Pass encryption key to custom functions + Update doc
This commit is contained in:
parent
2f1d2a5e3b
commit
7ad7ce8bac
|
@ -50,7 +50,7 @@ master_doc = 'start'
|
|||
|
||||
# General information about the project.
|
||||
project = u'LemonLDAP::NG'
|
||||
copyright = u'2021, LemonLDAP::NG'
|
||||
copyright = u'2022, LemonLDAP::NG'
|
||||
author = u'LemonLDAP::NG'
|
||||
|
||||
# The version info for the project you're documenting, acts as replacement for
|
||||
|
|
|
@ -16,19 +16,19 @@ DecryptValue plugin can be allowed or denied for specific users.
|
|||
- **Use rule**: Select which users may use this plugin
|
||||
- **Decrypt functions**: Set functions used for decrypting ciphered
|
||||
values. Each function is tested until one succeeds. Let it blank
|
||||
to use internal decrypt function.
|
||||
to use internal ``decrypt`` extended function.
|
||||
|
||||
|
||||
.. danger::
|
||||
.. attention::
|
||||
|
||||
The ciphered value is the first parameter passed to custom functions.
|
||||
|
||||
The ``Encryption key`` is passed to custom funtions as second parameter
|
||||
(see :ref:`Security settings<security-configure-security-settings>)`.
|
||||
|
||||
Custom functions must be defined into
|
||||
``Lemonldap::NG::Portal::My::Plugin`` and set:
|
||||
``My::Plugin`` and set:
|
||||
|
||||
::
|
||||
|
||||
My::Plugin::function1 My::Plugin::function2
|
||||
|
||||
|
||||
|
||||
.. |image0| image:: /documentation/beta.png
|
||||
:width: 100px
|
||||
|
|
|
@ -310,7 +310,7 @@ Go in Manager, ``General parameters`` » ``Advanced parameters`` »
|
|||
authentication renewal cannot be forced, used to prevent to loose the
|
||||
current authentication during the main process. If you experience
|
||||
slow network performances, you can increase this value.
|
||||
- **Encryption key**: key used to crypt some data, should not be known
|
||||
- **Encryption key**: key used for crypting some data, should not be known
|
||||
by other applications
|
||||
- **Trusted domains**: domains on which the user can be redirected
|
||||
after login on portal.
|
||||
|
|
|
@ -288,7 +288,7 @@ Name Description
|
|||
:doc:`Context switching<contextswitching>` [7]_\ |new| Switch context other users
|
||||
:doc:`CrowdSec<crowdsec>` [8]_\ |new| CrowdSec bouncer
|
||||
:doc:`Custom<plugincustom>` Write a custom plugin
|
||||
:doc:`Decrypt value<decryptvalue>` [9]_\ |beta| Decrypt ciphered values
|
||||
:doc:`Decrypt value<decryptvalue>` [9]_\ Decrypt ciphered values
|
||||
:doc:`Display login history<loginhistory>` Display Success/Fails logins
|
||||
:doc:`Force Authentication<forcereauthn>` Force authentication to access to Portal
|
||||
:doc:`Global Logout<globallogout>` [10]_ Suggest to close all opened sessions at logout
|
||||
|
|
|
@ -8,7 +8,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.12';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
extends qw(
|
||||
Lemonldap::NG::Portal::Main::Plugin
|
||||
|
@ -37,13 +37,7 @@ sub init {
|
|||
$self->rule(
|
||||
$self->p->buildRule( $self->conf->{decryptValueRule}, 'decryptValue' )
|
||||
);
|
||||
return 0 unless $self->rule;
|
||||
|
||||
# Add warning in log
|
||||
$self->logger->warn(
|
||||
"DecryptValue plugin is enabled. You are using a beta version!");
|
||||
|
||||
return 1;
|
||||
return $self->rule ? 1 : 0;
|
||||
}
|
||||
|
||||
# RUNNING METHOD
|
||||
|
@ -59,10 +53,6 @@ sub display {
|
|||
|
||||
# Display form
|
||||
my $params = {
|
||||
PORTAL => $self->conf->{portal},
|
||||
MAIN_LOGO => $self->conf->{portalMainLogo},
|
||||
SKIN => $self->p->getSkin($req),
|
||||
LANGS => $self->conf->{showLanguages},
|
||||
MSG => 'decryptCipheredValue',
|
||||
ALERTE => 'alert-warning',
|
||||
TOKEN => (
|
||||
|
@ -106,10 +96,6 @@ sub run {
|
|||
}
|
||||
|
||||
my $params = {
|
||||
PORTAL => $self->conf->{portal},
|
||||
MAIN_LOGO => $self->conf->{portalMainLogo},
|
||||
SKIN => $self->p->getSkin($req),
|
||||
LANGS => $self->conf->{showLanguages},
|
||||
MSG => "PE$msg",
|
||||
ALERTE => 'alert-warning',
|
||||
TOKEN => $token,
|
||||
|
@ -124,18 +110,20 @@ sub run {
|
|||
$self->logger->debug("decryptValue tried with value: $cipheredValue");
|
||||
|
||||
if ($cipheredValue) {
|
||||
if ( $self->{conf}->{decryptValueFunctions}
|
||||
and $self->{conf}->{decryptValueFunctions} =~
|
||||
if ( $self->conf->{decryptValueFunctions}
|
||||
and $self->conf->{decryptValueFunctions} =~
|
||||
qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/ )
|
||||
{
|
||||
foreach ( split( /\s+/, $self->{conf}->{decryptValueFunctions} ) ) {
|
||||
$self->userLogger->notice(
|
||||
"Try to decrypt value with function: $_");
|
||||
/^([\w:{2}]*?)(?:::)?(?:\w+)$/;
|
||||
eval "require Lemonldap::NG::Portal::$1";
|
||||
eval "require $1";
|
||||
$self->logger->debug("Unable to load decrypt module: $@")
|
||||
if ($@);
|
||||
$decryptedValue = eval "$_" . '($cipheredValue)' unless ($@);
|
||||
my $key = $self->conf->{key};
|
||||
$decryptedValue = eval "$_" . '($cipheredValue, $key)'
|
||||
unless ($@);
|
||||
$self->logger->debug(
|
||||
$@
|
||||
? "Unable to eval decrypt function: $@"
|
||||
|
@ -146,7 +134,7 @@ sub run {
|
|||
}
|
||||
else {
|
||||
$self->userLogger->notice("Malformed decrypt functions")
|
||||
if $self->{conf}->{decryptValueFunctions};
|
||||
if $self->conf->{decryptValueFunctions};
|
||||
$self->userLogger->notice(
|
||||
"Try to decrypt value with internal LL::NG decrypt function");
|
||||
$decryptedValue =
|
||||
|
@ -161,10 +149,6 @@ sub run {
|
|||
|
||||
# Display form
|
||||
my $params = {
|
||||
PORTAL => $self->conf->{portal},
|
||||
MAIN_LOGO => $self->conf->{portalMainLogo},
|
||||
SKIN => $self->p->getSkin($req),
|
||||
LANGS => $self->conf->{showLanguages},
|
||||
MSG => 'decryptCipheredValue',
|
||||
DECRYPTED => (
|
||||
$decryptedValue ? $decryptedValue
|
||||
|
|
|
@ -136,7 +136,7 @@
|
|||
"checkUserNoSessionFound":"Pas de session SSO trouvée",
|
||||
"choose2f":"Choisissez votre second facteur",
|
||||
"chooseApp":"Choisissez une application à laquelle vous êtes autorisé à accéder",
|
||||
"cipheredValue":"Valeur cryptée",
|
||||
"cipheredValue":"Valeur chiffrée",
|
||||
"click2Reset":"Cliquez içi pour réinitialiser votre mot de passe",
|
||||
"clickHere":"Cliquez ici",
|
||||
"clickOnYubikey":"Cliquez sur votre Yubikey",
|
||||
|
@ -155,7 +155,7 @@
|
|||
"current":"Courante",
|
||||
"currentPwd":"Mot de passe actuel",
|
||||
"date":"Date",
|
||||
"decryptCipheredValue":"Déchiffrer une valeur cryptée",
|
||||
"decryptCipheredValue":"Décoder une valeur chriffée",
|
||||
"enterCred":"Merci de vous authentifier",
|
||||
"enterExt2fCode":"Un code vous a été envoyé, entrez-le ici",
|
||||
"enterMail2fCode":"Un code vous a été envoyé par mail, entrez-le ici",
|
||||
|
@ -216,7 +216,7 @@
|
|||
"noNotification":"Aucune notification acceptée trouvée",
|
||||
"noTOTPFound":"Aucun secret TOTP trouvé",
|
||||
"noU2FKeyFound":"Aucune clef U2F trouvée",
|
||||
"notAnEncryptedValue":"Ce n'est pas une valeur cryptée",
|
||||
"notAnEncryptedValue":"Impossible de décoder cette valeur",
|
||||
"notAuthorized":"Vous n'êtes pas autorisé à faire cette requête",
|
||||
"notAuthorizedAuthLevel":"Cette action requiert un niveau d'authentification supérieur",
|
||||
"notFound":"Non trouvé : vous tentez d'accéder à une page non disponible",
|
||||
|
|
|
@ -14,12 +14,13 @@ my $client = LLNG::Manager::Test->new( {
|
|||
logLevel => 'error',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
key => 'Demo',
|
||||
loginHistoryEnabled => 0,
|
||||
brutForceProtection => 0,
|
||||
requireToken => 0,
|
||||
decryptValueRule => 1,
|
||||
decryptValueFunctions =>
|
||||
'Custom::empty Custom::test_uc Custom::undefined',
|
||||
'Lemonldap::NG::Portal::Custom::empty Lemonldap::NG::Portal::Custom::test_uc Lemonldap::NG::Portal::Custom::undefined',
|
||||
}
|
||||
}
|
||||
);
|
||||
|
@ -84,7 +85,7 @@ ok(
|
|||
),
|
||||
'POST decryptvalue with valid value'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="LOWERCASE"></span>%,
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="LOWERCASE_DEMO"></span>%,
|
||||
'Found decryted value' )
|
||||
or explain( $res->[2]->[0], 'Decryted value NOT found' );
|
||||
count(2);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
package Custom;
|
||||
package Lemonldap::NG::Portal::Custom;
|
||||
|
||||
sub empty {
|
||||
return '';
|
||||
|
@ -9,7 +9,7 @@ sub undefined {
|
|||
}
|
||||
|
||||
sub test_uc {
|
||||
return uc $_[0];
|
||||
return uc($_[0] . '_' . $_[1]);
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
Loading…
Reference in New Issue