dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

WIP: CheckDevOps plugin skeleton (#2458)

Browse Source
This commit is contained in:
Christophe Maudoux 2021-02-12 17:37:02 +01:00
parent d6fa0dfbf2
commit 6e1efc8bb5
41 changed files with 267 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
View File

@ -30,7 +30,7 @@ use constant DEFAULTCONFBACKENDOPTIONS => (
dirName => '/usr/local/lemonldap-ng/data/conf',
);
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:DevOps|State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/;
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );

1
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm
View File

@ -20,6 +20,7 @@ sub portalConsts {
'101' => 'PE_PP_NOT_ALLOWED_CHARACTERS',
'102' => 'PE_UPGRADESESSION',
'103' => 'PE_NO_SECOND_FACTORS',
'104' => 'PE_BAD_DEVOPS_FILE',
'2' => 'PE_FORMEMPTY',
'20' => 'PE_NO_PASSWORD_BE',
'21' => 'PE_PP_ACCOUNT_LOCKED',

4
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
View File

@ -862,6 +862,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'cfgVersion' => {
'type' => 'text'
},
'checkDevOps' => {
'default' => 0,
'type' => 'bool'
},
'checkState' => {
'default' => 0,
'type' => 'bool'

6
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
View File

@ -464,6 +464,12 @@ sub attributes {
type => 'text',
documentation => 'Secret token for CheckState plugin',
},
checkDevOps => {
default => 0,
type => 'bool',
documentation => 'Enable check DevOps',
flags => 'p',
},
checkUser => {
default => 0,
type => 'bool',

3
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/PortalConstants.pm
View File

@ -111,7 +111,8 @@ sub portalConstants {
PE_PP_NOT_ALLOWED_CHARACTER => 100,
PE_PP_NOT_ALLOWED_CHARACTERS => 101,
PE_UPGRADESESSION => 102,
PE_NO_SECOND_FACTORS => 103
PE_NO_SECOND_FACTORS => 103,
PE_BAD_DEVOPS_FILE => 104
};
}

9
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
View File

@ -638,7 +638,8 @@ sub tree {
},
{
title => 'soapServices',
help => 'portalservers.html#SOAP_(deprecated)',
help =>
'portalservers.html#SOAP_(deprecated)',
form => 'simpleInputContainer',
nodes => [
'soapSessionServer',
@ -774,6 +775,12 @@ sub tree {
form => 'simpleInputContainer',
nodes => [ 'checkState', 'checkStateSecret', ],
},
{
title => 'devOpsCheck',
help => 'checkdevops.html',
form => 'simpleInputContainer',
nodes => ['checkDevOps'],
},
{
title => 'checkUsers',
help => 'checkuser.html',

2
lemonldap-ng-manager/site/htdocs/static/languages/ar.json
View File

@ -197,6 +197,7 @@
"clickHereToForce":"انقر هنا لإجبار",
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkState":"تفعيل",
"checkStateSecret":"سر مشترك",
"checkUsers":"SSO profile check",
@ -287,6 +288,7 @@
"description":"التفاصيل",
"dest":"Recipient",
"diffViewer":"المشاهد المختلف",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"الفرق مع السابق",
"disabled":"معطلة",
"displaySessionId":"Display session identifier",

2
lemonldap-ng-manager/site/htdocs/static/languages/de.json
View File

@ -197,6 +197,7 @@
"clickHereToForce":"Click here to force",
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"SSO profile check",
@ -287,6 +288,7 @@
"description":"Beschreibung",
"dest":"Recipient",
"diffViewer":"Difference viewer",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"difference with previous",
"disabled":"Disabled",
"displaySessionId":"Display session identifier",

2
lemonldap-ng-manager/site/htdocs/static/languages/en.json
View File

@ -197,6 +197,7 @@
"clickHereToForce":"Click here to force",
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"SSO profile check",
@ -286,6 +287,7 @@
"demoParams":"Demonstration parameters",
"description":"Description",
"dest":"Recipient",
"devOpsCheck":"Check DevOps handler file",
"diffViewer":"Difference viewer",
"diffWithPrevious":"difference with previous",
"disabled":"Disabled",

2
lemonldap-ng-manager/site/htdocs/static/languages/es.json
View File

@ -197,6 +197,7 @@
"clickHereToForce":"Haga click aquí para forzar",
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkState":"Activación",
"checkStateSecret":"Secreto compartido",
"checkUsers":"Comprobación de perfil SSO",
@ -287,6 +288,7 @@
"description":"Descripción",
"dest":"Recipient",
"diffViewer":"Visor de diferencias",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"Diferencia con anterior",
"disabled":"Deshabilitado",
"displaySessionId":"Display session identifier",

2
lemonldap-ng-manager/site/htdocs/static/languages/fr.json
View File

@ -197,6 +197,7 @@
"clickHereToForce":"Cliquer ici pour forcer",
"claimName":"Nom de la revendication",
"checkboxes":"Cases à cocher",
"checkDevOps":"Activation",
"checkState":"Activation",
"checkStateSecret":"Secret partagé",
"checkUsers":"Vérification des profils SSO",
@ -286,6 +287,7 @@
"demoParams":"Paramètres démonstration",
"description":"Description",
"dest":"Destinataire",
"devOpsCheck":"Vérification des fichiers DevOps",
"diffViewer":"Visualisateur de différence",
"diffWithPrevious":"différence avec la précédente",
"disabled":"Désactivé",

2
lemonldap-ng-manager/site/htdocs/static/languages/it.json
View File

@ -197,6 +197,7 @@
"clickHereToForce":"Clicca qui per forzare",
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkState":"Attivazione",
"checkStateSecret":"Segreto condiviso",
"checkUsers":"Controllo del profilo SSO",
@ -287,6 +288,7 @@
"description":"Descrizione",
"dest":"Recipient",
"diffViewer":"Visualizzatore di differenza",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"differenza con il precedente",
"disabled":"Disabilitato",
"displaySessionId":"Display session identifier",

2
lemonldap-ng-manager/site/htdocs/static/languages/pl.json
View File

@ -197,6 +197,7 @@
"clickHereToForce":"Kliknij tutaj, aby wymusić",
"claimName":"Nazwa roszczenia",
"checkboxes":"Pola wyboru",
"checkDevOps":"Activation",
"checkState":"Aktywacja",
"checkStateSecret":"Współdzielony sekret",
"checkUsers":"Sprawdź Profil SSO",
@ -287,6 +288,7 @@
"description":"Opis",
"dest":"Odbiorca",
"diffViewer":"Przeglądarka różnic",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"różnica w stosunku do poprzednich",
"disabled":"Wyłączone",
"displaySessionId":"Wyświetl identyfikator sesji",

2
lemonldap-ng-manager/site/htdocs/static/languages/tr.json
View File

@ -197,6 +197,7 @@
"clickHereToForce":"Zorlamak için buraya tıklayın",
"claimName":"İstek adı",
"checkboxes":"Onay kutuları",
"checkDevOps":"Activation",
"checkState":"Aktivasyon",
"checkStateSecret":"Paylaşılan sır",
"checkUsers":"TOA profil Kontrolü",
@ -287,6 +288,7 @@
"description":"Açıklama",
"dest":"Alıcı",
"diffViewer":"Fark görüntüleyici",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"önceki ile farkı",
"disabled":"Devre dışı",
"displaySessionId":"Oturum kimliğini görüntüle",

2
lemonldap-ng-manager/site/htdocs/static/languages/vi.json
View File

@ -197,6 +197,7 @@
"clickHereToForce":"Nhấp vào đây để bắt buộc",
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkState":"Kích hoạt",
"checkStateSecret":"Chia sẻ bí mật",
"checkUsers":"SSO profile check",
@ -287,6 +288,7 @@
"description":"Mô tả",
"dest":"Recipient",
"diffViewer":"Người xem khác ",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"khác biệt với cái trước",
"disabled":"Tắt",
"displaySessionId":"Display session identifier",

2
lemonldap-ng-manager/site/htdocs/static/languages/zh.json
View File

@ -197,6 +197,7 @@
"clickHereToForce":"Click here to force",
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkState":"激活",
"checkStateSecret":"Shared secret",
"checkUsers":"SSO profile check",
@ -287,6 +288,7 @@
"description":"Description",
"dest":"Recipient",
"diffViewer":"Difference viewer",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"difference with previous",
"disabled":"Disabled",
"displaySessionId":"Display session identifier",

2
lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json
View File

@ -197,6 +197,7 @@
"clickHereToForce":"點擊此處強制",
"claimName":"要求名稱",
"checkboxes":"勾選框",
"checkDevOps":"Activation",
"checkState":"啟用",
"checkStateSecret":"已分享的祕密",
"checkUsers":"SSO 設定檔檢查",
@ -287,6 +288,7 @@
"description":"描述",
"dest":"接收者",
"diffViewer":"差異檢視器",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"與先前的差異",
"disabled":"已停用",
"displaySessionId":"顯示工作階段識別符號",

2
lemonldap-ng-manager/site/htdocs/static/reverseTree.json
View File

File diff suppressed because one or more lines are too long

2
lemonldap-ng-manager/site/htdocs/static/struct.json
View File

File diff suppressed because one or more lines are too long

5
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm
View File

@ -108,6 +108,7 @@ use constant {
PE_PP_NOT_ALLOWED_CHARACTERS => 101,
PE_UPGRADESESSION => 102,
PE_NO_SECOND_FACTORS => 103,
PE_BAD_DEVOPS_FILE => 104,
};
sub portalConsts {
@ -124,6 +125,7 @@ sub portalConsts {
'101' => 'PE_PP_NOT_ALLOWED_CHARACTERS',
'102' => 'PE_UPGRADESESSION',
'103' => 'PE_NO_SECOND_FACTORS',
'104' => 'PE_BAD_DEVOPS_FILE',
'2' => 'PE_FORMEMPTY',
'20' => 'PE_NO_PASSWORD_BE',
'21' => 'PE_PP_ACCOUNT_LOCKED',
@ -319,7 +321,8 @@ our @EXPORT_OK = (
'PE_PP_NOT_ALLOWED_CHARACTER',
'PE_PP_NOT_ALLOWED_CHARACTERS',
'PE_UPGRADESESSION',
'PE_NO_SECOND_FACTORS'
'PE_NO_SECOND_FACTORS',
'PE_BAD_DEVOPS_FILE'
);
our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );

1
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm
View File

@ -28,6 +28,7 @@ our @pList = (
checkState => '::Plugins::CheckState',
portalForceAuthn => '::Plugins::ForceAuthn',
checkUser => '::Plugins::CheckUser',
checkDevOps => '::Plugins::CheckDevOps',
impersonationRule => '::Plugins::Impersonation',
contextSwitchingRule => '::Plugins::ContextSwitching',
decryptValueRule => '::Plugins::DecryptValue',

141
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckDevOps.pm Normal file
View File

@ -0,0 +1,141 @@
package Lemonldap::NG::Portal::Plugins::CheckDevOps;
use strict;
use Mouse;
use JSON qw(from_json to_json);
use Lemonldap::NG::Portal::Main::Constants qw(
PE_OK
PE_ERROR
PE_NOTOKEN
PE_TOKENEXPIRED
PE_BAD_DEVOPS_FILE
);
our $VERSION = '2.0.12';
extends qw(
Lemonldap::NG::Portal::Main::Plugin
Lemonldap::NG::Portal::Lib::_tokenRule
);
# INITIALIZATION
has ott => (
is => 'rw',
lazy => 1,
default => sub {
my $ott =
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
$ott->timeout( $_[0]->{conf}->{formTimeout} );
return $ott;
}
);
sub init {
my ($self) = @_;
$self->addAuthRoute( checkdevops => 'run', ['POST'] )
->addAuthRoute( checkdevops => 'display', ['GET'] );
return 1;
}
# RUNNING METHOD
sub display {
my ( $self, $req ) = @_;
# Display form
my $params = {
PORTAL => $self->conf->{portal},
MAIN_LOGO => $self->conf->{portalMainLogo},
SKIN => $self->p->getSkin($req),
LANGS => $self->conf->{showLanguages},
MSG => 'checkDevOps',
ALERTE => 'alert-info',
FILE => '',
TOKEN => (
$self->ottRule->( $req, {} )
? $self->ott->createToken()
: ''
)
};
return $self->sendJSONresponse( $req, $params ) if $req->wantJSON;
# Display form
return $self->p->sendHtml( $req, 'checkdevops', params => $params, );
}
sub run {
my ( $self, $req ) = @_;
my ( $msg, $alert );
# Check token
if ( $self->ottRule->( $req, {} ) ) {
my $token;
$msg = PE_OK;
if ( $token = $req->param('token') ) {
unless ( $self->ott->getToken($token) ) {
$self->userLogger->warn(
'CheckDevOps called with an expired/bad token');
$msg = PE_TOKENEXPIRED;
$token = $self->ott->createToken();
}
}
else {
$self->userLogger->warn('CheckDevOps called without token');
$msg = PE_NOTOKEN;
$token = $self->ott->createToken();
}
my $params = {
PORTAL => $self->conf->{portal},
MAIN_LOGO => $self->conf->{portalMainLogo},
SKIN => $self->p->getSkin($req),
LANGS => $self->conf->{showLanguages},
MSG => "PE$msg",
ALERTE => 'alert-warning',
FILE => '',
TOKEN => $token,
};
return $self->p->sendJSONresponse( $req, $params )
if $req->wantJSON && $msg;
# Display form
return $self->p->sendHtml( $req, 'checkdevops', params => $params )
if $msg;
}
my $json = eval { from_json( $req->param('checkDevOpsFile') ) };
if ($@) {
$self->userLogger->error("CheckDevOps: bad 'rules.json' file ($@)");
$msg = 'PE' . PE_BAD_DEVOPS_FILE;
$alert = 'alert-danger';
$json = '';
}
else {
$msg = 'checkDevOps';
$alert = 'alert-info';
$json = $req->param('checkDevOpsFile');
}
my $params = {
PORTAL => $self->conf->{portal},
MAIN_LOGO => $self->conf->{portalMainLogo},
SKIN => $self->p->getSkin($req),
LANGS => $self->conf->{showLanguages},
MSG => $msg,
ALERTE => $alert,
FILE => $json,
TOKEN => (
$self->ottRule->( $req, {} )
? $self->ott->createToken()
: ''
)
};
return $self->p->sendJSONresponse( $req, $params ) if $req->wantJSON;
# Display form
return $self->p->sendHtml( $req, 'checkdevops', params => $params, );
}
1;

6
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
View File

@ -133,7 +133,6 @@ sub display {
$array_attrs = $self->_dispatchAttributes(
$self->_createArray( $req, $attrs, $req->userData ) );
# Display form
my $params = {
PORTAL => $self->conf->{portal},
MAIN_LOGO => $self->conf->{portalMainLogo},
@ -191,7 +190,10 @@ sub check {
LOGIN => '',
TOKEN => $token,
};
return $self->p->sendJSONresponse( $req, $params ) if $req->wantJSON;
return $self->p->sendJSONresponse( $req, $params )
if $req->wantJSON && $msg;
# Display form
return $self->p->sendHtml( $req, 'checkuser', params => $params )
if $msg;
}

2
lemonldap-ng-portal/site/htdocs/static/languages/ar.json
View File

@ -95,6 +95,7 @@
"PE102":"Session must be upgraded",
"PE103":"No second factors available for your account",
"2FDeviceNotFound":"2F device not found",
"PE104":"Bad DevOps handler file",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"قبول",
"accessDenied":"ليس لديك إذن بالدخول لهذا التطبيق",
@ -123,6 +124,7 @@
"certificateReset":"Reset my certificate",
"changeKey":"Generate new key",
"changePwd":"غير كلمة المرور الخاصة بك",
"checkDevOps":"Check DevOps handler file",
"checkLastLogins":"تحقق من آخر تسجيلات دخول الخاصة بي",
"checkUser":"Check user SSO profile",
"checkUserComputedSession":"No SSO session found. Computed data!",

2
lemonldap-ng-portal/site/htdocs/static/languages/de.json
View File

@ -94,6 +94,7 @@
"PE101":"Password contains not allowed characters",
"PE102":"Session must be upgraded",
"PE103":"No second factors available for your account",
"PE104":"Bad DevOps handler file",
"2FDeviceNotFound":"2F device not found",
"2fRegRequired":"Dieser Dienst benötigt Zwei-Faktor-Authentifizierung. Bitte legen Sie ein Gerät an und gehen dann zum Portal zurück.",
"accept":"Akzeptieren",
@ -123,6 +124,7 @@
"certificateReset":"Reset my certificate",
"changeKey":"Neuen Schlüssel erzeugen",
"changePwd":"Ändere dein Passwort",
"checkDevOps":"Check DevOps handler file",
"checkLastLogins":"Überprüfe meine letzten Logins",
"checkUser":"Check user SSO profile",
"checkUserComputedSession":"No SSO session found. Computed data!",

2
lemonldap-ng-portal/site/htdocs/static/languages/en.json
View File

@ -94,6 +94,7 @@
"PE101":"Password contains not allowed characters",
"PE102":"Session must be upgraded",
"PE103":"No second factors available for your account",
"PE104":"Bad DevOps handler file",
"2FDeviceNotFound":"2F device not found",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
@ -123,6 +124,7 @@
"certificateReset":"Reset my certificate",
"changeKey":"Generate new key",
"changePwd":"Change your password",
"checkDevOps":"Check DevOps handler file",
"checkLastLogins":"Check my last logins",
"checkUser":"Check user SSO profile",
"checkUserComputedSession":"No SSO session found. Computed data!",

2
lemonldap-ng-portal/site/htdocs/static/languages/es.json
View File

@ -94,6 +94,7 @@
"PE101":"Password contains not allowed characters",
"PE102":"Session must be upgraded",
"PE103":"No second factors available for your account",
"PE104":"Bad DevOps handler file",
"2FDeviceNotFound":"2F device not found",
"2fRegRequired":"Este servicio necesita la autenticación de dos factores. Registre un dispositivo ahora, luego reingrese al portal.",
"accept":"Aceptar",
@ -123,6 +124,7 @@
"certificateReset":"Reiniciar mi certificado",
"changeKey":"Generar nueva llave",
"changePwd":"Cambie su contraseña",
"checkDevOps":"Check DevOps handler file",
"checkLastLogins":"Verificar mis últimos accesos",
"checkUser":"Verificar el perfil SSO del usuario ",
"checkUserComputedSession":"No SSO session found. Computed data!",

2
lemonldap-ng-portal/site/htdocs/static/languages/fi.json
View File

@ -94,6 +94,7 @@
"PE101":"Password contains not allowed characters",
"PE102":"Session must be upgraded",
"PE103":"No second factors available for your account",
"PE104":"Bad DevOps handler file",
"2FDeviceNotFound":"2F device not found",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Hyväksy",
@ -123,6 +124,7 @@
"certificateReset":"Reset my certificate",
"changeKey":"Generate new key",
"changePwd":"Vaihda salasanasi",
"checkDevOps":"Check DevOps handler file",
"checkLastLogins":"Tarkista viimeiset kirjautumiseni",
"checkUser":"Check user SSO profile",
"checkUserComputedSession":"No SSO session found. Computed data!",

2
lemonldap-ng-portal/site/htdocs/static/languages/fr.json
View File

@ -94,6 +94,7 @@
"PE101":"Le mot de passe contient des caractères interdits",
"PE102":"Mise à niveau de la session",
"PE103":"Aucun second facteur disponible pour votre compte",
"PE104":"Fichier DevOps mal formaté",
"2FDeviceNotFound":"Second facteur non trouvé",
"2fRegRequired":"Ce service requiert une authentification à deux facteurs. Enregistrez un équipement ici et retournez au portail.",
"accept":"Accepter",
@ -123,6 +124,7 @@
"certificateReset":"Réinitialiser mon certificat",
"changeKey": "Générer une nouvelle clef",
"changePwd":"Changez votre mot de passe",
"checkDevOps":"Vérifier un fichier DevOps",
"checkLastLogins":"Voir mes dernières connexions",
"checkUser":"Vérifier le profil SSO d'un utilisateur",
"checkUserComputedSession":"Pas de session SSO trouvée. Données issues d'une évaluation !",

2
lemonldap-ng-portal/site/htdocs/static/languages/it.json
View File

@ -94,6 +94,7 @@
"PE101":"Password contains not allowed characters",
"PE102":"Session must be upgraded",
"PE103":"No second factors available for your account",
"PE104":"Bad DevOps handler file",
"2FDeviceNotFound":"2F device not found",
"2fRegRequired":"Questo servizio richiede un'autenticazione a doppio fattore. Registrare un dispositivo ora, quindi tornare al portale.",
"accept":"Accetta",
@ -123,6 +124,7 @@
"certificateReset":"Reset my certificate",
"changeKey":"Genera nuova chiave",
"changePwd":"Cambia la tua password",
"checkDevOps":"Check DevOps handler file",
"checkLastLogins":"Controllare i miei ultimi accessi",
"checkUser":"Controlla il profilo SSO dell'utente",
"checkUserComputedSession":"No SSO session found. Computed data!",

2
lemonldap-ng-portal/site/htdocs/static/languages/nl.json
View File

@ -94,6 +94,7 @@
"PE101":"Password contains not allowed characters",
"PE102":"Session must be upgraded",
"PE103":"No second factors available for your account",
"PE104":"Bad DevOps handler file",
"2FDeviceNotFound":"2F device not found",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
@ -123,6 +124,7 @@
"certificateReset":"Reset my certificate",
"changeKey":"Generate new key",
"changePwd":"Change your password",
"checkDevOps":"Check DevOps handler file",
"checkLastLogins":"Check my last logins",
"checkUser":"Check user SSO profile",
"checkUserComputedSession":"No SSO session found. Computed data!",

2
lemonldap-ng-portal/site/htdocs/static/languages/pl.json
View File

@ -94,6 +94,7 @@
"PE101":"Hasło zawiera niedozwolone znaki",
"PE102":"Sesja musi zostać zaktualizowana",
"PE103":"Na Twoim koncie nie ma dostępnych drugich czynników",
"PE104":"Bad DevOps handler file",
"2FDeviceNotFound":"Nie znaleziono urządzenia 2F",
"2fRegRequired":"Ta usługa wymaga podwójnego uwierzytelnienia. Zarejestruj urządzenie 2ndFA teraz, a następnie wróć do portalu.",
"accept":"Akceptuj",
@ -123,6 +124,7 @@
"certificateReset":"Zresetuj mój certyfikat",
"changeKey":"Wygeneruj nowy klucz",
"changePwd":"Zmień swoje hasło",
"checkDevOps":"Check DevOps handler file",
"checkLastLogins":"Sprawdź moje ostatnie logowania",
"checkUser":"Sprawdź profil jednokrotnego logowania użytkownika",
"checkUserComputedSession":"Nie znaleziono sesji logowania jednokrotnego. Dane obliczono!",

2
lemonldap-ng-portal/site/htdocs/static/languages/pt.json
View File

@ -94,6 +94,7 @@
"PE101":"Password contains not allowed characters",
"PE102":"Session must be upgraded",
"PE103":"No second factors available for your account",
"PE104":"Bad DevOps handler file",
"2FDeviceNotFound":"2F device not found",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
@ -123,6 +124,7 @@
"certificateReset":"Reset my certificate",
"changeKey":"Generate new key",
"changePwd":"Change your password",
"checkDevOps":"Check DevOps handler file",
"checkLastLogins":"Check my last logins",
"checkUser":"Check user SSO profile",
"checkUserComputedSession":"No SSO session found. Computed data!",

2
lemonldap-ng-portal/site/htdocs/static/languages/ro.json
View File

@ -94,6 +94,7 @@
"PE101":"Password contains not allowed characters",
"PE102":"Session must be upgraded",
"PE103":"No second factors available for your account",
"PE104":"Bad DevOps handler file",
"2FDeviceNotFound":"2F device not found",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
@ -123,6 +124,7 @@
"certificateReset":"Reset my certificate",
"changeKey":"Generate new key",
"changePwd":"Change your password",
"checkDevOps":"Check DevOps handler file",
"checkLastLogins":"Check my last logins",
"checkUser":"Check user SSO profile",
"checkUserComputedSession":"No SSO session found. Computed data!",

2
lemonldap-ng-portal/site/htdocs/static/languages/tr.json
View File

@ -94,6 +94,7 @@
"PE101":"Parola izin verilmeyen karakterler içeriyor",
"PE102":"Oturum yükseltilmeli",
"PE103":"Hesabınız için ikinci faktör kullanılabilir değil",
"PE104":"Bad DevOps handler file",
"2FDeviceNotFound":"2F cihazı bulunamadı",
"2fRegRequired":"Bu servis iki adımlı kimlik doğrulama gerektiriyor. Şimdi bir cihaz ekleyin ve ardından portala geri dönün",
"accept":"Kabul Et",
@ -123,6 +124,7 @@
"certificateReset":"Sertifikamı sıfırla",
"changeKey":"Yeni anahtar üret",
"changePwd":"Parolanı değiştir",
"checkDevOps":"Check DevOps handler file",
"checkLastLogins":"Son girişlerimi kontrol et",
"checkUser":"Kullanıcı TOA profilini kontrol et",
"checkUserComputedSession":"TOA oturumu bulunamadı. Hesaplanan veri!",

2
lemonldap-ng-portal/site/htdocs/static/languages/vi.json
View File

@ -94,6 +94,7 @@
"PE101":"Password contains not allowed characters",
"PE102":"Session must be upgraded",
"PE103":"No second factors available for your account",
"PE104":"Bad DevOps handler file",
"2FDeviceNotFound":"2F device not found",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Chấp nhận",
@ -123,6 +124,7 @@
"certificateReset":"Reset my certificate",
"changeKey":"Generate new key",
"changePwd":"Thay đổi mật khẩu của bạn",
"checkDevOps":"Check DevOps handler file",
"checkLastLogins":"Kiểm tra lần đăng nhập cuối cùng của bạn",
"checkUser":"Check user SSO profile",
"checkUserComputedSession":"No SSO session found. Computed data!",

2
lemonldap-ng-portal/site/htdocs/static/languages/zh.json
View File

@ -94,6 +94,7 @@
"PE101":"Password contains not allowed characters",
"PE102":"Session must be upgraded",
"PE103":"No second factors available for your account",
"PE104":"Bad DevOps handler file",
"2FDeviceNotFound":"2F device not found",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept 方法",
@ -123,6 +124,7 @@
"certificateReset":"Reset my certificate",
"changeKey":"Generate new key",
"changePwd":"修改您的密码",
"checkDevOps":"Check DevOps handler file",
"checkLastLogins":"Check my last logins",
"checkUser":"Check user SSO profile",
"checkUserComputedSession":"No SSO session found. Computed data!",

2
lemonldap-ng-portal/site/htdocs/static/languages/zh_TW.json
View File

@ -94,6 +94,7 @@
"PE101":"密碼包含不允許的字元",
"PE102":"工作階段必須升級",
"PE103":"您的帳號沒有可用的第二因素",
"PE104":"Bad DevOps handler file",
"2FDeviceNotFound":"找不到雙因素驗證裝置",
"2fRegRequired":"此服務需要雙因素驗證。請先註冊裝置,然後在回到首頁。",
"accept":"接受",
@ -123,6 +124,7 @@
"certificateReset":"重設我們的憑證",
"changeKey":"生成新的金鑰",
"changePwd":"變更您的密碼",
"checkDevOps":"Check DevOps handler file",
"checkLastLogins":"檢查我的上次登入",
"checkUser":"檢查使用者的 SSO 設定檔",
"checkUserComputedSession":"找不到 SSO 工作階段。已計算資料!",

26
lemonldap-ng-portal/site/templates/bootstrap/checkdevops.tpl Normal file
View File

@ -0,0 +1,26 @@
<TMPL_INCLUDE NAME="header.tpl">
<div id="errorcontent" class="container">
<div class="alert <TMPL_VAR NAME="ALERTE"> alert"><div class="text-center"><span trspan="<TMPL_VAR NAME="MSG">"></span></div></div>
<form id="checkDevOps" action="/checkdevops" method="post" class="password" role="form">
<pre><textarea id="checkDevOpsFile" name="checkDevOpsFile" class="form-control rounded-1" rows="6" trplaceholder="Paste your file here..." required><TMPL_VAR NAME="FILE"></textarea></pre>
<TMPL_IF NAME="TOKEN">
<input type="hidden" name="token" value="<TMPL_VAR NAME="TOKEN">" />
</TMPL_IF>
<div class="buttons">
<button type="submit" class="btn btn-success">
<span class="fa fa-check-circle"></span>
<span trspan="verify">Verify</span>
</button>
</div>
</form>
<div class="buttons">
<a href="<TMPL_VAR NAME="PORTAL_URL">" class="btn btn-primary" role="button">
<span class="fa fa-home"></span>
<span trspan="goToPortal">Go to portal</span>
</a>
</div>
</div>
</div>
<TMPL_INCLUDE NAME="footer.tpl">

20
lemonldap-ng-portal/site/templates/bootstrap/contextSwitching.tpl
View File

@ -2,20 +2,18 @@
<div id="errorcontent" class="container">
<div class="alert <TMPL_VAR NAME="ALERTE"> alert"><div class="text-center"><span trspan="<TMPL_VAR NAME="MSG">"></span></div></div>
<form id="contextSwitching" action="/switchcontext" method="post" class="password" role="form">
<div class="buttons">
<form id="contextSwitching" action="/switchcontext" method="post" class="password" role="form">
<TMPL_IF NAME="TOKEN">
<input type="hidden" name="token" value="<TMPL_VAR NAME="TOKEN">" />
<input type="hidden" name="token" value="<TMPL_VAR NAME="TOKEN">" />
</TMPL_IF>
<TMPL_INCLUDE NAME="impersonation.tpl">
<button type="submit" class="btn btn-success">
<span class="fa fa-random"></span>
<span trspan="switchContext">switchContext</span>
</button>
</div>
</form>
<div class="buttons">
<button type="submit" class="btn btn-success">
<span class="fa fa-random"></span>
<span trspan="switchContext">switchContext</span>
</button>
</div>
</form>
<div class="buttons">
<a href="<TMPL_VAR NAME="PORTAL_URL">" class="btn btn-primary" role="button">
<span class="fa fa-home"></span>

12
lemonldap-ng-portal/site/templates/bootstrap/impersonation.tpl
View File

@ -1,8 +1,8 @@
<TMPL_IF NAME="IMPERSONATION">
<div class="input-group mb-3">
<div class="input-group-prepend">
<span class="input-group-text"><label for="spoofIdfield" class="mb-0"><i class="fa fa-user icon-blue"></i></label></span>
</div>
<input id="spoofIdfield" name="spoofId" type="text" class="form-control" value="<TMPL_VAR NAME="SPOOFID">" autocomplete="off" trplaceholder="spoofId" aria-required="false"/>
</div>
<div class="input-group mb-3">
<div class="input-group-prepend">
<span class="input-group-text"><label for="spoofIdfield" class="mb-0"><i class="fa fa-user icon-blue"></i></label></span>
</div>
<input id="spoofIdfield" name="spoofId" type="text" class="form-control" value="<TMPL_VAR NAME="SPOOFID">" autocomplete="off" trplaceholder="spoofId" aria-required="false"/>
</div>
</TMPL_IF>