Make checkUser option rules (#2173)
This commit is contained in:
parent
c8c50d2575
commit
6018610196
|
@ -24,7 +24,7 @@ use constant MANAGERSECTION => "manager";
|
||||||
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
|
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
|
||||||
use constant APPLYSECTION => "apply";
|
use constant APPLYSECTION => "apply";
|
||||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:Empty(?:Header|Value)s|PersistentInfo))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|mpactConf|rsEnabled)|da)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|re(?:st(?:(?:Session|Config)Server|ExportSecretKeys)|freshSessions)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
|
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|o(?:ntextSwitchingStopWithLogout|mpactConf|rsEnabled)|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|re(?:st(?:(?:Session|Config)Server|ExportSecretKeys)|freshSessions)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
|
||||||
|
|
||||||
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
|
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
|
||||||
|
|
||||||
|
|
|
@ -36,6 +36,9 @@ sub defaultValues {
|
||||||
'http://auth.example.com/certificateReset',
|
'http://auth.example.com/certificateReset',
|
||||||
'certificateResetByMailValidityDelay' => 0,
|
'certificateResetByMailValidityDelay' => 0,
|
||||||
'checkTime' => 600,
|
'checkTime' => 600,
|
||||||
|
'checkUserDisplayEmptyHeaders' => 0,
|
||||||
|
'checkUserDisplayEmptyValues' => 0,
|
||||||
|
'checkUserDisplayPersistentInfo' => 0,
|
||||||
'checkUserHiddenAttributes' => '_loginHistory _session_id hGroups',
|
'checkUserHiddenAttributes' => '_loginHistory _session_id hGroups',
|
||||||
'checkUserIdRule' => 1,
|
'checkUserIdRule' => 1,
|
||||||
'checkXSS' => 1,
|
'checkXSS' => 1,
|
||||||
|
|
|
@ -851,15 +851,15 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
||||||
},
|
},
|
||||||
'checkUserDisplayEmptyHeaders' => {
|
'checkUserDisplayEmptyHeaders' => {
|
||||||
'default' => 0,
|
'default' => 0,
|
||||||
'type' => 'bool'
|
'type' => 'boolOrExpr'
|
||||||
},
|
},
|
||||||
'checkUserDisplayEmptyValues' => {
|
'checkUserDisplayEmptyValues' => {
|
||||||
'default' => 0,
|
'default' => 0,
|
||||||
'type' => 'bool'
|
'type' => 'boolOrExpr'
|
||||||
},
|
},
|
||||||
'checkUserDisplayPersistentInfo' => {
|
'checkUserDisplayPersistentInfo' => {
|
||||||
'default' => 0,
|
'default' => 0,
|
||||||
'type' => 'bool'
|
'type' => 'boolOrExpr'
|
||||||
},
|
},
|
||||||
'checkUserHiddenAttributes' => {
|
'checkUserHiddenAttributes' => {
|
||||||
'default' => '_loginHistory _session_id hGroups',
|
'default' => '_loginHistory _session_id hGroups',
|
||||||
|
@ -2271,10 +2271,6 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
||||||
'default' => 0,
|
'default' => 0,
|
||||||
'type' => 'bool'
|
'type' => 'bool'
|
||||||
},
|
},
|
||||||
'oidcServiceAllowPasswordGrant' => {
|
|
||||||
'default' => 0,
|
|
||||||
'type' => 'boolOrExpr'
|
|
||||||
},
|
|
||||||
'oidcServiceAuthorizationCodeExpiration' => {
|
'oidcServiceAuthorizationCodeExpiration' => {
|
||||||
'default' => 60,
|
'default' => 60,
|
||||||
'type' => 'int'
|
'type' => 'int'
|
||||||
|
|
|
@ -468,20 +468,20 @@ sub attributes {
|
||||||
},
|
},
|
||||||
checkUserDisplayPersistentInfo => {
|
checkUserDisplayPersistentInfo => {
|
||||||
default => 0,
|
default => 0,
|
||||||
type => 'bool',
|
type => 'boolOrExpr',
|
||||||
documentation => 'Display persistent session info',
|
documentation => 'Display persistent session info rule',
|
||||||
flags => 'p',
|
flags => 'p',
|
||||||
},
|
},
|
||||||
checkUserDisplayEmptyValues => {
|
checkUserDisplayEmptyValues => {
|
||||||
default => 0,
|
default => 0,
|
||||||
type => 'bool',
|
type => 'boolOrExpr',
|
||||||
documentation => 'Display session empty values',
|
documentation => 'Display session empty values rule',
|
||||||
flags => 'p',
|
flags => 'p',
|
||||||
},
|
},
|
||||||
checkUserDisplayEmptyHeaders => {
|
checkUserDisplayEmptyHeaders => {
|
||||||
default => 0,
|
default => 0,
|
||||||
type => 'bool',
|
type => 'boolOrExpr',
|
||||||
documentation => 'Display empty headers',
|
documentation => 'Display empty headers rule',
|
||||||
flags => 'p',
|
flags => 'p',
|
||||||
},
|
},
|
||||||
globalLogoutRule => {
|
globalLogoutRule => {
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -29,9 +29,12 @@ has ott => (
|
||||||
return $ott;
|
return $ott;
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
has idRule => ( is => 'rw', default => sub { 1 } );
|
has IdRule => ( is => 'rw', default => sub { 1 } );
|
||||||
has sorted => ( is => 'rw', default => sub { 0 } );
|
has DisplayEmptyValuesRule => ( is => 'rw', default => sub { 0 } );
|
||||||
has merged => ( is => 'rw', default => '' );
|
has DisplayEmptyHeadersRule => ( is => 'rw', default => sub { 0 } );
|
||||||
|
has DisplayPersistentInfoRule => ( is => 'rw', default => sub { 0 } );
|
||||||
|
has sorted => ( is => 'rw', default => sub { 0 } );
|
||||||
|
has merged => ( is => 'rw', default => '' );
|
||||||
|
|
||||||
sub hAttr {
|
sub hAttr {
|
||||||
$_[0]->{conf}->{checkUserHiddenAttributes} . ' '
|
$_[0]->{conf}->{checkUserHiddenAttributes} . ' '
|
||||||
|
@ -49,17 +52,60 @@ sub init {
|
||||||
$self->addAuthRoute( checkuser => 'check', ['POST'] );
|
$self->addAuthRoute( checkuser => 'check', ['POST'] );
|
||||||
$self->addAuthRouteWithRedirect( checkuser => 'display', ['GET'] );
|
$self->addAuthRouteWithRedirect( checkuser => 'display', ['GET'] );
|
||||||
|
|
||||||
# Parse identity rule
|
# Parse checkUser rules
|
||||||
|
# Id DisplayEmptyHeaders DisplayEmptyValues DisplayPersistentInfo
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"checkUser identities rule -> " . $self->conf->{checkUserIdRule} );
|
"checkUser: Idrule -> " . $self->conf->{checkUserIdRule} )
|
||||||
|
if $self->conf->{checkUserIdRule};
|
||||||
my $rule =
|
my $rule =
|
||||||
$hd->buildSub( $hd->substitute( $self->conf->{checkUserIdRule} ) );
|
$hd->buildSub( $hd->substitute( $self->conf->{checkUserIdRule} ) );
|
||||||
unless ($rule) {
|
unless ($rule) {
|
||||||
my $error = $hd->tsv->{jail}->error || '???';
|
my $error = $hd->tsv->{jail}->error || '???';
|
||||||
$self->error("Bad checkUser identities rule -> $error");
|
$self->error("Bad checkUser Id rule -> $error");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
$self->idRule($rule);
|
$self->IdRule($rule);
|
||||||
|
|
||||||
|
$self->logger->debug( "checkUser: DisplayEmptyHeaders -> "
|
||||||
|
. $self->conf->{checkUserDisplayEmptyHeaders} )
|
||||||
|
if $self->conf->{checkUserDisplayEmptyHeaders};
|
||||||
|
$rule =
|
||||||
|
$hd->buildSub(
|
||||||
|
$hd->substitute( $self->conf->{checkUserDisplayEmptyHeaders} ) );
|
||||||
|
unless ($rule) {
|
||||||
|
my $error = $hd->tsv->{jail}->error || '???';
|
||||||
|
$self->error("Bad checkUser DisplayEmptyHeaders rule -> $error");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
$self->DisplayEmptyHeadersRule($rule);
|
||||||
|
|
||||||
|
$self->logger->debug( "checkUser: DisplayEmptyValues -> "
|
||||||
|
. $self->conf->{checkUserDisplayEmptyValues} )
|
||||||
|
if $self->conf->{checkUserDisplayEmptyValues};
|
||||||
|
$rule =
|
||||||
|
$hd->buildSub(
|
||||||
|
$hd->substitute( $self->conf->{checkUserDisplayEmptyValues} ) );
|
||||||
|
unless ($rule) {
|
||||||
|
my $error = $hd->tsv->{jail}->error || '???';
|
||||||
|
$self->error("Bad checkUser DisplayEmptyValues rule -> $error");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
$self->DisplayEmptyValuesRule($rule);
|
||||||
|
|
||||||
|
$self->logger->debug( "checkUser: DisplayPersistentInfo -> "
|
||||||
|
. $self->conf->{checkUserDisplayPersistentInfo} )
|
||||||
|
if $self->conf->{checkUserDisplayPersistentInfo};
|
||||||
|
$rule =
|
||||||
|
$hd->buildSub(
|
||||||
|
$hd->substitute( $self->conf->{checkUserDisplayPersistentInfo} ) );
|
||||||
|
unless ($rule) {
|
||||||
|
my $error = $hd->tsv->{jail}->error || '???';
|
||||||
|
$self->error("Bad checkUser DisplayPersistentInfo rule -> $error");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
$self->DisplayPersistentInfoRule($rule);
|
||||||
|
|
||||||
|
# Init. other options
|
||||||
$self->sorted( $self->conf->{impersonationRule}
|
$self->sorted( $self->conf->{impersonationRule}
|
||||||
|| $self->conf->{contextSwitchingRule} );
|
|| $self->conf->{contextSwitchingRule} );
|
||||||
$self->merged( $self->conf->{impersonationMergeSSOgroups}
|
$self->merged( $self->conf->{impersonationMergeSSOgroups}
|
||||||
|
@ -78,11 +124,11 @@ sub display {
|
||||||
$attrs = $req->userData;
|
$attrs = $req->userData;
|
||||||
|
|
||||||
$attrs = $self->_removePersistentAttributes($attrs)
|
$attrs = $self->_removePersistentAttributes($attrs)
|
||||||
unless $self->conf->{checkUserDisplayPersistentInfo};
|
unless $self->DisplayPersistentInfoRule->( $req, $req->userData );
|
||||||
|
|
||||||
# Create an array of hashes for template loop
|
# Create an array of hashes for template loop
|
||||||
$self->logger->debug("Delete hidden or empty attributes");
|
$self->logger->debug("Delete hidden or empty attributes");
|
||||||
if ( $self->conf->{checkUserDisplayEmptyValues} ) {
|
if ( $self->DisplayEmptyValuesRule->( $req, $req->userData ) ) {
|
||||||
foreach my $k ( sort keys %$attrs ) {
|
foreach my $k ( sort keys %$attrs ) {
|
||||||
|
|
||||||
# Ignore hidden attributes
|
# Ignore hidden attributes
|
||||||
|
@ -247,7 +293,7 @@ sub check {
|
||||||
else {
|
else {
|
||||||
$msg = 'checkUser' . $self->merged;
|
$msg = 'checkUser' . $self->merged;
|
||||||
$attrs = $self->_removePersistentAttributes($attrs)
|
$attrs = $self->_removePersistentAttributes($attrs)
|
||||||
unless $self->conf->{checkUserDisplayPersistentInfo};
|
unless $self->DisplayPersistentInfoRule->( $req, $req->userData );
|
||||||
|
|
||||||
if ($compute) {
|
if ($compute) {
|
||||||
$msg = 'checkUserComputeSession';
|
$msg = 'checkUserComputeSession';
|
||||||
|
@ -274,7 +320,7 @@ sub check {
|
||||||
|
|
||||||
# Create an array of hashes for template loop
|
# Create an array of hashes for template loop
|
||||||
$self->logger->debug("Delete hidden or empty attributes");
|
$self->logger->debug("Delete hidden or empty attributes");
|
||||||
if ( $self->conf->{checkUserDisplayEmptyValues} ) {
|
if ( $self->DisplayEmptyValuesRule->( $req, $req->userData ) ) {
|
||||||
foreach my $k ( sort keys %$attrs ) {
|
foreach my $k ( sort keys %$attrs ) {
|
||||||
|
|
||||||
# Ignore hidden attributes
|
# Ignore hidden attributes
|
||||||
|
@ -400,7 +446,7 @@ sub _userData {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check identities rule
|
# Check identities rule
|
||||||
unless ( $self->idRule->( $req, $req->sessionInfo ) ) {
|
unless ( $self->IdRule->( $req, $req->sessionInfo ) ) {
|
||||||
$self->userLogger->warn(
|
$self->userLogger->warn(
|
||||||
'checkUser requested for an unvalid user (' . $req->{user} . ")" );
|
'checkUser requested for an unvalid user (' . $req->{user} . ")" );
|
||||||
$req->{sessionInfo} = {};
|
$req->{sessionInfo} = {};
|
||||||
|
@ -454,7 +500,7 @@ sub _headers {
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"Return \"$attrs->{ $self->{conf}->{whatToTrace} }\" headers");
|
"Return \"$attrs->{ $self->{conf}->{whatToTrace} }\" headers");
|
||||||
return $self->p->HANDLER->checkHeaders( $req, $attrs )
|
return $self->p->HANDLER->checkHeaders( $req, $attrs )
|
||||||
if ( $self->conf->{checkUserDisplayEmptyHeaders} );
|
if ( $self->DisplayEmptyHeadersRule->( $req, $req->userData ) );
|
||||||
|
|
||||||
$self->logger->debug("Remove empty headers");
|
$self->logger->debug("Remove empty headers");
|
||||||
my @headers = grep $_->{value} =~ /.+/,
|
my @headers = grep $_->{value} =~ /.+/,
|
||||||
|
|
|
@ -33,7 +33,7 @@ my $client = LLNG::Manager::Test->new( {
|
||||||
oldNotifFormat => 0,
|
oldNotifFormat => 0,
|
||||||
notificationsExplorer => 1,
|
notificationsExplorer => 1,
|
||||||
checkUser => 1,
|
checkUser => 1,
|
||||||
checkUserDisplayPersistentInfo => 1
|
checkUserDisplayPersistentInfo => '$uid eq "dwho"',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
|
@ -21,7 +21,7 @@ my $client = LLNG::Manager::Test->new( {
|
||||||
checkUserIdRule => '$uid ne "msmith"',
|
checkUserIdRule => '$uid ne "msmith"',
|
||||||
checkUserSearchAttributes => 'employee_nbr test1 _user test2 mail',
|
checkUserSearchAttributes => 'employee_nbr test1 _user test2 mail',
|
||||||
checkUserDisplayPersistentInfo => 1,
|
checkUserDisplayPersistentInfo => 1,
|
||||||
checkUserDisplayEmptyHeaders => 1,
|
checkUserDisplayEmptyHeaders => '$uid eq "dwho"',
|
||||||
checkUserDisplayEmptyValues => 1,
|
checkUserDisplayEmptyValues => 1,
|
||||||
totp2fSelfRegistration => 1,
|
totp2fSelfRegistration => 1,
|
||||||
totp2fActivation => 1,
|
totp2fActivation => 1,
|
||||||
|
|
Loading…
Reference in New Issue
Block a user