From 60c03010ce3f0fc11d8e7129b98f780f7951700c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20OUDOT?= Date: Mon, 1 Jul 2019 17:29:35 +0200 Subject: [PATCH 1/8] Use Base64URL for JWT generation (#1834) --- .../lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm index 33437c61b..2214f3596 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm @@ -1146,7 +1146,7 @@ sub createJWT { my ( $self, $payload, $alg, $rp ) = @_; # Payload encoding - my $jwt_payload = encode_base64( to_json($payload), "" ); + my $jwt_payload = encode_base64url( to_json($payload), "" ); # JWT header my $jwt_header_hash = { typ => "JWT", alg => $alg }; @@ -1154,7 +1154,7 @@ sub createJWT { $jwt_header_hash->{kid} = $self->conf->{oidcServiceKeyIdSig} if $self->conf->{oidcServiceKeyIdSig}; } - my $jwt_header = encode_base64( to_json($jwt_header_hash), "" ); + my $jwt_header = encode_base64url( to_json($jwt_header_hash), "" ); if ( $alg eq "none" ) { @@ -1193,6 +1193,7 @@ sub createJWT { # Convert + and / to get Base64 URL valid (RFC 4648) $digest =~ s/\+/-/g; $digest =~ s/\//_/g; + $digest =~ s/=+$//g; return $jwt_header . "." . $jwt_payload . "." . $digest; } From c3f616ba82b799c93562677fc123b582d9a4cbc3 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Mon, 1 Jul 2019 23:32:46 +0200 Subject: [PATCH 2/8] Append missing link (#1811) --- debian/lemonldap-ng-handler.links | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/lemonldap-ng-handler.links b/debian/lemonldap-ng-handler.links index 3ea962ff8..78f8fc5de 100644 --- a/debian/lemonldap-ng-handler.links +++ b/debian/lemonldap-ng-handler.links @@ -2,3 +2,4 @@ /etc/lemonldap-ng/handler-nginx.conf /etc/nginx/sites-available/handler-nginx.conf /etc/lemonldap-ng/test-apache2.conf /etc/apache2/sites-available/test-apache2.conf /etc/lemonldap-ng/test-nginx.conf /etc/nginx/sites-available/test-nginx.conf +/etc/lemonldap-ng/nginx* /etc/nginx/nginx* \ No newline at end of file From 767d82c7801383380d6de5f609ee26ec44b50c4c Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Tue, 2 Jul 2019 07:56:58 +0200 Subject: [PATCH 3/8] Revert "Append missing link (#1811)" This reverts commit c3f616ba82b799c93562677fc123b582d9a4cbc3 --- debian/lemonldap-ng-handler.links | 1 - 1 file changed, 1 deletion(-) diff --git a/debian/lemonldap-ng-handler.links b/debian/lemonldap-ng-handler.links index 78f8fc5de..3ea962ff8 100644 --- a/debian/lemonldap-ng-handler.links +++ b/debian/lemonldap-ng-handler.links @@ -2,4 +2,3 @@ /etc/lemonldap-ng/handler-nginx.conf /etc/nginx/sites-available/handler-nginx.conf /etc/lemonldap-ng/test-apache2.conf /etc/apache2/sites-available/test-apache2.conf /etc/lemonldap-ng/test-nginx.conf /etc/nginx/sites-available/test-nginx.conf -/etc/lemonldap-ng/nginx* /etc/nginx/nginx* \ No newline at end of file From f370255c3a8a25face097f2b94912ad649de3b87 Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Tue, 2 Jul 2019 08:55:56 +0200 Subject: [PATCH 4/8] Fix Perl dependencies (see RT#129960) --- lemonldap-ng-portal/Makefile.PL | 4 ++++ lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-Logout-20.t | 3 +++ lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-Logout-30.t | 3 +++ .../t/31-Auth-and-issuer-CAS-XSS-on-logout.t | 3 +++ .../t/31-Auth-and-issuer-CAS-declared-app-userattr.t | 3 +++ lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t | 3 +++ .../t/31-Auth-and-issuer-CAS-declared-apps.t | 3 +++ lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t | 3 +++ lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-gateway.t | 3 +++ lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-proxied.t | 3 +++ .../t/31-Auth-and-issuer-CAS-with-choice-and-cancel.t | 3 +++ lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-with-choice.t | 3 +++ lemonldap-ng-portal/t/32-CAS-10.t | 3 +++ .../t/37-CAS-App-to-SAML-IdP-POST-with-WAYF.t | 4 ++-- lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST.t | 4 ++-- .../t/37-SAML-SP-POST-to-CAS-server-with-Choice.t | 4 ++-- lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server.t | 4 ++-- lemonldap-ng-portal/t/42-Register-Demo-with-captcha.t | 2 +- lemonldap-ng-portal/t/42-Register-Demo-with-token.t | 2 +- lemonldap-ng-portal/t/42-Register-Demo.t | 2 +- lemonldap-ng-portal/t/42-Register-Security.t | 2 +- lemonldap-ng-portal/t/70-2F-TOTP-with-TTL-and-XML.t | 6 +++++- 22 files changed, 57 insertions(+), 13 deletions(-) diff --git a/lemonldap-ng-portal/Makefile.PL b/lemonldap-ng-portal/Makefile.PL index 65c605318..782fd5572 100644 --- a/lemonldap-ng-portal/Makefile.PL +++ b/lemonldap-ng-portal/Makefile.PL @@ -27,6 +27,7 @@ WriteMakefile( 'Net::OpenID::Consumer' => 0, 'Net::OpenID::Server' => 0, 'SOAP::Lite' => 0, + 'Text::Unidecode' => 0, 'Unicode::String' => 0, 'Web::ID' => 0, }, @@ -55,6 +56,9 @@ WriteMakefile( 'MIME::Entity' => 0, 'SOAP::Lite' => 0, 'String::Random' => 0, + 'Text::Unidecode' => 0, + 'XML::LibXML' => 0, + 'XML::Simple' => 0, }, PREREQ_PM => { 'Clone' => 0, diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-Logout-20.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-Logout-20.t index d88bf2ecd..2192d1f49 100644 --- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-Logout-20.t +++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-Logout-20.t @@ -14,6 +14,9 @@ my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); +eval { require XML::Simple }; +plan skip_all => "Missing dependencies: $@" if ($@); + # Redefine LWP methods for tests LWP::Protocol::PSGI->register( sub { diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-Logout-30.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-Logout-30.t index 3bece21d1..7162ff2ee 100644 --- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-Logout-30.t +++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-Logout-30.t @@ -14,6 +14,9 @@ my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); +eval { require XML::Simple }; +plan skip_all => "Missing dependencies: $@" if ($@); + # Redefine LWP methods for tests LWP::Protocol::PSGI->register( sub { diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-XSS-on-logout.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-XSS-on-logout.t index 1d3106695..0a42ec347 100644 --- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-XSS-on-logout.t +++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-XSS-on-logout.t @@ -14,6 +14,9 @@ my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); +eval { require XML::Simple }; +plan skip_all => "Missing dependencies: $@" if ($@); + # Redefine LWP methods for tests LWP::Protocol::PSGI->register( sub { diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app-userattr.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app-userattr.t index 3926787dc..88b10cc7d 100644 --- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app-userattr.t +++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app-userattr.t @@ -14,6 +14,9 @@ my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); +eval { require XML::Simple }; +plan skip_all => "Missing dependencies: $@" if ($@); + # Redefine LWP methods for tests LWP::Protocol::PSGI->register( sub { diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t index fec6ba40d..0c7e92967 100644 --- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t +++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t @@ -14,6 +14,9 @@ my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); +eval { require XML::Simple }; +plan skip_all => "Missing dependencies: $@" if ($@); + # Redefine LWP methods for tests LWP::Protocol::PSGI->register( sub { diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-apps.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-apps.t index 94826cfe9..ed2e1b4de 100644 --- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-apps.t +++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-apps.t @@ -14,6 +14,9 @@ my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); +eval { require XML::Simple }; +plan skip_all => "Missing dependencies: $@" if ($@); + # Redefine LWP methods for tests LWP::Protocol::PSGI->register( sub { diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t index f9742e032..b1894b239 100644 --- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t +++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t @@ -14,6 +14,9 @@ my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); +eval { require XML::Simple }; +plan skip_all => "Missing dependencies: $@" if ($@); + # Redefine LWP methods for tests LWP::Protocol::PSGI->register( sub { diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-gateway.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-gateway.t index 77023dd06..8710ebda8 100644 --- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-gateway.t +++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-gateway.t @@ -14,6 +14,9 @@ my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); +eval { require XML::Simple }; +plan skip_all => "Missing dependencies: $@" if ($@); + # Redefine LWP methods for tests LWP::Protocol::PSGI->register( sub { diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-proxied.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-proxied.t index cbd6a2656..45c5b631e 100644 --- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-proxied.t +++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-proxied.t @@ -14,6 +14,9 @@ my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); +eval { require XML::Simple }; +plan skip_all => "Missing dependencies: $@" if ($@); + # Redefine LWP methods for tests LWP::Protocol::PSGI->register( sub { diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-with-choice-and-cancel.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-with-choice-and-cancel.t index 2ab95ecfa..3b0464d0e 100644 --- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-with-choice-and-cancel.t +++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-with-choice-and-cancel.t @@ -16,6 +16,9 @@ my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); +eval { require XML::Simple }; +plan skip_all => "Missing dependencies: $@" if ($@); + # Redefine LWP methods for tests LWP::Protocol::PSGI->register( sub { diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-with-choice.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-with-choice.t index 92a238a4a..998a3bd3b 100644 --- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-with-choice.t +++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-with-choice.t @@ -16,6 +16,9 @@ my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); +eval { require XML::Simple }; +plan skip_all => "Missing dependencies: $@" if ($@); + # Redefine LWP methods for tests LWP::Protocol::PSGI->register( sub { diff --git a/lemonldap-ng-portal/t/32-CAS-10.t b/lemonldap-ng-portal/t/32-CAS-10.t index f94e8594a..6d98cd6bc 100644 --- a/lemonldap-ng-portal/t/32-CAS-10.t +++ b/lemonldap-ng-portal/t/32-CAS-10.t @@ -14,6 +14,9 @@ my $debug = 'error'; my ( $issuer, $res ); my %handlerOR = ( issuer => [] ); +eval { require XML::Simple }; +plan skip_all => "Missing dependencies: $@" if ($@); + ok( $issuer = issuer(), 'Issuer portal' ); count(1); switch ('issuer'); diff --git a/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST-with-WAYF.t b/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST-with-WAYF.t index 251b6cc9c..879ceac0a 100644 --- a/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST-with-WAYF.t +++ b/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST-with-WAYF.t @@ -58,9 +58,9 @@ LWP::Protocol::PSGI->register( ); SKIP: { - eval "use Lasso"; + eval "use Lasso;use XML::Simple"; if ($@) { - skip 'Lasso not found', $maintests; + skip 'Lasso or XML::Simple not found', $maintests; } # Initialization diff --git a/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST.t b/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST.t index ae41d14c0..bb7a7a863 100644 --- a/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST.t +++ b/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST.t @@ -58,9 +58,9 @@ LWP::Protocol::PSGI->register( ); SKIP: { - eval "use Lasso"; + eval "use Lasso;use XML::Simple"; if ($@) { - skip 'Lasso not found', $maintests; + skip 'Lasso or XML::Simple not found', $maintests; } # Initialization diff --git a/lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server-with-Choice.t b/lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server-with-Choice.t index d3fc94c52..23bc0e863 100644 --- a/lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server-with-Choice.t +++ b/lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server-with-Choice.t @@ -58,9 +58,9 @@ LWP::Protocol::PSGI->register( ); SKIP: { - eval "use Lasso"; + eval "use Lasso;use XML::Simple"; if ($@) { - skip 'Lasso not found', $maintests; + skip 'Lasso or XML::Simple not found', $maintests; } # Initialization diff --git a/lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server.t b/lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server.t index 7167f8427..cedb7427a 100644 --- a/lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server.t +++ b/lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server.t @@ -58,9 +58,9 @@ LWP::Protocol::PSGI->register( ); SKIP: { - eval "use Lasso"; + eval "use Lasso;use XML::Simple"; if ($@) { - skip 'Lasso not found', $maintests; + skip 'Lasso or XML::Simple not found', $maintests; } # Initialization diff --git a/lemonldap-ng-portal/t/42-Register-Demo-with-captcha.t b/lemonldap-ng-portal/t/42-Register-Demo-with-captcha.t index 33ffe39bd..2c1430be7 100644 --- a/lemonldap-ng-portal/t/42-Register-Demo-with-captcha.t +++ b/lemonldap-ng-portal/t/42-Register-Demo-with-captcha.t @@ -15,7 +15,7 @@ my $mailSend = 0; SKIP: { eval - 'require Email::Sender::Simple;use GD::SecurityImage;use Image::Magick;'; + 'require Email::Sender::Simple;use GD::SecurityImage;use Image::Magick;use Text::Unidecode'; if ($@) { skip 'Missing dependencies', $maintests; } diff --git a/lemonldap-ng-portal/t/42-Register-Demo-with-token.t b/lemonldap-ng-portal/t/42-Register-Demo-with-token.t index 506c24d65..18501e192 100644 --- a/lemonldap-ng-portal/t/42-Register-Demo-with-token.t +++ b/lemonldap-ng-portal/t/42-Register-Demo-with-token.t @@ -13,7 +13,7 @@ my $maintests = 12; my ( $res, $user, $pwd ); SKIP: { - eval 'require Email::Sender::Simple'; + eval 'require Email::Sender::Simple;use Text::Unidecode'; if ($@) { skip 'Missing dependencies', $maintests; } diff --git a/lemonldap-ng-portal/t/42-Register-Demo.t b/lemonldap-ng-portal/t/42-Register-Demo.t index a55a4a543..1b24a2494 100644 --- a/lemonldap-ng-portal/t/42-Register-Demo.t +++ b/lemonldap-ng-portal/t/42-Register-Demo.t @@ -13,7 +13,7 @@ my $maintests = 9; my ( $res, $user, $pwd ); SKIP: { - eval 'require Email::Sender::Simple'; + eval 'require Email::Sender::Simple; use Text::Unidecode'; if ($@) { skip 'Missing dependencies', $maintests; } diff --git a/lemonldap-ng-portal/t/42-Register-Security.t b/lemonldap-ng-portal/t/42-Register-Security.t index fa73a273b..7d6290aa5 100644 --- a/lemonldap-ng-portal/t/42-Register-Security.t +++ b/lemonldap-ng-portal/t/42-Register-Security.t @@ -13,7 +13,7 @@ my $maintests = 5; my ( $res, $user, $pwd ); SKIP: { - eval 'require Email::Sender::Simple'; + eval 'require Email::Sender::Simple;use Text::Unidecode'; if ($@) { skip 'Missing dependencies', $maintests; } diff --git a/lemonldap-ng-portal/t/70-2F-TOTP-with-TTL-and-XML.t b/lemonldap-ng-portal/t/70-2F-TOTP-with-TTL-and-XML.t index 3b8f9176a..c61535919 100644 --- a/lemonldap-ng-portal/t/70-2F-TOTP-with-TTL-and-XML.t +++ b/lemonldap-ng-portal/t/70-2F-TOTP-with-TTL-and-XML.t @@ -7,7 +7,11 @@ my $maintests = 20; my $file = '20190616_dwho_Tm90aWZpY2F0aW9uX1NG.json'; SKIP: { - eval { require Convert::Base32 }; + eval { + require Convert::Base32; + require XML::LibXML; + require XML::LibXSLT; + }; if ($@) { skip 'Convert::Base32 is missing', $maintests; } From e04a6f198342043ec82e9573e3b43b546cfe03dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20OUDOT?= Date: Tue, 2 Jul 2019 16:36:43 +0200 Subject: [PATCH 5/8] Reject none algorithm when checking JWT signature (#1835) --- .../lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm index 2214f3596..d864ae07d 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm @@ -19,7 +19,7 @@ use Mouse; use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_REDIRECT); -our $VERSION = '2.0.5'; +our $VERSION = '2.0.6'; # OpenID Connect standard claims use constant PROFILE => [ @@ -768,7 +768,9 @@ sub verifyJWTSignature { . " is present but algorithm is 'none'" ); return 0; } - return 1; + $self->logger->debug( + "JWT algorithm is 'none', signature cannot be verified"); + return 0; } if ( $alg eq "HS256" or $alg eq "HS384" or $alg eq "HS512" ) { From 7c7dad9ab6b7f48c0323d38b594c096d3cbb82a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20OUDOT?= Date: Tue, 2 Jul 2019 17:27:17 +0200 Subject: [PATCH 6/8] Enforce ID token signature verification in unit test (#1835) --- ...issuer-OIDC-authorization_code-OP-logout.t | 11 ++++++---- ...er-OIDC-authorization_code-public_client.t | 9 +++++--- ...-OIDC-authorization_code-with-authchoice.t | 11 ++++++---- ...-Auth-and-issuer-OIDC-authorization_code.t | 11 ++++++---- .../t/32-Auth-and-issuer-OIDC-hybrid.t | 11 ++++++---- .../t/32-Auth-and-issuer-OIDC-implicit.t | 11 ++++++---- .../t/32-Auth-and-issuer-OIDC-sorted.t | 21 ++++++++++++------- lemonldap-ng-portal/t/32-CAS-10.t | 3 ++- lemonldap-ng-portal/t/32-OIDC-RP-rule.t | 11 ++++++---- 9 files changed, 63 insertions(+), 36 deletions(-) diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t index 6966ff926..a88066fa0 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t @@ -214,7 +214,8 @@ sub switch { } sub op { - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'idp.com', @@ -312,7 +313,8 @@ GQIDAQAB sub rp { my ( $jwks, $metadata ) = @_; - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'rp.com', @@ -330,8 +332,9 @@ sub rp { }, oidcOPMetaDataOptions => { op => { - oidcOPMetaDataOptionsJWKSTimeout => 0, - oidcOPMetaDataOptionsClientSecret => "rpsecret", + oidcOPMetaDataOptionsCheckJWTSignature => 1, + oidcOPMetaDataOptionsJWKSTimeout => 0, + oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsStoreIDToken => 0, oidcOPMetaDataOptionsDisplay => "", diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t index f845d1187..5576ac365 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t @@ -311,7 +311,8 @@ sub switch { } sub op { - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'idp.com', @@ -408,7 +409,8 @@ GQIDAQAB sub rp { my ( $jwks, $metadata ) = @_; - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'rp.com', @@ -426,7 +428,8 @@ sub rp { }, oidcOPMetaDataOptions => { op => { - oidcOPMetaDataOptionsJWKSTimeout => 0, + oidcOPMetaDataOptionsCheckJWTSignature => 1, + oidcOPMetaDataOptionsJWKSTimeout => 0, oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsStoreIDToken => 0, oidcOPMetaDataOptionsMaxAge => 30, diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t index 07167e272..a065e6ef6 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t @@ -254,7 +254,8 @@ sub switch { } sub op { - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'idp.com', @@ -362,7 +363,8 @@ GQIDAQAB sub rp { my ( $jwks, $metadata ) = @_; - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'rp.com', @@ -380,8 +382,9 @@ sub rp { }, oidcOPMetaDataOptions => { op => { - oidcOPMetaDataOptionsJWKSTimeout => 0, - oidcOPMetaDataOptionsClientSecret => "rpsecret", + oidcOPMetaDataOptionsCheckJWTSignature => 1, + oidcOPMetaDataOptionsJWKSTimeout => 0, + oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsStoreIDToken => 0, oidcOPMetaDataOptionsDisplay => "", diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t index 5a6ed6e38..c3adeade2 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t @@ -311,7 +311,8 @@ sub switch { } sub op { - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'idp.com', @@ -408,7 +409,8 @@ GQIDAQAB sub rp { my ( $jwks, $metadata ) = @_; - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'rp.com', @@ -426,8 +428,9 @@ sub rp { }, oidcOPMetaDataOptions => { op => { - oidcOPMetaDataOptionsJWKSTimeout => 0, - oidcOPMetaDataOptionsClientSecret => "rpsecret", + oidcOPMetaDataOptionsCheckJWTSignature => 1, + oidcOPMetaDataOptionsJWKSTimeout => 0, + oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsStoreIDToken => 0, oidcOPMetaDataOptionsMaxAge => 30, diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-hybrid.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-hybrid.t index 7ae0a4601..62ad2f935 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-hybrid.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-hybrid.t @@ -221,7 +221,8 @@ sub switch { } sub op { - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'idp.com', @@ -316,7 +317,8 @@ GQIDAQAB sub rp { my ( $jwks, $metadata ) = @_; - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'rp.com', @@ -333,8 +335,9 @@ sub rp { }, oidcOPMetaDataOptions => { op => { - oidcOPMetaDataOptionsJWKSTimeout => 0, - oidcOPMetaDataOptionsClientSecret => "rpsecret", + oidcOPMetaDataOptionsCheckJWTSignature => 1, + oidcOPMetaDataOptionsJWKSTimeout => 0, + oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsStoreIDToken => 0, oidcOPMetaDataOptionsDisplay => "", diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t index 89fdec14d..c36b43e62 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t @@ -204,7 +204,8 @@ sub switch { } sub op { - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'idp.com', @@ -298,7 +299,8 @@ GQIDAQAB sub rp { my ( $jwks, $metadata ) = @_; - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'rp.com', @@ -315,8 +317,9 @@ sub rp { }, oidcOPMetaDataOptions => { op => { - oidcOPMetaDataOptionsJWKSTimeout => 0, - oidcOPMetaDataOptionsClientSecret => "rpsecret", + oidcOPMetaDataOptionsCheckJWTSignature => 1, + oidcOPMetaDataOptionsJWKSTimeout => 0, + oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsStoreIDToken => 0, oidcOPMetaDataOptionsDisplay => "", diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-sorted.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-sorted.t index a650639d9..5bee8744a 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-sorted.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-sorted.t @@ -118,7 +118,8 @@ sub switch { } sub op { - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'idp.com', @@ -212,7 +213,8 @@ GQIDAQAB sub rp { my ( $jwks, $metadata ) = @_; - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'rp.com', @@ -241,8 +243,9 @@ sub rp { }, oidcOPMetaDataOptions => { op => { - oidcOPMetaDataOptionsJWKSTimeout => 0, - oidcOPMetaDataOptionsClientSecret => "rpsecret", + oidcOPMetaDataOptionsCheckJWTSignature => 1, + oidcOPMetaDataOptionsJWKSTimeout => 0, + oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsStoreIDToken => 0, oidcOPMetaDataOptionsDisplay => "", @@ -253,8 +256,9 @@ sub rp { "https://auth.op.com/.well-known/openid-configuration" }, op2 => { - oidcOPMetaDataOptionsJWKSTimeout => 0, - oidcOPMetaDataOptionsClientSecret => "rpsecret", + oidcOPMetaDataOptionsCheckJWTSignature => 1, + oidcOPMetaDataOptionsJWKSTimeout => 0, + oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsStoreIDToken => 0, oidcOPMetaDataOptionsDisplay => "", @@ -264,8 +268,9 @@ sub rp { "https://auth.op.com/.well-known/openid-configuration" }, op3 => { - oidcOPMetaDataOptionsJWKSTimeout => 0, - oidcOPMetaDataOptionsClientSecret => "rpsecret", + oidcOPMetaDataOptionsCheckJWTSignature => 1, + oidcOPMetaDataOptionsJWKSTimeout => 0, + oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsStoreIDToken => 0, oidcOPMetaDataOptionsDisplay => "", diff --git a/lemonldap-ng-portal/t/32-CAS-10.t b/lemonldap-ng-portal/t/32-CAS-10.t index 6d98cd6bc..aefb5ff50 100644 --- a/lemonldap-ng-portal/t/32-CAS-10.t +++ b/lemonldap-ng-portal/t/32-CAS-10.t @@ -93,7 +93,8 @@ sub switch { } sub issuer { - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'idp.com', diff --git a/lemonldap-ng-portal/t/32-OIDC-RP-rule.t b/lemonldap-ng-portal/t/32-OIDC-RP-rule.t index 544a83bdc..d24d63a94 100644 --- a/lemonldap-ng-portal/t/32-OIDC-RP-rule.t +++ b/lemonldap-ng-portal/t/32-OIDC-RP-rule.t @@ -129,7 +129,8 @@ sub switch { } sub op { - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'idp.com', @@ -225,7 +226,8 @@ GQIDAQAB sub rp { my ( $jwks, $metadata ) = @_; - return LLNG::Manager::Test->new( { + return LLNG::Manager::Test->new( + { ini => { logLevel => $debug, domain => 'rp.com', @@ -243,8 +245,9 @@ sub rp { }, oidcOPMetaDataOptions => { op => { - oidcOPMetaDataOptionsJWKSTimeout => 0, - oidcOPMetaDataOptionsClientSecret => "rpsecret", + oidcOPMetaDataOptionsCheckJWTSignature => 1, + oidcOPMetaDataOptionsJWKSTimeout => 0, + oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsStoreIDToken => 0, oidcOPMetaDataOptionsDisplay => "", From 26c107cddb8b0053f1c492843d84fc5912ffa23f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20OUDOT?= Date: Tue, 2 Jul 2019 17:47:27 +0200 Subject: [PATCH 7/8] Add unit test (#1835) --- lemonldap-ng-portal/MANIFEST | 1 + ...er-OIDC-authorization_code-with-none-alg.t | 452 ++++++++++++++++++ 2 files changed, 453 insertions(+) create mode 100644 lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-none-alg.t diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST index 7a34c3c67..ccbb3544d 100644 --- a/lemonldap-ng-portal/MANIFEST +++ b/lemonldap-ng-portal/MANIFEST @@ -464,6 +464,7 @@ t/31-Auth-and-issuer-CAS-XSS-on-logout.t t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t t/32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t +t/32-Auth-and-issuer-OIDC-authorization_code-with-none-alg.t t/32-Auth-and-issuer-OIDC-authorization_code.t t/32-Auth-and-issuer-OIDC-hybrid.t t/32-Auth-and-issuer-OIDC-implicit.t diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-none-alg.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-none-alg.t new file mode 100644 index 000000000..e6f86f15e --- /dev/null +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-none-alg.t @@ -0,0 +1,452 @@ +use lib 'inc'; +use Test::More; +use strict; +use IO::String; +use LWP::UserAgent; +use LWP::Protocol::PSGI; +use MIME::Base64; + +BEGIN { + require 't/test-lib.pm'; +} + +my $debug = 'error'; +my ( $op, $rp, $res ); +my %handlerOR = ( op => [], rp => [] ); + +my $access_token; + +LWP::Protocol::PSGI->register( + sub { + my $req = Plack::Request->new(@_); + ok( $req->uri =~ m#http://auth.((?:o|r)p).com(.*)#, ' REST request' ); + my $host = $1; + my $url = $2; + my ( $res, $client ); + count(1); + if ( $host eq 'op' ) { + pass(" Request from RP to OP, endpoint $url"); + $client = $op; + } + elsif ( $host eq 'rp' ) { + pass(' Request from OP to RP'); + $client = $rp; + } + else { + fail(' Aborting REST request (external)'); + return [ 500, [], [] ]; + } + if ( $req->method =~ /^post$/i ) { + my $s = $req->content; + ok( + $res = $client->_post( + $url, IO::String->new($s), + length => length($s), + type => $req->header('Content-Type'), + ), + ' Execute request' + ); + } + else { + ok( + $res = $client->_get( + $url, + custom => { + HTTP_AUTHORIZATION => $req->header('Authorization'), + } + ), + ' Execute request' + ); + } + ok( $res->[0] == 200, ' Response is 200' ); + ok( getHeader( $res, 'Content-Type' ) =~ m#^application/json#, + ' Content is JSON' ) + or explain( $res->[1], 'Content-Type => application/json' ); + count(4); + if ( $res->[2]->[0] =~ /"access_token":"(.*?)"/ ) { + $access_token = $1; + pass "Found access_token $access_token"; + count(1); + } + return $res; + } +); + +# Initialization +ok( $op = op(), 'OP portal' ); + +ok( $res = $op->_get('/oauth2/jwks'), 'Get JWKS, endpoint /oauth2/jwks' ); +expectOK($res); +my $jwks = $res->[2]->[0]; + +ok( + $res = $op->_get('/.well-known/openid-configuration'), + 'Get metadata, endpoint /.well-known/openid-configuration' +); +expectOK($res); +my $metadata = $res->[2]->[0]; +count(3); + +switch ('rp'); +&Lemonldap::NG::Handler::Main::cfgNum( 0, 0 ); +ok( $rp = rp( $jwks, $metadata ), 'RP portal' ); +count(1); + +# Query RP for auth +ok( $res = $rp->_get( '/', accept => 'text/html' ), 'Unauth SP request' ); +count(1); +my ( $url, $query ) = + expectRedirection( $res, qr#http://auth.op.com(/oauth2/authorize)\?(.*)$# ); + +# Push request to OP +switch ('op'); +ok( $res = $op->_get( $url, query => $query, accept => 'text/html' ), + "Push request to OP, endpoint $url" ); +count(1); +expectOK($res); + +# Try to authenticate to OP +$query = "user=french&password=french&$query"; +ok( + $res = $op->_post( + $url, + IO::String->new($query), + accept => 'text/html', + length => length($query), + ), + "Post authentication, endpoint $url" +); +count(1); +my $idpId = expectCookie($res); +my ( $host, $tmp ); +( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' ); + +ok( + $res = $op->_post( + $url, + IO::String->new($query), + accept => 'text/html', + cookie => "lemonldap=$idpId", + length => length($query), + ), + "Post confirmation, endpoint $url" +); +count(1); + +($query) = expectRedirection( $res, qr#^http://auth.rp.com/?\?(.*)$# ); + +# Push OP response to RP +switch ('rp'); + +ok( $res = $rp->_get( '/', query => $query, accept => 'text/html' ), + 'Call openidconnectcallback on RP' ); +count(1); +my $spId = expectCookie($res); + +switch ('op'); +ok( + $res = $op->_get( '/oauth2/checksession.html', accept => 'text.html' ), + 'Check session, endpoint /oauth2/checksession.html' +); +count(1); +expectOK($res); +ok( getHeader( $res, 'Content-Security-Policy' ) !~ /frame-ancestors/, + ' Frame can be embedded' ) + or explain( $res->[1], + 'Content-Security-Policy does not contain a frame-ancestors' ); +count(1); + +# Verify UTF-8 +ok( + $res = $op->_get( + '/oauth2/userinfo', query => 'access_token=' . $access_token, + ), + 'Get userinfo' +); +ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' ) + or print STDERR $@; +ok( $res->{name} eq 'Frédéric Accents', 'UTF-8 values' ) + or explain( $res, 'name => Frédéric Accents' ); +count(3); + +ok( $res = $op->_get("/sessions/global/$spId"), 'Get UTF-8' ); +expectOK($res); +ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' ) + or print STDERR $@; +ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' ) + or explain( $res, 'cn => Frédéric Accents' ); +count(3); + +switch ('rp'); +ok( $res = $rp->_get("/sessions/global/$spId"), 'Get UTF-8' ); +expectOK($res); +ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' ) + or print STDERR $@; +ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' ) + or explain( $res, 'cn => Frédéric Accents' ); +count(3); + +# Logout initiated by RP +ok( + $res = $rp->_get( + '/', + query => 'logout', + cookie => "lemonldap=$spId", + accept => 'text/html' + ), + 'Query RP for logout' +); +count(1); +( $url, $query ) = expectRedirection( $res, + qr#http://auth.op.com(/oauth2/logout)\?(post_logout_redirect_uri=.+)$# ); + +# Push logout to OP +switch ('op'); + +ok( + $res = $op->_get( + $url, + query => $query, + cookie => "lemonldap=$idpId", + accept => 'text/html' + ), + "Push logout request to OP, endpoint $url" +); +count(1); + +( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' ); + +ok( + $res = $op->_post( + $url, IO::String->new($query), + length => length($query), + cookie => "lemonldap=$idpId", + accept => 'text/html', + ), + "Confirm logout, endpoint $url" +); +count(1); + +( $url, $query ) = expectRedirection( $res, qr#.# ); + +# Test logout endpoint without session +ok( + $res = $op->_get( + '/oauth2/logout', + accept => 'text/html', + query => 'post_logout_redirect_uri=http://auth.rp.com/?logout=1' + ), + 'logout endpoint with redirect, endpoint /oauth2/logout' +); +count(1); +expectRedirection( $res, 'http://auth.rp.com/?logout=1' ); + +ok( $res = $op->_get('/oauth2/logout'), + 'logout endpoint, endpoint /oauth2/logout' ); +count(1); +expectReject($res); + +# Test if logout is done +ok( + $res = $op->_get( + '/', cookie => "lemonldap=$idpId", + ), + 'Test if user is reject on IdP' +); +count(1); +expectReject($res); + +switch ('rp'); +ok( + $res = $rp->_get( + '/', + accept => 'text/html', + cookie => + "lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId" + ), + 'Test if user is reject on SP' +); +count(1); +( $url, $query ) = + expectRedirection( $res, qr#^http://auth.op.com(/oauth2/authorize)\?(.*)$# ); + +# Test if consent was saved +# ------------------------- + +# Push request to OP +switch ('op'); +ok( $res = $op->_get( $url, query => $query, accept => 'text/html' ), + "Push request to OP, endpoint $url" ); +count(1); +expectOK($res); + +# Try to authenticate to OP +$query = "user=french&password=french&$query"; +ok( + $res = $op->_post( + $url, + IO::String->new($query), + accept => 'text/html', + length => length($query), + ), + "Post authentication, endpoint $url" +); +count(1); +$idpId = expectCookie($res); + +#expectRedirection( $res, qr#^http://auth.rp.com/# ); + +#print STDERR Dumper($res); + +clean_sessions(); +done_testing( count() ); + +sub switch { + my $type = shift; + pass( '==> Switching to ' . uc($type) . ' <==' ); + count(1); + @Lemonldap::NG::Handler::Main::_onReload = @{ + $handlerOR{$type}; + }; +} + +sub op { + return LLNG::Manager::Test->new( + { + ini => { + logLevel => $debug, + domain => 'idp.com', + portal => 'http://auth.op.com/', + authentication => 'Demo', + userDB => 'Same', + issuerDBOpenIDConnectActivation => "1", + restSessionServer => 1, + oidcRPMetaDataExportedVars => { + rp => { + email => "mail", + family_name => "cn", + name => "cn" + } + }, + oidcServiceMetaDataIssuer => "http://auth.op.com/", + oidcServiceMetaDataAuthorizeURI => "authorize", + oidcServiceMetaDataCheckSessionURI => "checksession.html", + oidcServiceMetaDataJWKSURI => "jwks", + oidcServiceMetaDataEndSessionURI => "logout", + oidcServiceMetaDataRegistrationURI => "register", + oidcServiceMetaDataTokenURI => "token", + oidcServiceMetaDataUserInfoURI => "userinfo", + oidcServiceAllowHybridFlow => 1, + oidcServiceAllowImplicitFlow => 1, + oidcServiceAllowDynamicRegistration => 1, + oidcServiceAllowAuthorizationCodeFlow => 1, + oidcRPMetaDataOptions => { + rp => { + oidcRPMetaDataOptionsDisplayName => "RP", + oidcRPMetaDataOptionsIDTokenExpiration => 3600, + oidcRPMetaDataOptionsClientID => "rpid", + oidcRPMetaDataOptionsIDTokenSignAlg => "none", + oidcRPMetaDataOptionsBypassConsent => 0, + oidcRPMetaDataOptionsClientSecret => "rpsecret", + oidcRPMetaDataOptionsUserIDAttr => "", + oidcRPMetaDataOptionsAccessTokenExpiration => 3600, + oidcRPMetaDataOptionsPostLogoutRedirectUris => + "http://auth.rp.com/?logout=1" + } + }, + oidcOPMetaDataOptions => {}, + oidcOPMetaDataJSON => {}, + oidcOPMetaDataJWKS => {}, + oidcServiceMetaDataAuthnContext => { + 'loa-4' => 4, + 'loa-1' => 1, + 'loa-5' => 5, + 'loa-2' => 2, + 'loa-3' => 3 + }, + oidcServicePrivateKeySig => "-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAs2jsmIoFuWzMkilJaA8//5/T30cnuzX9GImXUrFR2k9EKTMt +GMHCdKlWOl3BV+BTAU9TLz7Jzd/iJ5GJ6B8TrH1PHFmHpy8/qE/S5OhinIpIi7eb +ABqnoVcwDdCa8ugzq8k8SWxhRNXfVIlwz4NH1caJ8lmiERFj7IvNKqEhzAk0pyDr +8hubveTC39xREujKlsqutpPAFPJ3f2ybVsdykX5rx0h5SslG3jVWYhZ/SOb2aIzO +r0RMjhQmsYRwbpt3anjlBZ98aOzg7GAkbO8093X5VVk9vaPRg0zxJQ0Do0YLyzkR +isSAIFb0tdKuDnjRGK6y/N2j6At2HjkxntbtGQIDAQABAoIBADYq6LxJd977LWy3 +0HT9nboFPIf+SM2qSEc/S5Po+6ipJBA4ZlZCMf7dHa6znet1TDpqA9iQ4YcqIHMH +6xZNQ7hhgSAzG9TrXBHqP+djDlrrGWotvjuy0IfS9ixFnnLWjrtAH9afRWLuG+a/ +NHNC1M6DiiTE0TzL/lpt/zzut3CNmWzH+t19X6UsxUg95AzooEeewEYkv25eumWD +mfQZfCtSlIw1sp/QwxeJa/6LJw7KcPZ1wXUm1BN0b9eiKt9Cmni1MS7elgpZlgGt +xtfGTZtNLQ7bgDiM8MHzUfPBhbceNSIx2BeCuOCs/7eaqgpyYHBbAbuBQex2H61l +Lcc3Tz0CgYEA4Kx/avpCPxnvsJ+nHVQm5d/WERuDxk4vH1DNuCYBvXTdVCGADf6a +F5No1JcTH3nPTyPWazOyGdT9LcsEJicLyD8vCM6hBFstG4XjqcAuqG/9DRsElpHQ +yi1zc5DNP7Vxmiz9wII0Mjy0abYKtxnXh9YK4a9g6wrcTpvShhIcIb8CgYEAzGzG +lorVCfX9jXULIznnR/uuP5aSnTEsn0xJeqTlbW0RFWLdj8aIL1peirh1X89HroB9 +GeTNqEJXD+3CVL2cx+BRggMDUmEz4hR59meZCDGUyT5fex4LIsceb/ESUl2jo6Sw +HXwWbN67rQ55N4oiOcOppsGxzOHkl5HdExKidycCgYEAr5Qev2tz+fw65LzfzHvH +Kj4S/KuT/5V6He731cFd+sEpdmX3vPgLVAFPG1Q1DZQT/rTzDDQKK0XX1cGiLG63 +NnaqOye/jbfzOF8Z277kt51NFMDYhRLPKDD82IOA4xjY/rPKWndmcxwdob8yAIWh +efY76sMz6ntCT+xWSZA9i+ECgYBWMZM2TIlxLsBfEbfFfZewOUWKWEGvd9l5vV/K +D5cRIYivfMUw5yPq2267jPUolayCvniBH4E7beVpuPVUZ7KgcEvNxtlytbt7muil +5Z6X3tf+VodJ0Swe2NhTmNEB26uwxzLe68BE3VFCsbSYn2y48HAq+MawPZr18bHG +ZfgMxwKBgHHRg6HYqF5Pegzk1746uH2G+OoCovk5ylGGYzcH2ghWTK4agCHfBcDt +EYqYAev/l82wi+OZ5O8U+qjFUpT1CVeUJdDs0o5u19v0UJjunU1cwh9jsxBZAWLy +PAGd6SWf4S3uQCTw6dLeMna25YIlPh5qPA6I/pAahe8e3nSu2ckl +-----END RSA PRIVATE KEY----- +", + oidcServicePublicKeySig => "-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2jsmIoFuWzMkilJaA8/ +/5/T30cnuzX9GImXUrFR2k9EKTMtGMHCdKlWOl3BV+BTAU9TLz7Jzd/iJ5GJ6B8T +rH1PHFmHpy8/qE/S5OhinIpIi7ebABqnoVcwDdCa8ugzq8k8SWxhRNXfVIlwz4NH +1caJ8lmiERFj7IvNKqEhzAk0pyDr8hubveTC39xREujKlsqutpPAFPJ3f2ybVsdy +kX5rx0h5SslG3jVWYhZ/SOb2aIzOr0RMjhQmsYRwbpt3anjlBZ98aOzg7GAkbO80 +93X5VVk9vaPRg0zxJQ0Do0YLyzkRisSAIFb0tdKuDnjRGK6y/N2j6At2Hjkxntbt +GQIDAQAB +-----END PUBLIC KEY----- +", + } + } + ); +} + +sub rp { + my ( $jwks, $metadata ) = @_; + return LLNG::Manager::Test->new( + { + ini => { + logLevel => $debug, + domain => 'rp.com', + portal => 'http://auth.rp.com/', + authentication => 'OpenIDConnect', + userDB => 'Same', + restSessionServer => 1, + oidcOPMetaDataExportedVars => { + op => { + cn => "name", + uid => "sub", + sn => "family_name", + mail => "email" + } + }, + oidcOPMetaDataOptions => { + op => { + oidcOPMetaDataOptionsCheckJWTSignature => 0, + oidcOPMetaDataOptionsJWKSTimeout => 0, + oidcOPMetaDataOptionsClientSecret => "rpsecret", + oidcOPMetaDataOptionsScope => "openid profile", + oidcOPMetaDataOptionsStoreIDToken => 0, + oidcOPMetaDataOptionsMaxAge => 30, + oidcOPMetaDataOptionsDisplay => "", + oidcOPMetaDataOptionsClientID => "rpid", + oidcOPMetaDataOptionsConfigurationURI => + "https://auth.op.com/.well-known/openid-configuration" + } + }, + oidcOPMetaDataJWKS => { + op => $jwks, + }, + oidcOPMetaDataJSON => { + op => $metadata, + } + } + } + ); +} From c1137edba862ee4207cee746b0581a68026cabfc Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Tue, 2 Jul 2019 20:03:40 +0200 Subject: [PATCH 8/8] make tidy with perltidy-20181120 --- Makefile | 5 +++- fastcgi-server/man/llng-fastcgi-server.1p | 2 +- .../lib/Lemonldap/NG/Common/Apache/Session.pm | 2 +- .../NG/Common/Apache/Session/REST.pm | 2 +- .../Lemonldap/NG/Common/Combination/Parser.pm | 2 +- .../lib/Lemonldap/NG/Common/Conf.pm | 2 +- .../lib/Lemonldap/NG/Common/Conf/AccessLib.pm | 4 +-- .../Lemonldap/NG/Common/Conf/Backends/REST.pm | 4 +-- .../Lemonldap/NG/Common/Conf/RESTServer.pm | 2 +- .../Lemonldap/NG/Common/Conf/SAML/Metadata.pm | 2 +- .../lib/Lemonldap/NG/Common/Crypto.pm | 6 ++--- .../lib/Lemonldap/NG/Common/Logger/Std.pm | 2 +- .../lib/Lemonldap/NG/Common/Logger/Syslog.pm | 2 +- .../Lemonldap/NG/Common/Notifications/File.pm | 2 +- .../Lemonldap/NG/Common/Notifications/LDAP.pm | 4 +-- .../Lemonldap/NG/Common/Notifications/XML.pm | 2 +- .../lib/Lemonldap/NG/Common/PSGI.pm | 6 ++--- .../lib/Lemonldap/NG/Common/Session.pm | 4 +-- .../lib/Lemonldap/NG/Common/Session/REST.pm | 2 +- lemonldap-ng-common/t/36-Common-Regexp.t | 22 ++++++++-------- .../NG/Handler/ApacheMP2/FCGIClient.pm | 2 +- .../Lemonldap/NG/Handler/ApacheMP2/Main.pm | 2 +- .../Lemonldap/NG/Handler/ApacheMP2/Request.pm | 2 +- .../lib/Lemonldap/NG/Handler/Lib/CDA.pm | 2 +- .../lib/Lemonldap/NG/Handler/Lib/Status.pm | 4 +-- .../lib/Lemonldap/NG/Handler/Main/Reload.pm | 4 +-- lemonldap-ng-handler/t/test-psgi-lib.pm | 2 +- .../lib/Lemonldap/NG/Manager/Attributes.pm | 7 +++-- .../lib/Lemonldap/NG/Manager/Build.pm | 4 +-- .../Lemonldap/NG/Manager/Build/Attributes.pm | 1 + .../lib/Lemonldap/NG/Manager/Build/Tree.pm | 4 ++- .../lib/Lemonldap/NG/Manager/Conf.pm | 2 +- .../lib/Lemonldap/NG/Manager/Conf/Parser.pm | 10 +++---- .../lib/Lemonldap/NG/Manager/Conf/Tests.pm | 8 +++--- .../lib/Lemonldap/NG/Manager/Sessions.pm | 2 +- lemonldap-ng-manager/t/02-HTML-template.t | 2 +- lemonldap-ng-manager/t/03-HTML-forms.t | 2 +- .../t/10-save-unchanged-conf.t | 2 +- .../11-save-changed-conf-with-confirmation.t | 2 +- lemonldap-ng-manager/t/12-save-changed-conf.t | 2 +- .../Lemonldap/NG/Portal/2F/Engines/Default.pm | 2 +- .../lib/Lemonldap/NG/Portal/Auth/AD.pm | 4 +-- .../lib/Lemonldap/NG/Portal/Auth/CAS.pm | 4 +-- .../lib/Lemonldap/NG/Portal/Auth/GPG.pm | 2 +- .../lib/Lemonldap/NG/Portal/Auth/Null.pm | 2 +- .../lib/Lemonldap/NG/Portal/Auth/SAML.pm | 2 +- .../lib/Lemonldap/NG/Portal/CDC.pm | 4 +-- .../lib/Lemonldap/NG/Portal/Issuer/CAS.pm | 2 +- .../NG/Portal/Issuer/OpenIDConnect.pm | 6 ++--- .../lib/Lemonldap/NG/Portal/Issuer/SAML.pm | 2 +- .../NG/Portal/Lib/Notifications/XML.pm | 2 +- .../lib/Lemonldap/NG/Portal/Lib/SAML.pm | 6 ++--- .../lib/Lemonldap/NG/Portal/Lib/SMTP.pm | 2 +- .../lib/Lemonldap/NG/Portal/Main/Display.pm | 2 +- .../lib/Lemonldap/NG/Portal/Main/Init.pm | 6 ++--- .../lib/Lemonldap/NG/Portal/Main/Menu.pm | 4 +-- .../lib/Lemonldap/NG/Portal/Main/Plugin.pm | 4 +-- .../lib/Lemonldap/NG/Portal/Main/Request.pm | 2 +- .../lib/Lemonldap/NG/Portal/Main/Run.pm | 5 +++- .../Lemonldap/NG/Portal/Plugins/CheckUser.pm | 2 +- .../NG/Portal/Plugins/ContextSwitching.pm | 2 +- .../Lemonldap/NG/Portal/Plugins/Register.pm | 2 +- .../t/28-AuthChoice-and-password.t | 2 +- ...AML-Artifact-with-SOAP-SLO-IdP-initiated.t | 2 +- ...h-and-issuer-SAML-Artifact-with-SOAP-SLO.t | 2 +- .../t/30-SAML-ReAuth-with-choice.t | 2 +- lemonldap-ng-portal/t/30-SAML-ReAuth.t | 2 +- ...issuer-OIDC-authorization_code-OP-logout.t | 6 ++--- ...er-OIDC-authorization_code-public_client.t | 6 ++--- ...-OIDC-authorization_code-with-authchoice.t | 6 ++--- ...er-OIDC-authorization_code-with-none-alg.t | 6 ++--- ...-Auth-and-issuer-OIDC-authorization_code.t | 6 ++--- .../t/32-Auth-and-issuer-OIDC-hybrid.t | 6 ++--- .../t/32-Auth-and-issuer-OIDC-implicit.t | 6 ++--- .../t/32-Auth-and-issuer-OIDC-sorted.t | 6 ++--- lemonldap-ng-portal/t/32-CAS-10.t | 3 +-- lemonldap-ng-portal/t/32-OIDC-RP-rule.t | 6 ++--- .../t/34-Auth-Proxy-and-REST-Server.t | 13 +++++++--- .../t/34-Auth-Proxy-and-SOAP-Server.t | 2 +- .../t/35-SOAP-config-backend.t | 2 +- .../t/35-SOAP-sessions-with-SOAP-server.t | 2 +- .../t/38-No-persistent-session.t | 12 ++++----- .../t/42-Register-Demo-with-captcha.t | 2 +- lemonldap-ng-portal/t/62-UpgradeSession.t | 2 +- .../t/68-ContextSwitching-with-Logout.t | 26 ++++++++++++------- .../t/68-Impersonation-with-doubleCookies.t | 2 +- lemonldap-ng-portal/t/78-2F-Upgrade.t | 2 +- lemonldap-ng-portal/t/test-ldap.pm | 7 ++--- 88 files changed, 179 insertions(+), 174 deletions(-) diff --git a/Makefile b/Makefile index 21647c9a9..42e72ac44 100644 --- a/Makefile +++ b/Makefile @@ -1115,7 +1115,10 @@ test-diff: done tidy: clean - find lemon*/ -type f \( -name '*.pm' -or -name '*.pl' -or -name '*.fcgi' -or -name '*.t' \) -print -exec perltidy -se -b {} \; + @if perltidy -v|grep v20181120 >/dev/null; then \ + find lemon*/ -type f \( -name '*.pm' -or -name '*.pl' -or -name '*.fcgi' -or -name '*.t' \) -print -exec perltidy -se -b {} \; ; \ + else echo "Wrong perltidy version, please install Perl::Tidy@20181120" ; exit 1 ;\ + fi find lemon*/ -name '*.bak' -delete $(MAKE) json diff --git a/fastcgi-server/man/llng-fastcgi-server.1p b/fastcgi-server/man/llng-fastcgi-server.1p index 960a19d0e..c1a8326d4 100644 --- a/fastcgi-server/man/llng-fastcgi-server.1p +++ b/fastcgi-server/man/llng-fastcgi-server.1p @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "llng-fastcgi-server 1" -.TH llng-fastcgi-server 1 "2019-06-27" "perl v5.28.1" "User Contributed Perl Documentation" +.TH llng-fastcgi-server 1 "2019-07-02" "perl v5.28.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session.pm index e5597f049..5e9d33e62 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session.pm @@ -341,7 +341,7 @@ sub _LDAPGKFAS { $args->{ldapAttributeContent} ||= 'description'; my $ldap = Apache::Session::Store::LDAP::ldap( { args => $args } ); - my $msg = $ldap->search( + my $msg = $ldap->search( base => $args->{ldapConfBase}, filter => '(objectClass=' . $args->{ldapObjectClass} . ')', attrs => [ $args->{ldapAttributeId}, $args->{ldapAttributeContent} ], diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/REST.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/REST.pm index e54bdfda3..4a319bc3d 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/REST.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/REST.pm @@ -104,7 +104,7 @@ sub ua { my $ua = Lemonldap::NG::Common::UserAgent->new( { lwpOpts => $self->{lwpOpts}, lwpSslOpts => $self->{lwpSslOpts} } ); if ( $self->{user} ) { - my $url = $self->{baseUrl}; + my $url = $self->{baseUrl}; my $port = ( $url =~ /^https/ ? 443 : 80 ); $url =~ s#https?://([^/]*).*$#$1#; $port = $1 if ( $url =~ s/:(\d+)$// ); diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Combination/Parser.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Combination/Parser.pm index 76de87dbf..6386c2ed6 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Combination/Parser.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Combination/Parser.pm @@ -169,7 +169,7 @@ sub findB { } if ( $c eq $char ) { my $rest = join( '', @chars ); - $res =~ s/^\s*(.*?)\s*/$1/; + $res =~ s/^\s*(.*?)\s*/$1/; $rest =~ s/^\s*(.*?)\s*/$1/; return ( $res, $rest ); } diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm index 6fdeeeef0..49ce8c846 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm @@ -57,7 +57,7 @@ BEGIN { # @return New Lemonldap::NG::Common::Conf object sub new { my $class = shift; - my $self = bless {}, $class; + my $self = bless {}, $class; if ( ref( $_[0] ) ) { %$self = %{ $_[0] }; } diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/AccessLib.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/AccessLib.pm index 04a1a1e22..a919a4a56 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/AccessLib.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/AccessLib.pm @@ -6,10 +6,10 @@ use Mouse; use Lemonldap::NG::Common::Conf; -has '_confAcc' => ( is => 'rw', isa => 'Lemonldap::NG::Common::Conf' ); +has '_confAcc' => ( is => 'rw', isa => 'Lemonldap::NG::Common::Conf' ); has 'configStorage' => ( is => 'rw', isa => 'HashRef', default => sub { {} } ); has 'currentConf' => ( is => 'rw', required => 1, default => sub { {} } ); -has 'protection' => ( is => 'rw', isa => 'Str', default => 'manager' ); +has 'protection' => ( is => 'rw', isa => 'Str', default => 'manager' ); our $VERSION = '2.0.0'; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/REST.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/REST.pm index 1abcc471f..4f3d824ff 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/REST.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/REST.pm @@ -34,7 +34,7 @@ sub ua { return $self->{ua} if ( $self->{ua} ); my $ua = Lemonldap::NG::Common::UserAgent->new(); if ( $self->{user} ) { - my $url = $self->{baseUrl}; + my $url = $self->{baseUrl}; my $port = ( $url =~ /^https/ ? 443 : 80 ); $url =~ s#https?://([^/]*).*$#$1#; $port = $1 if ( $url =~ s/:(\d+)$// ); @@ -79,7 +79,7 @@ sub available { sub lastCfg { my $self = shift; - my $res = $self->getJson('latest') or return; + my $res = $self->getJson('latest') or return; return $res->{cfgNum}; } diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm index 4cd48ea40..7f2f97196 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm @@ -662,7 +662,7 @@ sub _scanCatsAndApps { } else { $item->{title} = $apps->{$cat}->{options}->{name}; - $item->{type} = $apps->{$cat}->{type} = 'menuApp'; + $item->{type} = $apps->{$cat}->{type} = 'menuApp'; foreach my $o ( grep { not /^name$/ } keys %{ $apps->{$cat}->{options} } diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm index aacec6c51..e827c8946 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm @@ -26,7 +26,7 @@ sub serviceToXML { my ( $self, $conf, $type ) = @_; seek DATA, $dataStart, 0; - my $s = join '', ; + my $s = join '', ; my $template = HTML::Template->new( scalarref => \$s, die_on_bad_params => 0, diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm index b0df054c0..e54bd7bcd 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm @@ -116,7 +116,7 @@ sub decrypt { $data =~ s/%0A/\n/ig; $data = decode_base64($data); my $iv; - $iv = bytes::substr( $data, 0, IV_LENGTH ); + $iv = bytes::substr( $data, 0, IV_LENGTH ); $data = bytes::substr( $data, IV_LENGTH ); eval { $data = $self->_getCipher->set_iv($iv)->decrypt($data); }; @@ -191,7 +191,7 @@ sub _cryptHex { } $data = pack "H*", $data; if ( $sub eq 'decrypt' ) { - $iv = bytes::substr( $data, 0, IV_LENGTH ); + $iv = bytes::substr( $data, 0, IV_LENGTH ); $data = bytes::substr( $data, IV_LENGTH ); } eval { $data = $self->_getCipher($key)->set_iv($iv)->$sub($data); }; @@ -202,7 +202,7 @@ sub _cryptHex { if ( $sub eq 'encrypt' ) { $data = $iv . $data; } - $msg = ""; + $msg = ""; $data = unpack "H*", $data; return $data; } diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Std.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Std.pm index 9645fa764..c42b0e4e2 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Std.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Std.pm @@ -7,7 +7,7 @@ our $VERSION = '2.0.5'; sub new { no warnings 'redefine'; my $level = $_[1]->{logLevel} || 'info'; - my $show = 1; + my $show = 1; foreach (qw(error warn notice info debug)) { if ($show) { eval diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Syslog.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Syslog.pm index 9ade0e557..1b694a1c7 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Syslog.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Syslog.pm @@ -8,7 +8,7 @@ our $VERSION = '2.0.5'; sub new { my ( $class, $conf, %args ) = @_; my $level = $conf->{logLevel} || 'info'; - my $self = bless {}, $class; + my $self = bless {}, $class; if ( $args{user} ) { $self->{facility} = $conf->{userSyslogFacility} || 'auth'; } diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/File.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/File.pm index 40da339d1..e3570745d 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/File.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/File.pm @@ -38,7 +38,7 @@ has fileNameSeparator => ( is => 'rw', default => '_' ); sub get { my ( $self, $uid, $ref ) = @_; return () unless ($uid); - my $fns = $self->{fileNameSeparator}; + my $fns = $self->{fileNameSeparator}; my $identifier = &getIdentifier( $self, $uid, $ref ); opendir D, $self->{dirName}; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/LDAP.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/LDAP.pm index b8fb1713b..ccc691c2b 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/LDAP.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/LDAP.pm @@ -208,7 +208,7 @@ sub getDone { $v = decodeLdapValue($v); $f->{$k} = $v; } - my @t = split( /\D+/, $f->{done} ); + my @t = split( /\D+/, $f->{done} ); my $done = timelocal( $t[5], $t[4], $t[3], $t[2], $t[1], $t[0] ); $result->{"$f->{date}#$f->{uid}#$f->{ref}"} = { notified => $done, uid => $f->{uid}, ref => $f->{ref}, }; @@ -252,7 +252,7 @@ sub _delete { my ( $self, $filter ) = @_; my @entries = _search( $self, "$filter" ); - my $mesg = {}; + my $mesg = {}; foreach my $entry (@entries) { $mesg = $self->{ldap}->delete( $entry->dn() ); $mesg->code && return 0; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm index 144a3f702..5dce3d6f2 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm @@ -51,7 +51,7 @@ sub newNotification { } my $result = XML::LibXML::Document->new( $version, $encoding ); - my $root = XML::LibXML::Element->new('root'); + my $root = XML::LibXML::Element->new('root'); $root->appendChild($notif); $result->setDocumentElement($root); $result = $result->serialize; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm index 4cf7ab29f..d06768ced 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm @@ -112,7 +112,7 @@ sub userError { # Responses methods sub sendJSONresponse { my ( $self, $req, $j, %args ) = @_; - $args{code} ||= 200; + $args{code} ||= 200; $args{headers} ||= $req->respHeaders || []; my $type = 'application/json; charset=utf-8'; if ( ref $j ) { @@ -201,7 +201,7 @@ sub _mustBeDefined { my $name = ( caller(1) )[3]; $name =~ s/^.*:://; my $call = ( caller(1) )[0]; - my $ref = ref( $_[0] ) || $call; + my $ref = ref( $_[0] ) || $call; die "$name() method must be implemented (probably in $ref)"; } @@ -238,7 +238,7 @@ sub sendHtml { my $sc = $req->script_name; $sc = '.' unless ($sc); $sc =~ s#/*$#/#; - $args{code} ||= 200; + $args{code} ||= 200; $args{headers} ||= $req->respHeaders || []; my $htpl; $template = ( $args{templateDir} // $self->templateDir ) . "/$template.tpl"; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm index ddcd76fc6..e635d1a80 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm @@ -93,7 +93,7 @@ sub BUILD { # Register options for common Apache::Session module my $moduleOptions = $self->storageModuleOptions || {}; - my %options = ( + my %options = ( %$moduleOptions, backend => $self->storageModule, localStorage => $self->cacheModule, @@ -156,7 +156,7 @@ sub BUILD { } sub _tie_session { - my $self = $_[0]; + my $self = $_[0]; my $options = $_[1] || {}; my %h; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm index 9549e4dae..4574e0743 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm @@ -225,7 +225,7 @@ sub _session { if ($skey) { if ( $skey =~ s/^\[(.*)\]$/$1/ ) { - my @sk = split /,/, $skey; + my @sk = split /,/, $skey; my $res = {}; $res->{$_} = $session{$_} foreach (@sk); return $self->sendJSONresponse( $req, $res ); diff --git a/lemonldap-ng-common/t/36-Common-Regexp.t b/lemonldap-ng-common/t/36-Common-Regexp.t index 88e63c809..ec377d88c 100644 --- a/lemonldap-ng-common/t/36-Common-Regexp.t +++ b/lemonldap-ng-common/t/36-Common-Regexp.t @@ -22,16 +22,16 @@ BEGIN { *HTTP_URI = *Lemonldap::NG::Common::Regexp::HTTP_URI; *reDomainsToHost = *Lemonldap::NG::Common::Regexp::reDomainsToHost; -ok( 'test.ex.com' =~ HOST() ); -ok( 'test.ex.com' =~ HOSTNAME() ); -ok( 'test..ex.com' !~ HOST() ); -ok( 'test..ex.com' !~ HOSTNAME() ); -ok( '10.1.1.1' =~ HOST() ); -ok( '10.1.1.1' !~ HOSTNAME() ); -ok( 'test.ex.com' !~ HTTP_URI() ); -ok( 'https://test.ex.com' =~ HTTP_URI() ); -ok( 'https://test.ex.com/' =~ HTTP_URI() ); -ok( 'https://test.ex.com/a' =~ HTTP_URI() ); +ok( 'test.ex.com' =~ HOST() ); +ok( 'test.ex.com' =~ HOSTNAME() ); +ok( 'test..ex.com' !~ HOST() ); +ok( 'test..ex.com' !~ HOSTNAME() ); +ok( '10.1.1.1' =~ HOST() ); +ok( '10.1.1.1' !~ HOSTNAME() ); +ok( 'test.ex.com' !~ HTTP_URI() ); +ok( 'https://test.ex.com' =~ HTTP_URI() ); +ok( 'https://test.ex.com/' =~ HTTP_URI() ); +ok( 'https://test.ex.com/a' =~ HTTP_URI() ); ok( 'https://test.ex.com/?