dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'v2.0'

This commit is contained in:
Xavier 2019-10-09 07:08:30 +02:00
parent 1cf89af06b 408a21573a
commit 6453a04a55
41 changed files with 756 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm
View File

@ -541,10 +541,15 @@ sub authChoiceModules {
my @res;
foreach my $k ( sort keys %$value ) {
my $data = [ split /;/, $value->{$k} ];
eval { $data->[5] = from_json( $data->[5] ) if $data->[5] };
if ($@) {
$self->logger->error(
"Bad value in choice over parameters, deleted ($@)");
if ( $data->[5] ) {
my $over;
eval { $over = from_json( $data->[5] ) };
if ($@) {
$self->logger->error(
"Bad value in choice over parameters, deleted ($@)");
} else {
$data->[5] = [ map { [ $_, $over->{$_} ] } keys %{$over} ];
}
}
push @res,
{

11
lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm
View File

@ -27,9 +27,9 @@ sub new {
if ( $self->env->{X_ORIGINAL_URI} );
$self->env->{PATH_INFO} =~ s|//+|/|g;
if ( my $tmp = $self->script_name ) {
$self->env->{PATH_INFO} =~ s|^$tmp|/|;
}
#if ( my $tmp = $self->script_name ) {
# $self->env->{PATH_INFO} =~ s|^$tmp|/|;
#}
$self->env->{PATH_INFO} ||= '/';
$self->env->{REQUEST_URI} =~ s|^//+|/|g;
$self->{uri} = uri_unescape( $self->env->{REQUEST_URI} );
@ -49,7 +49,10 @@ sub uri { $_[0]->{uri} }
sub userData {
my ( $self, $v ) = @_;
return $self->{userData} = $v if ($v);
return $self->{userData} || { _whatToTrace => $self->{user}, };
return $self->{userData}
|| {
( $Lemonldap::NG::Handler::Main::tsv->{whatToTrace}
|| '_whatToTrace' ) => $self->{user}, };
}
sub respHeaders {

2
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm
View File

@ -252,7 +252,7 @@ sub newConf {
if ( $cfgNum ne $req->params('cfgNum') ) { $parser->confChanged(1); }
my $res = { result => $parser->check };
my $res = { result => $parser->check($self) };
# "message" fields: note that words enclosed by "__" (__word__) will be
# translated

43
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Parser.pm
View File

@ -94,12 +94,14 @@ sub hdebug {
# Main method
#@return result
sub check {
my $self = shift;
my $self = shift;
my $localConf = shift;
hdebug("# check()");
unless ( $self->newConf ) {
return 0 unless ( $self->scanTree );
}
unless ( $self->testNewConf ) {
unless ( $self->testNewConf($localConf) ) {
hdebug(" testNewConf() failed");
return 0;
}
@ -846,9 +848,11 @@ sub _scanNodes {
# authChoiceModules
if ( $name eq 'authChoiceModules' ) {
hdebug(' combModules');
hdebug(' authChoiceModules');
$n->{data}->[5] ||= {};
$n->{data}->[5] = to_json( $n->{data}->[5] );
$n->{data}->[5] =
to_json( { map { @$_ } @{ $n->{data}->[5] } } )
if ref( $n->{data}->[5] ) eq 'ARRAY';
}
$n->{data} = join ';', @{ $n->{data} };
@ -1078,9 +1082,12 @@ sub defaultValue {
#
#@return true if tests succeed
sub testNewConf {
my $self = shift;
my $self = shift;
my $localConf = shift;
hdebug('# testNewConf()');
return $self->_unitTest( $self->newConf(), '' ) && $self->_globalTest();
return $self->_unitTest( $self->newConf(), $localConf )
&& $self->_globalTest($localConf);
}
##@method private boolean _unitTest()
@ -1088,23 +1095,24 @@ sub testNewConf {
#
#@return true if tests succeed
sub _unitTest {
my ( $self, $conf ) = @_;
my ( $self, $conf, $localConf ) = @_;
hdebug('# _unitTest()');
my $types = &Lemonldap::NG::Manager::Attributes::types();
my $attrs = &Lemonldap::NG::Manager::Attributes::attributes();
my $res = 1;
foreach my $key ( keys %$conf ) {
if ( $self->{skippedUnitTests}
and $self->{skippedUnitTests} =~ /\b$key\b/ )
if ( $localConf->{skippedUnitTests}
and $localConf->{skippedUnitTests} =~ /\b$key\b/ )
{
$self->logger->debug("Ignore test for $key");
$localConf->logger->debug("-> Ignore test for $key\n");
next;
}
hdebug("Testing $key");
my $attr = $attrs->{$key};
my $type = $types->{ $attr->{type} };
unless ( $type or $attr->{test} ) {
print STDERR "Unknown attribute $key, deleting it\n";
$localConf->logger->debug("Unknown attribute $key, deleting it\n");
delete $conf->{$key};
next;
}
@ -1227,16 +1235,19 @@ sub _execTest {
#
#@return true if tests succeed
sub _globalTest {
my $self = shift;
my $self = shift;
my $localConf = shift;
require Lemonldap::NG::Manager::Conf::Tests;
hdebug('# _globalTest()');
my $result = 1;
my $tests = &Lemonldap::NG::Manager::Conf::Tests::tests( $self->newConf );
foreach my $name ( keys %$tests ) {
if ( $self->{skippedGlobalTests}
and $self->{skippedGlobalTests} =~ /\b$name\b/ )
if ( $localConf->{skippedGlobalTests}
and $localConf->{skippedGlobalTests} =~ /\b$name\b/ )
{
$self->logger->debug("Ignore test for $name");
$localConf->logger->debug("-> Ignore test for $name\n");
next;
}
my $sub = $tests->{$name};
@ -1258,7 +1269,7 @@ sub _globalTest {
};
if ($@) {
push @{ $self->warnings }, "Test $name failed: $@";
print STDERR "Test $name failed: $@\n";
$localConf->logger->debug("Test $name failed: $@\n");
}
}
return $result;

2
lemonldap-ng-manager/site/coffee/diff.coffee
View File

@ -2,7 +2,7 @@
diff.html script
###
llapp = angular.module 'llngConfDiff', ['ui.tree', 'ui.bootstrap', 'llApp', 'ngCookies'] , ($rootScopeProvider) -> $rootScopeProvider.digestTtl(15)
llapp = angular.module 'llngConfDiff', ['ui.tree', 'ui.bootstrap', 'llApp', 'ngCookies'] , ['$rootScopeProvider', ($rootScopeProvider) -> $rootScopeProvider.digestTtl(15)]
llapp.controller 'DiffCtrl', [ '$scope', '$http', '$q', '$translator', '$location', ($scope, $http, $q, $translator, $location) ->
$scope.links = links
$scope.menulinks = menulinks

2
lemonldap-ng-manager/site/coffee/viewDiff.coffee
View File

@ -2,7 +2,7 @@
diff.html script
###
llapp = angular.module 'llngConfDiff', ['ui.tree', 'ui.bootstrap', 'llApp', 'ngCookies'] , ($rootScopeProvider) -> $rootScopeProvider.digestTtl(15)
llapp = angular.module 'llngConfDiff', ['ui.tree', 'ui.bootstrap', 'llApp', 'ngCookies'] , ['$rootScopeProvider', ($rootScopeProvider) -> $rootScopeProvider.digestTtl(15)]
llapp.controller 'DiffCtrl', [ '$scope', '$http', '$q', '$translator', '$location', ($scope, $http, $q, $translator, $location) ->
$scope.links = links
$scope.menulinks = menulinks

5
lemonldap-ng-manager/site/htdocs/static/forms/authChoice.html
View File

@ -42,8 +42,9 @@
<input class="form-control" ng-model="t[1]" />
</td>
<td>
<span class="link text-danger glyphicon glyphicon-minus-sign" ng-click="del(currentNode.data.over,$index)"/>
<span ng-if="$last" class="link text-success glyphicon glyphicon-plus-sign" ng-click="menuClick({title:'newCmbOver'})"/>
<span class="link text-danger glyphicon glyphicon-minus-sign" ng-click="del(currentNode.data[5],$index)"/>
<span ng-if="$last" class="link text-success glyphicon glyphicon-plus-sign"
ng-click="menuClick({title:'newCmbOver', action:'newChoiceOver'})" />
</td>
</tr>
</table>

2
lemonldap-ng-manager/site/htdocs/static/js/2ndfa.js
View File

@ -1,4 +1,4 @@
// Generated by CoffeeScript 1.12.8
// Generated by CoffeeScript 1.12.7
/*
* 2ndFA Session explorer

8
lemonldap-ng-manager/site/htdocs/static/js/diff.js
View File

@ -7,9 +7,11 @@ diff.html script
(function() {
var llapp;
llapp = angular.module('llngConfDiff', ['ui.tree', 'ui.bootstrap', 'llApp', 'ngCookies'], function($rootScopeProvider) {
return $rootScopeProvider.digestTtl(15);
});
llapp = angular.module('llngConfDiff', ['ui.tree', 'ui.bootstrap', 'llApp', 'ngCookies'], [
'$rootScopeProvider', function($rootScopeProvider) {
return $rootScopeProvider.digestTtl(15);
}
]);
llapp.controller('DiffCtrl', [
'$scope', '$http', '$q', '$translator', '$location', function($scope, $http, $q, $translator, $location) {

2
lemonldap-ng-manager/site/htdocs/static/js/diff.min.js vendored
View File

@ -1 +1 @@
(function(){angular.module("llngConfDiff",["ui.tree","ui.bootstrap","llApp","ngCookies"],function(t){return t.digestTtl(15)}).controller("DiffCtrl",["$scope","$http","$q","$translator","$location",function(p,o,l,a,u){var n,i,c,t,s,h,f;return p.links=links,p.menulinks=menulinks,p.staticPrefix=staticPrefix,p.scriptname=scriptname,p.availableLanguages=availableLanguages,p.waiting=!0,p.showM=!1,p.cfg=[],p.data={},p.currentNode=null,p.translateTitle=function(t){return a.translateField(t,"title")},p.translateP=a.translateP,p.translate=a.translate,p.toggle=function(t){return t.toggle()},p.stoggle=function(t,e){return p.currentNode=e,t.toggle()},p.menuClick=function(t){if(t.popup)window.open(t.popup);else switch(t.action||(t.action=t.title),typeof t.action){case"function":t.action(p.currentNode,p);break;case"string":p[t.action]();break;default:console.log(typeof t.action)}return p.showM=!1},p.getLanguage=function(t){return p.lang=t,c(),p.showM=!1},i=function(n,r){var a;return a=l.defer(),null==p.cfg[n]||p.cfg[n]!==r?o.get(""+confPrefix+r).then(function(t){var e;return t&&t.data?(p.cfg[n]=t.data,e=new Date(1e3*t.data.cfgDate),p.cfg[n].date=e.toLocaleString(),console.log("Metadatas of cfg "+r+" loaded"),a.resolve("OK")):a.reject(t)},function(t){return console.log(t),a.reject("NOK")}):a.resolve(),a.promise},c=function(){return p.message=null,p.currentNode=null,l.all([a.init(p.lang),o.get(staticPrefix+"reverseTree.json").then(function(t){return t.data,console.log("Structure loaded")})]).then(function(){return l.defer(),o.get(scriptname+"diff/"+p.cfg[0].cfgNum+"/"+p.cfg[1].cfgNum).then(function(t){var e;return[],e=s(t.data[0],t.data[1]),p.data=n(e),p.message="",p.waiting=!1},function(t){return p.message=p.translate("error")+" : "+t.statusLine})}),p.activeModule="conf",p.myStyle={color:"#ffb84d"}},s=function(t,e,n){var r,a,o,l;for(r in null==n&&(n=!0),a=[],t)l=t[r],o=n?{title:p.translate(r),id:r}:{title:r},r.match(/^cfg(?:Num|Log|Author(?:IP)?|Date)$/)||(null!=l&&"object"==typeof l?"array"===l.constructor?(o.oldvalue=l,o.newvalue=e[r]):"object"==typeof e[r]?o.nodes=s(t[r],e[r],!1):o.oldnodes=f(l,"old"):(o.oldvalue=l,o.newvalue=e[r]),a.push(o));for(r in e)l=e[r],r.match(/^cfg(?:Num|Log|Author(?:IP)?|Date)$/)||null!=t[r]||(o=n?{title:p.translate(r),id:r}:{title:r},null!=l&&"object"==typeof l?"array"===l.constructor?o.newvalue=l:(console.log("Iteration"),o.newnodes=f(l,"new")):o.newvalue=l,a.push(o));return a},f=function(t,e){var n,r,a,o;for(n in r=[],t)a={title:n},"object"==typeof(o=t[n])?"array"===o.constructor?a[e+"value"]=o:a[e+"nodes"]=f(t[n],e):a[e+"value"]=o,r.push(a);return r},h=[],n=function(t){var e,n,r,a,o,l,u,i,c,s,f,g,d;if(null==h)return t;for(d=[],a=0,l=t.length;a<l;a++){for(e=t[a],f=d,o=0,u=(g=null!=h[e.id]?h[e.id].split("/"):"").length;o<u;o++)if(0<(s=g[o]).length)if(f.length){for(n=-1,r=c=0,i=f.length;c<i;r=++c)f[r].id===s&&(n=r);f=-1!==n?f[n].nodes:(f.push({id:s,title:p.translate(s),nodes:[]}),f[f.length-1].nodes)}else f.push({id:s,title:p.translate(s),nodes:[]}),f=f[0].nodes;f.push(e)}return d},p.newDiff=function(){return u.path("/"+p.cfg[0].cfgNum+"/"+p.cfg[1].cfgNum)},t=function(t,e,n){var r;return null===(r=e.match(new RegExp("#!?/(latest|[0-9]+)(?:/(latest|[0-9]+))?$")))?u.path("/latest"):(p.waiting=!0,l.all([a.init(p.lang),o.get(staticPrefix+"reverseTree.json").then(function(t){return h=t.data,console.log("Structure loaded")}),i(0,r[1]),null!=r[2]?i(1,r[2]):void 0]).then(function(){return null!=r[2]?c():p.cfg[0].prev?(p.cfg[1]=p.cfg[0],i(0,p.cfg[1].prev).then(function(){return c()})):(p.data=[],p.waiting=!1)},function(){return p.message=p.translate("error"),p.waiting=!1})),!0},p.$on("$locationChangeSuccess",t)}])}).call(this);
(function(){angular.module("llngConfDiff",["ui.tree","ui.bootstrap","llApp","ngCookies"],["$rootScopeProvider",function(t){return t.digestTtl(15)}]).controller("DiffCtrl",["$scope","$http","$q","$translator","$location",function(p,a,l,o,u){var n,i,c,t,s,h,f;return p.links=links,p.menulinks=menulinks,p.staticPrefix=staticPrefix,p.scriptname=scriptname,p.availableLanguages=availableLanguages,p.waiting=!0,p.showM=!1,p.cfg=[],p.data={},p.currentNode=null,p.translateTitle=function(t){return o.translateField(t,"title")},p.translateP=o.translateP,p.translate=o.translate,p.toggle=function(t){return t.toggle()},p.stoggle=function(t,e){return p.currentNode=e,t.toggle()},p.menuClick=function(t){if(t.popup)window.open(t.popup);else switch(t.action||(t.action=t.title),typeof t.action){case"function":t.action(p.currentNode,p);break;case"string":p[t.action]();break;default:console.log(typeof t.action)}return p.showM=!1},p.getLanguage=function(t){return p.lang=t,c(),p.showM=!1},i=function(n,r){var o;return o=l.defer(),null==p.cfg[n]||p.cfg[n]!==r?a.get(""+confPrefix+r).then(function(t){var e;return t&&t.data?(p.cfg[n]=t.data,e=new Date(1e3*t.data.cfgDate),p.cfg[n].date=e.toLocaleString(),console.log("Metadatas of cfg "+r+" loaded"),o.resolve("OK")):o.reject(t)},function(t){return console.log(t),o.reject("NOK")}):o.resolve(),o.promise},c=function(){return p.message=null,p.currentNode=null,l.all([o.init(p.lang),a.get(staticPrefix+"reverseTree.json").then(function(t){return t.data,console.log("Structure loaded")})]).then(function(){return l.defer(),a.get(scriptname+"diff/"+p.cfg[0].cfgNum+"/"+p.cfg[1].cfgNum).then(function(t){var e;return[],e=s(t.data[0],t.data[1]),p.data=n(e),p.message="",p.waiting=!1},function(t){return p.message=p.translate("error")+" : "+t.statusLine})}),p.activeModule="conf",p.myStyle={color:"#ffb84d"}},s=function(t,e,n){var r,o,a,l;for(r in null==n&&(n=!0),o=[],t)l=t[r],a=n?{title:p.translate(r),id:r}:{title:r},r.match(/^cfg(?:Num|Log|Author(?:IP)?|Date)$/)||(null!=l&&"object"==typeof l?"array"===l.constructor?(a.oldvalue=l,a.newvalue=e[r]):"object"==typeof e[r]?a.nodes=s(t[r],e[r],!1):a.oldnodes=f(l,"old"):(a.oldvalue=l,a.newvalue=e[r]),o.push(a));for(r in e)l=e[r],r.match(/^cfg(?:Num|Log|Author(?:IP)?|Date)$/)||null!=t[r]||(a=n?{title:p.translate(r),id:r}:{title:r},null!=l&&"object"==typeof l?"array"===l.constructor?a.newvalue=l:(console.log("Iteration"),a.newnodes=f(l,"new")):a.newvalue=l,o.push(a));return o},f=function(t,e){var n,r,o,a;for(n in r=[],t)o={title:n},"object"==typeof(a=t[n])?"array"===a.constructor?o[e+"value"]=a:o[e+"nodes"]=f(t[n],e):o[e+"value"]=a,r.push(o);return r},h=[],n=function(t){var e,n,r,o,a,l,u,i,c,s,f,g,d;if(null==h)return t;for(d=[],o=0,l=t.length;o<l;o++){for(e=t[o],f=d,a=0,u=(g=null!=h[e.id]?h[e.id].split("/"):"").length;a<u;a++)if(0<(s=g[a]).length)if(f.length){for(n=-1,r=c=0,i=f.length;c<i;r=++c)f[r].id===s&&(n=r);f=-1!==n?f[n].nodes:(f.push({id:s,title:p.translate(s),nodes:[]}),f[f.length-1].nodes)}else f.push({id:s,title:p.translate(s),nodes:[]}),f=f[0].nodes;f.push(e)}return d},p.newDiff=function(){return u.path("/"+p.cfg[0].cfgNum+"/"+p.cfg[1].cfgNum)},t=function(t,e,n){var r;return null===(r=e.match(new RegExp("#!?/(latest|[0-9]+)(?:/(latest|[0-9]+))?$")))?u.path("/latest"):(p.waiting=!0,l.all([o.init(p.lang),a.get(staticPrefix+"reverseTree.json").then(function(t){return h=t.data,console.log("Structure loaded")}),i(0,r[1]),null!=r[2]?i(1,r[2]):void 0]).then(function(){return null!=r[2]?c():p.cfg[0].prev?(p.cfg[1]=p.cfg[0],i(0,p.cfg[1].prev).then(function(){return c()})):(p.data=[],p.waiting=!1)},function(){return p.message=p.translate("error"),p.waiting=!1})),!0},p.$on("$locationChangeSuccess",t)}])}).call(this);

2
lemonldap-ng-manager/site/htdocs/static/js/diff.min.js.map
View File

File diff suppressed because one or more lines are too long

2
lemonldap-ng-manager/site/htdocs/static/js/filterFunctions.js
View File

@ -1,4 +1,4 @@
// Generated by CoffeeScript 1.12.8
// Generated by CoffeeScript 1.12.7
(function() {
var filterFunctions;

2
lemonldap-ng-manager/site/htdocs/static/js/llApp.js
View File

@ -1,4 +1,4 @@
// Generated by CoffeeScript 1.12.8
// Generated by CoffeeScript 1.12.7
/*
LemonLDAP::NG base app module

2
lemonldap-ng-manager/site/htdocs/static/js/manager.js
View File

@ -1,4 +1,4 @@
// Generated by CoffeeScript 1.12.8
// Generated by CoffeeScript 1.12.7
/*
LemonLDAP::NG Manager client

2
lemonldap-ng-manager/site/htdocs/static/js/notifications.js
View File

@ -1,4 +1,4 @@
// Generated by CoffeeScript 1.12.8
// Generated by CoffeeScript 1.12.7
/*
* LemonLDAP::NG Notifications Explorer client

8
lemonldap-ng-manager/site/htdocs/static/js/viewDiff.js
View File

@ -7,9 +7,11 @@ diff.html script
(function() {
var llapp;
llapp = angular.module('llngConfDiff', ['ui.tree', 'ui.bootstrap', 'llApp', 'ngCookies'], function($rootScopeProvider) {
return $rootScopeProvider.digestTtl(15);
});
llapp = angular.module('llngConfDiff', ['ui.tree', 'ui.bootstrap', 'llApp', 'ngCookies'], [
'$rootScopeProvider', function($rootScopeProvider) {
return $rootScopeProvider.digestTtl(15);
}
]);
llapp.controller('DiffCtrl', [
'$scope', '$http', '$q', '$translator', '$location', function($scope, $http, $q, $translator, $location) {

2
lemonldap-ng-manager/site/htdocs/static/js/viewDiff.min.js vendored
View File

@ -1 +1 @@
(function(){angular.module("llngConfDiff",["ui.tree","ui.bootstrap","llApp","ngCookies"],function(t){return t.digestTtl(15)}).controller("DiffCtrl",["$scope","$http","$q","$translator","$location",function(p,o,l,a,i){var n,u,c,t,s,h,f;return p.links=links,p.menulinks=menulinks,p.staticPrefix=staticPrefix,p.scriptname=scriptname,p.availableLanguages=availableLanguages,p.waiting=!0,p.showM=!1,p.cfg=[],p.data={},p.currentNode=null,p.translateTitle=function(t){return a.translateField(t,"title")},p.translateP=a.translateP,p.translate=a.translate,p.toggle=function(t){return t.toggle()},p.stoggle=function(t,e){return p.currentNode=e,t.toggle()},p.menuClick=function(t){if(t.popup)window.open(t.popup);else switch(t.action||(t.action=t.title),typeof t.action){case"function":t.action(p.currentNode,p);break;case"string":p[t.action]();break;default:console.log(typeof t.action)}return p.showM=!1},p.getLanguage=function(t){return p.lang=t,c(),p.showM=!1},u=function(n,r){var a;return a=l.defer(),null==p.cfg[n]||p.cfg[n]!==r?o.get(""+confPrefix+r).then(function(t){var e;return t&&t.data?(p.cfg[n]=t.data,e=new Date(1e3*t.data.cfgDate),p.cfg[n].date=e.toLocaleString(),console.log("Metadatas of cfg "+r+" loaded"),a.resolve("OK")):a.reject(t)},function(t){return console.log(t),a.reject("NOK")}):a.resolve(),a.promise},c=function(){return p.message=null,p.currentNode=null,l.all([a.init(p.lang),o.get(staticPrefix+"reverseTree.json").then(function(t){return t.data,console.log("Structure loaded")})]).then(function(){return l.defer(),o.get(scriptname+"view/diff/"+p.cfg[0].cfgNum+"/"+p.cfg[1].cfgNum).then(function(t){var e;return[],e=s(t.data[0],t.data[1]),p.data=n(e),p.message="",p.waiting=!1},function(t){return p.message=p.translate("error")+" : "+t.statusLine})}),p.activeModule="viewer",p.myStyle={color:"#ffb84d"}},s=function(t,e,n){var r,a,o,l;for(r in null==n&&(n=!0),a=[],t)l=t[r],o=n?{title:p.translate(r),id:r}:{title:r},r.match(/^cfg(?:Num|Log|Author(?:IP)?|Date)$/)||(null!=l&&"object"==typeof l?"array"===l.constructor?(o.oldvalue=l,o.newvalue=e[r]):"object"==typeof e[r]?o.nodes=s(t[r],e[r],!1):o.oldnodes=f(l,"old"):(o.oldvalue=l,o.newvalue=e[r]),a.push(o));for(r in e)l=e[r],r.match(/^cfg(?:Num|Log|Author(?:IP)?|Date)$/)||null!=t[r]||(o=n?{title:p.translate(r),id:r}:{title:r},null!=l&&"object"==typeof l?"array"===l.constructor?o.newvalue=l:(console.log("Iteration"),o.newnodes=f(l,"new")):o.newvalue=l,a.push(o));return a},f=function(t,e){var n,r,a,o;for(n in r=[],t)a={title:n},"object"==typeof(o=t[n])?"array"===o.constructor?a[e+"value"]=o:a[e+"nodes"]=f(t[n],e):a[e+"value"]=o,r.push(a);return r},h=[],n=function(t){var e,n,r,a,o,l,i,u,c,s,f,g,d;if(null==h)return t;for(d=[],a=0,l=t.length;a<l;a++){for(e=t[a],f=d,o=0,i=(g=null!=h[e.id]?h[e.id].split("/"):"").length;o<i;o++)if(0<(s=g[o]).length)if(f.length){for(n=-1,r=c=0,u=f.length;c<u;r=++c)f[r].id===s&&(n=r);f=-1!==n?f[n].nodes:(f.push({id:s,title:p.translate(s),nodes:[]}),f[f.length-1].nodes)}else f.push({id:s,title:p.translate(s),nodes:[]}),f=f[0].nodes;f.push(e)}return d},p.newDiff=function(){return i.path("/"+p.cfg[0].cfgNum+"/"+p.cfg[1].cfgNum)},t=function(t,e,n){var r;return null===(r=e.match(new RegExp("#!?/(latest|[0-9]+)(?:/(latest|[0-9]+))?$")))?i.path("/latest"):(p.waiting=!0,l.all([a.init(p.lang),o.get(staticPrefix+"reverseTree.json").then(function(t){return h=t.data,console.log("Structure loaded")}),u(0,r[1]),null!=r[2]?u(1,r[2]):void 0]).then(function(){return null!=r[2]?c():p.cfg[0].prev?(p.cfg[1]=p.cfg[0],u(0,p.cfg[1].prev).then(function(){return c()})):(p.data=[],p.waiting=!1)},function(){return p.message=p.translate("error"),p.waiting=!1})),!0},p.$on("$locationChangeSuccess",t)}])}).call(this);
(function(){angular.module("llngConfDiff",["ui.tree","ui.bootstrap","llApp","ngCookies"],["$rootScopeProvider",function(t){return t.digestTtl(15)}]).controller("DiffCtrl",["$scope","$http","$q","$translator","$location",function(p,o,l,a,i){var n,u,c,t,s,h,f;return p.links=links,p.menulinks=menulinks,p.staticPrefix=staticPrefix,p.scriptname=scriptname,p.availableLanguages=availableLanguages,p.waiting=!0,p.showM=!1,p.cfg=[],p.data={},p.currentNode=null,p.translateTitle=function(t){return a.translateField(t,"title")},p.translateP=a.translateP,p.translate=a.translate,p.toggle=function(t){return t.toggle()},p.stoggle=function(t,e){return p.currentNode=e,t.toggle()},p.menuClick=function(t){if(t.popup)window.open(t.popup);else switch(t.action||(t.action=t.title),typeof t.action){case"function":t.action(p.currentNode,p);break;case"string":p[t.action]();break;default:console.log(typeof t.action)}return p.showM=!1},p.getLanguage=function(t){return p.lang=t,c(),p.showM=!1},u=function(n,r){var a;return a=l.defer(),null==p.cfg[n]||p.cfg[n]!==r?o.get(""+confPrefix+r).then(function(t){var e;return t&&t.data?(p.cfg[n]=t.data,e=new Date(1e3*t.data.cfgDate),p.cfg[n].date=e.toLocaleString(),console.log("Metadatas of cfg "+r+" loaded"),a.resolve("OK")):a.reject(t)},function(t){return console.log(t),a.reject("NOK")}):a.resolve(),a.promise},c=function(){return p.message=null,p.currentNode=null,l.all([a.init(p.lang),o.get(staticPrefix+"reverseTree.json").then(function(t){return t.data,console.log("Structure loaded")})]).then(function(){return l.defer(),o.get(scriptname+"view/diff/"+p.cfg[0].cfgNum+"/"+p.cfg[1].cfgNum).then(function(t){var e;return[],e=s(t.data[0],t.data[1]),p.data=n(e),p.message="",p.waiting=!1},function(t){return p.message=p.translate("error")+" : "+t.statusLine})}),p.activeModule="viewer",p.myStyle={color:"#ffb84d"}},s=function(t,e,n){var r,a,o,l;for(r in null==n&&(n=!0),a=[],t)l=t[r],o=n?{title:p.translate(r),id:r}:{title:r},r.match(/^cfg(?:Num|Log|Author(?:IP)?|Date)$/)||(null!=l&&"object"==typeof l?"array"===l.constructor?(o.oldvalue=l,o.newvalue=e[r]):"object"==typeof e[r]?o.nodes=s(t[r],e[r],!1):o.oldnodes=f(l,"old"):(o.oldvalue=l,o.newvalue=e[r]),a.push(o));for(r in e)l=e[r],r.match(/^cfg(?:Num|Log|Author(?:IP)?|Date)$/)||null!=t[r]||(o=n?{title:p.translate(r),id:r}:{title:r},null!=l&&"object"==typeof l?"array"===l.constructor?o.newvalue=l:(console.log("Iteration"),o.newnodes=f(l,"new")):o.newvalue=l,a.push(o));return a},f=function(t,e){var n,r,a,o;for(n in r=[],t)a={title:n},"object"==typeof(o=t[n])?"array"===o.constructor?a[e+"value"]=o:a[e+"nodes"]=f(t[n],e):a[e+"value"]=o,r.push(a);return r},h=[],n=function(t){var e,n,r,a,o,l,i,u,c,s,f,g,d;if(null==h)return t;for(d=[],a=0,l=t.length;a<l;a++){for(e=t[a],f=d,o=0,i=(g=null!=h[e.id]?h[e.id].split("/"):"").length;o<i;o++)if(0<(s=g[o]).length)if(f.length){for(n=-1,r=c=0,u=f.length;c<u;r=++c)f[r].id===s&&(n=r);f=-1!==n?f[n].nodes:(f.push({id:s,title:p.translate(s),nodes:[]}),f[f.length-1].nodes)}else f.push({id:s,title:p.translate(s),nodes:[]}),f=f[0].nodes;f.push(e)}return d},p.newDiff=function(){return i.path("/"+p.cfg[0].cfgNum+"/"+p.cfg[1].cfgNum)},t=function(t,e,n){var r;return null===(r=e.match(new RegExp("#!?/(latest|[0-9]+)(?:/(latest|[0-9]+))?$")))?i.path("/latest"):(p.waiting=!0,l.all([a.init(p.lang),o.get(staticPrefix+"reverseTree.json").then(function(t){return h=t.data,console.log("Structure loaded")}),u(0,r[1]),null!=r[2]?u(1,r[2]):void 0]).then(function(){return null!=r[2]?c():p.cfg[0].prev?(p.cfg[1]=p.cfg[0],u(0,p.cfg[1].prev).then(function(){return c()})):(p.data=[],p.waiting=!1)},function(){return p.message=p.translate("error"),p.waiting=!1})),!0},p.$on("$locationChangeSuccess",t)}])}).call(this);

2
lemonldap-ng-manager/site/htdocs/static/js/viewDiff.min.js.map
View File

File diff suppressed because one or more lines are too long

2
lemonldap-ng-manager/site/htdocs/static/js/viewer.js
View File

@ -1,4 +1,4 @@
// Generated by CoffeeScript 1.12.8
// Generated by CoffeeScript 1.12.7
/*
LemonLDAP::NG Viewer client

2
lemonldap-ng-manager/site/templates/diff.tpl
View File

@ -5,7 +5,7 @@
<link rel="prefetch" href="<TMPL_VAR NAME="STATIC_PREFIX">struct.json" />
</head>
<body ng-app="llngConfDiff" ng-controller="DiffCtrl" ng-csp>
<body ng-app="llngConfDiff" ng-strict-di ng-controller="DiffCtrl" ng-csp>
<TMPL_INCLUDE NAME="menubar.tpl">

2
lemonldap-ng-manager/site/templates/sessions.tpl
View File

@ -94,7 +94,7 @@
</table>
</div>
<div ng-if="!node.nodes">
<th ng-if="node.td!='1' && node.td!='2'">{{node.title}}</th>
<th ng-if="node.td!='1' && node.td!='2'"><span title="{{node.title}}">{{translate(node.title)}}</span></th>
<td class="data-{{node.epoch}}" ng-if="node.td>='1'">{{node.title}}</td>
<th ng-if="node.title=='type' || node.title=='rp'">{{translate(node.value)}}</th>
<td id="v-{{node.title}}" class="col-md-4 data-{{node.epoch}}" ng-if="node.title!='type' && node.title!='rp'">{{node.value}}</td>

2
lemonldap-ng-manager/site/templates/viewDiff.tpl
View File

@ -5,7 +5,7 @@
<link rel="prefetch" href="<TMPL_VAR NAME="STATIC_PREFIX">struct.json" />
</head>
<body ng-app="llngConfDiff" ng-controller="DiffCtrl" ng-csp>
<body ng-app="llngConfDiff" ng-strict-di ng-controller="DiffCtrl" ng-csp>
<TMPL_INCLUDE NAME="menubar.tpl">

15
lemonldap-ng-manager/t/12-save-changed-conf.t
View File

@ -38,8 +38,8 @@ foreach my $i ( 0 .. 1 ) {
}
ok(
@{ $resBody->{details}->{__changes__} } == 23,
'JSON response contains 22 changes'
@{ $resBody->{details}->{__changes__} } == 24,
'JSON response contains 24 changes'
) or print STDERR Dumper($resBody);
#print STDERR Dumper($resBody);
@ -91,8 +91,8 @@ ok( ( @c1 = sort keys %{ $res->[0] } ), 'diff() detects changes in conf 1' );
ok( ( @c2 = sort keys %{ $res->[1] } ), 'diff() detects changes in conf 2' );
ok( @c1 == 11, '11 keys changed in conf 1' )
or print STDERR "Expect: 11 keys, get: " . join( ', ', @c1 ) . "\n";
ok( @c2 == 14, '14 keys changed or created in conf 2' )
or print STDERR "Expect: 14 keys, get: " . join( ',', @c2 ) . "\n";
ok( @c2 == 15, '15 keys changed or created in conf 2' )
or print STDERR "Expect: 15 keys, get: " . join( ',', @c2 ) . "\n";
count(5);
@ -232,6 +232,11 @@ sub changes {
{
'confCompacted' => '1',
'removedKeys' => 'some; keys'
}
},
{
'key' => 'cookieExpiration',
'old' => undef,
'new' => '10'
},
];
}

4
lemonldap-ng-manager/t/jsonfiles/12-modified.json
View File

@ -1209,7 +1209,9 @@
"data": 1
}, {
"id": "cookieExpiration",
"title": "cookieExpiration"
"title": "cookieExpiration",
"type": "int",
"data": "a"
}]
}, {
"id": "sessionParams",

3
lemonldap-ng-manager/t/lemonldap-ng.ini
View File

@ -22,6 +22,9 @@ useRedirectOnError = 0
[manager]
skippedUnitTests = cookieExpiration
skippedGlobalTests = cookieTTL
protection = manager
staticPrefix = app/
languages = fr, en, vi, ar

2
lemonldap-ng-portal/MANIFEST
View File

@ -475,6 +475,7 @@ t/26-AuthRemote.t
t/27-AuthProxy.t
t/28-AuthChoice-and-password.t
t/28-AuthChoice-with-captcha.t
t/28-AuthChoice-with-over.t
t/28-AuthChoice-with-rules.t
t/28-AuthChoice-with-token.t
t/29-AuthGPG.t
@ -493,6 +494,7 @@ t/30-Auth-SAML-with-choice.t
t/30-CDC.t
t/30-SAML-Head-to-Tail-POST.t
t/30-SAML-POST-Logout-when-expired.t
t/30-SAML-POST-with-2F-and-Notification.t
t/30-SAML-POST-with-Notification.t
t/30-SAML-ReAuth-with-choice.t
t/30-SAML-ReAuth.t

12
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm
View File

@ -43,9 +43,6 @@ has authnLevel => (
sub authenticate {
my ( $self, $req ) = @_;
unless ( $self->ldap ) {
return PE_LDAPCONNECTFAILED;
}
# Set the dn unless done before
unless ( $req->data->{dn} ) {
@ -76,8 +73,15 @@ sub authenticate {
# Security: never create session here
return $res || PE_DONE;
}
$self->validateLdap;
unless ( $self->ldap ) {
return PE_LDAPCONNECTFAILED;
}
my $res =
$self->userBind( $req, $req->data->{dn},
$self->ldap->userBind( $req, $req->data->{dn},
password => $req->data->{password} );
$self->setSecurity($req) if ( $res > PE_OK );

1
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
View File

@ -14,6 +14,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_UNAUTHORIZEDPARTNER
PE_OIDC_SERVICE_NOT_ALLOWED
);
use String::Random qw/random_string/;
our $VERSION = '2.1.0';

18
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm
View File

@ -113,6 +113,7 @@ sub init {
sub getUser {
my ( $self, $req, %args ) = @_;
return PE_LDAPCONNECTFAILED unless $self->ldap and $self->bind();
my $mesg = $self->ldap->search(
base => $self->conf->{ldapBase},
@ -126,7 +127,8 @@ sub getUser {
attrs => $self->attrs,
);
if ( $mesg->code() != 0 ) {
$self->logger->error( 'LDAP Search error: ' . $mesg->error );
$self->logger->error(
'LDAP Search error ' . $mesg->code . ": " . $mesg->error );
return PE_LDAPERROR;
}
if ( $mesg->count() > 1 ) {
@ -143,15 +145,23 @@ sub getUser {
PE_OK;
}
# Test LDAP connection before trying to bind
sub bind {
my $self = shift;
# Validate LDAP connection before use
sub validateLdap {
my ($self) = @_;
unless ($self->ldap
and $self->ldap->root_dse( attrs => ['supportedLDAPVersion'] ) )
{
$self->ldap->DESTROY if ( $self->ldap );
$self->ldap( $self->newLdap );
}
}
# Bind
sub bind {
my $self = shift;
$self->validateLdap;
return undef unless ( $self->ldap );
my $msg = $self->ldap->bind(@_);
if ( $msg->code ) {

21
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm
View File

@ -183,7 +183,15 @@ sub userBind {
$self->{portal}->userLogger->warn("Bad password");
return PE_BADCREDENTIALS;
}
return ( $mesg->code == 0 ? PE_OK : PE_LDAPERROR );
elsif ( $mesg->code == 0 ) {
return PE_OK;
}
else {
$self->{portal}->logger->error( "Bind failed with error "
. $mesg->code . ": "
. $mesg->error );
return PE_LDAPERROR;
}
}
# Check for ppolicy error
@ -399,7 +407,13 @@ sub userModifyPassword {
# Standard errors
return PE_WRONGMANAGERACCOUNT
if ( $mesg->code == 50 || $mesg->code == 8 );
return PE_LDAPERROR unless ( $mesg->code == 0 );
unless ( $mesg->code == 0 ) {
$self->{portal}
->logger->error( "Password modification failed with LDAP error "
. $mesg->code . ": "
. $mesg->error );
return PE_LDAPERROR;
}
$self->{portal}->userLogger->notice("Password changed for $dn");
@ -562,6 +576,9 @@ sub userModifyPassword {
}
}
else {
$self->{portal}->logger->error(
"Missing PPolicy control from server response. Code: "
. $mesg->code );
return PE_LDAPERROR;
}
}

1
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm
View File

@ -91,6 +91,7 @@ sub _redirect {
'Add ' . $self->ipath . ', ' . $self->ipath . 'Path in keepPdata' );
push @{ $req->pdata->{keepPdata} }, $self->ipath, $self->ipath . 'Path';
$req->{urldc} = $self->conf->{portal} . '/' . $self->path;
$req->pdata->{_url} = encode_base64($req->urldc, '');
}
else {
$self->logger->debug('Not seen as Issuer request, skipping');

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm
View File

@ -118,7 +118,6 @@ sub _verify {
$req->id( delete $req->sessionInfo->{_2fRealSession} );
$req->urldc( delete $req->sessionInfo->{_2fUrldc} );
$req->{sessionInfo}->{_utime} = delete $req->{sessionInfo}->{_2fUtime};
$self->p->rebuildCookies($req);
$req->mustRedirect(1);
$self->userLogger->notice( $self->prefix
. '2F verification for '
@ -133,6 +132,7 @@ sub _verify {
[
@{ $self->p->afterData },
$self->p->validSession,
'rebuildCookies',
@{ $self->p->endAuth },
sub { PE_OK }
]

17
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm
View File

@ -2,8 +2,12 @@ package Lemonldap::NG::Portal::Password::AD;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants
qw(PE_PASSWORD_OK PE_LDAPERROR PE_ERROR);
use Lemonldap::NG::Portal::Main::Constants qw(
PE_PASSWORD_OK
PE_LDAPERROR
PE_LDAPCONNECTFAILED
PE_ERROR
);
extends 'Lemonldap::NG::Portal::Lib::LDAP',
'Lemonldap::NG::Portal::Password::Base';
@ -30,6 +34,10 @@ sub modifyPassword {
return PE_ERROR;
}
# Ensure connection is valid
$self->bind;
return PE_LDAPCONNECTFAILED unless $self->ldap;
# Call the modify password method
my $code =
$self->ldap->userModifyPassword( $dn, $pwd, $req->data->{oldpassword},
@ -49,8 +57,9 @@ sub modifyPassword {
);
unless ( $result->code == 0 ) {
$self->logger->error(
"LDAP modify pwdLastSet error: " . $result->code );
$self->logger->error( "LDAP modify pwdLastSet error "
. $result->code . ": "
. $result->error );
return PE_LDAPERROR;
}

17
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
View File

@ -2,8 +2,12 @@ package Lemonldap::NG::Portal::Password::LDAP;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants
qw(PE_PASSWORD_OK PE_LDAPERROR PE_ERROR);
use Lemonldap::NG::Portal::Main::Constants qw(
PE_PASSWORD_OK
PE_LDAPERROR
PE_LDAPCONNECTFAILED
PE_ERROR
);
extends 'Lemonldap::NG::Portal::Lib::LDAP',
'Lemonldap::NG::Portal::Password::Base';
@ -38,6 +42,10 @@ sub modifyPassword {
return PE_ERROR;
}
# Ensure connection is valid
$self->bind;
return PE_LDAPCONNECTFAILED unless $self->ldap;
# Call the modify password method
my $code =
$self->ldap->userModifyPassword( $dn, $pwd, $req->data->{oldpassword} );
@ -62,8 +70,9 @@ sub modifyPassword {
unless ( $result->code == 0 ) {
$self->logger->error( "LDAP modify "
. $self->conf->{ldapPasswordResetAttribute}
. " error: "
. $result->code );
. " error "
. $result->code . ": "
. $result->error );
return PE_LDAPERROR;
}

5
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Notifications.pm
View File

@ -133,7 +133,10 @@ sub checkNotifDuringAuth {
# Cipher id
$req->id( $self->p->HANDLER->tsv->{cipher}->encrypt( $req->id ) );
$self->p->rebuildCookies($req);
if ( not $req->data->{_url} and $req->env->{PATH_INFO} ne '/' ) {
if ( not $req->pdata->{_url}
and not $req->data->{_url}
and $req->env->{PATH_INFO} ne '/' )
{
$req->data->{_url} =
encode_base64( $self->conf->{portal} . $req->env->{PATH_INFO},
'' );

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Register/AD.pm
View File

@ -40,7 +40,8 @@ sub createUser {
if ( $mesg->is_error ) {
$self->userLogger->error(
"Can not create entry for " . $req->data->{registerInfo}->{login} );
$self->logger->error( "LDAP error " . $mesg->error );
$self->logger->error(
"LDAP error " . $mesg->code . ": " . $mesg->error );
$self->ldap->unbind();
$self->{flags}->{ldapActive} = 0;

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Register/LDAP.pm
View File

@ -73,7 +73,8 @@ sub createUser {
if ( $mesg->is_error ) {
$self->userLogger->error(
"Can not create entry for " . $req->data->{registerInfo}->{login} );
$self->logger->error( "LDAP error " . $mesg->error );
$self->logger->error(
"LDAP error " . $mesg->code . ": " . $mesg->error );
$self->ldap->unbind();
$self->{flags}->{ldapActive} = 0;

70
lemonldap-ng-portal/t/28-AuthChoice-with-over.t Normal file
View File

@ -0,0 +1,70 @@
use Test::More;
use strict;
use IO::String;
use JSON qw(from_json);
require 't/test-lib.pm';
my $res;
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
useSafeJail => 1,
portalMainLogo => 'common/logos/logo_llng_old.png',
authentication => 'Choice',
restSessionServer => 1,
nullAuthnLevel => 1,
userDB => 'Same',
authChoiceParam => 'test',
authChoiceModules => {
'1_securenull' => 'Null;Null;Null;;;{"nullAuthnLevel": 3}',
'2_null' => 'Null;Null;Null;;;{}',
},
}
}
);
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu' );
ok( $res->[2]->[0] =~ /1_securenull/, '1_securenull displayed' );
ok( $res->[2]->[0] =~ /2_null/, '2_null displayed' );
# Authenticate on first choice
my $postString = 'user=dwho&password=dwho&test=1_securenull';
ok(
$res = $client->_post(
'/',
IO::String->new($postString),
length => length($postString)
),
'Auth query'
);
expectOK($res);
my $id = expectCookie($res);
ok( $res = $client->_get("/sessions/global/$id"), 'Get session' );
my $sessiondata = from_json( $res->[2]->[0] );
is( $sessiondata->{authenticationLevel}, 3, "Overriden authentication level" );
$client->logout($id);
# Authenticate on second choice
my $postString = 'user=dwho&password=dwho&test=2_null';
# Try to authenticate
# -------------------
ok(
$res = $client->_post(
'/',
IO::String->new($postString),
length => length($postString)
),
'Auth query'
);
expectOK($res);
my $id = expectCookie($res);
ok( $res = $client->_get("/sessions/global/$id"), 'Get session' );
my $sessiondata = from_json( $res->[2]->[0] );
is( $sessiondata->{authenticationLevel}, 1, "Default authentication level" );
$client->logout($id);
clean_sessions();
done_testing();

513
lemonldap-ng-portal/t/30-SAML-POST-with-2F-and-Notification.t Normal file
View File

@ -0,0 +1,513 @@
use lib 'inc';
use Test::More;
use strict;
use IO::String;
use LWP::UserAgent;
use LWP::Protocol::PSGI;
use MIME::Base64;
BEGIN {
require 't/test-lib.pm';
require 't/saml-lib.pm';
require 't/smtp.pm';
}
my $maintests = 20;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
# Redefine LWP methods for tests
LWP::Protocol::PSGI->register(
sub {
my $req = Plack::Request->new(@_);
fail('POST should not launch SOAP requests');
count(1);
return [ 500, [], [] ];
}
);
SKIP: {
eval "use Lasso";
if ($@) {
skip 'Lasso not found', $maintests;
}
my $file = "$main::tmpDir/20170531_dwho_dGVzdHJlZjI=.json";
open F, "> $file" or die($!);
print F '[
{
"uid": "dwho",
"date": "2017-05-31",
"reference": "testref2",
"title": "Test title",
"subtitle": "Test subtitle",
"text": "This is a test text",
"check": ["Accept test","Accept test2"]
}
]';
close F;
# Initialization
ok( $issuer = issuer(), 'Issuer portal' );
$handlerOR{issuer} = \@Lemonldap::NG::Handler::Main::_onReload;
switch ('sp');
&Lemonldap::NG::Handler::Main::cfgNum( 0, 0 );
ok( $sp = sp(), 'SP portal' );
$handlerOR{sp} = \@Lemonldap::NG::Handler::Main::_onReload;
# Simple SP access
ok(
$res = $sp->_get(
'/', accept => 'text/html',
),
'Unauth SP request'
);
expectOK($res);
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
or explain(
$res->[1],
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
);
my ( $host, $url, $s ) =
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
'SAMLRequest' );
# Push SAML request to IdP
ok(
$res = $issuer->_post(
$url,
IO::String->new($s),
accept => 'text/html',
length => length($s)
),
'Post SAML request to IdP'
);
expectOK($res);
my $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
# Try to authenticate with an authorized user to IdP
$s = "user=dwho&password=dwho&$s";
ok(
$res = $issuer->_post(
$url,
IO::String->new($s),
accept => 'text/html',
cookie => $pdata,
length => length($s),
),
'Post authentication'
);
( $host, $url, $s ) =
expectForm( $res, undef, '/mail2fcheck?skin=bootstrap', 'token', 'code' );
ok(
$res->[2]->[0] =~
qr%<input name="code" value="" class="form-control" id="extcode" trplaceholder="code" autocomplete="off" />%,
'Found EXTCODE input'
) or print STDERR Dumper( $res->[2]->[0] );
ok( mail() =~ m%<b>(\d{4})</b>%, 'Found 2F code in mail' )
or print STDERR Dumper( mail() );
my $code = $1;
$s =~ s/code=/code=${code}/;
ok(
$res = $issuer->_post(
'/mail2fcheck',
IO::String->new($s),
length => length($s),
cookie => $pdata,
accept => 'text/html',
),
'Post code'
);
my $idpId = expectCookie($res);
$pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
( $host, $url, $s ) =
expectForm( $res, undef, '/notifback', 'reference1x1' );
ok(
$res = $issuer->_post(
'/notifback',
IO::String->new($s),
cookie => "lemonldap=$idpId; $pdata",
accept => 'text/html',
length => length($s),
),
"Accept notification"
);
$idpId = expectCookie($res);
#expectRedirection( $res, qr/./ );
$file =~ s/json$/done/;
ok( -e $file, 'Notification was deleted' );
$pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
expectRedirection( $res, 'http://auth.idp.com/saml' );
ok(
$res = $issuer->_get(
'/saml',
cookie => "lemonldap=$idpId; $pdata",
accept => 'text/html',
),
'Follow redirection'
);
# Expect pdata to be cleared
$pdata = expectCookie( $res, 'lemonldappdata' );
ok( $pdata !~ 'issuerRequestsaml', 'SAML request cleared from pdata' );
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.sp.com', '/saml/proxySingleSignOnPost',
'SAMLResponse' );
# Post SAML response to SP
switch ('sp');
ok(
$res = $sp->_post(
$url, IO::String->new($s),
accept => 'text/html',
length => length($s),
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
),
'Post SAML response to SP'
);
# Verify authentication on SP
expectRedirection( $res, 'http://auth.sp.com' );
my $spId = expectCookie($res);
ok( $res = $sp->_get( '/', cookie => "lemonldap=$spId" ), 'Get / on SP' );
expectOK($res);
expectAuthenticatedAs( $res, 'dwho@badwolf.org@idp' );
# Logout initiated by SP
ok(
$res = $sp->_get(
'/',
query => 'logout',
cookie => "lemonldap=$spId",
accept => 'text/html'
),
'Query SP for logout'
);
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.idp.com', '/saml/singleLogout',
'SAMLRequest' );
# Push SAML logout request to IdP
switch ('issuer');
ok(
$res = $issuer->_post(
$url,
IO::String->new($s),
accept => 'text/html',
cookie => "lemonldap=$idpId",
length => length($s)
),
'Post SAML logout request to IdP'
);
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.sp.com', '/saml/proxySingleLogoutReturn',
'SAMLResponse' );
# Post SAML response to SP
switch ('sp');
ok(
$res = $sp->_post(
$url, IO::String->new($s),
accept => 'text/html',
length => length($s),
cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
),
'Post SAML response to SP'
);
expectRedirection( $res, 'http://auth.sp.com' );
# Test if logout is done
switch ('issuer');
ok(
$res = $issuer->_get(
'/', cookie => "lemonldap=$idpId",
),
'Test if user is reject on IdP'
);
expectReject($res);
switch ('sp');
ok(
$res = $sp->_get(
'/',
accept => 'text/html',
cookie =>
"lemonldapidp=http://auth.idp.com/saml/metadata; lemonldap=$spId"
),
'Test if user is reject on SP'
);
expectOK($res);
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn', 'SAMLRequest' );
unlink $file;
}
count($maintests);
clean_sessions();
done_testing( count() );
sub switch {
my $type = shift;
@Lemonldap::NG::Handler::Main::_onReload = @{
$handlerOR{$type};
};
}
sub issuer {
return LLNG::Manager::Test->new( {
ini => {
logLevel => $debug,
domain => 'idp.com',
portal => 'http://auth.idp.com',
authentication => 'Demo',
userDB => 'Same',
issuerDBSAMLActivation => 1,
mail2fActivation => 1,
mail2fCodeRegex => '\d{4}',
notification => 1,
notificationStorage => 'File',
notificationStorageOptions => { dirName => "$main::tmpDir" },
oldNotifFormat => 0,
samlSPMetaDataOptions => {
'sp.com' => {
samlSPMetaDataOptionsEncryptionMode => 'none',
samlSPMetaDataOptionsSignSSOMessage => 1,
samlSPMetaDataOptionsSignSLOMessage => 1,
samlSPMetaDataOptionsCheckSSOMessageSignature => 1,
samlSPMetaDataOptionsCheckSLOMessageSignature => 1,
}
},
samlSPMetaDataExportedAttributes => {
'sp.com' => {
cn =>
'1;cn;urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
uid =>
'1;uid;urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
}
},
samlOrganizationDisplayName => "IDP",
samlOrganizationName => "IDP",
samlOrganizationURL => "http://www.idp.com/",
samlServicePrivateKeyEnc => "-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAnfKBDG/K0TnGT7Xu8q1N45sNWvIK91SqNg8nvN2uVeKoHADT
csus5Xn3id5+8Q9TuMFsW9kIEeXiaPKXQa9ryfSNDhWDWloNkpGEeWif2BnHUu46
Abu1UBWb0mH6VwcG1PR4qHruLis1odjQ1qnVDNfSEASVIppEBYjDX203ypmURIzU
6h53GRRRlf1BLWkbVn9ysmDeR57Xw5Rsx/+tBlcnMrkv/40DSUkehQIl2JmlFrl2
Caik+gU4pd20apA/pNLjBZF0OmGoS08AIR5NMd0KFa6CwZUUSHJqH5GFy5Y2yl4l
g8K0klAS9q7L7aXI+eFQZhkwidjpxXnHPyxIGQIDAQABAoIBAHnfqjX3eO8SfnP5
NURp90Td2mNHirCn0qLd9NKl1ySMPR1GgeH9SQ7Umu32EcteAUL5dOw2PiTZVmeW
cKINgsWVftXUQcOQ4xIqWKb51QUBdy0FhxrZRSFjWxXt5iYK1PmzHfsax/g1/S9C
RnqtFyjOy1bywkSt9jiy+9YBR2B7BDhLHlILbijWn5zaecaV4YA+L1UK4M/mehdb
+0FVPavbGpnlqBRTY+7YXfZ/mRPCfn5DvO9lW1O0pJMmNdBh9kmm3DxHf6AkK47a
43gO/dRWiWo2rZ/+Jw7uyqOb23U0MydP7kia0p3tzCUBPsrlgnichYG5RNFp0wqy
3VT1TYECgYEA0Y9vENy1jJd+s7WbGrsRtSKxfZgtJr0yjSlQVYrIlwbZSGn+ndxq
V2vVlwIgLX3pz6T40BMfk6SNx08jjy0Sgn6OAM0ILrinno8yWcSAMCmfCU0S/3O1
55bqtcnk4XTHBHzJ5OrnrPaW5ourvJz0lcWEKMg3BXxLzaF6ZRy85nECgYEAwPMD
LNAKLCDrUMyYFOpPyPLe7wvszcFvPipGgerSgFP1c6N7xaMUdHDYqBfuis1khPGF
YcMHeNBYmzX6yEGbp3lrB4PHpUySmTU3mv3u9I05aahInK21gXum3uRkCWyyIF6V
T/qeszl9mVOCp0CC4eG3IMVpaD0UKDEHVhERYCkCgYAjuTPRyA4a3Wh38ilysRkf
q75eDqcDx5Tqg3RyYKo5NK2troP9HSnzpSpQB8i8eI53G0RfFCN5479XjqIdMi3J
mRFUCZ+vd0L7wKVwsBK6Ix49U6o9adhElnGEc9pUpLeYiD1SjMjZr1+iBYVNLeRz
86vH1/mpMbsqXrCis/dvwQKBgGttomHr/w3s0jftget7PirrFrbP0+wHfDGHhjRF
kyhCFtJovrwefYALaIXGtVjw3LusYZA570oT7pGUb2naJZkMYEwR0jG1vZWx7KDO
K6JbkxDB0pPxn7JVL2bAkPYyX8boAohCSOQO6WBZ/8+xem3bp4OGhpa0EyoBik0g
OaVpAoGATj4SyYsE10hGT676iie8zy3fi5IPC3E+x4QlVuusaLtuY8LJA50stjtx
gUa/JAKlZZL+gvzvOviQIxyfIChXOdTt5uiOYkdHJDbAF3NSrji7hrXq4v8UZv75
8hBrwJZIpy6y01dRlrriHmPRtEq1pk7JX2uUg0sP5g4BEcsaCbc=
-----END RSA PRIVATE KEY-----
",
samlServicePrivateKeySig => "-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAtR/wgDqWB4Maho5V6TjcL/NbNfjgIh7GcgkrB5RZcVT1GTej
JlMjUQdgBKBuZXQN+7/29P6UcGq1kYalURq6S8SpeJ1ofp5rBEoD/TIkvU0JOcid
65wp+fdzXGXsfiZvHraU74jSCgjP/wqfVGRyBIQzB0SIxSpnrsigqNsE1E94toDM
x4wovjHu/9ABAImREV7Sz83OeFF00/sghrjTEJOD/gHf04JCn9MgNOqvSTysr9LX
Wg/oUKQDEYeTq9ux6pq/oqv1MxwONbSZPtN5yD41mi+hT8Rh+W8Je8rsiML4VMxz
sb1l9303asw6suo5bLTISKNSbu1nt1NkpNxzywIDAQABAoIBAQCQkbvPPfP+bwC/
IeEk1IO7qkzFWa7czR+safD0jc6OjTdNN4F716Q6yt4zEzLKu8VliiW+C23EBQiD
7asKf4DvdTun0ExVtHDK7aEdeealSlXwz1ZtdypyILbtq1UGo/rR0v4x601rQPl0
IrBmFf6D6FkqleNtLJmxguXpoVfLdYKNwkxH2ux+GOA9r2o5pUCQmJGDap5YWRuQ
uB71ewJjVWujaL3e1ac/5cP7/tqWmgAiOaN8sYdD6+oWOR47bHj8JKcMBSl4y2QC
dL31cGmmf5KqBbtISki3RXfHHjT7E3Z85CbESkKTZlEb1ar3XmepY6Z7V5UO16oz
fFE5R6khAoGBAOl9Qb+qYVVO5ugE65ORjYVeuXykANhM9ssiY5a6zuAakWzw7Zv3
k6PXm9p7azlEXAlTnTXVwHYMyuuzZDvQ8LRV1iBOdPuIkUAmaQ5K9ASD7VcoHexh
k8DAKf9Ln7sTRaMdvgceRNczOmJOBIEpTZkssA/jVGXZsoyTWYl1en/ZAoGBAMaW
RnNbSNprEV2b8UeAJ6i77c4SXwu1I8X2NLtiLScb1ETBjfrdHmdlJglfyd/0gmhH
p/43Ku2iGUoY5KtuOI6QmahrJYQscRQhoj252VXadG6fNWWAlpgdCm9houhHb5BF
3zge/bTr0anUe9EA7Z/ymav12rEouoNjIlhI9C5DAoGATR85a2SMt8/TB0owwdJu
62GpZNkLCmcJkXkvaecUVAOSi2hdI4o4MwMRkK35cbX5rH74y4JqCtQY5pefgP53
sykzDAK+MyMdzxGg2764MRGegI5Yq+5jDmSquo+xF+q6srEtRk6iMG7UVwosBLmu
zuxqzySoiOfKSRKWnYe3SakCgYEAwWMkVkAmETXE4oDzFSsS8/mW2l//mPocTTK3
JWe1CunJ6+8FYbAlZJEW2ngismp8+CoXybNVpbZ+pC7buKoMf6EHUgCNt0pEEFO0
mCG9KSMk0XlPWXpArP9S4yaUq1itpzSz7QYZES+4rIcU0HLz9RgeWFyCTJWaFErc
7laVG9sCgYBKOtk5WlIOP4BxSd2y4cYzohgwTZIs1/2kTEn1u4eH73M1xvAlHHFB
wSF5QXgDKJ8pPAOhNWpdLO/PdtnQn91nOvTNc+ShJZzjdbneUdQVpWpoBf72uA+N
6rIVf1JBUL2p7HFHaGdUZC7KGQ+yv6ZHrE1+7202nuDvJdvGEEdFsQ==
-----END RSA PRIVATE KEY-----
",
samlServicePublicKeyEnc => "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfKBDG/K0TnGT7Xu8q1N
45sNWvIK91SqNg8nvN2uVeKoHADTcsus5Xn3id5+8Q9TuMFsW9kIEeXiaPKXQa9r
yfSNDhWDWloNkpGEeWif2BnHUu46Abu1UBWb0mH6VwcG1PR4qHruLis1odjQ1qnV
DNfSEASVIppEBYjDX203ypmURIzU6h53GRRRlf1BLWkbVn9ysmDeR57Xw5Rsx/+t
BlcnMrkv/40DSUkehQIl2JmlFrl2Caik+gU4pd20apA/pNLjBZF0OmGoS08AIR5N
Md0KFa6CwZUUSHJqH5GFy5Y2yl4lg8K0klAS9q7L7aXI+eFQZhkwidjpxXnHPyxI
GQIDAQAB
-----END PUBLIC KEY-----
",
samlServicePublicKeySig => "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtR/wgDqWB4Maho5V6Tjc
L/NbNfjgIh7GcgkrB5RZcVT1GTejJlMjUQdgBKBuZXQN+7/29P6UcGq1kYalURq6
S8SpeJ1ofp5rBEoD/TIkvU0JOcid65wp+fdzXGXsfiZvHraU74jSCgjP/wqfVGRy
BIQzB0SIxSpnrsigqNsE1E94toDMx4wovjHu/9ABAImREV7Sz83OeFF00/sghrjT
EJOD/gHf04JCn9MgNOqvSTysr9LXWg/oUKQDEYeTq9ux6pq/oqv1MxwONbSZPtN5
yD41mi+hT8Rh+W8Je8rsiML4VMxzsb1l9303asw6suo5bLTISKNSbu1nt1NkpNxz
ywIDAQAB
-----END PUBLIC KEY-----
",
samlSPMetaDataXML => {
"sp.com" => {
samlSPMetaDataXML =>
samlSPMetaDataXML( 'sp', 'HTTP-POST' )
},
},
}
}
);
}
sub sp {
return LLNG::Manager::Test->new( {
ini => {
logLevel => $debug,
domain => 'sp.com',
portal => 'http://auth.sp.com',
authentication => 'SAML',
userDB => 'Same',
issuerDBSAMLActivation => 0,
restSessionServer => 1,
samlIDPMetaDataExportedAttributes => {
idp => {
mail => "0;mail;;",
uid => "1;uid",
cn => "0;cn"
}
},
samlIDPMetaDataOptions => {
idp => {
samlIDPMetaDataOptionsEncryptionMode => 'none',
samlIDPMetaDataOptionsSSOBinding => 'post',
samlIDPMetaDataOptionsSLOBinding => 'post',
samlIDPMetaDataOptionsSignSSOMessage => 1,
samlIDPMetaDataOptionsSignSLOMessage => 1,
samlIDPMetaDataOptionsCheckSSOMessageSignature => 1,
samlIDPMetaDataOptionsCheckSLOMessageSignature => 1,
samlIDPMetaDataOptionsForceUTF8 => 1,
}
},
samlIDPMetaDataExportedAttributes => {
idp => {
"uid" => "0;uid;;",
"cn" => "1;cn;;",
},
},
samlIDPMetaDataXML => {
idp => {
samlIDPMetaDataXML =>
samlIDPMetaDataXML( 'idp', 'HTTP-POST' )
}
},
samlOrganizationDisplayName => "SP",
samlOrganizationName => "SP",
samlOrganizationURL => "http://www.sp.com",
samlServicePublicKeySig => "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4iToYAEmWQxgZDihGVz
MMql1elPn37domWcvXeU2E4yt2hh5jkQHiFjgodfOlNeRIw5QJVlUBwr+CQvbaKR
FXd7BrOhQIDC0TZPRVB0XHarUtsCuDekN4/2GKSzHsoToKUVPWq9thsuek3xkpsJ
GZNX7bglfEc9+QQpYTqN1rkdN1PVU0epNMokFFGho5pLRqLUV5+I/QXAL49jfTja
Sxsp4UndTI8/+mGSRSq+nrT2zyQRM/vkj5vR9ZVz67HO/+Wk3Mx6RAwkVcMdgMAq
Cq8odmbI0yCRZiTL9ybKWRKqWJoKJ0p5+Q2fPEBPupQZR09Jt/JPuLVSsGfCxi9N
qwIDAQAB
-----END PUBLIC KEY-----
",
samlServicePrivateKeyEnc => "-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAsRaod2RZ8hMFBl+VhsnhyPM8l/Fj1obnBxfQIaWuHFIFfXiG
e/CYHuZ5QJQLnZxHMJX6LL3Sh+Usog3p0jpijpcg0QgfBSEkfopKTgReYN8DiDIl
l0rV1XdTni7E85Nd1YyNy3ui/ZD+UShWwqu6jLVLR+QUm+/1LIKYb3OCBTvOlY7x
HoP6NSU1+Mr+YzGBUacdO2vnNxe/PQhxIeP1zO0njuqGHkwEpy8rUWRZbbDn31Tm
Kjqlhgtsz5HPhbRaYEExhyepKgBiNz+RyxtYXVhuG8OrWQDoS5gYHSjdw1CTJyix
eJwyoqA9RGYguG5nh9zndi3LWAh7Z0lx+tIz+wIDAQABAoIBAEkZrk8iiJKJ0WAx
IrsyKNbXuWKLTYgnxcRCyzKofrfID+YcU39j8JeI0fKbajQUZ7qhnlTLwtU//+2h
SqzyVu6/add/v7ZRWQw3L7cGzKK2THHzKVtLk/t7N3QroDdf1LMrQvkFP2HmcWS0
/yN62hXtXHb/qpY4Nn+6JQyUpM5dkv8S/QjDl2NTdyWrXKzWp+4I3QLQ20f4zym+
ir7RennziMc0HlQNcTjGAUbFULtdqEfSFWhNK7UjiRY+S0XV2xJIbGjnxUQH62fS
w1ZzYsF7sBtoSckvfL4WfGbylhOVnliU05RLU2c67PRjj1Gskoslq1Ow/3DHR7rI
BSBpV8ECgYEA1eHfcog7xQGDkW+cshJtFPFx+9MegB58gFW1rl0rn+tfbexvoSEA
7G7EOTyaU6OAI+8StiRT6AYTgEU7PMM9zDykdGIWj3h0OpHGA86xhEiiaaM2DDRv
/DEKRVlEdmRLLLY28pJVHOMYomia3mb2VKZGg2VfGtSfjg1GXD3I8OECgYEA0/X0
U55KjZ1JQTPUgFc1WK1NxX9MaH+NcpDaolEUy3Qf3QTbfws+a9K3vwCn7EpQhrfs
I6RVUtwFdCyfl/jzBY9Gykkg03sMgW7Qw2SCCsSt05M+jDtBbNJ7esP6PAeKFvXZ
ZWhdeiAa4kM/P6gtvZXQ4tY4LkSbcd6b0SzzFFsCgYBjMsusFzuBd95JyfZnMNye
5gzzu0teKMWd0CLfqB7foQ81sH9lwCTpg8ZGtbDuMdrwz6ViDR9NceQBjhqXaAZ1
f3rW79d+22Ms9wdcJLV4oSeSzzv2FSwLT8NvvqNeNc4YArshbnVDXKDEUrfhhueh
Ay2ZK58clpkaDVYg2hckgQKBgG3KuhtSI/YE4fwXN9yez7A2XNGPZem/IGqWo9lu
PGJCrXqT2IqPLW82gB083r6jo+CUhonTxqqb82tA7g4PUvqvQ5Dmnk1NMKYe255K
gp3HUO8GF2EWFIak5Hcr6oOLuDi6cjh3/euTk7ld8fYsTD0mzEOjiQhWW1p5X6bT
LLp/AoGAHvkxA1NM1HJ3myAREbwNXxRy/nhNt4mwMkZ6hPQsW/Eg/3r7j6MJOFrm
U8AJJjDGKe6nlXhhnMoQfJzAc0cYNgjktmJXW27fHGIwt/2QwYNFHPK3s7HTrfH6
7T4XKT3yGeeeyC2soKJQPlGB+ETdIUnXa7eo9KVWtMTgISyx1Qk=
-----END RSA PRIVATE KEY-----
",
samlServicePrivateKeySig => "-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAu4iToYAEmWQxgZDihGVzMMql1elPn37domWcvXeU2E4yt2hh
5jkQHiFjgodfOlNeRIw5QJVlUBwr+CQvbaKRFXd7BrOhQIDC0TZPRVB0XHarUtsC
uDekN4/2GKSzHsoToKUVPWq9thsuek3xkpsJGZNX7bglfEc9+QQpYTqN1rkdN1PV
U0epNMokFFGho5pLRqLUV5+I/QXAL49jfTjaSxsp4UndTI8/+mGSRSq+nrT2zyQR
M/vkj5vR9ZVz67HO/+Wk3Mx6RAwkVcMdgMAqCq8odmbI0yCRZiTL9ybKWRKqWJoK
J0p5+Q2fPEBPupQZR09Jt/JPuLVSsGfCxi9NqwIDAQABAoIBABE0Cjb6g3F+23vD
SsRSeiqzrFrfOEqtXK+VGrfWzHS7V7Ozg6eW/H+HGJXUzUuQcklfg7EFA3JB41a0
GxW3oA+UElkfCV/dcAG5NbRqGQKScEz9glZb5FikgDLqiPP+HabS/gvQSu71t2HI
3KxSRJdwCNTp26Z28pxxYUpmELTtxd9vlHjffit2Mnt2uc8hOtFHdNavfYwvYH7o
bmlckp7b/JVOy2Yy21O94ZWkE498jXyn71Gr+V1cnJ0RrmYbhQqIvFpFHj98Pf4O
if3c4YmBcZ4t7PUsZUYF3ooWt8k/mdigQC3D6p80OKe+wUTYKcCN0ZdFbiURv9pg
CsqLh+ECgYEA9vA+9QfzvXC7S5yXgTkuRiusPlNye/AiyA/0oGjmjFZ1YNsT7awH
6BjW6WE+rS4elKJu1GaefM/cDguH4ZmJc+eKgi4LDCqYw9rr9les3aneBc8demd3
O/Ej1Pud1QxXArBNfBYo08vEqwST9P89clJC5090U6bGK2E0rTVu1w0CgYEAwmpG
9LbOFeGCPmwX7Avuk7tQQfRSV6q9TFZo+HxDfKYvxec846l1vBenY2rrgYhtolYJ
YS795LYgbSWRxGfgr1GuIbP5GsjHy6/1o6bS8M++GJ7KHArb0QLAYyQweqqb164A
NvHJkveueWnxzeOlD9j2fcjEnBHwTnqjG+17CZcCgYEAqMXawa4FsNxzpmIISpHC
RsNindZ60Kp3mzUMhPYtXI1a/C+/lxmU7dTMTgXgyIxU6lF6XkEk4TlPtWm8HTzK
7SS7Te4aLt6OOo5N57hUtct7q4y7IQXGQHm3e8HdRdeBQJ0u2Dhs/xSt/hTK6w/n
91Kx11Y+s02w88UkM53pe6ECgYAF/UYwVc1liSv9BlF6WSfBb1zam09KGh1405Sq
SxG9LlV8cFJE5TyWTdg/TNTyiaRvAt2JG+yAdkfrdOPXvCeE3yxRJ30+IP9evA4C
O6p19sBxe7rYQFFjUAVjSIMh1E22yEqDZtGB8JV0chob8K5uHY4CdAPylu7jTA3o
V1maAwKBgQCSGQ3yzsk4EGN2xd/JdgGDzhKyTZTQKMWYqQcsYxRAQ7Paj7u+Wkgv
dBeKcI0HwgpLy5ZohSd2erqieIsW0pEbJWCmos4IcO8tgNfEOa5WXYdyLbj5tFwt
ctu4/BJdijqfpMAtG8pv6k09gYjfASVytXmydGcs/0rVKYCRQA8Tow==
-----END RSA PRIVATE KEY-----
",
samlServicePublicKeyEnc => "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRaod2RZ8hMFBl+Vhsnh
yPM8l/Fj1obnBxfQIaWuHFIFfXiGe/CYHuZ5QJQLnZxHMJX6LL3Sh+Usog3p0jpi
jpcg0QgfBSEkfopKTgReYN8DiDIll0rV1XdTni7E85Nd1YyNy3ui/ZD+UShWwqu6
jLVLR+QUm+/1LIKYb3OCBTvOlY7xHoP6NSU1+Mr+YzGBUacdO2vnNxe/PQhxIeP1
zO0njuqGHkwEpy8rUWRZbbDn31TmKjqlhgtsz5HPhbRaYEExhyepKgBiNz+RyxtY
XVhuG8OrWQDoS5gYHSjdw1CTJyixeJwyoqA9RGYguG5nh9zndi3LWAh7Z0lx+tIz
+wIDAQAB
-----END PUBLIC KEY-----
",
samlSPSSODescriptorAuthnRequestsSigned => 1,
},
}
);
}

8
lemonldap-ng-portal/t/30-SAML-POST-with-Notification.t
View File

@ -31,7 +31,7 @@ SKIP: {
if ($@) {
skip 'Lasso not found', $maintests;
}
my $file = 't/20160530_dwho_dGVzdHJlZg==.json';
my $file = "$main::tmpDir/20160530_dwho_dGVzdHJlZg==.json";
open F, "> $file" or die($!);
print F '[
@ -118,11 +118,11 @@ SKIP: {
$file =~ s/json$/done/;
ok( -e $file, 'Notification was deleted' );
$pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
expectRedirection( $res, 'http://auth.idp.com/saml/singleSignOn' );
expectRedirection( $res, 'http://auth.idp.com/saml' );
ok(
$res = $issuer->_get(
'/saml/singleSignOn',
'/saml',
cookie => "lemonldap=$idpId; $pdata",
accept => 'text/html',
),
@ -247,7 +247,7 @@ sub issuer {
issuerDBSAMLActivation => 1,
notification => 1,
notificationStorage => 'File',
notificationStorageOptions => { dirName => 't' },
notificationStorageOptions => { dirName => "$main::tmpDir" },
oldNotifFormat => 0,
samlSPMetaDataOptions => {
'sp.com' => {

1
lemonldap-ng-portal/t/99-Dont-load-Dumper.t
View File

@ -38,6 +38,7 @@ my $ini = {
checkUser => 1,
impersonationRule => 1,
contextSwitchingRule => 1,
decryptValueRule => 1,
grantSessionRules => { a => 1 },
checkStateSecret => 'x',
};