dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of gitlab.ow2.org:lemonldap-ng/lemonldap-ng

Browse Source
This commit is contained in:
Christophe Maudoux 2019-01-18 22:06:24 +01:00
commit 7e9aaea6bc
14 changed files with 187 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
e2e-tests/manager/01-generalParameters.js
View File

@ -70,6 +70,7 @@ describe('01 Lemonldap::NG Manager', function() {
});
it('General Parameters > Authn. parameters > Users modules => Should have 7 modules availabled with "Same" selected', function() {
element(by.id('t-userDB')).click();
browser.sleep(1000);
expect(element(by.css('option[selected="selected"]')).getAttribute('Value')).toEqual('Same');
expect(element.all(by.repeater('item in currentNode.select')).count()).toEqual(7);
});

2
e2e-tests/manager/05-form.js
View File

@ -44,7 +44,7 @@ describe('05 Lemonldap::NG Manager', function() {
['exportedVars', 'macros', 'groups'].forEach(function(type) {
element(by.id('a-' + type)).click();
element(by.id('t-' + type)).click();
element(by.css('.glyphicon-plus-sign')).click();
element.all(by.css('.glyphicon-plus-sign')).first().click();
expect(element(by.id('t-' + type + '/n' + id)).getText()).toEqual('new');
browser.sleep(3000);
id++;

7
e2e-tests/manager/06-form.js
View File

@ -7,14 +7,19 @@ describe('06 Lemonldap::NG Manager', function() {
describe('Form control, part 2', function() {
it('should display portal skin choice', function() {
browser.get('/#/confs/1');
browser.get('/#!/confs/lastest');
element(by.id('a-generalParameters')).click();
element(by.id('a-portalParams')).click();
element(by.id('a-portalCustomization')).click();
element(by.id('t-portalSkin')).click();
element(by.css('[ng-click="showModal(\'portalSkinChoice.html\')"]')).click();
browser.sleep(1000);
var skinChoice = element.all(by.repeater('b in currentNode.select'));
expect(skinChoice.count()).toEqual(1);
element(by.css('[trspan="cancel"]')).click();
browser.sleep(1000);
});
});
});

28
e2e-tests/manager/07-authParams.js
View File

@ -7,37 +7,57 @@ describe('07 Lemonldap::NG Manager', function() {
describe('Form control, part 3 - authParams', function() {
it('should display auth modules chosen', function() {
browser.get('/#/confs/1');
browser.get('/#!/confs/latest');
browser.sleep(2000);
element(by.id('a-generalParameters')).click();
browser.sleep(1000);
element(by.id('a-authParams')).click();
browser.sleep(1000);
element(by.id('t-authentication')).click();
browser.sleep(2000);
expect(element(by.id('t-demoParams')).isDisplayed()).toBeTruthy();
element(by.xpath("//option[@value='Apache']")).click();
browser.sleep(2000);
expect(element(by.id('t-apacheParams')).isDisplayed()).toBeTruthy();
});
it('should display auth modules chosen with authChoice', function() {
element(by.xpath("//option[@value='Choice']")).click();
browser.sleep(1000);
expect(element(by.id('t-choiceParams')).isDisplayed()).toBeTruthy();
element(by.id('a-choiceParams')).click();
browser.sleep(1000);
element(by.id('t-authChoiceModules')).click();
element(by.css('.glyphicon-plus-sign')).click();
browser.sleep(2000);
//element(by.css('.glyphicon-plus-sign')).click();
browser.sleep(2000);
element(by.id('a-authChoiceModules')).click();
browser.sleep(2000);
element.all(by.css('.glyphicon-plus-sign')).first().click();
element(by.id('t-authChoiceModules/n1')).click();
element(by.xpath("//option[@value='LDAP']")).click();
browser.sleep(2000);
element.all(by.xpath("//option[@value='LDAP']")).first().click();
expect(element(by.id('t-ldapParams')).isDisplayed()).toBeTruthy();
});
it('should display auth modules chosen with authCombination', function() {
element(by.id('t-authentication')).click();
browser.sleep(1000);
element(by.xpath("//option[@value='Combination']")).click();
browser.sleep(1000);
expect(element(by.id('t-combinationParams')).isDisplayed()).toBeTruthy();
element(by.id('a-combinationParams')).click();
browser.sleep(1000);
element(by.id('t-combModules')).click();
browser.sleep(2000);
element(by.css('.glyphicon-plus-sign')).click();
element(by.xpath("//option[@value='DBI']")).click();
expect(element(by.id('t-dbiParams')).isDisplayed()).toBeTruthy();
element(by.xpath("//option[@value='LDAP']")).click();
element.all(by.xpath("//option[@value='LDAP']")).first().click();
expect(element(by.id('t-ldapParams')).isDisplayed()).toBeTruthy();
});
});

4
e2e-tests/manager/07-utf8.js
View File

@ -7,7 +7,7 @@ describe('07u Lemonldap::NG Manager', function() {
describe('Apply mechanism', function() {
it('should be able to send UTF-8 chars', function() {
browser.get('/#/confs/latest');
browser.get('/#!/confs/latest');
element(by.id('a-generalParameters')).click();
element(by.id('a-advancedParams')).click();
element(by.id('a-security')).click();
@ -18,6 +18,8 @@ describe('07u Lemonldap::NG Manager', function() {
element(by.id('save')).click();
element(by.id('longtextinput')).sendKeys('UTF-8 tests');
element(by.id('saveok')).click();
browser.sleep(2000);
element(by.id('messageok')).click();
expect(element(by.id('cfgnum')).getText()).toEqual('2');
});

27
e2e-tests/manager/08-apply.js
View File

@ -7,25 +7,38 @@ describe('08 Lemonldap::NG Manager', function() {
describe('Apply mechanism', function() {
it('should be able to add reload urls', function() {
browser.get('/#/confs/latest');
browser.get('/#!/confs/latest');
browser.sleep(1000);
element(by.id('a-generalParameters')).click();
element(by.id('t-reloadParams')).click();
element(by.id('a-reloadParams')).click();
element(by.id('t-reloadUrls')).click();
element(by.id('a-reloadUrls')).click();
browser.sleep(1000);
//element(by.id('a-reloadUrls')).click();
element(by.css('.glyphicon-plus-sign')).click();
element(by.id('a-reloadUrls')).click();
browser.sleep(1000);
element(by.id('t-reloadUrls/n1')).click();
element(by.id('hashkeyinput')).clear().sendKeys('auth.example.com:19876');
element(by.id('hashvalueinput')).clear().sendKeys('http://auth.example.com:19876/static/nothing');
browser.sleep(1000);
element(by.id('hashkeyinput')).clear().sendKeys('auth.example.com');
browser.sleep(1000);
element(by.id('hashvalueinput')).clear().sendKeys('http://auth.example.com:19876/static/common/icons/ok.png');
browser.sleep(1000);
element(by.css('.glyphicon-plus-sign')).click();
element(by.id('t-reloadUrls/n2')).click();
element(by.id('hashkeyinput')).clear().sendKeys('manager.example.com:19876');
element(by.id('hashvalueinput')).clear().sendKeys('http://auth.example.com:19876/static/js/manager.js');
element(by.id('hashkeyinput')).clear().sendKeys('manager.example.com');
element(by.id('hashvalueinput')).clear().sendKeys('http://manager.example.com:19876/static/js/manager.js');
browser.sleep(1000);
});
it('should save new configuration', function() {
element(by.id('save')).click();
element(by.id('longtextinput')).sendKeys('Reload URLs test');
element(by.id('saveok')).click();
expect(element.all(by.repeater('item in item.items')).count()).toEqual(2);
browser.sleep(1000);
element(by.id('messageok')).click();
expect(element(by.id('cfgnum')).getText()).toEqual('3');
});

4
e2e-tests/manager/11-oidcop-config.js
View File

@ -9,7 +9,7 @@ describe('11 Lemonldap::NG Manager', function() {
it('should add an OIDC OP', function() {
browser.get('/#/confs/latest');
element(by.id('t-oidcOPMetaDataNodes')).click();
element(by.css('.glyphicon-plus-sign')).click();
element.all(by.css('.glyphicon-plus-sign')).first().click();
element(by.id('promptok')).click();
browser.sleep(500);
element(by.id('a-oidcOPMetaDataNodes/new__op-example')).click();
@ -18,7 +18,7 @@ describe('11 Lemonldap::NG Manager', function() {
element(by.id('t-oidcOPMetaDataNodes/new__op-example/oidcOPMetaDataJWKS')).click();
element(by.id('filetext')).sendKeys('{"c":"d"}');
element(by.id('t-oidcOPMetaDataNodes/new__op-example/oidcOPMetaDataExportedVars')).click();
element(by.css('.glyphicon-plus-sign')).click();
element.all(by.css('.glyphicon-plus-sign')).first().click();
//element(by.id('a-oidcOPMetaDataNodes/new__op-example/oidcOPMetaDataExportedVars')).click();
element(by.id('t-oidcOPMetaDataNodes/new__op-example/oidcOPMetaDataExportedVars/n1')).click();
element(by.id('hashkeyinput')).clear().sendKeys('MyKey');

6
e2e-tests/manager/12-oidcrp-config.js
View File

@ -9,12 +9,12 @@ describe('12 Lemonldap::NG Manager', function() {
it('should add an OIDC RP', function() {
browser.get('/#/confs/latest');
element(by.id('t-oidcRPMetaDataNodes')).click();
element(by.css('.glyphicon-plus-sign')).click();
element.all(by.css('.glyphicon-plus-sign')).first().click();
element(by.id('promptok')).click();
browser.sleep(500);
element(by.id('a-oidcRPMetaDataNodes/new__rp-example')).click();
element(by.id('t-oidcRPMetaDataNodes/new__rp-example/oidcRPMetaDataExportedVars')).click();
element(by.css('.glyphicon-plus-sign')).click();
element.all(by.css('.glyphicon-plus-sign')).first().click();
//element(by.id('a-oidcRPMetaDataNodes/new__rp-example/oidcRPMetaDataExportedVars')).click();
element(by.id('t-oidcRPMetaDataNodes/new__rp-example/oidcRPMetaDataExportedVars/n1')).click();
element(by.id('hashkeyinput')).clear().sendKeys('MyKey');
@ -24,7 +24,7 @@ describe('12 Lemonldap::NG Manager', function() {
element(by.id('t-oidcRPMetaDataNodes/new__rp-example/oidcRPMetaDataOptionsClientID')).click();
element(by.id('textinput')).clear().sendKeys('MyClientID');
element(by.id('t-oidcRPMetaDataNodes/new__rp-example/oidcRPMetaDataOptionsExtraClaims')).click();
element(by.css('.glyphicon-plus-sign')).click();
element.all(by.css('.glyphicon-plus-sign')).first().click();
//element(by.id('a-oidcRPMetaDataNodes/new__rp-example/oidcRPMetaDataOptionsExtraClaims')).click();
element(by.id('t-oidcRPMetaDataNodes/new__rp-example/oidcRPMetaDataOptionsExtraClaims/n2')).click();
element(by.id('hashkeyinput')).clear().sendKeys('MyClaim');

4
e2e-tests/manager/36-diff.js
View File

@ -7,7 +7,9 @@ describe('36 Lemonldap::NG Manager', function() {
describe('Diff interface', function() {
it('should find key changed', function() {
browser.get('/diff.html#!/6/7');
browser.get('/diff.html#!/5/6');
browser.sleep(5000);
element(by.id('t-generalParameters')).click();
element(by.id('t-advancedParams')).click();
element(by.id('t-security')).click();

2
e2e-tests/manager/40-sessions.js
View File

@ -6,7 +6,7 @@ describe('40 Lemonldap::NG Manager', function() {
browser.get('/');
var links = element.all(by.repeater('l in links'));
expect(links.count()).toEqual(4);
element(by.xpath("//a[@href='sessions.html']")).click();
element.all(by.xpath("//a[@href='sessions.html']")).first().click();
});
});

8
e2e-tests/protractor-conf.js
View File

@ -1,10 +1,10 @@
exports.config = {
allScriptsTimeout: 11000,
allScriptsTimeout: 300000,
// Specific test
specs: process.env.E2E_TESTS,
// specs: process.env.E2E_TESTS,
// All tests
//specs: ['handler/*.js', 'portal/*.js', 'manager/*.js' ],
specs: ['portal/*.js', 'handler/*.js', 'manager/*.js' ],
capabilities: {
//'browserName': 'firefox'
@ -18,6 +18,6 @@ exports.config = {
framework: 'jasmine',
jasmineNodeOpts: {
defaultTimeoutInterval: 30000
defaultTimeoutInterval: 60000
}
};

8
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Init.pm
View File

@ -1,6 +1,6 @@
package Lemonldap::NG::Handler::Main::Init;
our $VERSION = '2.0.0';
our $VERSION = '2.0.2';
package Lemonldap::NG::Handler::Main;
@ -66,7 +66,9 @@ sub logLevelInit {
# adapt server signature
sub serverSignatureInit {
my $class = shift;
$class->setServerSignature("Lemonldap::NG/$VERSION");
require Lemonldap::NG::Handler;
my $version = $Lemonldap::NG::Handler::VERSION;
$class->setServerSignature("Lemonldap::NG/$version");
}
## @ifn protected void statusInit()
@ -107,7 +109,7 @@ sub statusInit {
exec $perl_exec, '-MLemonldap::NG::Handler::Lib::Status',
# Insert @INC in Perl path
map( { "-I$_" } @INC ),
map( {"-I$_"} @INC ),
# Command to launch
'-e', '&Lemonldap::NG::Handler::Lib::Status::run()',

219
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
View File

@ -30,7 +30,8 @@ sub tests {
portalIsInDomain => sub {
return (
1,
( index( $conf->{portal}, $conf->{domain} ) > 0
(
index( $conf->{portal}, $conf->{domain} ) > 0
? ''
: "Portal seems not to be in the domain $conf->{domain}"
)
@ -42,7 +43,7 @@ sub tests {
# Checking for ending slash
$conf->{portal} .= '/'
unless ( $conf->{portal} =~ qr#/$# );
unless ( $conf->{portal} =~ qr#/$# );
# Deleting trailing ending slash
my $regex = qr#/+$#;
@ -60,10 +61,11 @@ sub tests {
}
return (
1,
( @pb
(
@pb
? 'Virtual hosts '
. join( ', ', @pb )
. " are not in $conf->{domain} and cross-domain-authentication is not set"
. join( ', ', @pb )
. " are not in $conf->{domain} and cross-domain-authentication is not set"
: undef
)
);
@ -77,9 +79,9 @@ sub tests {
}
if (@pb) {
return ( 0,
'Virtual hosts '
. join( ', ', @pb )
. " contain a port, this is not allowed" );
'Virtual hosts '
. join( ', ', @pb )
. " contain a port, this is not allowed" );
}
else { return 1; }
},
@ -92,9 +94,9 @@ sub tests {
}
if (@pb) {
return ( 0,
'Virtual hosts '
. join( ', ', @pb )
. " must be in lower case" );
'Virtual hosts '
. join( ', ', @pb )
. " must be in lower case" );
}
else { return 1; }
},
@ -102,12 +104,12 @@ sub tests {
# Check if "userDB" and "authentication" are consistent
authAndUserDBConsistency => sub {
foreach
my $type (qw(Facebook Google OpenID OpenIDConnect SAML WebID))
my $type (qw(Facebook Google OpenID OpenIDConnect SAML WebID))
{
return ( 0,
"\"$type\" can not be used as user database without using \"$type\" for authentication"
)
if ($conf->{userDB} =~ /$type/
"\"$type\" can not be used as user database without using \"$type\" for authentication"
)
if ( $conf->{userDB} =~ /$type/
and $conf->{authentication} !~ /$type/ );
}
return 1;
@ -117,29 +119,30 @@ sub tests {
checkAttrAndMacros => sub {
my @tmp;
foreach my $k ( keys %$conf ) {
if ( $k
=~ /^(?:openIdSreg_(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)|whatToTrace)$/
)
if ( $k =~
/^(?:openIdSreg_(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)|whatToTrace)$/
)
{
my $v = $conf->{$k};
$v =~ s/^$//;
next if ( $v =~ /^_/ );
push @tmp,
$k
unless (
$k
unless (
defined(
$conf->{exportedVars}->{$v}
or defined( $conf->{macros}->{$v} )
or defined( $conf->{macros}->{$v} )
)
);
);
}
}
return (
1,
( @tmp
(
@tmp
? 'Values of parameter(s) "'
. join( ', ', @tmp )
. '" are not defined in exported attributes or macros'
. join( ', ', @tmp )
. '" are not defined in exported attributes or macros'
: ''
)
);
@ -151,18 +154,18 @@ sub tests {
if ( $conf->{userDB} =~ /^Google$/ ) {
foreach my $k ( keys %{ $conf->{exportedVars} } ) {
my $v = $conf->{exportedVars}->{$k};
if ( $v !~ Lemonldap::NG::Common::Regexp::GOOGLEAXATTR() )
{
if ( $v !~ Lemonldap::NG::Common::Regexp::GOOGLEAXATTR() ) {
push @tmp, $v;
}
}
}
return (
1,
( @tmp
(
@tmp
? 'Values of parameter(s) "'
. join( ', ', @tmp )
. '" are not exported by Google'
. join( ', ', @tmp )
. '" are not exported by Google'
: ''
)
);
@ -174,8 +177,7 @@ sub tests {
if ( $conf->{userDB} =~ /^OpenID$/ ) {
foreach my $k ( keys %{ $conf->{exportedVars} } ) {
my $v = $conf->{exportedVars}->{$k};
if ( $v
!~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() )
if ( $v !~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() )
{
push @tmp, $v;
}
@ -183,10 +185,11 @@ sub tests {
}
return (
1,
( @tmp
(
@tmp
? 'Values of parameter(s) "'
. join( ', ', @tmp )
. '" are not exported by OpenID SREG'
. join( ', ', @tmp )
. '" are not exported by OpenID SREG'
: ''
)
);
@ -195,51 +198,51 @@ sub tests {
# Try to use Apache::Session module
testApacheSession => sub {
my ( $id, %h );
my $gc = Lemonldap::NG::Handler::Main->tsv
->{sessionStorageModule};
my $gc = Lemonldap::NG::Handler::Main->tsv->{sessionStorageModule};
return 1
if ( ( $gc and $gc eq $conf->{globalStorage} )
or $conf->{globalStorage}
=~ /^Lemonldap::NG::Common::Apache::Session::/ );
if ( ( $gc and $gc eq $conf->{globalStorage} )
or $conf->{globalStorage} =~
/^Lemonldap::NG::Common::Apache::Session::/ );
eval "use $conf->{globalStorage}";
return ( -1, "Unknown package $conf->{globalStorage}" ) if ($@);
eval {
tie %h, 'Lemonldap::NG::Common::Apache::Session', undef,
{
{
%{ $conf->{globalStorageOptions} },
backend => $conf->{globalStorage}
};
};
};
return ( -1, "Unable to create a session ($@)" )
if ( $@ or not tied(%h) );
if ( $@ or not tied(%h) );
eval {
$h{a} = 1;
$id = $h{_session_id} or return ( -1, 'No _session_id' );
untie(%h);
tie %h, 'Lemonldap::NG::Common::Apache::Session', $id,
{
{
%{ $conf->{globalStorageOptions} },
backend => $conf->{globalStorage}
};
};
};
return ( -1, "Unable to insert data ($@)" ) if ($@);
return ( -1, "Unable to recover data stored" )
unless ( $h{a} == 1 );
unless ( $h{a} == 1 );
eval { tied(%h)->delete; };
return ( -1, "Unable to delete session ($@)" ) if ($@);
return ( -1,
'All sessions may be lost and you must restart all your Apache servers'
'All sessions may be lost and you must restart all your Apache servers'
) if ( $gc and $conf->{globalStorage} ne $gc );
return 1;
},
# Warn if cookie name has changed
cookieNameChanged => sub {
my $cn = $Lemonldap::NG::Handler::PSGI::API::tsv->{cookieName};
my $cn = Lemonldap::NG::Handler::Main->tsv->{cookieName};
return (
1,
( $cn
and $cn ne $conf->{cookieName}
(
$cn
and $cn ne $conf->{cookieName}
? 'Cookie name has changed, you must restart all your web servers'
: ()
)
@ -250,9 +253,10 @@ sub tests {
cookieTTL => sub {
return 1 unless ( defined $conf->{cookieExpiration} );
return ( 0, "Cookie TTL must be higher than one minute" )
unless ( $conf->{cookieExpiration} == 0 || $conf->{cookieExpiration} > 60 );
unless ( $conf->{cookieExpiration} == 0
|| $conf->{cookieExpiration} > 60 );
return ( 1, "Cookie TTL should be higher or equal than one hour" )
unless ( $conf->{cookieExpiration} >= 3600
unless ( $conf->{cookieExpiration} >= 3600
|| $conf->{cookieExpiration} == 0 );
# Return
@ -263,7 +267,7 @@ sub tests {
sessionTimeout => sub {
return 1 unless ( defined $conf->{timeout} );
return ( -1, "Session timeout should be higher than ten minutes" )
unless ( $conf->{timeout} > 600
unless ( $conf->{timeout} > 600
|| $conf->{timeout} == 0 );
# Return
@ -274,9 +278,9 @@ sub tests {
sessionTimeoutActivity => sub {
return 1 unless ( defined $conf->{timeoutActivity} );
return ( 0,
"Session activity timeout must be higher or equal than one minute"
)
unless ( $conf->{timeoutActivity} > 59
"Session activity timeout must be higher or equal than one minute"
)
unless ( $conf->{timeoutActivity} > 59
|| $conf->{timeoutActivity} == 0 );
# Return
@ -287,11 +291,11 @@ sub tests {
timeoutActivityInterval => sub {
return 1 unless ( defined $conf->{timeoutActivityInterval} );
return ( 0,
"Activity timeout interval must be lower than session activity timeout"
)
if ($conf->{timeoutActivity}
and $conf->{timeoutActivity}
<= $conf->{timeoutActivityInterval} );
"Activity timeout interval must be lower than session activity timeout"
)
if ( $conf->{timeoutActivity}
and $conf->{timeoutActivity} <=
$conf->{timeoutActivityInterval} );
# Return
return 1;
@ -301,7 +305,8 @@ sub tests {
managerProtection => sub {
return (
1,
( $conf->{cfgAuthor} eq 'anonymous'
(
$conf->{cfgAuthor} eq 'anonymous'
? 'Your manager seems to be unprotected'
: ''
)
@ -317,21 +322,21 @@ sub tests {
# Use SMTP
eval "use Net::SMTP";
return ( 1, "Net::SMTP module is required to use SMTP server" )
if ($@);
if ($@);
# Create SMTP object
my $smtp = Net::SMTP->new( $conf->{SMTPServer}, Timeout => 5 );
return ( 1,
"SMTP connection to " . $conf->{SMTPServer} . " failed" )
unless ($smtp);
unless ($smtp);
# Skip other tests if no authentication
return 1
unless ( $conf->{SMTPAuthUser} and $conf->{SMTPAuthPass} );
unless ( $conf->{SMTPAuthUser} and $conf->{SMTPAuthPass} );
# Try authentication
return ( 1, "SMTP authentication failed" )
unless $smtp->auth( $conf->{SMTPAuthUser},
unless $smtp->auth( $conf->{SMTPAuthUser},
$conf->{SMTPAuthPass} );
# Return
@ -341,14 +346,15 @@ sub tests {
# SAML entity ID must be uniq
samlIDPEntityIdUniqueness => sub {
return 1
unless ( $conf->{samlIDPMetaDataXML}
unless ( $conf->{samlIDPMetaDataXML}
and %{ $conf->{samlIDPMetaDataXML} } );
my @msg;
my $res = 1;
my %entityIds;
foreach my $idpId ( keys %{ $conf->{samlIDPMetaDataXML} } ) {
unless ( $conf->{samlIDPMetaDataXML}->{$idpId}
->{samlIDPMetaDataXML} =~ /entityID=(['"])(.+?)\1/si )
unless (
$conf->{samlIDPMetaDataXML}->{$idpId}->{samlIDPMetaDataXML}
=~ /entityID=(['"])(.+?)\1/si )
{
push @msg, "$idpId SAML metadata has no EntityID";
$res = 0;
@ -357,7 +363,7 @@ sub tests {
my $eid = $2;
if ( defined $entityIds{$eid} ) {
push @msg,
"$idpId and $entityIds{$eid} have the same SAML EntityID";
"$idpId and $entityIds{$eid} have the same SAML EntityID";
$res = 0;
next;
}
@ -367,15 +373,15 @@ sub tests {
},
samlSPEntityIdUniqueness => sub {
return 1
unless ( $conf->{samlSPMetaDataXML}
unless ( $conf->{samlSPMetaDataXML}
and %{ $conf->{samlSPMetaDataXML} } );
my @msg;
my $res = 1;
my %entityIds;
foreach my $spId ( keys %{ $conf->{samlSPMetaDataXML} } ) {
unless (
$conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML}
=~ /entityID=(['"])(.+?)\1/si )
$conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML} =~
/entityID=(['"])(.+?)\1/si )
{
push @msg, "$spId SAML metadata has no EntityID";
$res = 0;
@ -384,7 +390,7 @@ sub tests {
my $eid = $2;
if ( defined $entityIds{$eid} ) {
push @msg,
"$spId and $entityIds{$eid} have the same SAML EntityID";
"$spId and $entityIds{$eid} have the same SAML EntityID";
$res = 0;
next;
}
@ -398,7 +404,7 @@ sub tests {
return 1 unless ( $conf->{authentication} eq 'Combination' );
require Lemonldap::NG::Common::Combination::Parser;
return ( 0, 'No module declared for combination' )
unless ( $conf->{combModules} and %{ $conf->{combModules} } );
unless ( $conf->{combModules} and %{ $conf->{combModules} } );
my $moduleList;
foreach my $md ( keys %{ $conf->{combModules} } ) {
my $entry = $conf->{combModules}->{$md};
@ -409,8 +415,8 @@ sub tests {
);
}
eval {
Lemonldap::NG::Common::Combination::Parser->parse(
$moduleList, $conf->{combination} );
Lemonldap::NG::Common::Combination::Parser->parse( $moduleList,
$conf->{combination} );
};
return ( 0, $@ ) if ($@);
@ -422,9 +428,9 @@ sub tests {
combinationParameters => sub {
return 1 unless ( $conf->{authentication} eq "Combination" );
return ( 0, "Combination rule must be defined" )
unless ( $conf->{combination} );
unless ( $conf->{combination} );
return ( 0, 'userDB must be set to "Same" to enable Combination' )
unless ( $conf->{userDB} eq "Same" );
unless ( $conf->{userDB} eq "Same" );
# Return
return 1;
@ -447,7 +453,7 @@ sub tests {
eval "use Convert::Base32";
return ( 1,
"Convert::Base32 module is required to enable TOTP" )
if ($@);
if ($@);
}
# Use U2F
@ -456,7 +462,7 @@ sub tests {
{
eval "use Crypt::U2F::Server::Simple";
return ( 1,
"Crypt::U2F::Server::Simple module is required to enable U2F"
"Crypt::U2F::Server::Simple module is required to enable U2F"
) if ($@);
}
@ -464,7 +470,7 @@ sub tests {
if ( $conf->{yubikey2fActivation} ) {
eval "use Auth::Yubikey_WebClient";
return ( 1,
"Auth::Yubikey_WebClient module is required to enable Yubikey"
"Auth::Yubikey_WebClient module is required to enable Yubikey"
) if ($@);
}
@ -478,7 +484,7 @@ sub tests {
my $w = "";
foreach ( 'totp', 'u' ) {
$w .= uc($_) . "2F is activated twice \n"
if ( $conf->{ $_ . '2fActivation' } eq '1' );
if ( $conf->{ $_ . '2fActivation' } eq '1' );
}
return ( 1, ( $w ? $w : () ) );
},
@ -489,8 +495,10 @@ sub tests {
return 1 unless ( defined $conf->{totp2fDigits} );
return (
1,
( ( $conf->{totp2fDigits} == 6
or $conf->{totp2fDigits} == 8
(
(
$conf->{totp2fDigits} == 6
or $conf->{totp2fDigits} == 8
)
? ''
: 'TOTP should be 6 or 8 digits long'
@ -502,9 +510,9 @@ sub tests {
totp2fParams => sub {
return 1 unless ( $conf->{totp2fActivation} );
return ( 0, 'TOTP range must be defined' )
unless ( $conf->{totp2fRange} );
unless ( $conf->{totp2fRange} );
return ( 1, "TOTP interval should be higher than 10s" )
unless ( $conf->{totp2fInterval} > 10 );
unless ( $conf->{totp2fInterval} > 10 );
# Return
return 1;
@ -515,11 +523,12 @@ sub tests {
yubikey2fParams => sub {
return 1 unless ( $conf->{yubikey2fActivation} );
return ( 0, "Yubikey client ID and secret key must be set" )
unless ( defined $conf->{yubikey2fSecretKey}
unless ( defined $conf->{yubikey2fSecretKey}
&& defined $conf->{yubikey2fClientID} );
return (
1,
( ( $conf->{yubikey2fPublicIDSize} == 12 )
(
( $conf->{yubikey2fPublicIDSize} == 12 )
? ''
: 'Yubikey public ID size should be 12 digits long'
)
@ -530,7 +539,7 @@ sub tests {
rest2fVerifyUrl => sub {
return 1 unless ( $conf->{rest2fActivation} );
return ( 0, "REST 2F Verify URL must be set" )
unless ( defined $conf->{rest2fVerifyUrl} );
unless ( defined $conf->{rest2fVerifyUrl} );
# Return
return 1;
@ -544,16 +553,15 @@ sub tests {
my $ok = 0;
foreach (qw(u totp yubikey)) {
$ok ||= $conf->{ $_ . '2fActivation' }
&& $conf->{ $_ . '2fSelfRegistration' };
&& $conf->{ $_ . '2fSelfRegistration' };
last if ($ok);
}
$ok ||= $conf->{'utotp2fActivation'}
&& ( $conf->{'u2fSelfRegistration'}
&& ( $conf->{'u2fSelfRegistration'}
|| $conf->{'totp2fSelfRegistration'} );
$msg
= "A self registrable module should be enabled to require 2FA"
unless ($ok);
$msg = "A self registrable module should be enabled to require 2FA"
unless ($ok);
return ( 1, $msg );
},
@ -562,7 +570,7 @@ sub tests {
ext2fCommands => sub {
return 1 unless ( $conf->{ext2fActivation} );
return ( 0, "External 2F Send or Validate command must be set" )
unless ( defined $conf->{ext2FSendCommand}
unless ( defined $conf->{ext2FSendCommand}
&& defined $conf->{ext2FValidateCommand} );
# Return
@ -573,9 +581,9 @@ sub tests {
formTimeout => sub {
return 1 unless ( defined $conf->{formTimeout} );
return ( 0, "XSRF form token TTL must be higher than 30s" )
unless ( $conf->{formTimeout} > 30 );
unless ( $conf->{formTimeout} > 30 );
return ( 1, "XSRF form token TTL should not be higher than 2mn" )
if ( $conf->{formTimeout} > 120 );
if ( $conf->{formTimeout} > 120 );
# Return
return 1;
@ -584,9 +592,8 @@ sub tests {
# Warn if number of password reset retries is null
passwordResetRetries => sub {
return 1 unless ( $conf->{portalDisplayResetPassword} );
return ( 1,
"Number of reset password retries should not be null" )
unless ( $conf->{passwordResetAllowedRetries} );
return ( 1, "Number of reset password retries should not be null" )
unless ( $conf->{passwordResetAllowedRetries} );
# Return
return 1;
@ -596,10 +603,10 @@ sub tests {
bruteForceProtection => sub {
return 1 unless ( $conf->{bruteForceProtection} );
return ( 1,
'"History" plugin is required to enable "BruteForceProtection" plugin'
'"History" plugin is required to enable "BruteForceProtection" plugin'
) unless ( $conf->{loginHistoryEnabled} );
return ( 1,
'Number of failed logins must be higher than 2 to enable "BruteForceProtection" plugin'
'Number of failed logins must be higher than 2 to enable "BruteForceProtection" plugin'
) unless ( $conf->{failedLoginNumber} > 2 );
# Return
@ -610,9 +617,9 @@ sub tests {
checkMailResetSecurity => sub {
return 1 unless ( $conf->{portalDisplayResetPassword} );
return ( -1,
'"passwordMailReset" plugin is enabled without CSRF Token neither Captcha required !!!'
)
unless ( $conf->{requireToken}
'"passwordMailReset" plugin is enabled without CSRF Token neither Captcha required !!!'
)
unless ( $conf->{requireToken}
or $conf->{captcha_mail_enabled} );
# Return

6
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Menu.pm
View File

@ -3,11 +3,10 @@
package Lemonldap::NG::Portal::Main::Menu;
use strict;
use utf8;
use Mouse;
use Clone 'clone';
our $VERSION = '2.0.1';
our $VERSION = '2.0.2';
extends 'Lemonldap::NG::Common::Module';
@ -188,7 +187,6 @@ sub appslist {
sub _buildCategoryHash {
my ( $self, $req, $catid, $cathash, $catlevel ) = @_;
my $catname = $cathash->{catname} || $catid;
utf8::decode($catname);
my $applications;
my $categories;
@ -244,8 +242,6 @@ sub _buildApplicationHash {
my $appuri = $apphash->{options}->{uri} || "";
my $appdesc = $apphash->{options}->{description};
my $applogo = $apphash->{options}->{logo};
utf8::decode($appname);
utf8::decode($appdesc) if $appdesc;
# Detect sub applications
my $subapphash;