* Add a troolean type in Manager

* Sign SAML Message options can accept the default value (#88)
2010-07-01 16:05:57 +00:00 · 2010-07-01 16:05:57 +00:00 · 5754d86ff5
commit 5754d86ff5
parent 2ce4e19a0d
7 changed files with 84 additions and 22 deletions
--- a/modules/lemonldap-ng-manager/example/skins/default/manager.js
+++ b/modules/lemonldap-ng-manager/example/skins/default/manager.js
@ -487,6 +487,13 @@ function bool(id) {
 	if(lmdata(id)==1){$('#On').attr('checked',true)}else{$('#Off').attr('checked',true)}
 	display('bool',lmtext(id));
 }
+function trool(id) {
+	currentId=id;
+	if(lmdata(id)==1){$('#On').attr('checked',true)}
+	if(lmdata(id)==0){$('#Off').attr('checked',true)}
+	else{$('#Default').attr('checked',true)}
+	display('trool',lmtext(id));
+}
 function int(id) {
 	currentId=id;
 	$('#int').attr('value',lmdata(id));
--- a/modules/lemonldap-ng-manager/example/skins/default/manager.tpl
+++ b/modules/lemonldap-ng-manager/example/skins/default/manager.tpl
@ -255,6 +255,13 @@
     <input id="Off" type="radio" name="boolean" value="0" onclick="setlmdata(currentId,0)"/> <lang en="Off" fr="Désactivé"/>
    </div>

+    <!-- Troolean -->
+    <div id="content_trool" class="hidden">
+     <input id="On" type="radio" name="boolean" value="1" onclick="setlmdata(currentId,1)"/> <lang en="On" fr="Activé"/>
+     <input id="Off" type="radio" name="boolean" value="0" onclick="setlmdata(currentId,0)"/> <lang en="Off" fr="Désactivé"/>
+     <input id="Default" type="radio" name="boolean" value="-1" onclick="setlmdata(currentId,-1)"/> <lang en="Default" fr="Par défaut"/>
+    </div>
+
    <div id="content_btext" class="hidden">
     <input type="text" id="btextKey" /> <input type="text" id="btextValue" />
     <br />
--- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Downloader.pm
+++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Downloader.pm
@ -240,6 +240,7 @@ sub confNode {
                'int'    => 0,
                textarea => '',
                bool     => 0,
+		trool    => -1,
                filearea => '',
                select   => '',
            }->{$type};
--- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
+++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
@ -106,11 +106,11 @@ sub cstruct {
                            ],

                        samlIDPMetaDataOptionsSignSSOMessage =>
-"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsSignSSOMessage",
+"trool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsSignSSOMessage",
                        samlIDPMetaDataOptionsCheckSSOMessageSignature =>
 "bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsCheckSSOMessageSignature",
                        samlIDPMetaDataOptionsSignSLOMessage =>
-"bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsSignSLOMessage",
+"trool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsSignSLOMessage",
                        samlIDPMetaDataOptionsCheckSLOMessageSignature =>
 "bool:/samlIDPMetaDataOptions/$k2/samlIDPMetaDataOptionsCheckSLOMessageSignature",

@ -187,11 +187,11 @@ sub cstruct {
                            ],

                        samlSPMetaDataOptionsSignSSOMessage =>
-"bool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsSignSSOMessage",
+"trool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsSignSSOMessage",
                        samlSPMetaDataOptionsCheckSSOMessageSignature =>
 "bool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsCheckSSOMessageSignature",
                        samlSPMetaDataOptionsSignSLOMessage =>
-"bool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsSignSLOMessage",
+"trool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsSignSLOMessage",
                        samlSPMetaDataOptionsCheckSLOMessageSignature =>
 "bool:/samlSPMetaDataOptions/$k2/samlSPMetaDataOptionsCheckSLOMessageSignature",
                        },
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm
@ -578,12 +578,24 @@ sub extractFormInfo {
            my $signSLOMessage =
              $self->{samlIDPMetaDataOptions}->{$idpConfKey}
              ->{samlIDPMetaDataOptionsSignSLOMessage};
-            unless ($signSLOMessage) {
+
+            if ( $signSLOMessage == 0 ) {
                $self->lmLog(
                    "SLO message to IDP $idpConfKey will not be signed",
                    'debug' );
                $self->disableSignature($logout);
            }
+            elsif ( $signSLOMessage == 1 ) {
+                $self->lmLog( "SLO message to IDP $idpConfKey will be signed",
+                    'debug' );
+                $self->forceSignature($logout);
+            }
+            else {
+                $self->lmLog(
+"SLO message to IDP $idpConfKey signature according to metadata",
+                    'debug'
+                );
+            }

            # Logout response
            unless ( $self->buildLogoutResponseMsg($logout) ) {
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
@ -382,10 +382,17 @@ sub issuerForUnAuthUser {
              $self->{samlSPMetaDataOptions}->{$spConfKey}
              ->{samlSPMetaDataOptionsSignSLOMessage};

-            unless ($signSLOMessage) {
-                $self->lmLog( "Do not sign this SLO response", 'debug' );
-                $self->sendSLOErrorResponse( $logout, $method )
-                  unless ( $self->disableSignature($logout) );
+            if ( $signSLOMessage == 0 ) {
+                $self->lmLog( "SLO response will not be signed", 'debug' );
+                $self->disableSignature($logout);
+            }
+            elsif ( $signSLOMessage == 1 ) {
+                $self->lmLog( "SLO response will be signed", 'debug' );
+                $self->forceSignature($logout);
+            }
+            else {
+                $self->lmLog( "SLO response signature according to metadata",
+                    'debug' );
            }

            # Send logout response
@ -1521,9 +1528,17 @@ sub issuerForAuthUser {
              $self->{samlSPMetaDataOptions}->{$spConfKey}
              ->{samlSPMetaDataOptionsSignSSOMessage};

-            unless ($signSSOMessage) {
-                $self->lmLog( "Do not sign this SSO response", 'debug' );
-                return PE_ERROR unless ( $self->disableSignature($login) );
+            if ( $signSSOMessage == 0 ) {
+                $self->lmLog( "SSO response will not be signed", 'debug' );
+                $self->disableSignature($login);
+            }
+            elsif ( $signSSOMessage == 1 ) {
+                $self->lmLog( "SSO response will be signed", 'debug' );
+                $self->forceSignature($login);
+            }
+            else {
+                $self->lmLog( "SLO response signature according to metadata",
+                    'debug' );
            }

            # Build SAML response
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
@ -855,9 +855,16 @@ sub createAuthnRequest {
    }

    # Signature
-    unless ($signSSOMessage) {
-        $self->lmLog( "Do not sign this SSO request", 'debug' );
-        return unless ( $self->disableSignature($login) );
+    if ( $signSSOMessage == 0 ) {
+        $self->lmLog( "SSO request will not be signed", 'debug' );
+        $self->disableSignature($login);
+    }
+    elsif ( $signSSOMessage == 1 ) {
+        $self->lmLog( "SSO request will be signed", 'debug' );
+        $self->forceSignature($login);
+    }
+    else {
+        $self->lmLog( "SSO request signature according to metadata", 'debug' );
    }

    # Requested authentication context
@ -1339,9 +1346,16 @@ sub createLogoutRequest {
    $self->lmLog( "Set $relaystate in RelayState", 'debug' );

    # Signature
-    unless ($signSLOMessage) {
-        $self->lmLog( "Do not sign this SLO request", 'debug' );
-        return unless ( $self->disableSignature($logout) );
+    if ( $signSLOMessage == 0 ) {
+        $self->lmLog( "SLO request will not be signed", 'debug' );
+        $self->disableSignature($logout);
+    }
+    elsif ( $signSLOMessage == 1 ) {
+        $self->lmLog( "SLO request will be signed", 'debug' );
+        $self->forceSignature($logout);
+    }
+    else {
+        $self->lmLog( "SLO request signature according to metadata", 'debug' );
    }

    # Build logout request
@ -2369,10 +2383,16 @@ sub sendLogoutRequestToServiceProvider {
      $self->{samlSPMetaDataOptions}->{$spConfKey}
      ->{samlSPMetaDataOptionsSignSLOMessage};

-    unless ($signSLOMessage) {
-        $self->lmLog( "Do not sign this SLO request", 'debug' );
-        return ( 0, undef, undef )
-          unless ( $self->disableSignature($logout) );
+    if ( $signSLOMessage == 0 ) {
+        $self->lmLog( "SLO request will not be signed", 'debug' );
+        $self->disableSignature($logout);
+    }
+    elsif ( $signSLOMessage == 1 ) {
+        $self->lmLog( "SLO request will be signed", 'debug' );
+        $self->forceSignature($logout);
+    }
+    else {
+        $self->lmLog( "SLO request signature according to metadata", 'debug' );
    }

    # Relay State