Append display Slave logo option (#1936)
This commit is contained in:
Christophe Maudoux
parent
f1c97fdde5
commit
5615d5b2a3
|
|
@ -24,7 +24,7 @@ use constant MANAGERSECTION => "manager";
|
|||
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
|
||||
use constant APPLYSECTION => "apply";
|
||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustomAddParam|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?)?|y(?:Deleted|Other))|AjaxHook)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|d(?:isablePersistentStorage|biDynamicHashEnabled|ontCompactConf)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|br(?:owsersDontStorePassword|uteForceProtection)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?)?|y(?:Deleted|Other))|AjaxHook)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|d(?:isablePersistentStorage|biDynamicHashEnabled|ontCompactConf)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|br(?:owsersDontStorePassword|uteForceProtection)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
|
||||
|
||||
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
|
||||
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ our $authParameters = {
|
|||
radiusParams => [qw(radiusAuthnLevel radiusSecret radiusServer)],
|
||||
remoteParams => [qw(remotePortal remoteCookieName remoteGlobalStorage remoteGlobalStorageOptions)],
|
||||
restParams => [qw(restAuthnLevel restAuthUrl restUserDBUrl restPwdConfirmUrl restPwdModifyUrl)],
|
||||
slaveParams => [qw(slaveAuthnLevel slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent slaveExportedVars)],
|
||||
slaveParams => [qw(slaveAuthnLevel slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent slaveDisplayLogo slaveExportedVars)],
|
||||
sslParams => [qw(SSLAuthnLevel SSLVar SSLVarIf sslByAjax sslHost)],
|
||||
twitterParams => [qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName twitterUserField)],
|
||||
webidParams => [qw(webIDAuthnLevel webIDExportedVars webIDWhitelist)],
|
||||
|
|
|
|||
|
|
@ -3401,6 +3401,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'default' => 2,
|
||||
'type' => 'int'
|
||||
},
|
||||
'slaveDisplayLogo' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'slaveExportedVars' => {
|
||||
'default' => {},
|
||||
'keyMsgFail' => '__badVariableName__',
|
||||
|
|
|
|||
|
|
@ -14,8 +14,13 @@ sub perlExpr {
|
|||
my ( $val, $conf ) = @_;
|
||||
my $cpt = new Safe;
|
||||
$cpt->share_from( 'MIME::Base64', ['&encode_base64'] );
|
||||
$cpt->share_from( 'Lemonldap::NG::Handler::Main::Jail',
|
||||
[ '&encrypt', '&token', @Lemonldap::NG::Handler::Main::Jail::builtCustomFunctions ] );
|
||||
$cpt->share_from(
|
||||
'Lemonldap::NG::Handler::Main::Jail',
|
||||
[
|
||||
'&encrypt', '&token',
|
||||
@Lemonldap::NG::Handler::Main::Jail::builtCustomFunctions
|
||||
]
|
||||
);
|
||||
$cpt->share_from( 'Lemonldap::NG::Common::Safelib',
|
||||
$Lemonldap::NG::Common::Safelib::functions );
|
||||
$cpt->reval("BEGIN { 'warnings'->unimport; } $val");
|
||||
|
|
@ -3330,6 +3335,11 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
},
|
||||
slaveHeaderName => { type => 'text', },
|
||||
slaveHeaderContent => { type => 'text', },
|
||||
slaveDisplayLogo => {
|
||||
type => 'bool',
|
||||
default => 0,
|
||||
documentation => 'Display Slave authentication logo',
|
||||
},
|
||||
|
||||
# Choice
|
||||
authChoiceParam => {
|
||||
|
|
|
|||
|
|
@ -388,7 +388,8 @@ sub tree {
|
|||
nodes => [
|
||||
'slaveAuthnLevel', 'slaveUserHeader',
|
||||
'slaveMasterIP', 'slaveHeaderName',
|
||||
'slaveHeaderContent', 'slaveExportedVars',
|
||||
'slaveHeaderContent', 'slaveDisplayLogo',
|
||||
'slaveExportedVars',
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -788,6 +788,7 @@
|
|||
"singleSessionUserByIP":"جلسة واحدة بواسطة عنوان الآي بي",
|
||||
"skipRenewConfirmation":"Skip re-auth confirmation",
|
||||
"slaveAuthnLevel":"مستوى إثبات الهوية",
|
||||
"slaveDisplayLogo":"Display authentication logo",
|
||||
"slaveExportedVars":"المتغيرات المصدرة",
|
||||
"slaveMasterIP":"عنوان آي بي الماستر",
|
||||
"slaveParams":"معاييرالتابع",
|
||||
|
|
|
|||
|
|
@ -788,6 +788,7 @@
|
|||
"singleSessionUserByIP":"One session by IP address",
|
||||
"skipRenewConfirmation":"Skip re-auth confirmation",
|
||||
"slaveAuthnLevel":"Authentication level",
|
||||
"slaveDisplayLogo":"Display authentication logo",
|
||||
"slaveExportedVars":"Exported variables",
|
||||
"slaveMasterIP":"Master's IP address",
|
||||
"slaveParams":"Slave parameters",
|
||||
|
|
|
|||
|
|
@ -788,6 +788,7 @@
|
|||
"singleSessionUserByIP":"One session by IP address",
|
||||
"skipRenewConfirmation":"Skip re-auth confirmation",
|
||||
"slaveAuthnLevel":"Authentication level",
|
||||
"slaveDisplayLogo":"Display authentication logo",
|
||||
"slaveExportedVars":"Exported variables",
|
||||
"slaveMasterIP":"Master's IP address",
|
||||
"slaveParams":"Slave parameters",
|
||||
|
|
|
|||
|
|
@ -788,6 +788,7 @@
|
|||
"singleSessionUserByIP":"Une seule session par IP",
|
||||
"skipRenewConfirmation":"Éviter la confirmation de ré-authentification",
|
||||
"slaveAuthnLevel":"Niveau d'authentification",
|
||||
"slaveDisplayLogo":"Afficher le logo d'authentification",
|
||||
"slaveExportedVars":"Variables exportées",
|
||||
"slaveMasterIP":"IP accréditées",
|
||||
"slaveParams":"Paramètres Slave",
|
||||
|
|
|
|||
|
|
@ -788,6 +788,7 @@
|
|||
"singleSessionUserByIP":"Una sessione per indirizzo IP",
|
||||
"skipRenewConfirmation":"Salta la conferma di re-auth",
|
||||
"slaveAuthnLevel":"Livello di autenticazione",
|
||||
"slaveDisplayLogo":"Display authentication logo",
|
||||
"slaveExportedVars":"Variabili esportate",
|
||||
"slaveMasterIP":"Indirizzo IP del master",
|
||||
"slaveParams":"Parametri di slave",
|
||||
|
|
|
|||
|
|
@ -788,6 +788,7 @@
|
|||
"singleSessionUserByIP":"Một phiên theo địa chỉ IP",
|
||||
"skipRenewConfirmation":"Skip re-auth confirmation",
|
||||
"slaveAuthnLevel":"Mức xác thực",
|
||||
"slaveDisplayLogo":"Display authentication logo",
|
||||
"slaveExportedVars":"Biến đã được xuất",
|
||||
"slaveMasterIP":"Địa chỉ IP của Master",
|
||||
"slaveParams":"Tham số Slave",
|
||||
|
|
|
|||
|
|
@ -788,6 +788,7 @@
|
|||
"singleSessionUserByIP":"One session by IP address",
|
||||
"skipRenewConfirmation":"Skip re-auth confirmation",
|
||||
"slaveAuthnLevel":"认证等级",
|
||||
"slaveDisplayLogo":"Display authentication logo",
|
||||
"slaveExportedVars":"Exported variables",
|
||||
"slaveMasterIP":"Master's IP address",
|
||||
"slaveParams":"Slave parameters",
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -23,10 +23,10 @@ sub extractFormInfo {
|
|||
return PE_FORBIDDENIP
|
||||
unless ( $self->checkIP($req) and $self->checkHeader($req) );
|
||||
|
||||
unless ( $self->conf->{slaveUserHeader} ){
|
||||
unless ( $self->conf->{slaveUserHeader} ) {
|
||||
$self->logger->debug('slaveUserHeader is undefined');
|
||||
return PE_USERNOTFOUND;
|
||||
};
|
||||
}
|
||||
|
||||
my $user_header = $self->conf->{slaveUserHeader};
|
||||
$user_header = 'HTTP_' . uc($user_header);
|
||||
|
|
@ -52,7 +52,8 @@ sub setAuthSessionInfo {
|
|||
}
|
||||
|
||||
sub getDisplayType {
|
||||
return "_none_";
|
||||
my ($self) = @_;
|
||||
return ( $self->{conf}->{slaveDisplayLogo} ? "logo" : "_none_" );
|
||||
}
|
||||
|
||||
sub authLogout {
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user