dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bug in confirm (#595)

Browse Source
This commit is contained in:
Xavier Guimard 2017-01-01 12:32:38 +00:00
parent cdbe7d89e9
commit 45e5f28808
11 changed files with 87 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
View File

@ -11,7 +11,6 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_SAML_CONDITIONS_ERROR
PE_SAML_DESTINATION_ERROR
PE_SAML_ERROR
PM_SAML_IDPCHOOSEN
PE_SAML_IDPSSOINITIATED_NOTALLOWED
PE_SAML_SESSION_ERROR
PE_SAML_SIGNATURE_ERROR
@ -820,11 +819,11 @@ sub extractFormInfo {
my ( $idp, $idp_cookie ) = $self->getIDP($req);
# Get confirmation flag
my $confirm_flag = $req->param("confirm") // '';
my $confirm_flag = $req->param("confirm") // 0;
# If confirmation is -1 from resolved IDP screen,
# or IDP was not resolve, let the user choose its IDP
if ( $confirm_flag eq '-1' or !$idp ) {
if ( $confirm_flag == -1 or !$idp ) {
$self->lmLog( "Redirecting user to IDP list", 'debug' );
# Control url parameter
@ -860,7 +859,7 @@ sub extractFormInfo {
}
# If IDP is found but not confirmed, let the user confirm it
elsif ( $confirm_flag eq '1' ) {
elsif ( $confirm_flag != 1 ) {
$self->lmLog( "IDP $idp selected, need user confirmation", 'debug' );
# Control url parameter
@ -868,19 +867,20 @@ sub extractFormInfo {
return $urlcheck unless ( $urlcheck == PE_OK );
# Choosen IDP
my $html = '<h3>'
. $self->msg(PM_SAML_IDPCHOOSEN)
. "</h3>\n" . "<h4>"
my $html =
'<h3 trspan="redirectionToIdp">Redirection to your Identity Provider</h3><h4>'
. $self->idpList->{$idp}->{name}
. "</h4>\n"
. "<p><i>"
. $idp
. "</i></p>\n"
. "<input type=\"hidden\" name=\"url\" value=\""
. $req->param("url") . "\" />"
. ( $req->param("url")
? "<input type=\"hidden\" name=\"url\" value=\""
. $req->param("url") . "\" />"
: '' )
. "<input type=\"hidden\" name=\"idp\" value=\"$idp\" />\n";
$self->info( $req, $html );
$self->p->info( $req, $html );
$req->datas->{login} = 1;
return PE_CONFIRM;
@ -1385,7 +1385,7 @@ sub authLogout {
return PE_OK;
}
else {
$self->lmLog("Lasso method $method not implemented here",'error');
$self->lmLog( "Lasso method $method not implemented here", 'error' );
return PE_SAML_SLO_ERROR;
}
}

6
lemonldap-ng-portal/site/htdocs/static/languages/en.json
View File

@ -86,7 +86,6 @@
"PM6":"authentications remaining, change your password!",
"PM7":"%d days, %d hours, %d minutes and %d seconds before password expiration, change it!",
"PM8":"Select your Identity Provider",
"PM9":"Redirection to your Identity Provider",
"PM10":"Remember my choice",
"PM11":"Logout from service providers...",
"PM12":"Redirection in progress...",
@ -171,6 +170,7 @@
"redirectedFrom":"You were redirect from ",
"redirectedIn":"You'll be redirected in 10 seconds",
"redirectionInProgres":"Redirection in progress...",
"redirectionToIdp":"Redirection to your Identity Provider",
"refuse":"Refuse",
"registerRequestAlreadyIssued":"A register request for this account was already issued on ",
"rememberChoice":"Remember my choice",
@ -196,7 +196,7 @@
"yourEmail":"Your email",
"yourIdentity":"Your identity",
"yourIdentityIs":"Your identity is",
"yourLoginIs":"Your login is"
"yourLoginIs":"Your login is",
"yourPhone":"Your phone number",
"yourProfile":"Your profile",
"yourProfile":"Your profile"
}

6
lemonldap-ng-portal/site/htdocs/static/languages/fr.json
View File

@ -86,7 +86,6 @@
"PM6":"authentifications restantes, changez votre mot de passe !",
"PM7":"%d jours, %d heures, %d minutes et %d secondes avant expiration de votre mot de passe, pensez à le changer !",
"PM8":"Choisissez votre fournisseur d'identité",
"PM9":"Redirection vers votre fournisseur d'identité",
"PM10":"Se souvenir de mon choix",
"PM11":"Déconnexion des services...",
"PM12":"Redirection en cours...",
@ -171,6 +170,7 @@
"redirectedFrom":"Vous avez été redirigé depuis ",
"redirectedIn":"Vous allez être redirigé(e) automatiquement dans 10 secondes",
"redirectionInProgres":"Redirection en cours...",
"redirectionToIdp":"Redirection vers votre fournisseur d'identité",
"refuse":"Refuser",
"registerRequestAlreadyIssued":"Une demande de création pour ce compte a déjà été faite le ",
"rememberChoice":"Se souvenir de mon choix",
@ -196,7 +196,7 @@
"yourEmail":"Votre adresse électronique",
"yourIdentity":"Votre identité",
"yourIdentityIs":"Votre identité est&nbsp;",
"yourLoginIs":"Votre identifiant est"
"yourLoginIs":"Votre identifiant est",
"yourPhone":"Votre numéro de téléphone",
"yourProfile":"Vos informations personnelles",
"yourProfile":"Vos informations personnelles"
}

14
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO-IdP-initiated.t
View File

@ -7,7 +7,7 @@ BEGIN {
require 't/test-lib.pm';
}
my $maintests = 12;
my $maintests = 13;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -116,8 +116,16 @@ m#img src="http://auth.idp.com(/saml/relaySingleLogoutSOAP)\?(relay=.*?)"#s,
),
'Test if user is reject on SP'
);
expectRedirection( $res,
qr#^http://auth.idp.com(/saml/singleSignOnArtifact)\?(SAMLart=.+)# );
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
}
count($maintests);

14
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO.t
View File

@ -7,7 +7,7 @@ BEGIN {
require 't/test-lib.pm';
}
my $maintests = 14;
my $maintests = 15;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -163,8 +163,16 @@ SKIP: {
),
'Test if user is reject on SP'
);
expectRedirection( $res,
qr#^http://auth.idp.com/saml/singleSignOnArtifact\?(SAMLart=.*)# );
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
#print STDERR Dumper($res);
}

15
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST-IdP-initiated.t
View File

@ -7,7 +7,7 @@ BEGIN {
require 't/test-lib.pm';
}
my $maintests = 9;
my $maintests = 14;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -152,9 +152,16 @@ m#iframe src="http://auth.idp.com(/saml/relaySingleLogoutPOST)\?(relay=.*?)"#s,
),
'Test if user is reject on SP'
);
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
'SAMLRequest' );
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
#print STDERR Dumper($res);
}

15
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t
View File

@ -7,7 +7,7 @@ BEGIN {
require 't/test-lib.pm';
}
my $maintests = 11;
my $maintests = 17;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -181,9 +181,16 @@ SKIP: {
),
'Test if user is reject on SP'
);
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
'SAMLRequest' );
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
#print STDERR Dumper($res);
}

14
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect-IdP-initiated.t
View File

@ -7,7 +7,7 @@ BEGIN {
require 't/test-lib.pm';
}
my $maintests = 14;
my $maintests = 15;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -135,8 +135,16 @@ m#iframe src="http://auth.sp.com(/saml/proxySingleLogout)\?(SAMLRequest=.*?)"#,
),
'Test if user is reject on SP'
);
expectRedirection( $res,
qr#^http://auth.idp.com/saml/singleSignOn\?(SAMLRequest=.*)# );
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
}
count($maintests);

14
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t
View File

@ -7,7 +7,7 @@ BEGIN {
require 't/test-lib.pm';
}
my $maintests = 18;
my $maintests = 19;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -195,8 +195,16 @@ qr#^http://auth.sp.com(/saml/proxySingleLogoutReturn)\?(SAMLResponse=.+)#
),
'Test if user is reject on SP'
);
( $url, $query ) = expectRedirection( $res,
qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# );
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?id="confirm".+?value="(.+?)"/s,
'Found confirm key'
)
or explain(
$res->[2],
'<input type="hidden" id="confirm" name="confirm" value="<base64 value>" />'
);
#print STDERR Dumper($res);
}

2
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC.t
View File

@ -7,7 +7,7 @@ BEGIN {
require 't/test-lib.pm';
}
my $debug = 'debug';
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );

6
lemonldap-ng-portal/t/test-lib.pm
View File

@ -67,8 +67,9 @@ count(1);
sub expectAutoPost {
my @r = expectForm(@_);
my $method = pop @r;
ok ( $method =~ /^post$/i );
ok ( $method =~ /^post$/i, 'Method is POST' ) or explain (\@r,'POST');
count(1);
return @r;
}
sub expectForm {
@ -117,7 +118,7 @@ sub expectForm {
ok( defined $fields{$f}, qq{Field "$f" is defined} );
count(1);
}
return ( $host, $uri, $query );
return ( $host, $uri, $query, $method );
}
else {
return ();
@ -267,7 +268,6 @@ sub logout {
sub _get {
my ( $self, $path, %args ) = @_;
print STDERR Data::Dumper::Dumper($args{custom});
return $self->app->(
{
'HTTP_ACCEPT' => $args{accept}