dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

perl tidy

Browse Source
This commit is contained in:
David COUTADEUR 2017-06-23 09:57:07 +00:00
parent 6533b0a36b
commit 80f5d06e82
20 changed files with 3678 additions and 3525 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm
View File

@ -212,7 +212,9 @@ sub getConf {
# Create cipher object # Create cipher object
unless ( $args->{raw} ) { unless ( $args->{raw} ) {
eval { $res->{cipher} = Lemonldap::NG::Common::Crypto->new( $res->{key} ); }; eval {
$res->{cipher} = Lemonldap::NG::Common::Crypto->new( $res->{key} );
};
if ($@) { if ($@) {
$msg .= "Bad key: $@. \n"; $msg .= "Bad key: $@. \n";
} }

472
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
View File

@ -5,234 +5,250 @@ our $VERSION = '2.0.0';
sub defaultValues { sub defaultValues {
return { return {
'activeTimer' => 1, 'activeTimer' => 1,
'ADPwdExpireWarning' => 0, 'ADPwdExpireWarning' => 0,
'ADPwdMaxAge' => 0, 'ADPwdMaxAge' => 0,
'apacheAuthnLevel' => 4, 'apacheAuthnLevel' => 4,
'applicationList' => { 'applicationList' => {
'default' => { 'default' => {
'catname' => 'Default category', 'catname' => 'Default category',
'type' => 'category' 'type' => 'category'
} }
}, },
'authChoiceParam' => 'lmAuth', 'authChoiceParam' => 'lmAuth',
'authentication' => 'Demo', 'authentication' => 'Demo',
'captcha_mail_enabled' => 1, 'captcha_mail_enabled' => 1,
'captcha_register_enabled' => 1, 'captcha_register_enabled' => 1,
'captcha_size' => 6, 'captcha_size' => 6,
'casAccessControlPolicy' => 'none', 'casAccessControlPolicy' => 'none',
'casAuthnLevel' => 1, 'casAuthnLevel' => 1,
'checkXSS' => 1, 'checkXSS' => 1,
'confirmFormMethod' => 'post', 'confirmFormMethod' => 'post',
'cookieName' => 'lemonldap', 'cookieName' => 'lemonldap',
'cspConnect' => '\'self\'', 'cspConnect' => '\'self\'',
'cspDefault' => '\'self\'', 'cspDefault' => '\'self\'',
'cspFont' => '\'self\'', 'cspFont' => '\'self\'',
'cspImg' => '\'self\' data:', 'cspImg' => '\'self\' data:',
'cspScript' => '\'self\'', 'cspScript' => '\'self\'',
'cspStyle' => '\'self\'', 'cspStyle' => '\'self\'',
'dbiAuthnLevel' => 2, 'dbiAuthnLevel' => 2,
'dbiExportedVars' => {}, 'dbiExportedVars' => {},
'demoExportedVars' => { 'demoExportedVars' => {
'cn' => 'cn', 'cn' => 'cn',
'mail' => 'mail', 'mail' => 'mail',
'uid' => 'uid' 'uid' => 'uid'
}, },
'domain' => 'example.com', 'domain' => 'example.com',
'exportedVars' => { 'exportedVars' => {
'UA' => 'HTTP_USER_AGENT' 'UA' => 'HTTP_USER_AGENT'
}, },
'ext2fActivation' => 0, 'ext2fActivation' => 0,
'facebookAuthnLevel' => 1, 'facebookAuthnLevel' => 1,
'facebookExportedVars' => {}, 'facebookExportedVars' => {},
'failedLoginNumber' => 5, 'failedLoginNumber' => 5,
'formTimeout' => 120, 'formTimeout' => 120,
'globalStorage' => 'Apache::Session::File', 'globalStorage' => 'Apache::Session::File',
'globalStorageOptions' => { 'globalStorageOptions' => {
'Directory' => '/var/lib/lemonldap-ng/sessions/', 'Directory' => '/var/lib/lemonldap-ng/sessions/',
'generateModule' => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', 'generateModule' =>
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/' 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
}, 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
'groups' => {}, },
'hiddenAttributes' => '_password', 'groups' => {},
'httpOnly' => 1, 'hiddenAttributes' => '_password',
'infoFormMethod' => 'get', 'httpOnly' => 1,
'issuerDBCASPath' => '^/cas/', 'infoFormMethod' => 'get',
'issuerDBCASRule' => 1, 'issuerDBCASPath' => '^/cas/',
'issuerDBGetParameters' => {}, 'issuerDBCASRule' => 1,
'issuerDBGetPath' => '^/get/', 'issuerDBGetParameters' => {},
'issuerDBGetRule' => 1, 'issuerDBGetPath' => '^/get/',
'issuerDBOpenIDConnectPath' => '^/oauth2/', 'issuerDBGetRule' => 1,
'issuerDBOpenIDConnectRule' => 1, 'issuerDBOpenIDConnectPath' => '^/oauth2/',
'issuerDBOpenIDPath' => '^/openidserver/', 'issuerDBOpenIDConnectRule' => 1,
'issuerDBOpenIDRule' => 1, 'issuerDBOpenIDPath' => '^/openidserver/',
'issuerDBSAMLPath' => '^/saml/', 'issuerDBOpenIDRule' => 1,
'issuerDBSAMLRule' => 1, 'issuerDBSAMLPath' => '^/saml/',
'jsRedirect' => 0, 'issuerDBSAMLRule' => 1,
'krbAuthnLevel' => 3, 'jsRedirect' => 0,
'ldapAuthnLevel' => 2, 'krbAuthnLevel' => 3,
'ldapBase' => 'dc=example,dc=com', 'ldapAuthnLevel' => 2,
'ldapExportedVars' => { 'ldapBase' => 'dc=example,dc=com',
'cn' => 'cn', 'ldapExportedVars' => {
'mail' => 'mail', 'cn' => 'cn',
'uid' => 'uid' 'mail' => 'mail',
}, 'uid' => 'uid'
'ldapGroupAttributeName' => 'member', },
'ldapGroupAttributeNameGroup' => 'dn', 'ldapGroupAttributeName' => 'member',
'ldapGroupAttributeNameSearch' => 'cn', 'ldapGroupAttributeNameGroup' => 'dn',
'ldapGroupAttributeNameUser' => 'dn', 'ldapGroupAttributeNameSearch' => 'cn',
'ldapGroupObjectClass' => 'groupOfNames', 'ldapGroupAttributeNameUser' => 'dn',
'ldapPasswordResetAttribute' => 'pwdReset', 'ldapGroupObjectClass' => 'groupOfNames',
'ldapPasswordResetAttributeValue' => 'TRUE', 'ldapPasswordResetAttribute' => 'pwdReset',
'ldapPort' => 389, 'ldapPasswordResetAttributeValue' => 'TRUE',
'ldapPwdEnc' => 'utf-8', 'ldapPort' => 389,
'ldapSearchDeref' => 'find', 'ldapPwdEnc' => 'utf-8',
'ldapServer' => 'ldap://localhost', 'ldapSearchDeref' => 'find',
'ldapTimeout' => 120, 'ldapServer' => 'ldap://localhost',
'ldapUsePasswordResetAttribute' => 1, 'ldapTimeout' => 120,
'ldapVersion' => 3, 'ldapUsePasswordResetAttribute' => 1,
'localSessionStorage' => 'Cache::FileCache', 'ldapVersion' => 3,
'localSessionStorageOptions' => { 'localSessionStorage' => 'Cache::FileCache',
'cache_depth' => 3, 'localSessionStorageOptions' => {
'cache_root' => '/tmp', 'cache_depth' => 3,
'default_expires_in' => 600, 'cache_root' => '/tmp',
'directory_umask' => '007', 'default_expires_in' => 600,
'namespace' => 'lemonldap-ng-sessions' 'directory_umask' => '007',
}, 'namespace' => 'lemonldap-ng-sessions'
'locationRules' => { },
'default' => 'deny' 'locationRules' => {
}, 'default' => 'deny'
'logoutServices' => {}, },
'macros' => {}, 'logoutServices' => {},
'mailCharset' => 'utf-8', 'macros' => {},
'mailFrom' => 'noreply@example.com', 'mailCharset' => 'utf-8',
'mailSessionKey' => 'mail', 'mailFrom' => 'noreply@example.com',
'mailTimeout' => 0, 'mailSessionKey' => 'mail',
'mailUrl' => 'http://auth.example.com/resetpwd', 'mailTimeout' => 0,
'managerDn' => '', 'mailUrl' => 'http://auth.example.com/resetpwd',
'managerPassword' => '', 'managerDn' => '',
'multiValuesSeparator' => '; ', 'managerPassword' => '',
'notificationStorage' => 'File', 'multiValuesSeparator' => '; ',
'notificationStorageOptions' => { 'notificationStorage' => 'File',
'dirName' => '/var/lib/lemonldap-ng/notifications' 'notificationStorageOptions' => {
}, 'dirName' => '/var/lib/lemonldap-ng/notifications'
'notificationWildcard' => 'allusers', },
'notifyDeleted' => 1, 'notificationWildcard' => 'allusers',
'nullAuthnLevel' => 0, 'notifyDeleted' => 1,
'oidcAuthnLevel' => 1, 'nullAuthnLevel' => 0,
'oidcRPCallbackGetParam' => 'openidconnectcallback', 'oidcAuthnLevel' => 1,
'oidcRPStateTimeout' => 600, 'oidcRPCallbackGetParam' => 'openidconnectcallback',
'oidcServiceAllowAuthorizationCodeFlow' => 1, 'oidcRPStateTimeout' => 600,
'oidcServiceMetaDataAuthnContext' => { 'oidcServiceAllowAuthorizationCodeFlow' => 1,
'loa-1' => 1, 'oidcServiceMetaDataAuthnContext' => {
'loa-2' => 2, 'loa-1' => 1,
'loa-3' => 3, 'loa-2' => 2,
'loa-4' => 4, 'loa-3' => 3,
'loa-5' => 5 'loa-4' => 4,
}, 'loa-5' => 5
'oidcServiceMetaDataAuthorizeURI' => 'authorize', },
'oidcServiceMetaDataBackChannelURI' => 'blogout', 'oidcServiceMetaDataAuthorizeURI' => 'authorize',
'oidcServiceMetaDataCheckSessionURI' => 'checksession.html', 'oidcServiceMetaDataBackChannelURI' => 'blogout',
'oidcServiceMetaDataEndSessionURI' => 'logout', 'oidcServiceMetaDataCheckSessionURI' => 'checksession.html',
'oidcServiceMetaDataFrontChannelURI' => 'flogout', 'oidcServiceMetaDataEndSessionURI' => 'logout',
'oidcServiceMetaDataIssuer' => 'http://auth.example.com', 'oidcServiceMetaDataFrontChannelURI' => 'flogout',
'oidcServiceMetaDataJWKSURI' => 'jwks', 'oidcServiceMetaDataIssuer' => 'http://auth.example.com',
'oidcServiceMetaDataRegistrationURI' => 'register', 'oidcServiceMetaDataJWKSURI' => 'jwks',
'oidcServiceMetaDataTokenURI' => 'token', 'oidcServiceMetaDataRegistrationURI' => 'register',
'oidcServiceMetaDataUserInfoURI' => 'userinfo', 'oidcServiceMetaDataTokenURI' => 'token',
'openIdAuthnLevel' => 1, 'oidcServiceMetaDataUserInfoURI' => 'userinfo',
'openIdExportedVars' => {}, 'openIdAuthnLevel' => 1,
'openIdIDPList' => '0;', 'openIdExportedVars' => {},
'openIdSPList' => '0;', 'openIdIDPList' => '0;',
'openIdSreg_email' => 'mail', 'openIdSPList' => '0;',
'openIdSreg_fullname' => 'cn', 'openIdSreg_email' => 'mail',
'openIdSreg_nickname' => 'uid', 'openIdSreg_fullname' => 'cn',
'openIdSreg_timezone' => '_timezone', 'openIdSreg_nickname' => 'uid',
'pamAuthnLevel' => 2, 'openIdSreg_timezone' => '_timezone',
'pamService' => 'login', 'pamAuthnLevel' => 2,
'passwordDB' => 'Demo', 'pamService' => 'login',
'portal' => 'http://auth.example.com/', 'passwordDB' => 'Demo',
'portalAntiFrame' => 1, 'portal' => 'http://auth.example.com/',
'portalCheckLogins' => 1, 'portalAntiFrame' => 1,
'portalDisplayAppslist' => 1, 'portalCheckLogins' => 1,
'portalDisplayChangePassword' => '$_auth =~ /^(LDAP|DBI|Demo)$/', 'portalDisplayAppslist' => 1,
'portalDisplayLoginHistory' => 1, 'portalDisplayChangePassword' => '$_auth =~ /^(LDAP|DBI|Demo)$/',
'portalDisplayLogout' => 1, 'portalDisplayLoginHistory' => 1,
'portalDisplayRegister' => 1, 'portalDisplayLogout' => 1,
'portalErrorOnExpiredSession' => 1, 'portalDisplayRegister' => 1,
'portalForceAuthnInterval' => 5, 'portalErrorOnExpiredSession' => 1,
'portalPingInterval' => 60000, 'portalForceAuthnInterval' => 5,
'portalRequireOldPassword' => 1, 'portalPingInterval' => 60000,
'portalSkin' => 'bootstrap', 'portalRequireOldPassword' => 1,
'portalUserAttr' => '_user', 'portalSkin' => 'bootstrap',
'proxyAuthnLevel' => 2, 'portalUserAttr' => '_user',
'radiusAuthnLevel' => 3, 'proxyAuthnLevel' => 2,
'randomPasswordRegexp' => '[A-Z]{3}[a-z]{5}.\\d{2}', 'radiusAuthnLevel' => 3,
'redirectFormMethod' => 'get', 'randomPasswordRegexp' => '[A-Z]{3}[a-z]{5}.\\d{2}',
'registerDB' => 'Null', 'redirectFormMethod' => 'get',
'registerTimeout' => 0, 'registerDB' => 'Null',
'remoteGlobalStorage' => 'Lemonldap::NG::Common::Apache::Session::SOAP', 'registerTimeout' => 0,
'remoteGlobalStorageOptions' => { 'remoteGlobalStorage' => 'Lemonldap::NG::Common::Apache::Session::SOAP',
'ns' => 'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService', 'remoteGlobalStorageOptions' => {
'proxy' => 'http://auth.example.com/sessions' 'ns' =>
}, 'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService',
'requireToken' => 1, 'proxy' => 'http://auth.example.com/sessions'
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;', },
'samlAuthnContextMapKerberos' => 4, 'requireToken' => 1,
'samlAuthnContextMapPassword' => 2, 'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
'samlAuthnContextMapPasswordProtectedTransport' => 3, 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
'samlAuthnContextMapTLSClient' => 5, 'samlAuthnContextMapKerberos' => 4,
'samlEntityID' => '#PORTAL#/saml/metadata', 'samlAuthnContextMapPassword' => 2,
'samlIdPResolveCookie' => 'lemonldapidp', 'samlAuthnContextMapPasswordProtectedTransport' => 3,
'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', 'samlAuthnContextMapTLSClient' => 5,
'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', 'samlEntityID' => '#PORTAL#/saml/metadata',
'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', 'samlIdPResolveCookie' => 'lemonldapidp',
'samlIDPSSODescriptorSingleLogoutServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;', 'samlIDPSSODescriptorArtifactResolutionServiceArtifact' =>
'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;', '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;', 'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' =>
'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
'samlIDPSSODescriptorWantAuthnRequestsSigned' => 1, 'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' =>
'samlMetadataForceUTF8' => 1, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
'samlNameIDFormatMapEmail' => 'mail', 'samlIDPSSODescriptorSingleLogoutServiceSOAP' =>
'samlNameIDFormatMapKerberos' => 'uid', 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;',
'samlNameIDFormatMapWindows' => 'uid', 'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' =>
'samlNameIDFormatMapX509' => 'mail', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;',
'samlOrganizationDisplayName' => 'Example', 'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' =>
'samlOrganizationName' => 'Example', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;',
'samlOrganizationURL' => 'http://www.example.com', 'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' =>
'samlRelayStateTimeout' => 600, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;',
'samlSPSSODescriptorArtifactResolutionServiceArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', 'samlIDPSSODescriptorWantAuthnRequestsSigned' => 1,
'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact', 'samlMetadataForceUTF8' => 1,
'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => '0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost', 'samlNameIDFormatMapEmail' => 'mail',
'samlSPSSODescriptorAuthnRequestsSigned' => 1, 'samlNameIDFormatMapKerberos' => 'uid',
'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', 'samlNameIDFormatMapWindows' => 'uid',
'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', 'samlNameIDFormatMapX509' => 'mail',
'samlSPSSODescriptorSingleLogoutServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;', 'samlOrganizationDisplayName' => 'Example',
'samlSPSSODescriptorWantAssertionsSigned' => 1, 'samlOrganizationName' => 'Example',
'securedCookie' => 0, 'samlOrganizationURL' => 'http://www.example.com',
'slaveAuthnLevel' => 2, 'samlRelayStateTimeout' => 600,
'slaveExportedVars' => {}, 'samlSPSSODescriptorArtifactResolutionServiceArtifact' =>
'SMTPServer' => '', '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
'SMTPTLS' => '', 'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' =>
'SSLAuthnLevel' => 5, '1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact',
'successLoginNumber' => 5, 'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' =>
'timeout' => 72000, '0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost',
'timeoutActivity' => 0, 'samlSPSSODescriptorAuthnRequestsSigned' => 1,
'timeoutActivityInterval' => 60, 'samlSPSSODescriptorSingleLogoutServiceHTTPPost' =>
'trustedProxies' => '', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
'twitterAuthnLevel' => 1, 'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' =>
'u2fActivation' => 0, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
'upgradeSession' => 1, 'samlSPSSODescriptorSingleLogoutServiceSOAP' =>
'userControl' => '^[\\w\\.\\-@]+$', 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;',
'userDB' => 'Same', 'samlSPSSODescriptorWantAssertionsSigned' => 1,
'useRedirectOnError' => 1, 'securedCookie' => 0,
'useSafeJail' => 1, 'slaveAuthnLevel' => 2,
'webIDAuthnLevel' => 1, 'slaveExportedVars' => {},
'webIDExportedVars' => {}, 'SMTPServer' => '',
'whatToTrace' => 'uid', 'SMTPTLS' => '',
'yubikeyAuthnLevel' => 3, 'SSLAuthnLevel' => 5,
'yubikeyPublicIDSize' => 12 'successLoginNumber' => 5,
}; 'timeout' => 72000,
'timeoutActivity' => 0,
'timeoutActivityInterval' => 60,
'trustedProxies' => '',
'twitterAuthnLevel' => 1,
'u2fActivation' => 0,
'upgradeSession' => 1,
'userControl' => '^[\\w\\.\\-@]+$',
'userDB' => 'Same',
'useRedirectOnError' => 1,
'useSafeJail' => 1,
'webIDAuthnLevel' => 1,
'webIDExportedVars' => {},
'whatToTrace' => 'uid',
'yubikeyAuthnLevel' => 3,
'yubikeyPublicIDSize' => 12
};
} }
1; 1;

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm
View File

@ -475,7 +475,7 @@ sub _casMetaDataNodes {
# Return all exported attributes if asked # Return all exported attributes if asked
if ( $query =~ if ( $query =~
/^(?:cas${type}MetaDataExportedVars|casSrvMetaDataOptionsProxiedServices)$/ /^(?:cas${type}MetaDataExportedVars|casSrvMetaDataOptionsProxiedServices)$/
) )
{ {
my $pk = eval { $self->getConfKey( $req, $query )->{$partner} } // {}; my $pk = eval { $self->getConfKey( $req, $query )->{$partner} } // {};

3
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/Main.pm
View File

@ -105,7 +105,8 @@ sub unset_header_in {
my $h = shift; my $h = shift;
my $h2 = lc $h; my $h2 = lc $h;
$h2 =~ s/-/_/g; $h2 =~ s/-/_/g;
$request->env->{'psgi.r'}->headers_in->unset($h) if ( $h1 eq $h2 ); $request->env->{'psgi.r'}->headers_in->unset($h)
if ( $h1 eq $h2 );
return 1; return 1;
} }
); );

6
lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
View File

@ -104,10 +104,12 @@ sub init {
} }
$self->menuLinks( [] ); $self->menuLinks( [] );
if ( my $portal = if (
my $portal =
$conf->{cfgNum} $conf->{cfgNum}
? Lemonldap::NG::Handler::PSGI::Main->tsv->{portal}->() ? Lemonldap::NG::Handler::PSGI::Main->tsv->{portal}->()
: $conf->{portal} ) : $conf->{portal}
)
{ {
push @{ $self->menuLinks }, push @{ $self->menuLinks },
{ {

6320
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
View File

File diff suppressed because it is too large Load Diff

9
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
View File

@ -370,9 +370,10 @@ sub attributes {
documentation => 'Show error if session is expired', documentation => 'Show error if session is expired',
}, },
portalErrorOnMailNotFound => { portalErrorOnMailNotFound => {
type => 'bool', type => 'bool',
default => 0, default => 0,
documentation => 'Show error if mail is not found in password reset process', documentation =>
'Show error if mail is not found in password reset process',
}, },
portalOpenLinkInNewWindow => { portalOpenLinkInNewWindow => {
type => 'bool', type => 'bool',
@ -2699,7 +2700,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
oidcRPMetaDataOptionsBypassConsent => oidcRPMetaDataOptionsBypassConsent =>
{ type => 'bool', help => 'openidconnectclaims.html', default => 0 }, { type => 'bool', help => 'openidconnectclaims.html', default => 0 },
oidcRPMetaDataOptionsPostLogoutRedirectUris => { type => 'text', }, oidcRPMetaDataOptionsPostLogoutRedirectUris => { type => 'text', },
oidcRPMetaDataOptionsLogoutUrl => { oidcRPMetaDataOptionsLogoutUrl => {
type => 'url', type => 'url',
documentation => 'Logout URL', documentation => 'Logout URL',
}, },

27
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
View File

@ -172,19 +172,20 @@ sub tree {
title => 'dbiPassword', title => 'dbiPassword',
help => 'authdbi.html#password', help => 'authdbi.html#password',
form => 'simpleInputContainer', form => 'simpleInputContainer',
nodes => ['dbiAuthPasswordHash', nodes => [
{ 'dbiAuthPasswordHash',
title => 'dbiDynamicHash', {
help => 'authdbi.html#password', title => 'dbiDynamicHash',
form => 'simpleInputContainer', help => 'authdbi.html#password',
nodes => [ form => 'simpleInputContainer',
'dbiDynamicHashEnabled', nodes => [
'dbiDynamicHashValidSchemes', 'dbiDynamicHashEnabled',
'dbiDynamicHashValidSaltedSchemes', 'dbiDynamicHashValidSchemes',
'dbiDynamicHashNewPasswordScheme' 'dbiDynamicHashValidSaltedSchemes',
] 'dbiDynamicHashNewPasswordScheme'
} ]
] }
]
} }
] ]
}, },

9
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Parser.pm
View File

@ -473,10 +473,13 @@ sub _scanNodes {
} }
} }
elsif ( $target =~ elsif ( $target =~
/^(?:$casSrvMetaDataNodeKeys|$casAppMetaDataNodeKeys)/o ) /^(?:$casSrvMetaDataNodeKeys|$casAppMetaDataNodeKeys)/o
)
{ {
$self->set( $optKey, [ $oldName, $key ], $self->set(
$target, $leaf->{data} ); $optKey, [ $oldName, $key ],
$target, $leaf->{data}
);
} }
else { else {
push @{ $self->errors }, push @{ $self->errors },

4
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
View File

@ -315,8 +315,8 @@ sub tests {
my %entityIds; my %entityIds;
foreach my $spId ( keys %{ $conf->{samlSPMetaDataXML} } ) { foreach my $spId ( keys %{ $conf->{samlSPMetaDataXML} } ) {
unless ( unless (
$conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML} $conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML} =~
=~ /entityID=(['"])(.+?)\1/si ) /entityID=(['"])(.+?)\1/si )
{ {
push @msg, "$spId SAML metadata has no EntityID"; push @msg, "$spId SAML metadata has no EntityID";
$res = 0; $res = 0;

2
lemonldap-ng-manager/site/htdocs/static/struct.json
View File

File diff suppressed because one or more lines are too long

18
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
View File

@ -78,7 +78,8 @@ sub extractFormInfo {
# another backend (Combination) # another backend (Combination)
# switch to another backend # switch to another backend
elsif ( defined $req->param('kerberos') ) { elsif ( defined $req->param('kerberos') ) {
$self->userLogger->warn('Kerberos authentication has failed, back to portal'); $self->userLogger->warn(
'Kerberos authentication has failed, back to portal');
return PE_BADCREDENTIALS; return PE_BADCREDENTIALS;
} }
@ -110,16 +111,11 @@ sub extractFormInfo {
$ENV{KRB5_KTNAME} = $self->keytab; $ENV{KRB5_KTNAME} = $self->keytab;
my $gss_client_name; my $gss_client_name;
my $status = GSSAPI::Context::accept( my $status = GSSAPI::Context::accept(
my $server_context, my $server_context, GSS_C_NO_CREDENTIAL,
GSS_C_NO_CREDENTIAL, $data, GSS_C_NO_CHANNEL_BINDINGS,
$data, $gss_client_name, undef,
GSS_C_NO_CHANNEL_BINDINGS, my $gss_output_token, my $out_flags,
$gss_client_name, my $out_time, my $gss_delegated_cred
undef,
my $gss_output_token,
my $out_flags,
my $out_time,
my $gss_delegated_cred
); );
unless ($status) { unless ($status) {
$self->logger->error('Unable to accept security context'); $self->logger->error('Unable to accept security context');

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm
View File

@ -331,7 +331,7 @@ sub validateST {
my $proxy_url; my $proxy_url;
if (%$proxied) { if (%$proxied) {
$proxy_url = $self->p->fullUrl($req); $proxy_url = $self->p->fullUrl($req);
die if($proxy_url =~ /casProxy=1/); die if ( $proxy_url =~ /casProxy=1/ );
$proxy_url .= ( $proxy_url =~ /\?/ ? '&' : '?' ) . 'casProxy=1'; $proxy_url .= ( $proxy_url =~ /\?/ ? '&' : '?' ) . 'casProxy=1';
if ( $self->conf->{authChoiceParam} if ( $self->conf->{authChoiceParam}
and my $tmp = $req->param( $self->conf->{authChoiceParam} ) ) and my $tmp = $req->param( $self->conf->{authChoiceParam} ) )

256
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/DBI.pm
View File

@ -95,30 +95,29 @@ sub get_password {
my $table = $self->conf->{dbiAuthTable}; my $table = $self->conf->{dbiAuthTable};
my $loginCol = $self->conf->{dbiAuthLoginCol}; my $loginCol = $self->conf->{dbiAuthLoginCol};
my $passwordCol = $self->conf->{dbiAuthPasswordCol}; my $passwordCol = $self->conf->{dbiAuthPasswordCol};
my @rows = (); my @rows = ();
eval { eval {
my $sth = $dbh->prepare( my $sth =
"SELECT $passwordCol FROM $table WHERE $loginCol=?" $dbh->prepare( "SELECT $passwordCol FROM $table WHERE $loginCol=?" );
); $sth->execute($user);
$sth->execute( $user);
@rows = $sth->fetchrow_array(); @rows = $sth->fetchrow_array();
}; };
if ($@) { if ($@) {
$self->lmLog( "DBI error while getting password: $@", 'error' ); $self->lmLog( "DBI error while getting password: $@", 'error' );
return ""; return "";
} }
if ( @rows == 1 ) { if ( @rows == 1 ) {
$self->logger->debug( "Successfully got password from database" ); $self->logger->debug("Successfully got password from database");
return $rows[0]; return $rows[0];
} }
else { else {
$self->userLogger->warn( "Unable to check password for $user" ); $self->userLogger->warn("Unable to check password for $user");
return ""; return "";
} }
} }
## @method protected Lemonldap::NG::Portal::_DBI hash_password_from_database ## @method protected Lemonldap::NG::Portal::_DBI hash_password_from_database
## (ref dbh, string dbmethod, string dbsalt, string password) ## (ref dbh, string dbmethod, string dbsalt, string password)
# Hash the given password calling the dbmethod function in database # Hash the given password calling the dbmethod function in database
@ -128,17 +127,18 @@ sub get_password {
# @param password the password to hash # @param password the password to hash
# @return hashed password # @return hashed password
sub hash_password_from_database { sub hash_password_from_database {
# Remark: database function must get hexadecimal input # Remark: database function must get hexadecimal input
# and send back hexadecimal output # and send back hexadecimal output
my $self = shift; my $self = shift;
my $dbh = shift; my $dbh = shift;
my $dbmethod = shift; my $dbmethod = shift;
my $dbsalt = shift; my $dbsalt = shift;
my $password = shift; my $password = shift;
# convert password to hexa # convert password to hexa
my $passwordh = unpack "H*", $password; my $passwordh = unpack "H*", $password;
my @rows = (); my @rows = ();
eval { eval {
my $sth = $dbh->prepare("SELECT $dbmethod('$passwordh$dbsalt')"); my $sth = $dbh->prepare("SELECT $dbmethod('$passwordh$dbsalt')");
@ -146,67 +146,71 @@ sub hash_password_from_database {
@rows = $sth->fetchrow_array(); @rows = $sth->fetchrow_array();
}; };
if ($@) { if ($@) {
$self->lmLog( "DBI error while hashing with '$dbmethod' hash function: $@", 'error' ); $self->lmLog(
$self->userLogger->warn( "Unable to check password" ); "DBI error while hashing with '$dbmethod' hash function: $@",
'error' );
$self->userLogger->warn("Unable to check password");
return ""; return "";
} }
if ( @rows == 1 ) { if ( @rows == 1 ) {
$self->logger->debug( "Successfully hashed password with $dbmethod hash function in database" ); $self->logger->debug(
"Successfully hashed password with $dbmethod hash function in database"
);
# convert salt to binary # convert salt to binary
my $dbsaltb = pack 'H*', $dbsalt; my $dbsaltb = pack 'H*', $dbsalt;
# convert result to binary # convert result to binary
my $res = pack 'H*', $rows[0]; my $res = pack 'H*', $rows[0];
return encode_base64($res . $dbsaltb ,''); return encode_base64( $res . $dbsaltb, '' );
} }
else { else {
$self->userLogger->warn( "Unable to check password with '$dbmethod'" ); $self->userLogger->warn("Unable to check password with '$dbmethod'");
return ""; return "";
} }
# Return encode_base64(SQL_METHOD(password + salt) + salt) # Return encode_base64(SQL_METHOD(password + salt) + salt)
} }
## @method protected Lemonldap::NG::Portal::_DBI get_salt(string dbhash) ## @method protected Lemonldap::NG::Portal::_DBI get_salt(string dbhash)
# Return salt from salted hash password # Return salt from salted hash password
# @param dbhash hash password # @param dbhash hash password
# @return extracted salt # @return extracted salt
sub get_salt { sub get_salt {
my $self = shift; my $self = shift;
my $dbhash = shift; my $dbhash = shift;
my $dbsalt; my $dbsalt;
# get rid of scheme ({sha256}) # get rid of scheme ({sha256})
$dbhash =~ s/^\{[^}]+\}(.*)$/$1/; $dbhash =~ s/^\{[^}]+\}(.*)$/$1/;
# get binary hash # get binary hash
my $decoded = &decode_base64($dbhash); my $decoded = &decode_base64($dbhash);
# get last 8 bytes # get last 8 bytes
$dbsalt = substr $decoded, -8; $dbsalt = substr $decoded, -8;
# get hexadecimal version of salt # get hexadecimal version of salt
$dbsalt = unpack "H*", $dbsalt; $dbsalt = unpack "H*", $dbsalt;
return $dbsalt; return $dbsalt;
} }
## @method protected Lemonldap::NG::Portal::_DBI gen_salt() ## @method protected Lemonldap::NG::Portal::_DBI gen_salt()
# Generate 8 bytes of hexadecimal random salt # Generate 8 bytes of hexadecimal random salt
# @return generated salt # @return generated salt
sub gen_salt { sub gen_salt {
my $self = shift; my $self = shift;
my $dbsalt; my $dbsalt;
my @set = ('0' ..'9', 'A' .. 'F'); my @set = ( '0' .. '9', 'A' .. 'F' );
$dbsalt = join '' => map $set[rand @set], 1 .. 16; $dbsalt = join '' => map $set[ rand @set ], 1 .. 16;
return $dbsalt; return $dbsalt;
} }
## @method protected Lemonldap::NG::Portal::_DBI dynamic_hash_password(ref dbh, ## @method protected Lemonldap::NG::Portal::_DBI dynamic_hash_password(ref dbh,
## string user, string password, string table, string loginCol, string passwordCol) ## string user, string password, string table, string loginCol, string passwordCol)
# Return hashed password for use in SQL statement # Return hashed password for use in SQL statement
@ -218,76 +222,88 @@ sub gen_salt {
# @param passwordCol name of the row containing the password # @param passwordCol name of the row containing the password
# @return hashed password # @return hashed password
sub dynamic_hash_password { sub dynamic_hash_password {
my $self = shift; my $self = shift;
my $dbh = shift; my $dbh = shift;
my $user = shift; my $user = shift;
my $password = shift; my $password = shift;
my $table = shift; my $table = shift;
my $loginCol = shift; my $loginCol = shift;
my $passwordCol = shift; my $passwordCol = shift;
# Authorized hash schemes and salted hash schemes # Authorized hash schemes and salted hash schemes
my @validSchemes = split / /, $self->conf->{dbiDynamicHashValidSchemes}; my @validSchemes = split / /, $self->conf->{dbiDynamicHashValidSchemes};
my @validSaltedSchemes = split / /, $self->conf->{dbiDynamicHashValidSaltedSchemes}; my @validSaltedSchemes = split / /,
$self->conf->{dbiDynamicHashValidSaltedSchemes};
my $dbhash; # hash currently stored in database
my $dbscheme; # current hash scheme stored in database my $dbhash; # hash currently stored in database
my $dbmethod; # static hash method corresponding to a database function my $dbscheme; # current hash scheme stored in database
my $dbsalt; # current salt stored in database my $dbmethod; # static hash method corresponding to a database function
my $hash; # hash to compute from user password my $dbsalt; # current salt stored in database
my $hash; # hash to compute from user password
# Search hash from database # Search hash from database
$self->logger->debug( "Hash scheme is to be found in database" ); $self->logger->debug("Hash scheme is to be found in database");
$dbhash = $self->get_password($dbh, $user, $table, $loginCol, $passwordCol); $dbhash =
$self->get_password( $dbh, $user, $table, $loginCol, $passwordCol );
# Get the scheme # Get the scheme
$dbscheme = $dbhash; $dbscheme = $dbhash;
$dbscheme =~ s/^\{([^}]+)\}.*/$1/; $dbscheme =~ s/^\{([^}]+)\}.*/$1/;
$dbscheme = "" if $dbscheme eq $dbhash; $dbscheme = "" if $dbscheme eq $dbhash;
# no hash scheme => assume clear text # no hash scheme => assume clear text
if($dbscheme eq "") { if ( $dbscheme eq "" ) {
$self->logger->info( "Password has no hash scheme" ); $self->logger->info("Password has no hash scheme");
return "?"; return "?";
} }
# salted hash scheme # salted hash scheme
elsif(grep( /^$dbscheme$/, @validSaltedSchemes )) { elsif ( grep( /^$dbscheme$/, @validSaltedSchemes ) ) {
$self->logger->info( "Valid salted hash scheme: $dbscheme found for user $user" ); $self->logger->info(
"Valid salted hash scheme: $dbscheme found for user $user");
# extract non salted hash scheme # extract non salted hash scheme
$dbmethod = $dbscheme; $dbmethod = $dbscheme;
$dbmethod =~ s/^s//i; $dbmethod =~ s/^s//i;
# extract the salt # extract the salt
$dbsalt = $self->get_salt($dbhash); $dbsalt = $self->get_salt($dbhash);
$self->logger->debug( "Get salt from password: $dbsalt"); $self->logger->debug("Get salt from password: $dbsalt");
# Hash password with given hash scheme and salt # Hash password with given hash scheme and salt
$hash = $self->hash_password_from_database($dbh, $dbmethod, $dbsalt, $password); $hash =
$self->hash_password_from_database( $dbh, $dbmethod, $dbsalt,
$password );
$hash = "{$dbscheme}$hash"; $hash = "{$dbscheme}$hash";
return "'$hash'"; return "'$hash'";
} }
# static hash scheme # static hash scheme
elsif(grep( /^$dbscheme$/, @validSchemes )) { elsif ( grep( /^$dbscheme$/, @validSchemes ) ) {
$self->logger->info( "Valid hash scheme: $dbscheme found for user $user" ); $self->logger->info(
"Valid hash scheme: $dbscheme found for user $user");
# Hash given password with given hash scheme and no salt # Hash given password with given hash scheme and no salt
$hash = $self->hash_password_from_database($dbh, $dbscheme, "", $password); $hash =
$self->hash_password_from_database( $dbh, $dbscheme, "", $password );
$hash = "{$dbscheme}$hash"; $hash = "{$dbscheme}$hash";
return "'$hash'"; return "'$hash'";
} }
# no valid hash scheme # no valid hash scheme
else { else {
$self->lmLog( "No valid hash scheme: $dbscheme for user $user", 'error' ); $self->lmLog( "No valid hash scheme: $dbscheme for user $user",
$self->userLogger->warn( "Unable to check password for $user" ); 'error' );
$self->userLogger->warn("Unable to check password for $user");
return ""; return "";
} }
} }
## @method protected Lemonldap::NG::Portal::_DBI dynamic_hash_new_password(ref dbh, ## @method protected Lemonldap::NG::Portal::_DBI dynamic_hash_new_password(ref dbh,
## string user, string password) ## string user, string password)
# Return hashed password for use in SQL statement # Return hashed password for use in SQL statement
@ -301,57 +317,67 @@ sub dynamic_hash_new_password {
my $dbh = shift; my $dbh = shift;
my $user = shift; my $user = shift;
my $password = shift; my $password = shift;
my $dbscheme = $self->conf->{dbiDynamicHashNewPasswordScheme} || ""; my $dbscheme = $self->conf->{dbiDynamicHashNewPasswordScheme} || "";
# Authorized hash schemes and salted hash schemes # Authorized hash schemes and salted hash schemes
my @validSchemes = split / /, $self->conf->{dbiDynamicHashValidSchemes}; my @validSchemes = split / /, $self->conf->{dbiDynamicHashValidSchemes};
my @validSaltedSchemes = split / /, $self->conf->{dbiDynamicHashValidSaltedSchemes}; my @validSaltedSchemes = split / /,
$self->conf->{dbiDynamicHashValidSaltedSchemes};
my $dbmethod; # static hash method corresponding to a database function
my $dbsalt; # salt to generate for new hashed password my $dbmethod; # static hash method corresponding to a database function
my $hash; # hash to compute from user password my $dbsalt; # salt to generate for new hashed password
my $hash; # hash to compute from user password
# no hash scheme => assume clear text # no hash scheme => assume clear text
if($dbscheme eq "") { if ( $dbscheme eq "" ) {
$self->logger->info( "No hash scheme selected, storing password in clear text" ); $self->logger->info(
"No hash scheme selected, storing password in clear text");
return "?"; return "?";
} }
# salted hash scheme # salted hash scheme
elsif(grep( /^$dbscheme$/, @validSaltedSchemes )) { elsif ( grep( /^$dbscheme$/, @validSaltedSchemes ) ) {
$self->logger->info( "Selected salted hash scheme: $dbscheme" ); $self->logger->info("Selected salted hash scheme: $dbscheme");
# extract non salted hash scheme # extract non salted hash scheme
$dbmethod = $dbscheme; $dbmethod = $dbscheme;
$dbmethod =~ s/^s//i; $dbmethod =~ s/^s//i;
# generate the salt # generate the salt
$dbsalt = $self->gen_salt(); $dbsalt = $self->gen_salt();
$self->logger->debug( "Generated salt: $dbsalt" ); $self->logger->debug("Generated salt: $dbsalt");
# Hash given password with given hash scheme and salt # Hash given password with given hash scheme and salt
$hash = $self->hash_password_from_database($dbh, $dbmethod, $dbsalt, $password); $hash =
$self->hash_password_from_database( $dbh, $dbmethod, $dbsalt,
$password );
$hash = "{$dbscheme}$hash"; $hash = "{$dbscheme}$hash";
return "'$hash'"; return "'$hash'";
} }
# static hash scheme # static hash scheme
elsif(grep( /^$dbscheme$/, @validSchemes )) { elsif ( grep( /^$dbscheme$/, @validSchemes ) ) {
$self->logger->info( "Selected hash scheme: $dbscheme" ); $self->logger->info("Selected hash scheme: $dbscheme");
# Hash given password with given hash scheme and no salt # Hash given password with given hash scheme and no salt
$hash = $self->hash_password_from_database($dbh, $dbscheme, "", $password); $hash =
$self->hash_password_from_database( $dbh, $dbscheme, "", $password );
$hash = "{$dbscheme}$hash"; $hash = "{$dbscheme}$hash";
return "'$hash'"; return "'$hash'";
} }
# no valid hash scheme # no valid hash scheme
else { else {
$self->lmLog( "No selected hash scheme: $dbscheme is invalid", 'error' ); $self->lmLog( "No selected hash scheme: $dbscheme is invalid",
$self->userLogger->warn( "Unable to store password for $user" ); 'error' );
$self->userLogger->warn("Unable to store password for $user");
return ""; return "";
} }
} }
# Verify user and password with SQL SELECT # Verify user and password with SQL SELECT
@ -374,15 +400,17 @@ sub check_password {
my $passwordsql; my $passwordsql;
if ( $dynamicHash == 1 ) { if ( $dynamicHash == 1 ) {
# Dynamic password hashes # Dynamic password hashes
$passwordsql = $passwordsql =
$self->dynamic_hash_password( $self->dbh, $user, $password, $table, $loginCol, $passwordCol ); $self->dynamic_hash_password( $self->dbh, $user, $password, $table,
$loginCol, $passwordCol );
} }
else else {
{
# Static Password hashes # Static Password hashes
$passwordsql = $passwordsql =
$self->hash_password_for_select( "?", $self->conf->{dbiAuthPasswordHash} ); $self->hash_password_for_select( "?",
$self->conf->{dbiAuthPasswordHash} );
} }
my @rows = (); my @rows = ();
@ -390,8 +418,8 @@ sub check_password {
my $sth = $self->dbh->prepare( my $sth = $self->dbh->prepare(
"SELECT $loginCol FROM $table WHERE $loginCol=? AND $passwordCol=$passwordsql" "SELECT $loginCol FROM $table WHERE $loginCol=? AND $passwordCol=$passwordsql"
); );
$sth->execute( $user, $password ) if $passwordsql =~ /.*\?.*/; $sth->execute( $user, $password ) if $passwordsql =~ /.*\?.*/;
$sth->execute( $user ) unless $passwordsql =~ /.*\?.*/; $sth->execute($user) unless $passwordsql =~ /.*\?.*/;
@rows = $sth->fetchrow_array(); @rows = $sth->fetchrow_array();
}; };
if ($@) { if ($@) {

20
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/DBI.pm
View File

@ -22,28 +22,30 @@ sub confirm {
sub modifyPassword { sub modifyPassword {
my ( $self, $req, $pwd ) = @_; my ( $self, $req, $pwd ) = @_;
my $userCol = $self->conf->{dbiAuthLoginCol}; my $userCol = $self->conf->{dbiAuthLoginCol};
my $passwordCol = $self->conf->{dbiAuthPasswordCol}; my $passwordCol = $self->conf->{dbiAuthPasswordCol};
my $table = $self->conf->{dbiAuthTable}; my $table = $self->conf->{dbiAuthTable};
my $dynamicHash = $self->conf->{dbiDynamicHashEnabled} || 0; my $dynamicHash = $self->conf->{dbiDynamicHashEnabled} || 0;
my $passwordsql; my $passwordsql;
if ( $dynamicHash == 1 ) { if ( $dynamicHash == 1 ) {
# Dynamic password hashes # Dynamic password hashes
$passwordsql = $passwordsql =
$self->dynamic_hash_new_password( $self->dbh, $req->user, $pwd, $table, $userCol, $passwordCol ); $self->dynamic_hash_new_password( $self->dbh, $req->user, $pwd,
$table, $userCol, $passwordCol );
} }
else else {
{
# Static Password hash # Static Password hash
$passwordsql = $self->hash_password( "?", $self->conf->{dbiAuthPasswordHash} ); $passwordsql =
$self->hash_password( "?", $self->conf->{dbiAuthPasswordHash} );
} }
eval { eval {
my $sth = $self->dbh->prepare( my $sth = $self->dbh->prepare(
"UPDATE $table SET $passwordCol=$passwordsql WHERE $userCol=?"); "UPDATE $table SET $passwordCol=$passwordsql WHERE $userCol=?");
$sth->execute( $pwd, $req->user ) if $passwordsql =~ /.*\?.*/; $sth->execute( $pwd, $req->user ) if $passwordsql =~ /.*\?.*/;
$sth->execute( $req->user ) unless $passwordsql =~ /.*\?.*/; $sth->execute( $req->user ) unless $passwordsql =~ /.*\?.*/;
}; };
if ($@) { if ($@) {

6
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Null.pm
View File

@ -10,12 +10,12 @@ extends 'Lemonldap::NG::Portal::Password::Base';
our $VERSION = '2.0.0'; our $VERSION = '2.0.0';
sub init {1} sub init { 1 }
sub confirm {1} sub confirm { 1 }
sub modifyPassword { sub modifyPassword {
PE_PASSWORD_OK PE_PASSWORD_OK;
} }
1; 1;

2
lemonldap-ng-portal/t/24-AuthKerberos.t
View File

@ -7,7 +7,7 @@ BEGIN {
} }
my $maintests = 8; my $maintests = 8;
my $debug = 'error'; my $debug = 'error';
SKIP: { SKIP: {
eval "require GSSAPI"; eval "require GSSAPI";

24
lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t
View File

@ -86,9 +86,9 @@ expectAuthenticatedAs( $res, 'french' );
ok( $res = $sp->_get("/sessions/global/$spId"), 'Get UTF-8' ); ok( $res = $sp->_get("/sessions/global/$spId"), 'Get UTF-8' );
expectOK($res); expectOK($res);
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' ) ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
or print STDERR $@; or print STDERR $@;
ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' ) ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
or explain( $res, 'cn => Frédéric Accents' ); or explain( $res, 'cn => Frédéric Accents' );
count(3); count(3);
# Logout initiated by SP # Logout initiated by SP
@ -212,16 +212,16 @@ sub issuer {
return LLNG::Manager::Test->new( return LLNG::Manager::Test->new(
{ {
ini => { ini => {
logLevel => $debug, logLevel => $debug,
templatesDir => 'site/htdocs/static', templatesDir => 'site/htdocs/static',
domain => 'idp.com', domain => 'idp.com',
portal => 'http://auth.idp.com', portal => 'http://auth.idp.com',
authentication => 'Demo', authentication => 'Demo',
userDB => 'Same', userDB => 'Same',
issuerDBCASActivation => 1, issuerDBCASActivation => 1,
casAttr => 'uid', casAttr => 'uid',
casAccessControlPolicy => 'error', casAccessControlPolicy => 'error',
multiValuesSeparator => ';', multiValuesSeparator => ';',
casAppMetaDataExportedVars => { casAppMetaDataExportedVars => {
sp => { sp => {
cn => 'cn', cn => 'cn',

16
lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t
View File

@ -245,14 +245,14 @@ sub sp {
return LLNG::Manager::Test->new( return LLNG::Manager::Test->new(
{ {
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'sp.com', domain => 'sp.com',
portal => 'http://auth.sp.com', portal => 'http://auth.sp.com',
authentication => 'CAS', authentication => 'CAS',
userDB => 'CAS', userDB => 'CAS',
restSessionServer => 1, restSessionServer => 1,
issuerDBCASActivation => 0, issuerDBCASActivation => 0,
multiValuesSeparator => ';', multiValuesSeparator => ';',
casSrvMetaDataExportedVars => { casSrvMetaDataExportedVars => {
idp => { idp => {
cn => 'cn', cn => 'cn',

1
lemonldap-ng-portal/t/35-REST-sessions-with-REST-server.t
View File

@ -67,6 +67,7 @@ ok( $res->{_session_id} eq $spId, ' Good ID' )
or explain( $res, "_session_id => $spId" ); or explain( $res, "_session_id => $spId" );
ok( $res->{uid} eq 'french', ' Uid is french' ) ok( $res->{uid} eq 'french', ' Uid is french' )
or explain( $res, 'uid => french' ); or explain( $res, 'uid => french' );
#ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' ) #ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
# or explain( $res->{cn}, 'Frédéric Accents' ); # or explain( $res->{cn}, 'Frédéric Accents' );
count(4); count(4);