorizzare la password dell'utente nei dati di sessione",
|
||||
"subtitle":"Subtitle",
|
||||
"successLoginNumber":"Numero di login registrati",
|
||||
"sympaHandler":"Sympa",
|
||||
"sympaMailKey":"Chiave della sessione di posta",
|
||||
"sympaSecret":"Segreto condiviso",
|
||||
"syntaxError":"Errore di sintassi",
|
||||
"syslog":"Impianto Syslog",
|
||||
"text":"Text",
|
||||
"timeout":"Timeout sessioni",
|
||||
"timeoutActivity":"Timeout attività di sessioni",
|
||||
"timeoutActivityInterval":"Intervallo di aggiornamento delle sessioni",
|
||||
"title":"Title",
|
||||
"tokenUseGlobalStorage":"Utilizza lo storage globale",
|
||||
"totp2f":"TOTP",
|
||||
"totp2fActivation":"Attivazione",
|
||||
|
|
|
|||
|
|
@ -795,6 +795,7 @@
|
|||
"rules":"Kurallar",
|
||||
"rulesAuthnLevel":"Gereken doğrulama seviyeleri",
|
||||
"Same":"Aynı",
|
||||
"sameSite":"Cookie SameSite value",
|
||||
"save":"Kaydet",
|
||||
"saveReport":"Raporu kaydet",
|
||||
"savingConfirmation":"Doğrulama kaydediliyor",
|
||||
|
|
@ -861,15 +862,18 @@
|
|||
"stayConnected":"Kalıcı bağlantılar",
|
||||
"successfullySaved":"Başarıyla kaydedildi",
|
||||
"storePassword":"Kullanıcı parolasını oturumda sakla",
|
||||
"subtitle":"Subtitle",
|
||||
"successLoginNumber":"Kayıtlı girişlerin sayısı",
|
||||
"sympaHandler":"Sympa",
|
||||
"sympaMailKey":"E-posta oturum anahtarı",
|
||||
"sympaSecret":"Paylaşılan sır",
|
||||
"syntaxError":"Söz Dizimi Hatası",
|
||||
"syslog":"Sistem günlüğü imkanı",
|
||||
"text":"Text",
|
||||
"timeout":"Oturum zaman aşımı",
|
||||
"timeoutActivity":"Oturum aktivitesi zaman aşımı",
|
||||
"timeoutActivityInterval":"Oturum güncellenme sıklığı",
|
||||
"title":"Title",
|
||||
"tokenUseGlobalStorage":"Global depolamayı kullan",
|
||||
"totp2f":"TOTP",
|
||||
"totp2fActivation":"Aktivasyon",
|
||||
|
|
|
|||
|
|
@ -795,6 +795,7 @@
|
|||
"rules":"Quy tắc",
|
||||
"rulesAuthnLevel":"Required auth levels",
|
||||
"Same":"Tương tự",
|
||||
"sameSite":"Cookie SameSite value",
|
||||
"save":"Lưu",
|
||||
"saveReport":"Lưu báo cáo",
|
||||
"savingConfirmation":"Lưu xác nhận",
|
||||
|
|
@ -861,15 +862,18 @@
|
|||
"stayConnected":"Duy trì kết nối",
|
||||
"successfullySaved":"Lưu thành công",
|
||||
"storePassword":"Lưu trữ mật khẩu người dùng trong các dữ liệu phiên",
|
||||
"subtitle":"Subtitle",
|
||||
"successLoginNumber":"Số lượng đăng nhập đã đăng ký",
|
||||
"sympaHandler":"Sympa",
|
||||
"sympaMailKey":"Khóa phiên qua thư",
|
||||
"sympaSecret":"Chia sẻ bí mật",
|
||||
"syntaxError":"Lỗi Cú pháp",
|
||||
"syslog":"Tiện ích Syslog",
|
||||
"text":"Text",
|
||||
"timeout":"Thời gian chờ của phiên",
|
||||
"timeoutActivity":"Thời gian chờ của các hoạt động phiên",
|
||||
"timeoutActivityInterval":"Khoảng thời gian cập nhật phiên",
|
||||
"title":"Title",
|
||||
"tokenUseGlobalStorage":"Sử dụng lưu trữ toàn cục",
|
||||
"totp2f":"TOTP",
|
||||
"totp2fActivation":"Kích hoạt",
|
||||
|
|
|
|||
|
|
@ -795,6 +795,7 @@
|
|||
"rules":"Rules",
|
||||
"rulesAuthnLevel":"Required auth levels",
|
||||
"Same":"Same",
|
||||
"sameSite":"Cookie SameSite value",
|
||||
"save":"Save",
|
||||
"saveReport":"Save report",
|
||||
"savingConfirmation":"Saving confirmation",
|
||||
|
|
@ -861,15 +862,18 @@
|
|||
"stayConnected":"Persistent connections",
|
||||
"successfullySaved":"Successfully saved",
|
||||
"storePassword":"Store user password in session",
|
||||
"subtitle":"Subtitle",
|
||||
"successLoginNumber":"Number of registered logins",
|
||||
"sympaHandler":"Sympa",
|
||||
"sympaMailKey":"Mail session key",
|
||||
"sympaSecret":"Shared secret",
|
||||
"syntaxError":"Syntax Error",
|
||||
"syslog":"Syslog facility",
|
||||
"text":"Text",
|
||||
"timeout":"Sessions timeout",
|
||||
"timeoutActivity":"Sessions activity timeout",
|
||||
"timeoutActivityInterval":"Sessions update interval",
|
||||
"title":"Title",
|
||||
"tokenUseGlobalStorage":"Use global storage",
|
||||
"totp2f":"TOTP",
|
||||
"totp2fActivation":"激活",
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -41,12 +41,12 @@
|
|||
|
||||
<!-- Tree -->
|
||||
|
||||
<div ng-show="data.length!=0" class="text-center"><p class="badge">{{total}} <span trspan="session_s"></span></p></div>
|
||||
<div ng-show="data.length!=0" class="text-center"><p class="badge">{{total}} {{translate('session_s')}}</p></div>
|
||||
<div class="region region-sidebar-first">
|
||||
<section id="block-superfish-1" class="block block-superfish clearfix">
|
||||
<div ui-tree data-drag-enabled="false" id="tree-root">
|
||||
<div ng-show="data.length==0" class="center">
|
||||
<span class="label label-warning" trspan="noData"></span>
|
||||
<span class="label label-warning">{{translate('noData')}}</span>
|
||||
</div>
|
||||
<ol ui-tree-nodes="" ng-model="data">
|
||||
<li ng-repeat="node in data track by node.id" ui-tree-node ng-include="'nodes_renderer.html'" collapsed="true"></li>
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@
|
|||
<section id="block-superfish-1" class="block block-superfish clearfix">
|
||||
<div ui-tree data-drag-enabled="false" id="tree-root">
|
||||
<div ng-show="data.length==0" class="center">
|
||||
<span class="label label-warning" trspan="noData"></span>
|
||||
<span class="label label-warning">{{translate('noData')}}</span>
|
||||
</div>
|
||||
<ol ui-tree-nodes="" ng-model="data">
|
||||
<li ng-repeat="node in data" ui-tree-node ng-include="'nodes_renderer.html'" collapsed="true"></li>
|
||||
|
|
|
|||
|
|
@ -21,12 +21,12 @@
|
|||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
<div ng-show="data.length!=0" class="text-center"><p class="badge">{{total}} <span trspan="notification_s"></span></p></div>
|
||||
<div ng-show="data.length!=0" class="text-center"><p class="badge">{{total}} {{translate('notification_s')}}</p></div>
|
||||
<div class="region region-sidebar-first">
|
||||
<section id="block-superfish-1" class="block block-superfish clearfix">
|
||||
<div ui-tree data-drag-enabled="false" id="tree-root">
|
||||
<div ng-show="data.length==0" class="center">
|
||||
<span class="label label-warning" trspan="noData"></span>
|
||||
<span class="label label-warning">{{translate('noData')}}</span>
|
||||
</div>
|
||||
<ol ui-tree-nodes="" ng-model="data">
|
||||
<li ng-repeat="node in data track by node.id" ui-tree-node ng-include="'nodes_renderer.html'" collapsed="true"></li>
|
||||
|
|
@ -40,7 +40,7 @@
|
|||
<!-- Right(main) div -->
|
||||
<div id="right" class="col-lg-8 col-md-8 col-sm-7 col-xs-12 scrollable" ng-class="{'hidden-xs':showT&&!showM}">
|
||||
<!-- Menu buttons -->
|
||||
<div ng-if="type=='new'||currentNotification" class="lmmenu navbar navbar-default" ng-class="{'hidden-xs':!showM}">
|
||||
<div ng-if="type=='new'|| currentNotification" class="lmmenu navbar navbar-default" ng-class="{'hidden-xs':!showM}">
|
||||
<div class="navbar-collapse" ng-class="{'collapse':!showM}" id="formmenu">
|
||||
<ul class="nav navbar-nav">
|
||||
<li ng-repeat="button in menu[type]" ng-include="'menubutton.html'"></li>
|
||||
|
|
@ -62,20 +62,36 @@
|
|||
</div>
|
||||
<table class="table">
|
||||
<tr>
|
||||
<th><span trspan="uid" /></th>
|
||||
<th>{{translate('uid')}}</th>
|
||||
<td>{{currentNotification.uid}}</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><span trspan="reference" /></th>
|
||||
<th>{{translate('reference')}}</th>
|
||||
<td>{{currentNotification.reference}}</td>
|
||||
</tr>
|
||||
<tr ng-if="currentNotification.condition">
|
||||
<th>{{translate('condition')}}</th>
|
||||
<td>{{currentNotification.condition}}</td>
|
||||
</tr>
|
||||
<tr ng-if="currentNotification.title">
|
||||
<th>{{translate('title')}}</th>
|
||||
<td>{{currentNotification.title}}</td>
|
||||
</tr>
|
||||
<tr ng-if="currentNotification.subtitle">
|
||||
<th>{{translate('subtitle')}}</th>
|
||||
<td>{{currentNotification.subtitle}}</td>
|
||||
</tr>
|
||||
<tr ng-if="currentNotification.text">
|
||||
<th>{{translate('text')}}</th>
|
||||
<td><textarea rows=5 class="form-control">{{currentNotification.text}}</textarea></td>
|
||||
</tr>
|
||||
<tr ng-if="currentNotification.done">
|
||||
<th><span trspan="internalReference" /></th>
|
||||
<th>{{translate('internalReference')}}</th>
|
||||
<td>{{currentNotification.done}}</td>
|
||||
</tr>
|
||||
<tr ng-if="currentNotification.notifications">
|
||||
<th>Notifications</th>
|
||||
<td><pre ng-repeat="n in currentNotification.notifications">{{n}}</pre></td>
|
||||
<th>{{translate('notification')}}</th>
|
||||
<td><textarea ng-repeat="n in currentNotification.notifications" rows=5 class="form-control">{{n}}</textarea></td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
|
|
@ -87,11 +103,11 @@
|
|||
<form>
|
||||
<table class="table">
|
||||
<tr>
|
||||
<th><span trspan="uid" /></th>
|
||||
<th>{{translate('uid')}}</th>
|
||||
<td><input type="text" class="form-control" ng-model="form.uid" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><span trspan="date" /></th>
|
||||
<th>{{translate('date')}}</th>
|
||||
<td>
|
||||
<p class="input-group">
|
||||
<input type="text" class="form-control" uib-datepicker-popup="yyyy-MM-dd" ng-model="form.date" min-date="minDate" is-open="popup.opened" datepicker-options="dateOptions" popup-placement="auto top-right"/>
|
||||
|
|
@ -102,19 +118,19 @@
|
|||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><span trspan="reference" /></th>
|
||||
<th>{{translate('reference')}}</th>
|
||||
<td><input type="text" class="form-control" ng-model="form.reference" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><span trspan="condition" /></th>
|
||||
<th>{{translate('condition')}}</th>
|
||||
<td><input type="text" class="form-control" ng-model="form.condition"/></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><span trspan="content" /></th>
|
||||
<th>{{translate('content')}}</th>
|
||||
<td>
|
||||
<textarea rows=5 class="form-control" ng-model="form.xml"></textarea>
|
||||
<div class="alert alert-info">
|
||||
<p><span trspan="allowedMarkups" /></p>
|
||||
<p>{{translate('allowedMarkups')}}</p>
|
||||
<table border="0">
|
||||
<thead>
|
||||
<tr><th>JSON</th><th>XML</th></tr>
|
||||
|
|
|
|||
|
|
@ -30,12 +30,12 @@
|
|||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
<div ng-show="data.length!=0" class="text-center"><p class="badge">{{total}} <span trspan="session_s"></span></p></div>
|
||||
<div ng-show="data.length!=0" class="text-center"><p class="badge">{{total}} {{translate('session_s')}}</p></div>
|
||||
<div class="region region-sidebar-first">
|
||||
<section id="block-superfish-1" class="block block-superfish clearfix">
|
||||
<div ui-tree data-drag-enabled="false" id="tree-root">
|
||||
<div ng-show="data.length==0" class="center">
|
||||
<span class="label label-warning" trspan="noData"></span>
|
||||
<span class="label label-warning">{{translate('noData')}}</span>
|
||||
</div>
|
||||
<ol ui-tree-nodes="" ng-model="data">
|
||||
<li ng-repeat="node in data track by node.id" ui-tree-node ng-include="'nodes_renderer.html'" collapsed="true"></li>
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@
|
|||
<section id="block-superfish-1" class="block block-superfish clearfix">
|
||||
<div ui-tree data-drag-enabled="false" id="tree-root">
|
||||
<div ng-show="data.length==0" class="center">
|
||||
<span class="label label-warning" trspan="noData"></span>
|
||||
<span class="label label-warning">{{translate('noData')}}</span>
|
||||
</div>
|
||||
<ol ui-tree-nodes="" ng-model="data">
|
||||
<li ng-repeat="node in data" ui-tree-node ng-include="'nodes_renderer.html'" collapsed="true"></li>
|
||||
|
|
|
|||
|
|
@ -384,7 +384,7 @@ sub run {
|
|||
$self->logger->debug("$sp match $spConfKey SP in configuration");
|
||||
$req->env->{llng_saml_spconfkey} = $spConfKey;
|
||||
|
||||
if ( my $rule = $self->spRules->{$sp} ) {
|
||||
if ( my $rule = $self->spRules->{$spConfKey} ) {
|
||||
unless ( $rule->( $req, $req->sessionInfo ) ) {
|
||||
$self->userLogger->warn( 'User '
|
||||
. $req->sessionInfo->{ $self->conf->{whatToTrace} }
|
||||
|
|
|
|||
|
|
@ -415,7 +415,7 @@ sub loadSPs {
|
|||
. $self->p->HANDLER->tsv->{jail}->error );
|
||||
next;
|
||||
}
|
||||
$self->spRules->{$entityID} = $rule;
|
||||
$self->spRules->{$_} = $rule;
|
||||
}
|
||||
|
||||
# Load per-SP macros
|
||||
|
|
|
|||
|
|
@ -39,8 +39,11 @@ sub process {
|
|||
}
|
||||
}
|
||||
}
|
||||
$self->logger->debug(
|
||||
"Returned error: $err (" . portalConsts->{$err} . ")" )
|
||||
$self->logger->debug( "Returned "
|
||||
. ( $err > 0 ? "error" : "status" )
|
||||
. ": $err ("
|
||||
. portalConsts->{$err}
|
||||
. ")" )
|
||||
if ($err);
|
||||
return $err;
|
||||
}
|
||||
|
|
@ -138,10 +141,10 @@ sub controlUrl {
|
|||
return PE_BADURL;
|
||||
}
|
||||
|
||||
$req->env->{urldc} = $req->{urldc};
|
||||
$req->env->{_url} = $req->{_url};
|
||||
$req->data->{_url} = $url;
|
||||
$req->pdata->{_url} = $url;
|
||||
$req->env->{urldc} = $req->{urldc};
|
||||
$req->env->{_url} = $req->{_url};
|
||||
$req->data->{_url} = $req->pdata->{_url} =
|
||||
encode_base64( $req->{urldc}, '' ); # Avoid \n or \r
|
||||
}
|
||||
PE_OK;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -56,13 +56,12 @@ sub handler {
|
|||
my $res = $self->Lemonldap::NG::Common::PSGI::Router::handler($req);
|
||||
|
||||
# Avoid permanent loop 'Portal <-> _url' if pdata cookie is not removed
|
||||
my $url64 = encode_base64( $req->userData->{_url}, '' )
|
||||
if $req->userData->{_url};
|
||||
if ( $url64
|
||||
if ( $req->userData->{_url}
|
||||
and !$req->pdata->{keepPdata}
|
||||
and $req->userData->{_session_id}
|
||||
and $req->{env}->{HTTP_COOKIE}
|
||||
and $req->{env}->{HTTP_COOKIE} =~ /$url64/ )
|
||||
and $req->{env}->{HTTP_COOKIE} eq
|
||||
encode_base64( $req->userData->{_url}, '' ) )
|
||||
{
|
||||
$self->logger->info("Force cleaning pdata");
|
||||
$self->logger->warn("pdata cookie domain must be set")
|
||||
|
|
@ -349,6 +348,10 @@ sub autoRedirect {
|
|||
$req->data->{redirectFormMethod} = "get";
|
||||
}
|
||||
else {
|
||||
if ( $req->{pdata}->{_url} eq encode_base64( $req->{urldc}, '' ) ) {
|
||||
$self->logger->info("Force cleaning pdata");
|
||||
$req->pdata( {} );
|
||||
}
|
||||
return [ 302, [ Location => $req->{urldc}, $req->spliceHdrs ], [] ];
|
||||
}
|
||||
}
|
||||
|
|
@ -754,7 +757,8 @@ sub cookie {
|
|||
$h{HttpOnly} //= $self->conf->{httpOnly};
|
||||
$h{max_age} //= $self->conf->{cookieExpiration}
|
||||
if ( $self->conf->{cookieExpiration} );
|
||||
foreach (qw(domain path expires max_age HttpOnly)) {
|
||||
$h{SameSite} ||= $self->conf->{sameSite};
|
||||
foreach (qw(domain path expires max_age HttpOnly SameSite)) {
|
||||
my $f = $_;
|
||||
$f =~ s/_/-/g;
|
||||
push @res, "$f=$h{$_}" if ( $h{$_} );
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
|
||||
/*
|
||||
LemonLDAP::NG 2F registration script
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
(function() {
|
||||
$(document).ready(function() {
|
||||
return $('#upgrd').submit();
|
||||
|
|
|
|||
|
|
@ -1,2 +1 @@
|
|||
(function(){$(document).ready(function(){return $("#upgrd").submit()})}).call(this);
|
||||
//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.min.js.map
|
||||
(function(){$(document).ready(function(){return $("#upgrd").submit()})}).call(this);
|
||||
|
|
@ -1 +1 @@
|
|||
{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.js"],"names":["$","document","ready","submit","call","this"],"mappings":"CACA,WACEA,EAAEC,UAAUC,MAAM,WAChB,MAAOF,GAAE,UAAUG,aAGpBC,KAAKC","file":"lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.min.js"}
|
||||
{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.js"],"names":["$","document","ready","submit","call","this"],"mappings":"CACA,WACEA,EAAEC,UAAUC,MAAM,WAChB,OAAOF,EAAE,UAAUG,aAGpBC,KAAKC"}
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
(function() {
|
||||
var go, i, timer, timerIsEnabled;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
(function() {
|
||||
$(document).ready(function() {
|
||||
return $(".idploop").on('click', function() {
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
(function() {
|
||||
$(document).ready(function() {
|
||||
return $.ajax((window.location.href.match(/\/upgradesession/) ? window.location.href : portal) + '?kerberos=1', {
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
(function() {
|
||||
var _krbJsAlreadySent;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
(function() {
|
||||
var values;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
(function() {
|
||||
document.onreadystatechange = function() {
|
||||
var redirect;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
(function() {
|
||||
$(document).ready(function() {
|
||||
return new Fingerprint2().get(function(result, components) {
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
(function() {
|
||||
var sendUrl, tryssl;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
(function() {
|
||||
var sendUrl, tryssl;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
|
||||
/*
|
||||
LemonLDAP::NG U2F verify script
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
|
||||
/*
|
||||
LemonLDAP::NG U2F registration script
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ BEGIN {
|
|||
eval "use GSSAPI";
|
||||
}
|
||||
|
||||
my $maintests = 9;
|
||||
my $maintests = 12;
|
||||
my $debug = 'error';
|
||||
|
||||
SKIP: {
|
||||
|
|
@ -43,9 +43,16 @@ SKIP: {
|
|||
}
|
||||
}
|
||||
);
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ),
|
||||
'First access with JS' );
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/',
|
||||
query => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29tCg==',
|
||||
accept => 'text/html'
|
||||
),
|
||||
'First access with JS'
|
||||
);
|
||||
|
||||
my $pdata = expectCookie( $res, "lemonldappdata" );
|
||||
expectForm( $res, '#', undef, 'kerberos' );
|
||||
ok(
|
||||
$res->[2]->[0] =~ m%<input type="hidden" name="kerberos" value="0" />%,
|
||||
|
|
@ -56,22 +63,45 @@ SKIP: {
|
|||
$res = $client->_get(
|
||||
'/',
|
||||
query => 'kerberos=1',
|
||||
accept => 'application/json'
|
||||
accept => 'application/json',
|
||||
cookie => "lemonldappdata=$pdata"
|
||||
),
|
||||
'Ajax access'
|
||||
);
|
||||
ok( $res->[0] == 401, 'Get 401' ) or explain( $res->[0], 401 );
|
||||
$pdata = expectCookie( $res, "lemonldappdata" );
|
||||
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/',
|
||||
query => 'kerberos=1',
|
||||
accept => 'application/json',
|
||||
custom => { HTTP_AUTHORIZATION => 'Negotiate c29tZXRoaW5n' }
|
||||
custom => { HTTP_AUTHORIZATION => 'Negotiate c29tZXRoaW5n' },
|
||||
cookie => "lemonldappdata=$pdata"
|
||||
),
|
||||
'Push fake kerberos'
|
||||
);
|
||||
expectCookie($res);
|
||||
my $id = expectCookie($res);
|
||||
$pdata = expectCookie( $res, "lemonldappdata" );
|
||||
ok( !$pdata, "Persistent data removed" );
|
||||
|
||||
# Redirect to application
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/',
|
||||
query => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29tCg==&kerberos=0',
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$id"
|
||||
),
|
||||
'Go to portal after authentication'
|
||||
);
|
||||
|
||||
expectRedirection( $res, qr#http://test1.example.com# );
|
||||
my $cookies = getCookies($res);
|
||||
ok(
|
||||
!defined( $cookies->{lemonldappdata} ),
|
||||
" Make sure no pdata is returned"
|
||||
);
|
||||
|
||||
#print STDERR Dumper($res);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue