diff --git a/doc/sources/admin/conf.py b/doc/sources/admin/conf.py index 154ac0e1d..133d7e223 100644 --- a/doc/sources/admin/conf.py +++ b/doc/sources/admin/conf.py @@ -50,7 +50,7 @@ master_doc = 'start' # General information about the project. project = u'LemonLDAP::NG' -copyright = u'2021, LemonLDAP::NG' +copyright = u'2022, LemonLDAP::NG' author = u'LemonLDAP::NG' # The version info for the project you're documenting, acts as replacement for diff --git a/doc/sources/admin/decryptvalue.rst b/doc/sources/admin/decryptvalue.rst index 799bcaf29..cf25da57c 100644 --- a/doc/sources/admin/decryptvalue.rst +++ b/doc/sources/admin/decryptvalue.rst @@ -16,19 +16,19 @@ DecryptValue plugin can be allowed or denied for specific users. - **Use rule**: Select which users may use this plugin - **Decrypt functions**: Set functions used for decrypting ciphered values. Each function is tested until one succeeds. Let it blank - to use internal decrypt function. + to use internal ``decrypt`` extended function. -.. danger:: +.. attention:: + + The ciphered value is the first parameter passed to custom functions. + + The ``Encryption key`` is passed to custom funtions as second parameter + (see :ref:`Security settings)`. Custom functions must be defined into - ``Lemonldap::NG::Portal::My::Plugin`` and set: + ``My::Plugin`` and set: :: My::Plugin::function1 My::Plugin::function2 - - - -.. |image0| image:: /documentation/beta.png - :width: 100px diff --git a/doc/sources/admin/security.rst b/doc/sources/admin/security.rst index dd28a4697..c80ec6ef9 100644 --- a/doc/sources/admin/security.rst +++ b/doc/sources/admin/security.rst @@ -310,7 +310,7 @@ Go in Manager, ``General parameters`` » ``Advanced parameters`` » authentication renewal cannot be forced, used to prevent to loose the current authentication during the main process. If you experience slow network performances, you can increase this value. -- **Encryption key**: key used to crypt some data, should not be known +- **Encryption key**: key used for crypting some data, should not be known by other applications - **Trusted domains**: domains on which the user can be redirected after login on portal. diff --git a/doc/sources/admin/start.rst b/doc/sources/admin/start.rst index 61af6fe3e..ecc6d1047 100644 --- a/doc/sources/admin/start.rst +++ b/doc/sources/admin/start.rst @@ -288,7 +288,7 @@ Name Description :doc:`Context switching` [7]_\ |new| Switch context other users :doc:`CrowdSec` [8]_\ |new| CrowdSec bouncer :doc:`Custom` Write a custom plugin -:doc:`Decrypt value` [9]_\ |beta| Decrypt ciphered values +:doc:`Decrypt value` [9]_\ Decrypt ciphered values :doc:`Display login history` Display Success/Fails logins :doc:`Force Authentication` Force authentication to access to Portal :doc:`Global Logout` [10]_ Suggest to close all opened sessions at logout diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/DecryptValue.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/DecryptValue.pm index 7ce3cfe1c..84381f7e3 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/DecryptValue.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/DecryptValue.pm @@ -8,7 +8,7 @@ use Lemonldap::NG::Portal::Main::Constants qw( PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED ); -our $VERSION = '2.0.12'; +our $VERSION = '2.0.15'; extends qw( Lemonldap::NG::Portal::Main::Plugin @@ -37,13 +37,7 @@ sub init { $self->rule( $self->p->buildRule( $self->conf->{decryptValueRule}, 'decryptValue' ) ); - return 0 unless $self->rule; - - # Add warning in log - $self->logger->warn( - "DecryptValue plugin is enabled. You are using a beta version!"); - - return 1; + return $self->rule ? 1 : 0; } # RUNNING METHOD @@ -59,10 +53,6 @@ sub display { # Display form my $params = { - PORTAL => $self->conf->{portal}, - MAIN_LOGO => $self->conf->{portalMainLogo}, - SKIN => $self->p->getSkin($req), - LANGS => $self->conf->{showLanguages}, MSG => 'decryptCipheredValue', ALERTE => 'alert-warning', TOKEN => ( @@ -106,10 +96,6 @@ sub run { } my $params = { - PORTAL => $self->conf->{portal}, - MAIN_LOGO => $self->conf->{portalMainLogo}, - SKIN => $self->p->getSkin($req), - LANGS => $self->conf->{showLanguages}, MSG => "PE$msg", ALERTE => 'alert-warning', TOKEN => $token, @@ -124,18 +110,20 @@ sub run { $self->logger->debug("decryptValue tried with value: $cipheredValue"); if ($cipheredValue) { - if ( $self->{conf}->{decryptValueFunctions} - and $self->{conf}->{decryptValueFunctions} =~ + if ( $self->conf->{decryptValueFunctions} + and $self->conf->{decryptValueFunctions} =~ qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/ ) { foreach ( split( /\s+/, $self->{conf}->{decryptValueFunctions} ) ) { $self->userLogger->notice( "Try to decrypt value with function: $_"); /^([\w:{2}]*?)(?:::)?(?:\w+)$/; - eval "require Lemonldap::NG::Portal::$1"; + eval "require $1"; $self->logger->debug("Unable to load decrypt module: $@") if ($@); - $decryptedValue = eval "$_" . '($cipheredValue)' unless ($@); + my $key = $self->conf->{key}; + $decryptedValue = eval "$_" . '($cipheredValue, $key)' + unless ($@); $self->logger->debug( $@ ? "Unable to eval decrypt function: $@" @@ -146,7 +134,7 @@ sub run { } else { $self->userLogger->notice("Malformed decrypt functions") - if $self->{conf}->{decryptValueFunctions}; + if $self->conf->{decryptValueFunctions}; $self->userLogger->notice( "Try to decrypt value with internal LL::NG decrypt function"); $decryptedValue = @@ -161,10 +149,6 @@ sub run { # Display form my $params = { - PORTAL => $self->conf->{portal}, - MAIN_LOGO => $self->conf->{portalMainLogo}, - SKIN => $self->p->getSkin($req), - LANGS => $self->conf->{showLanguages}, MSG => 'decryptCipheredValue', DECRYPTED => ( $decryptedValue ? $decryptedValue diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json index e2b5a313d..b106e7ae1 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json @@ -136,7 +136,7 @@ "checkUserNoSessionFound":"Pas de session SSO trouvée", "choose2f":"Choisissez votre second facteur", "chooseApp":"Choisissez une application à laquelle vous êtes autorisé à accéder", -"cipheredValue":"Valeur cryptée", +"cipheredValue":"Valeur chiffrée", "click2Reset":"Cliquez içi pour réinitialiser votre mot de passe", "clickHere":"Cliquez ici", "clickOnYubikey":"Cliquez sur votre Yubikey", @@ -155,7 +155,7 @@ "current":"Courante", "currentPwd":"Mot de passe actuel", "date":"Date", -"decryptCipheredValue":"Déchiffrer une valeur cryptée", +"decryptCipheredValue":"Décoder une valeur chriffée", "enterCred":"Merci de vous authentifier", "enterExt2fCode":"Un code vous a été envoyé, entrez-le ici", "enterMail2fCode":"Un code vous a été envoyé par mail, entrez-le ici", @@ -216,7 +216,7 @@ "noNotification":"Aucune notification acceptée trouvée", "noTOTPFound":"Aucun secret TOTP trouvé", "noU2FKeyFound":"Aucune clef U2F trouvée", -"notAnEncryptedValue":"Ce n'est pas une valeur cryptée", +"notAnEncryptedValue":"Impossible de décoder cette valeur", "notAuthorized":"Vous n'êtes pas autorisé à faire cette requête", "notAuthorizedAuthLevel":"Cette action requiert un niveau d'authentification supérieur", "notFound":"Non trouvé : vous tentez d'accéder à une page non disponible", diff --git a/lemonldap-ng-portal/t/58-DecryptValue-with-custom-function.t b/lemonldap-ng-portal/t/58-DecryptValue-with-custom-function.t index 898eb4995..42209cac4 100644 --- a/lemonldap-ng-portal/t/58-DecryptValue-with-custom-function.t +++ b/lemonldap-ng-portal/t/58-DecryptValue-with-custom-function.t @@ -14,12 +14,13 @@ my $client = LLNG::Manager::Test->new( { logLevel => 'error', authentication => 'Demo', userDB => 'Same', + key => 'Demo', loginHistoryEnabled => 0, brutForceProtection => 0, requireToken => 0, decryptValueRule => 1, decryptValueFunctions => - 'Custom::empty Custom::test_uc Custom::undefined', +'Lemonldap::NG::Portal::Custom::empty Lemonldap::NG::Portal::Custom::test_uc Lemonldap::NG::Portal::Custom::undefined', } } ); @@ -84,7 +85,7 @@ ok( ), 'POST decryptvalue with valid value' ); -ok( $res->[2]->[0] =~ m%%, +ok( $res->[2]->[0] =~ m%%, 'Found decryted value' ) or explain( $res->[2]->[0], 'Decryted value NOT found' ); count(2); diff --git a/lemonldap-ng-portal/t/lib/Lemonldap/NG/Portal/Custom.pm b/lemonldap-ng-portal/t/lib/Lemonldap/NG/Portal/Custom.pm index ed28fb143..f06febdc4 100644 --- a/lemonldap-ng-portal/t/lib/Lemonldap/NG/Portal/Custom.pm +++ b/lemonldap-ng-portal/t/lib/Lemonldap/NG/Portal/Custom.pm @@ -1,4 +1,4 @@ -package Custom; +package Lemonldap::NG::Portal::Custom; sub empty { return ''; @@ -9,7 +9,7 @@ sub undefined { } sub test_uc { - return uc $_[0]; + return uc($_[0] . '_' . $_[1]); } 1;