Merge branch 'v2.0' into 2071

_example/etc/portal-apache2.4.conf

@@ -34,6 +34,9 @@
     RewriteCond "%{REQUEST_URI}" "!^/(?:(?:static|javascript|favicon).*|.*\.fcgi(?:/.*)?)$"
     RewriteRule "^/(.+)$" "/index.fcgi/$1" [PT]
 
+    # Uncomment this to mitigate memory leaks when using Perl 5.16
+    # FcgidMaxRequestsPerProcess 500
+
     # Note that Content-Security-Policy header is generated by portal itself
     <Files *.fcgi>
         SetHandler fcgid-script

_example/etc/portal-apache2.X.conf

@@ -35,6 +35,9 @@
     RewriteCond "%{REQUEST_URI}" "!^/(?:(?:static|javascript|favicon).*|.*\.fcgi(?:/.*)?)$"
     RewriteRule "^/(.+)$" "/index.fcgi/$1" [PT]
 
+    # Uncomment this to mitigate memory leaks when using Perl 5.16
+    # FcgidMaxRequestsPerProcess 500
+
     # Note that Content-Security-Policy header is generated by portal itself
     <Files *.fcgi>
         SetHandler fcgid-script

_example/etc/portal-apache2.conf

@@ -30,6 +30,9 @@
     RewriteCond "%{REQUEST_URI}" "!^/(?:(?:static|javascript|favicon).*|.*\.fcgi(?:/.*)?)$"
     RewriteRule "^/(.+)$" "/index.fcgi/$1" [PT]
 
+    # Uncomment this to mitigate memory leaks when using Perl 5.16
+    # FcgidMaxRequestsPerProcess 500
+
     # Note that Content-Security-Policy header is generated by portal itself
     <Files *.fcgi>
         SetHandler fcgid-script

fastcgi-server/default/llng-fastcgi-server

@@ -21,3 +21,14 @@ GROUP=__GROUP__
 #ENGINE=FCGI::EV
 #ENGINE=FCGI::Engine
 #ENGINE=FCGI::Engine::ProcManager
+
+# Process recycling
+# When running with Perl 5.16, you might encounter memory
+# leaks when running the FastCGI server
+# By default, we restart each worker after 500 requests to mitigate
+# the leak. You can finetune these settings here.
+# See also FCGI::ProcManager::Constrained(3)
+
+PM_MAX_REQUESTS=500
+#PM_SIZECHECK_NUM_REQUESTS=10
+#PM_MAX_SIZE=100000

fastcgi-server/sbin/llng-fastcgi-server

@@ -10,9 +10,9 @@ use Lemonldap::NG::Handler::Main::Reload;
 our $VERSION = '2.0.0';
 
 our (
-    $foreground,          $engine, $nproc,  $pidFile,
-    $socket,              $user,   $listen, $group,
-    $customFunctionsFile, %plackOptions
+    $foreground,  $engine,              $nproc,  $pidFile,
+    $socket,      $user,                $listen, $group,
+    $procmanager, $customFunctionsFile, %plackOptions
 );
 my %_apps;
 
@@ -29,6 +29,9 @@ $user    ||= $ENV{USER};
 $group   ||= $ENV{GROUP};
 $customFunctionsFile ||= $ENV{CUSTOM_FUNCTIONS_FILE};
 
+# If the user specified any PM_ constrains, run under ::Constrained
+$procmanager = "FCGI::ProcManager::Constrained" if grep /^PM_/, keys %ENV;
+
 #Getopt::Long::Configure ("bundling_values");
 GetOptions(
     'foreground'              => \$foreground,
@@ -93,7 +96,7 @@ my %builder = (
                 die "Unable to load $_[0]->{SCRIPT_FILENAME}";
             }
             return $_apps{$script}->(@_);
-          }
+        }
     },
 );
 
@@ -126,6 +129,7 @@ $server->parse_options(
     '--proc-title' => 'llng-fastcgi-server',
     ( $foreground ? () : '--daemonize' ),
     '--no-default-middleware',
+    ( $procmanager ? ( '--manager', $procmanager ) : () ),
     %plackOptions,
 );
 
@@ -216,14 +220,10 @@ Plack::Handler engine, default to FCGI (see below)
 
 =item --plackOptions:
 
-other options to pass to Plack. This multi-valued parameter must have
-"key=value" values.
+other options to pass to the Plack handler. This multi-valued parameter must
+have "key=value" values.
 
-Example to use L<FCGI::ProcManager::Constrained> instead of default FCGI manager
-(L<FCGI::ProcManager>):
-
-  llng-fastcgi-server -u nobody -g nobody -s /run/llng.sock -e FCGI -n 10 \
-                      --plackOptions manager=FCGI::ProcManager::Constrained
+See Plack::Handler::FCGI for a list of options for the default FCGI engine
 
 =back
 
@@ -236,22 +236,6 @@ other engines can be used:
 
 It uses L<FCGI::ProcManager> as manager. Other managers:
 
-=over
-
-=item L<FCGI::ProcManager::Constrained>
-
-Example to launch it:
-
-  llng-fastcgi-server -u nobody -g nobody -s /run/llng.sock -e FCGI -n 10 \
-                      --plackOptions manager=FCGI::ProcManager::Constrained
-
-You can then set environment values (in /etc/default/llng-fastcgi-server file
-for example):
-
-  PM_MAX_REQUESTS=10000
-  PM_SIZECHECK_NUM_REQUESTS=100
-  PM_MAX_SIZE=300000
-
 =item L<FCGI::ProcManager::Dynamic>
 
   llng-fastcgi-server -u nobody -g nobody -s /run/llng.sock -e FCGI -n 10 \

lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications.pm

@@ -4,7 +4,7 @@ use strict;
 use Mouse;
 use JSON qw(to_json);
 
-our $VERSION = '2.0.7';
+our $VERSION = '2.0.8';
 
 extends 'Lemonldap::NG::Common::Module';
 
@@ -19,6 +19,11 @@ sub import {
     }
 }
 
+has extension => (
+    is => 'rw',
+    default => 'json'
+);
+
 has notifField => (
     is      => 'rw',
     builder => sub {
@@ -31,6 +36,12 @@ has notifField => (
     }
 );
 
+sub BUILD {
+    my $self = shift;
+    $self->extension('xml') if $self->p->conf->{oldNotifFormat};
+    $self->logger->debug('Use extension "' . $self->extension . '" to store notification files');
+}
+
 sub getNotifications {
     my ( $self, $uid ) = @_;
     my $forAll = $self->get( $self->conf->{notificationWildcard} );

lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/File.pm

@@ -14,11 +14,8 @@ our $VERSION = '2.0.8';
 
 extends 'Lemonldap::NG::Common::Notifications';
 
-our $ext = 'json';
-
 sub import {
     shift;
-    $ext = 'xml' if ( $_[0] eq 'XML' );
     return Lemonldap::NG::Common::Notifications->import(@_);
 }
 
@@ -38,6 +35,7 @@ has fileNameSeparator => ( is => 'rw', default => '_' );
 # If $ref is set, returns only notification corresponding to this reference.
 sub get {
     my ( $self, $uid, $ref ) = @_;
+    my $ext = $self->extension;
     return () unless ($uid);
     my $fns        = $self->{fileNameSeparator};
     my $identifier = &getIdentifier( $self, $uid, $ref );
@@ -88,6 +86,7 @@ sub getAccepted {
 # keys date, uid, ref and condition.
 sub getAll {
     my $self = shift;
+    my $ext = $self->extension;
     opendir D, $self->{dirName};
     my @notif;
     my $fns = $self->{fileNameSeparator};
@@ -113,6 +112,7 @@ sub getAll {
 # keys date, uid, ref and condition.
 sub getExisting {
     my $self = shift;
+    my $ext = $self->extension;
     opendir D, $self->{dirName};
     my @notif;
     my $fns = $self->{fileNameSeparator};
@@ -137,6 +137,7 @@ sub getExisting {
 # @param $myref identifier returned by get() or getAll()
 sub delete {
     my ( $self, $myref ) = @_;
+    my $ext = $self->extension;
     my $new = ( $myref =~ /(.*?)(?:\.$ext)$/ )[0] . '.done';
     return rename( $self->{dirName} . "/$myref", $self->{dirName} . "/$new" );
 }
@@ -153,6 +154,7 @@ sub purge {
 # Insert a new notification
 sub newNotif {
     my ( $self, $date, $uid, $ref, $condition, $content ) = @_;
+    my $ext = $self->extension;
     my $fns = $self->{fileNameSeparator};
     $fns ||= '_';
     my @t = split( /\D+/, $date );

lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm

@@ -171,7 +171,7 @@ sub javascript {
     my ( $self, $req ) = @_;
     my $res       = eval { $self->hLoadedPlugins->{viewer}->diffRule->( $req, $req->{userData} )} || 0;
     print STDERR $@ if $@;
-    my $impPrefix = $self->{impersonationPrefix};
+    my $impPrefix = $self->{impersonationPrefix} || 'real_';
     my $ttl       = $self->{timeout} || 72000;
 
     return

lemonldap-ng-manager/site/coffee/notifications.coffee

@@ -270,16 +270,19 @@ llapp.controller 'NotificationsExplorerCtrl', [ '$scope', '$translator', '$locat
 						message: data.error
 				$scope.showModal "alert.html"
 				$scope.waiting = false
+				$scope.form.date = new Date()
 			, (response) ->
 				$scope.message =
 					title: 'notificationNotCreated'
 					message: response.statusText
 				$scope.showModal "alert.html"
 				$scope.waiting = false
+				$scope.form.date = new Date()
 		else
 			$scope.message =
 				title: 'incompleteForm'
 			$scope.showModal "alert.html"
+		$scope.form.date = new Date()
 
 	$scope.init = ->
 		$scope.waiting = true

lemonldap-ng-manager/site/htdocs/static/js/notifications.js

@@ -306,7 +306,7 @@
           $scope.formPost.reference = $scope.form.reference;
           $scope.formPost.condition = $scope.form.condition;
           $scope.formPost.xml = $scope.form.xml;
-          return $http.post('notifications/actives', $scope.formPost).then(function(response) {
+          $http.post('notifications/actives', $scope.formPost).then(function(response) {
             var data;
             data = response.data;
             $scope.form = {};
@@ -321,21 +321,24 @@
               };
             }
             $scope.showModal("alert.html");
-            return $scope.waiting = false;
+            $scope.waiting = false;
+            return $scope.form.date = new Date();
           }, function(response) {
             $scope.message = {
               title: 'notificationNotCreated',
               message: response.statusText
             };
             $scope.showModal("alert.html");
-            return $scope.waiting = false;
+            $scope.waiting = false;
+            return $scope.form.date = new Date();
           });
         } else {
           $scope.message = {
             title: 'incompleteForm'
           };
-          return $scope.showModal("alert.html");
+          $scope.showModal("alert.html");
         }
+        return $scope.form.date = new Date();
       };
       $scope.init = function() {
         $scope.waiting = true;

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm

@@ -321,6 +321,7 @@ sub run {
         params => {
             MAIN_LOGO => $self->conf->{portalMainLogo},
             SKIN      => $self->p->getSkin($req),
+            LANGS     => $self->conf->{showLanguages},
             TOKEN     => $token,
             MODULES   => [
                 map { {
@@ -415,8 +416,14 @@ sub _displayRegister {
             return $self->p->sendError( $req,
                 'Registration not authorized', 403 );
         }
-        return $self->p->sendHtml( $req, $m->{m}->template,
-            params => { MAIN_LOGO => $self->conf->{portalMainLogo} } );
+        return $self->p->sendHtml(
+            $req,
+            $m->{m}->template,
+            params => {
+                MAIN_LOGO => $self->conf->{portalMainLogo},
+                LANGS     => $self->conf->{showLanguages},
+            }
+        );
     }
 
     # If only one 2F is available, redirect to it
@@ -483,6 +490,7 @@ sub _displayRegister {
         params => {
             MAIN_LOGO    => $self->conf->{portalMainLogo},
             SKIN         => $self->p->getSkin($req),
+            LANGS        => $self->conf->{showLanguages},
             MODULES      => \@am,
             SFDEVICES    => $_2fDevices,
             ACTION       => $action,

lemonldap-ng-portal/t/40-Notifications-JSON-File.t

@@ -94,7 +94,7 @@ ok(
 );
 count(1);
 expectOK($res);
-my $id = expectCookie($res);
+$id = expectCookie($res);
 expectForm( $res, undef, '/notifback', 'reference1x1', 'url' );
 
 # Verify that cookie is ciphered (session unvalid)
@@ -207,7 +207,6 @@ ok(
     $res = $client->_get(
         '/',
         cookie => "lemonldap=$id",
-        length => 64,
         accept => 'text/html',
     ),
     'New auth query'

lemonldap-ng-portal/t/40-Notifications-JSON-LDAP.t

@@ -5,6 +5,7 @@ use Lemonldap::NG::Common::Notifications::LDAP "JSON";
 use Lemonldap::NG::Common::Logger::Std;
 
 my $res;
+my $notif ;
 my $maintests = 11;
 my $logLevel  = 'error';
 require 't/test-lib.pm';
@@ -25,13 +26,11 @@ my $notificationStorageOptions = {
     ldapConfBase     => $ldapConfBase,
 };
 
-my $notif =
-  Lemonldap::NG::Common::Notifications::LDAP->new($notificationStorageOptions);
-
 SKIP: {
     skip 'LLNGTESTLDAP is not set', $maintests unless ( $ENV{LLNGTESTLDAP} );
     require 't/test-ldap.pm';
     use Net::LDAP;
+    $notif =  Lemonldap::NG::Common::Notifications::LDAP->new($notificationStorageOptions);
     my $ldap = Net::LDAP->new($ldapServer);
     my $mesg = $ldap->bind( $ldapBindDN, password => $ldapBindPassword );
     is( $mesg->code, 0, "Bind to LDAP server" ) or diag $mesg->error;

lemonldap-ng-portal/t/68-ContextSwitching.t

@@ -61,10 +61,14 @@ ok(
     $res->[2]->[0] =~ m%<span trspan="connectedAs">Connected as</span> rtyler%,
     'Connected as rtyler'
 ) or print STDERR Dumper( $res->[2]->[0] );
+ok(
+    $res->[2]->[0] =~ qr%<span id="languages"></span>%,
+    'Found language flags'
+) or print STDERR Dumper( $res->[2]->[0] );
 expectAuthenticatedAs( $res, 'rtyler' );
 ok( $res->[2]->[0] !~ m%contextSwitching_ON%, 'Connected as dwho' )
   or print STDERR Dumper( $res->[2]->[0] );
-count(2);
+count(3);
 
 $client->logout($id);
 

lemonldap-ng-portal/t/75-2F-Registers.t

@@ -4,7 +4,7 @@ use IO::String;
 use Data::Dumper;
 
 require 't/test-lib.pm';
-my $maintests = 52;
+my $maintests = 54;
 
 SKIP: {
     eval { require Convert::Base32 };
@@ -64,10 +64,13 @@ SKIP: {
     );
     ok( $res->[2]->[0] =~ /totpregistration\.(?:min\.)?js/, 'Found TOTP js' );
     ok(
-        $res->[2]->[0] =~ qr%<img src="/static/common/logos/logo_llng_old.png"%,
+        $res->[2]->[0] =~ qr%<img src="/static/common/logos/logo_llng_old\.png"%,
         'Found custom Main Logo'
     ) or print STDERR Dumper( $res->[2]->[0] );
-    count(1);
+    ok(
+        $res->[2]->[0] =~ qr%<span id="languages"></span>%,
+        'Language icons found'
+    ) or print STDERR Dumper( $res->[2]->[0] );
 
     # Register TOTP
     # JS query