From 44a6f2c960ddddb1555e7dda1ec04b09067e6815 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sat, 3 Aug 2019 22:33:02 +0200 Subject: [PATCH 01/28] Typo --- lemonldap-ng-portal/t/36-Combination-with-token.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lemonldap-ng-portal/t/36-Combination-with-token.t b/lemonldap-ng-portal/t/36-Combination-with-token.t index 69f2462f1..c778a5bc6 100644 --- a/lemonldap-ng-portal/t/36-Combination-with-token.t +++ b/lemonldap-ng-portal/t/36-Combination-with-token.t @@ -48,7 +48,7 @@ sub try { my $user = shift; my $res; - # Gat token + # Get token ok( $res = $client->_get( '/', accept => 'text/html' ), 'Unauth request' ); count(1); my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' ); From c827418fef90d36d0c0753c3886489e74eb2725b Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sat, 3 Aug 2019 22:33:30 +0200 Subject: [PATCH 02/28] Improve unit test (#1874) --- lemonldap-ng-portal/t/70-2F-TOTP-8.t | 69 +++++++++++++++++++++++++--- 1 file changed, 63 insertions(+), 6 deletions(-) diff --git a/lemonldap-ng-portal/t/70-2F-TOTP-8.t b/lemonldap-ng-portal/t/70-2F-TOTP-8.t index af1a04dd4..6f43787d0 100644 --- a/lemonldap-ng-portal/t/70-2F-TOTP-8.t +++ b/lemonldap-ng-portal/t/70-2F-TOTP-8.t @@ -3,7 +3,7 @@ use strict; use IO::String; require 't/test-lib.pm'; -my $maintests = 18; +my $maintests = 24; SKIP: { eval { require Convert::Base32 }; @@ -23,6 +23,8 @@ SKIP: { totp2fActivation => 1, totp2fDigits => 8, totp2fTTL => -1, + formTimeout => 2, + requireToken => 1, } } ); @@ -30,15 +32,23 @@ SKIP: { # Try to authenticate # ------------------- + ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', ); + my ( $host, $url, $query ) = + expectForm( $res, '#', undef, 'user', 'password', 'token' ); + + $query =~ s/user=/user=dwho/; + $query =~ s/password=/password=dwho/; ok( $res = $client->_post( '/', - IO::String->new('user=dwho&password=dwho'), - length => 23 + IO::String->new($query), + length => length($query), + accept => 'text/html', ), 'Auth query' ); my $id = expectCookie($res); + expectRedirection( $res, 'http://auth.example.com/' ); # TOTP form ok( @@ -99,16 +109,23 @@ SKIP: { # Try to sign-in $client->logout($id); + + ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', ); + ( $host, $url, $query ) = + expectForm( $res, '#', undef, 'user', 'password', 'token' ); + + $query =~ s/user=/user=dwho/; + $query =~ s/password=/password=dwho/; ok( $res = $client->_post( '/', - IO::String->new('user=dwho&password=dwho'), - length => 23, + IO::String->new($query), + length => length($query), accept => 'text/html', ), 'Auth query' ); - my ( $host, $url, $query ) = + ( $host, $url, $query ) = expectForm( $res, undef, '/totp2fcheck', 'token' ); # Generate TOTP with LLNG @@ -132,6 +149,46 @@ SKIP: { ); $id = expectCookie($res); $client->logout($id); + + # Try to sign-in with an expired OTT + ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', ); + ( $host, $url, $query ) = + expectForm( $res, '#', undef, 'user', 'password', 'token' ); + + $query =~ s/user=/user=dwho/; + $query =~ s/password=/password=dwho/; + ok( + $res = $client->_post( + '/', + IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Auth query' + ); + ( $host, $url, $query ) = + expectForm( $res, undef, '/totp2fcheck', 'token' ); + + # Generate TOTP with LLNG + ok( $totp = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 8 ), + 'LLNG Code' ); + $query =~ s/code=/code=$code/; + + diag 'Waiting'; + sleep 3; + + ok( + $res = $client->_post( + '/totp2fcheck', IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Post code' + ); + ( $host, $url, $query ) = + ##### TO BE FIXED + #expectForm( $res, '#', undef, 'user', 'password', 'token' ); + expectForm( $res, '#', undef, 'user', 'password' ); } count($maintests); From 6cf1c831514cc17e93ab9d317abfc59f3d18e359 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sat, 3 Aug 2019 22:48:07 +0200 Subject: [PATCH 03/28] Fix & Improve unit test (#1874) --- .../Lemonldap/NG/Portal/Main/SecondFactor.pm | 17 +++++++++-------- lemonldap-ng-portal/t/70-2F-TOTP-8.t | 4 +--- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm index 7290bd3a9..7e186f544 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm @@ -10,9 +10,12 @@ use Lemonldap::NG::Portal::Main::Constants qw( PE_BADCREDENTIALS ); -our $VERSION = '2.0.3'; +our $VERSION = '2.0.6'; -extends 'Lemonldap::NG::Portal::Main::Plugin'; +extends qw( + Lemonldap::NG::Portal::Main::Plugin + Lemonldap::NG::Portal::Auth::_WebForm +); # INITIALIZATION @@ -27,12 +30,9 @@ has ott => ( } ); -has prefix => ( is => 'rw' ); - -has logo => ( is => 'rw', default => '2f.png' ); - -has label => ( is => 'rw' ); - +has prefix => ( is => 'rw' ); +has logo => ( is => 'rw', default => '2f.png' ); +has label => ( is => 'rw' ); has noRoute => ( is => 'ro' ); sub init { @@ -93,6 +93,7 @@ sub _verify { my $session; unless ( $session = $self->ott->getToken($token) ) { $self->userLogger->info('Token expired'); + $self->setSecurity($req); return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] ); } diff --git a/lemonldap-ng-portal/t/70-2F-TOTP-8.t b/lemonldap-ng-portal/t/70-2F-TOTP-8.t index 6f43787d0..d964e4647 100644 --- a/lemonldap-ng-portal/t/70-2F-TOTP-8.t +++ b/lemonldap-ng-portal/t/70-2F-TOTP-8.t @@ -186,9 +186,7 @@ SKIP: { 'Post code' ); ( $host, $url, $query ) = - ##### TO BE FIXED - #expectForm( $res, '#', undef, 'user', 'password', 'token' ); - expectForm( $res, '#', undef, 'user', 'password' ); + expectForm( $res, '#', undef, 'user', 'password', 'token' ); } count($maintests); From 1422c28c0ba9e5de3961c81e0d149b4be30ac963 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sat, 3 Aug 2019 23:49:02 +0200 Subject: [PATCH 04/28] Improve fix & unit test (#1874) --- .../Lemonldap/NG/Portal/Main/SecondFactor.pm | 1 + lemonldap-ng-portal/t/70-2F-TOTP-8.t | 23 ++++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm index 7e186f544..16d6ef857 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm @@ -86,6 +86,7 @@ sub _verify { my $token; unless ( $token = $req->param('token') ) { $self->userLogger->error( $self->prefix . ' 2F access without token' ); + $self->setSecurity($req); $req->mustRedirect(1); return $self->p->do( $req, [ sub { PE_NOTOKEN } ] ); } diff --git a/lemonldap-ng-portal/t/70-2F-TOTP-8.t b/lemonldap-ng-portal/t/70-2F-TOTP-8.t index d964e4647..747794d3b 100644 --- a/lemonldap-ng-portal/t/70-2F-TOTP-8.t +++ b/lemonldap-ng-portal/t/70-2F-TOTP-8.t @@ -3,7 +3,7 @@ use strict; use IO::String; require 't/test-lib.pm'; -my $maintests = 24; +my $maintests = 27; SKIP: { eval { require Convert::Base32 }; @@ -187,6 +187,27 @@ SKIP: { ); ( $host, $url, $query ) = expectForm( $res, '#', undef, 'user', 'password', 'token' ); + ok( $res->[2]->[0] =~ /<\/span>/, 'Protection enabled' ) + or print STDERR Dumper( $res->[2]->[0] ); + + # Try to sign-in + ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', ); + ( $host, $url, $query ) = + expectForm( $res, '#', undef, 'user', 'password', 'token' ); + + $query =~ s/user=/user=dwho/; + $query =~ s/password=/password=dwho/; + ok( + $res = $client->_post( + '/', + IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Auth query' + ); + ( $host, $url, $query ) = + expectForm( $res, undef, '/totp2fcheck', 'token' ); } count($maintests); From c1736f7f824489a08f0fa5944f9b57cf33048ca0 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sun, 4 Aug 2019 12:08:34 +0200 Subject: [PATCH 05/28] Catch error if setSecurity is undefined (#1874) --- .../lib/Lemonldap/NG/Portal/Main/SecondFactor.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm index 16d6ef857..55a29caf7 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm @@ -86,7 +86,7 @@ sub _verify { my $token; unless ( $token = $req->param('token') ) { $self->userLogger->error( $self->prefix . ' 2F access without token' ); - $self->setSecurity($req); + eval { $self->setSecurity($req) }; $req->mustRedirect(1); return $self->p->do( $req, [ sub { PE_NOTOKEN } ] ); } From af602f91d6f749e3c6a5e27bde3451e64b6a27c1 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Sun, 4 Aug 2019 19:31:48 +0200 Subject: [PATCH 06/28] Unit test for #1873 --- lemonldap-ng-portal/t/77-2F-Extra.t | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lemonldap-ng-portal/t/77-2F-Extra.t b/lemonldap-ng-portal/t/77-2F-Extra.t index fb3531f4d..d239faefc 100644 --- a/lemonldap-ng-portal/t/77-2F-Extra.t +++ b/lemonldap-ng-portal/t/77-2F-Extra.t @@ -20,6 +20,7 @@ my $client = LLNG::Manager::Test->new( { mail2fCodeRegex => '\w{4}', }, 'logo' => 'home.jpg', + 'label' => "Home Label", 'rule' => '$uid eq "dwho" or $uid eq "msmith"', 'type' => 'Mail2F' }, @@ -113,6 +114,16 @@ ok( ) or print STDERR Dumper( $res->[2]->[0] ); count(1); +ok( + $res->[2]->[0] =~ qq%

%, 'Found translation label' +) or print STDERR Dumper( $res->[2]->[0] ); +count(1); + +ok( + $res->[2]->[0] =~ qq%

Home Label

%, 'Found overriden label' +) or print STDERR Dumper( $res->[2]->[0] ); +count(1); + $query .= '&sf=home'; ok( $res = $client->_post( From ede8e2876113bf4bead4534504ab1f37e2bd6946 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sun, 4 Aug 2019 22:35:22 +0200 Subject: [PATCH 07/28] Typo --- lemonldap-ng-portal/t/70-2F-TOTP-8.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lemonldap-ng-portal/t/70-2F-TOTP-8.t b/lemonldap-ng-portal/t/70-2F-TOTP-8.t index 747794d3b..453aa46eb 100644 --- a/lemonldap-ng-portal/t/70-2F-TOTP-8.t +++ b/lemonldap-ng-portal/t/70-2F-TOTP-8.t @@ -187,7 +187,7 @@ SKIP: { ); ( $host, $url, $query ) = expectForm( $res, '#', undef, 'user', 'password', 'token' ); - ok( $res->[2]->[0] =~ /<\/span>/, 'Protection enabled' ) + ok( $res->[2]->[0] =~ /<\/span>/, 'Token expired' ) or print STDERR Dumper( $res->[2]->[0] ); # Try to sign-in From bf20db03b968200bc6da8d671ded4a50057ed82d Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sun, 4 Aug 2019 22:39:03 +0200 Subject: [PATCH 08/28] Improve unit test & fix (#1867) --- .../Lemonldap/NG/Portal/Auth/Combination.pm | 5 ++- .../t/36-Combination-with-TOTP.t | 34 ++++++++++++++----- 2 files changed, 30 insertions(+), 9 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm index b95f9476e..5957ed6f8 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm @@ -3,7 +3,8 @@ package Lemonldap::NG::Portal::Auth::Combination; use strict; use Mouse; use Lemonldap::NG::Common::Combination::Parser; -use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR PE_FIRSTACCESS); +use Lemonldap::NG::Portal::Main::Constants + qw(PE_OK PE_ERROR PE_FIRSTACCESS PE_TOKENEXPIRED PE_NOTOKEN); use Scalar::Util 'weaken'; our $VERSION = '2.0.6'; @@ -128,6 +129,8 @@ sub getDisplayType { my ( $self, $req ) = @_; return $self->conf->{combinationForms} if ( $self->conf->{combinationForms} ); + return 'standardform' + if ( $req->{error} == PE_TOKENEXPIRED or $req->{error} == PE_NOTOKEN ); my ( $nb, $stack ) = ( $req->data->{dataKeep}->{combinationTry}, $req->data->{combinationStack} diff --git a/lemonldap-ng-portal/t/36-Combination-with-TOTP.t b/lemonldap-ng-portal/t/36-Combination-with-TOTP.t index 9afd19a47..2531ab90f 100644 --- a/lemonldap-ng-portal/t/36-Combination-with-TOTP.t +++ b/lemonldap-ng-portal/t/36-Combination-with-TOTP.t @@ -3,7 +3,7 @@ use strict; use IO::String; require 't/test-lib.pm'; -my $maintests = 16; +my $maintests = 19; SKIP: { eval { require Convert::Base32 }; @@ -109,6 +109,23 @@ SKIP: { ok( $res->{result} == 1, 'Key is registered' ); $client->logout($id); + # Try to sign-in with bad password + ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', ); + ( $host, $url, $query ) = + expectForm( $res, '#', undef, 'user', 'password', 'token' ); + + $query =~ s/user=/user=dwho/; + $query =~ s/password=/password=badpasswd/; + ok( + $res = $client->_post( + '/', + IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Auth query with bad password' + ); + # Try to sign-in ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', ); ( $host, $url, $query ) = @@ -127,14 +144,15 @@ SKIP: { ); ( $host, $url, $query ) = - expectForm( $res, undef, '/totp2fcheck', 'token', 'checkLogins' ); + expectForm( $res, undef, '/totp2fcheck', 'token' ); ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ), 'Code' ); $query =~ s/code=/code=$code/; # Expired token -->> TO BE FIXED - #diag 'Waiting'; - #sleep 3; + diag 'Waiting'; + sleep 3; + ok( $res = $client->_post( '/totp2fcheck', IO::String->new($query), @@ -143,10 +161,10 @@ SKIP: { ), 'Post code' ); - expectRedirection( $res, 'http://auth.example.com/' ); - $id = expectCookie($res); - - $client->logout($id); + ( $host, $url, $query ) = + expectForm( $res, '#', undef, 'user', 'password', 'token' ); + ok( $res->[2]->[0] =~ /<\/span>/, 'Token expired' ) + or print STDERR Dumper( $res->[2]->[0] ); } count($maintests); From 8de0a890296c23f3b4413982c786f133ec46ba3b Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Mon, 5 Aug 2019 18:58:32 +0200 Subject: [PATCH 09/28] Give more customization options for 2F prompt messages new translations labels for mail and rest, and we now pass the 2F prefix to templates. It's not used in the default skin, but it should help in cases where extra second factors are used to offer the user a more helpful prompt message --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm | 1 + lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Mail2F.pm | 2 ++ lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/REST.pm | 2 ++ lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Radius.pm | 1 + lemonldap-ng-portal/site/htdocs/static/languages/ar.json | 2 ++ lemonldap-ng-portal/site/htdocs/static/languages/de.json | 2 ++ lemonldap-ng-portal/site/htdocs/static/languages/en.json | 2 ++ lemonldap-ng-portal/site/htdocs/static/languages/es.json | 2 ++ lemonldap-ng-portal/site/htdocs/static/languages/fi.json | 2 ++ lemonldap-ng-portal/site/htdocs/static/languages/fr.json | 2 ++ lemonldap-ng-portal/site/htdocs/static/languages/it.json | 2 ++ lemonldap-ng-portal/site/htdocs/static/languages/nl.json | 2 ++ lemonldap-ng-portal/site/htdocs/static/languages/pt.json | 2 ++ lemonldap-ng-portal/site/htdocs/static/languages/ro.json | 2 ++ lemonldap-ng-portal/site/htdocs/static/languages/vi.json | 2 ++ lemonldap-ng-portal/site/htdocs/static/languages/zh.json | 2 ++ 16 files changed, 30 insertions(+) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm index d850a927c..b3ec82729 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm @@ -82,6 +82,7 @@ sub run { MAIN_LOGO => $self->conf->{portalMainLogo}, SKIN => $self->p->getSkin($req), TOKEN => $token, + PREFIX => $self->prefix, TARGET => '/' . $self->prefix . '2fcheck', CHECKLOGINS => $checkLogins } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Mail2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Mail2F.pm index 9a9319cbd..f3df07482 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Mail2F.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Mail2F.pm @@ -112,7 +112,9 @@ sub run { MAIN_LOGO => $self->conf->{portalMainLogo}, SKIN => $self->p->getSkin($req), TOKEN => $token, + PREFIX => $self->prefix, TARGET => '/' . $self->prefix . '2fcheck', + LEGEND => 'enterMail2fCode', CHECKLOGINS => $checkLogins } ); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/REST.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/REST.pm index a7dcfd9dc..e87b67184 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/REST.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/REST.pm @@ -93,7 +93,9 @@ sub run { MAIN_LOGO => $self->conf->{portalMainLogo}, SKIN => $self->p->getSkin($req), TOKEN => $token, + PREFIX => $self->prefix, TARGET => '/' . $self->prefix . '2fcheck', + LEGEND => 'enterRest2fCode', CHECKLOGINS => $checkLogins } ); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Radius.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Radius.pm index 283ec147c..a76e66444 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Radius.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Radius.pm @@ -67,6 +67,7 @@ sub run { MAIN_LOGO => $self->conf->{portalMainLogo}, SKIN => $self->p->getSkin($req), TOKEN => $token, + PREFIX => $self->prefix, TARGET => '/' . $self->prefix . '2fcheck', LEGEND => 'enterRadius2fCode', CHECKLOGINS => $checkLogins diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/ar.json b/lemonldap-ng-portal/site/htdocs/static/languages/ar.json index 540149c89..b96eca68e 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/ar.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/ar.json @@ -127,8 +127,10 @@ "date":"تاريخ", "enterCred":"الرجاء إدخال بيانات الاعتماد الخاصة بك", "enterExt2fCode":"تم إرسال رمز إليك. الرجاء إدخاله", +"enterMail2fCode":"A code has been sent to your email address. Please enter it", "enterOpenIDLogin":"الرجاء إدخال تسجيل الدخول الأوبين إيدي الخاص بك", "enterRadius2fCode":"Please enter your OTP code", +"enterRest2fCode":"Please enter your OTP code", "enterTotpCode":"Enter TOTP code", "enterYubikey":"يرجى استخدام يوبي كي الخاص بك", "errorMsg":"رسالة خاطئة", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/de.json b/lemonldap-ng-portal/site/htdocs/static/languages/de.json index f315455bc..f99daabe8 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/de.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/de.json @@ -127,8 +127,10 @@ "date":"Datum", "enterCred":"Bitte geben deine Zugangsdaten ein", "enterExt2fCode":"Ein Code wurde an dich gesendet. Bitte gebe diesen ein", +"enterMail2fCode":"A code has been sent to your email address. Please enter it", "enterOpenIDLogin":"Bitte geben deinen OpenID-Login ein", "enterRadius2fCode":"Please enter your OTP code", +"enterRest2fCode":"Please enter your OTP code", "enterTotpCode":"Gebe den TOTP Code ein", "enterYubikey":"Benutze bitte deinen Yubikey", "errorMsg":"Fehlermeldung", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/en.json b/lemonldap-ng-portal/site/htdocs/static/languages/en.json index 3666bb2be..5d2e0efe3 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/en.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/en.json @@ -127,8 +127,10 @@ "date":"Date", "enterCred":"Please enter your credentials", "enterExt2fCode":"A code has been sent to you. Please enter it", +"enterMail2fCode":"A code has been sent to your email address. Please enter it", "enterOpenIDLogin":"Please enter your OpenID login", "enterRadius2fCode":"Please enter your OTP code", +"enterRest2fCode":"Please enter your OTP code", "enterTotpCode":"Enter TOTP code", "enterYubikey":"Please use your Yubikey", "errorMsg":"Error Message", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/es.json b/lemonldap-ng-portal/site/htdocs/static/languages/es.json index 492b25eb0..8f5c04eae 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/es.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/es.json @@ -127,8 +127,10 @@ "date":"Date", "enterCred":"Please enter your credentials", "enterExt2fCode":"A code has been sent to you. Please enter it", +"enterMail2fCode":"A code has been sent to your email address. Please enter it", "enterOpenIDLogin":"Please enter your OpenID login", "enterRadius2fCode":"Please enter your OTP code", +"enterRest2fCode":"Please enter your OTP code", "enterTotpCode":"Enter TOTP code", "enterYubikey":"Please use your Yubikey", "errorMsg":"Error Message", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/fi.json b/lemonldap-ng-portal/site/htdocs/static/languages/fi.json index a26e97e46..f8f2051c3 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/fi.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/fi.json @@ -127,8 +127,10 @@ "date":"Päivämäärä", "enterCred":"Syötä käyttäjätietosi", "enterExt2fCode":"A code has been sent to you. Please enter it", +"enterMail2fCode":"A code has been sent to your email address. Please enter it", "enterOpenIDLogin":"Please enter your OpenID login", "enterRadius2fCode":"Please enter your OTP code", +"enterRest2fCode":"Please enter your OTP code", "enterTotpCode":"Enter TOTP code", "enterYubikey":"Please use your Yubikey", "errorMsg":"Virhe viesti", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json index 785d64f9e..9e2d85a6f 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json @@ -127,8 +127,10 @@ "date":"Date", "enterCred":"Merci de vous authentifier", "enterExt2fCode":"Un code vous a été envoyé, entrez-le ici", +"enterMail2fCode":"Un code vous a été envoyé par mail, entrez-le ici", "enterOpenIDLogin":"Entrez votre identifiant OpenID", "enterRadius2fCode":"Entrez votre code OTP", +"enterRest2fCode":"Entrez votre code OTP", "enterTotpCode":"Entrez le code TOTP", "enterYubikey":"Utilisez votre Yubikey", "errorMsg":"Message d'erreur", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/it.json b/lemonldap-ng-portal/site/htdocs/static/languages/it.json index a1798301f..8791896e6 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/it.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/it.json @@ -127,8 +127,10 @@ "date":"Data", "enterCred":"Inserisci le tue credenziali", "enterExt2fCode":"Un codice vi é stato inviato. Inseritelo", +"enterMail2fCode":"A code has been sent to your email address. Please enter it", "enterOpenIDLogin":"Inserisci il tuo login OpenID", "enterRadius2fCode":"Please enter your OTP code", +"enterRest2fCode":"Please enter your OTP code", "enterTotpCode":"Inserisci il codice TOTP", "enterYubikey":"Utilizza il tuo Yubikey", "errorMsg":"Messaggio di errore", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/nl.json b/lemonldap-ng-portal/site/htdocs/static/languages/nl.json index 6ca8f33dd..a7b7ab535 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/nl.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/nl.json @@ -127,8 +127,10 @@ "date":"Date", "enterCred":"Please enter your credentials", "enterExt2fCode":"A code has been sent to you. Please enter it", +"enterMail2fCode":"A code has been sent to your email address. Please enter it", "enterOpenIDLogin":"Please enter your OpenID login", "enterRadius2fCode":"Please enter your OTP code", +"enterRest2fCode":"Please enter your OTP code", "enterTotpCode":"Enter TOTP code", "enterYubikey":"Please use your Yubikey", "errorMsg":"Error Message", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/pt.json b/lemonldap-ng-portal/site/htdocs/static/languages/pt.json index e43eb3159..4ea2d7b3f 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/pt.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/pt.json @@ -127,8 +127,10 @@ "date":"Date", "enterCred":"Please enter your credentials", "enterExt2fCode":"A code has been sent to you. Please enter it", +"enterMail2fCode":"A code has been sent to your email address. Please enter it", "enterOpenIDLogin":"Please enter your OpenID login", "enterRadius2fCode":"Please enter your OTP code", +"enterRest2fCode":"Please enter your OTP code", "enterTotpCode":"Enter TOTP code", "enterYubikey":"Please use your Yubikey", "errorMsg":"Error Message", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/ro.json b/lemonldap-ng-portal/site/htdocs/static/languages/ro.json index 57b5ca284..332fa5a50 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/ro.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/ro.json @@ -127,8 +127,10 @@ "date":"Date", "enterCred":"Please enter your credentials", "enterExt2fCode":"A code has been sent to you. Please enter it", +"enterMail2fCode":"A code has been sent to your email address. Please enter it", "enterOpenIDLogin":"Please enter your OpenID login", "enterRadius2fCode":"Please enter your OTP code", +"enterRest2fCode":"Please enter your OTP code", "enterTotpCode":"Enter TOTP code", "enterYubikey":"Please use your Yubikey", "errorMsg":"Error Message", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/vi.json b/lemonldap-ng-portal/site/htdocs/static/languages/vi.json index 7cd8e13ba..732502d5d 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/vi.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/vi.json @@ -127,8 +127,10 @@ "date":"Ngày", "enterCred":"Vui lòng nhập thông tin đăng nhập của bạn", "enterExt2fCode":"Một mã đã được gửi cho bạn. Hãy nhập nó", +"enterMail2fCode":"A code has been sent to your email address. Please enter it", "enterOpenIDLogin":"Hãy nhập thông tin đăng nhập OpenID của bạn", "enterRadius2fCode":"Please enter your OTP code", +"enterRest2fCode":"Please enter your OTP code", "enterTotpCode":"Enter TOTP code", "enterYubikey":"Vui lòng sử dụng Yubikey của bạn", "errorMsg":"Thông báo lỗi", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/zh.json b/lemonldap-ng-portal/site/htdocs/static/languages/zh.json index baae22a3c..be5d3cb1a 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/zh.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/zh.json @@ -127,8 +127,10 @@ "date":"日期", "enterCred":"请输入您的认证信息", "enterExt2fCode":"验证法已发送,请输入", +"enterMail2fCode":"A code has been sent to your email address. Please enter it", "enterOpenIDLogin":"请输入您的 OpenID 认证", "enterRadius2fCode":"Please enter your OTP code", +"enterRest2fCode":"Please enter your OTP code", "enterTotpCode":"Enter TOTP code", "enterYubikey":"请使用您的Yubikey", "errorMsg":"错误消息", From 9f171162d24b811004ae3ab72d54d1b022eeaca9 Mon Sep 17 00:00:00 2001 From: Xavier Date: Mon, 5 Aug 2019 20:53:17 +0200 Subject: [PATCH 10/28] Update tr --- .../site/htdocs/static/languages/ar.json | 14 +++++++------- .../site/htdocs/static/languages/de.json | 2 +- .../site/htdocs/static/languages/it.json | 8 ++++---- .../site/htdocs/static/languages/vi.json | 4 ++-- .../site/htdocs/static/languages/zh.json | 2 +- .../site/htdocs/static/languages/ar.json | 2 +- .../site/htdocs/static/languages/de.json | 2 +- .../site/htdocs/static/languages/es.json | 2 +- .../site/htdocs/static/languages/fi.json | 2 +- .../site/htdocs/static/languages/it.json | 2 +- .../site/htdocs/static/languages/nl.json | 2 +- .../site/htdocs/static/languages/pt.json | 2 +- .../site/htdocs/static/languages/ro.json | 2 +- .../site/htdocs/static/languages/vi.json | 2 +- .../site/htdocs/static/languages/zh.json | 2 +- 15 files changed, 25 insertions(+), 25 deletions(-) diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json index 82c51b3ea..9507727d7 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json @@ -677,11 +677,11 @@ "radius2f":"Radius second factor", "radius2fActivation":"Activation", "radius2fServer":"Server hostname", -"radius2fSecret":"Shared secret", +"radius2fSecret":"سر مشترك", "radius2fUsernameSessionKey":"Session key containing login", "radius2fTimeout":"Authentication timeout", "radius2fAuthnLevel":"Authentication level", -"radius2fLogo":"Logo", +"radius2fLogo":"شعار", "radius2fLabel":"Label", "radiusAuthnLevel":"مستوى إثبات الهوية", "radiusParams":"معايير راديوس", @@ -814,7 +814,7 @@ "totp2fActivation":"تفعيل", "totp2fAuthnLevel":"TOTP authentication level", "totp2fLabel":"Label", -"totp2fLogo":"ﺶﻋﺍﺭ", +"totp2fLogo":"شعار", "totp2fDigits":"Number of digits", "totp2fDisplayExistingSecret":"Display existing secret", "totp2fInterval":"Interval", @@ -837,7 +837,7 @@ "u2fActivation":"تفعيل", "u2fAuthnLevel":"U2F مستوى إثبات الهوية", "u2fLabel":"Label", -"u2fLogo":"ﺶﻋﺍﺭ", +"u2fLogo":"شعار", "u2fSelfRegistration":"التسجيل الذاتي", "u2fTTL":"Lifetime", "u2fUserCanRemoveKey":"Allow user to remove U2F key", @@ -865,7 +865,7 @@ "utotp2fActivation":"تفعيل", "utotp2fAuthnLevel":"مستوى إثبات الهوية", "utotp2fLabel":"Label", -"utotp2fLogo":"ﺶﻋﺍﺭ", +"utotp2fLogo":"شعار", "value":"القيمة", "values":"القيم", "variables":"المتغيرات", @@ -900,7 +900,7 @@ "yubikey2fActivation":"تفعيل", "yubikey2fAuthnLevel":"مستوى إثبات الهوية", "yubikey2fLabel":"Label", -"yubikey2fLogo":"ﺶﻋﺍﺭ", +"yubikey2fLogo":"شعار", "yubikey2fClientID":"API العميل ID", "yubikey2fNonce":"Nonce", "yubikey2fPublicIDSize":"حجم الجزء العام لي OTP آي دي", @@ -1045,4 +1045,4 @@ "samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ", "samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين", "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP" -} +} \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/de.json b/lemonldap-ng-manager/site/htdocs/static/languages/de.json index 4e3274355..41027bfac 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json @@ -1045,4 +1045,4 @@ "samlRelayStateTimeout":"RelayState session timeout", "samlUseQueryStringSpecific":"Use specific query_string method", "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP" -} +} \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/it.json b/lemonldap-ng-manager/site/htdocs/static/languages/it.json index a4dbcd794..e0ead7ef5 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json @@ -675,12 +675,12 @@ "publicKey":"Chiave pubblica", "purgeNotification":"Elimina definitivamente la notifica", "radius2f":"Radius second factor", -"radius2fActivation":"Activation", +"radius2fActivation":"Attivazione", "radius2fServer":"Server hostname", -"radius2fSecret":"Shared secret", +"radius2fSecret":"Segreto condiviso", "radius2fUsernameSessionKey":"Session key containing login", "radius2fTimeout":"Authentication timeout", -"radius2fAuthnLevel":"Authentication level", +"radius2fAuthnLevel":"Livello di autenticazione", "radius2fLogo":"Logo", "radius2fLabel":"Label", "radiusAuthnLevel":"Livello di autenticazione", @@ -1045,4 +1045,4 @@ "samlRelayStateTimeout":"Timeout di sessione di RelayState", "samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string", "samlOverrideIDPEntityID":"Sostituisci l'ID entità quando agisce come IDP" -} +} \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json index 153378433..a8e0a6c3d 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json @@ -677,7 +677,7 @@ "radius2f":"Radius second factor", "radius2fActivation":"Activation", "radius2fServer":"Server hostname", -"radius2fSecret":"Shared secret", +"radius2fSecret":"Chia sẻ bí mật", "radius2fUsernameSessionKey":"Session key containing login", "radius2fTimeout":"Authentication timeout", "radius2fAuthnLevel":"Authentication level", @@ -1045,4 +1045,4 @@ "samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ", "samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể", "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP" -} +} \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json index 264944b2b..b42db4342 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json @@ -1045,4 +1045,4 @@ "samlRelayStateTimeout":"RelayState session timeout", "samlUseQueryStringSpecific":"Use specific query_string method", "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP" -} +} \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/ar.json b/lemonldap-ng-portal/site/htdocs/static/languages/ar.json index b96eca68e..12042c3c7 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/ar.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/ar.json @@ -267,4 +267,4 @@ "yourProfile":"ملفك الشخصي", "yourTotpKey":"Your TOTP key", "yubikey2f":"Yubikey" -} +} \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/de.json b/lemonldap-ng-portal/site/htdocs/static/languages/de.json index f99daabe8..43a34e09a 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/de.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/de.json @@ -267,4 +267,4 @@ "yourProfile":"Ihr Profil", "yourTotpKey":"Your TOTP key", "yubikey2f":"Yubikey" -} +} \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/es.json b/lemonldap-ng-portal/site/htdocs/static/languages/es.json index 8f5c04eae..81495bd81 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/es.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/es.json @@ -267,4 +267,4 @@ "yourProfile":"Your profile", "yourTotpKey":"Your TOTP key", "yubikey2f":"Yubikey" -} +} \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/fi.json b/lemonldap-ng-portal/site/htdocs/static/languages/fi.json index f8f2051c3..b0af330f0 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/fi.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/fi.json @@ -267,4 +267,4 @@ "yourProfile":"Profiilisi", "yourTotpKey":"Your TOTP key", "yubikey2f":"Yubikey" -} +} \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/it.json b/lemonldap-ng-portal/site/htdocs/static/languages/it.json index 8791896e6..6345f3f7b 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/it.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/it.json @@ -267,4 +267,4 @@ "yourProfile":"Il tuo profilo", "yourTotpKey":"La tua chiave TOTP", "yubikey2f":"Yubikey" -} +} \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/nl.json b/lemonldap-ng-portal/site/htdocs/static/languages/nl.json index a7b7ab535..8ceceb206 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/nl.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/nl.json @@ -267,4 +267,4 @@ "yourProfile":"Your profile", "yourTotpKey":"Your TOTP key", "yubikey2f":"Yubikey" -} +} \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/pt.json b/lemonldap-ng-portal/site/htdocs/static/languages/pt.json index 4ea2d7b3f..23103c9e2 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/pt.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/pt.json @@ -267,4 +267,4 @@ "yourProfile":"Your profile", "yourTotpKey":"Your TOTP key", "yubikey2f":"Yubikey" -} +} \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/ro.json b/lemonldap-ng-portal/site/htdocs/static/languages/ro.json index 332fa5a50..39adf6adc 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/ro.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/ro.json @@ -267,4 +267,4 @@ "yourProfile":"Your profile", "yourTotpKey":"Your TOTP key", "yubikey2f":"Yubikey" -} +} \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/vi.json b/lemonldap-ng-portal/site/htdocs/static/languages/vi.json index 732502d5d..ffc31f7ea 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/vi.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/vi.json @@ -267,4 +267,4 @@ "yourProfile":"Profile của bạn", "yourTotpKey":"Your TOTP key", "yubikey2f":"Yubikey" -} +} \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/zh.json b/lemonldap-ng-portal/site/htdocs/static/languages/zh.json index be5d3cb1a..049b63c98 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/zh.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/zh.json @@ -267,4 +267,4 @@ "yourProfile":"您的档案", "yourTotpKey":"Your TOTP key", "yubikey2f":"Yubikey" -} +} \ No newline at end of file From ea5685905b4a5fd2b2fe698c1fc156418587f6e8 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Tue, 6 Aug 2019 14:32:37 +0200 Subject: [PATCH 11/28] Manager config file typo in log path --- _example/etc/manager-nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_example/etc/manager-nginx.conf b/_example/etc/manager-nginx.conf index e192daa6a..cf9d3521b 100644 --- a/_example/etc/manager-nginx.conf +++ b/_example/etc/manager-nginx.conf @@ -3,7 +3,7 @@ server { server_name manager.__DNSDOMAIN__; root __MANAGERSITEDIR__; # Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf) - #access_log /var/log/nginx/portal.log lm_app; + #access_log /var/log/nginx/manager.log lm_app; # Uncomment this if you are running behind a reverse proxy and want # LemonLDAP::NG to see the real IP address of the end user From 13937b948fd1ea972e99154af045b883cbf5d383 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Tue, 6 Aug 2019 15:46:24 +0200 Subject: [PATCH 12/28] Fix RSA private key regexp Previously it accepted BEGIN PRIVATE KEY but not END PRIVATE KEY --- lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm | 2 +- .../lib/Lemonldap/NG/Manager/Build/Attributes.pm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index 1f55e2592..873ff2cc1 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -165,7 +165,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a- 'RSAPrivateKey' => { 'test' => sub { return $_[0] =~ -m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?(?:Proc-Type:.*\r?\nDEK-Info:.*\r?\n[\r\n]*)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:RSA\s+)PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s +m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?(?:Proc-Type:.*\r?\nDEK-Info:.*\r?\n[\r\n]*)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s ? 1 : ( 1, '__badPemEncoding__' ); } diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index bfd883ce7..d98fca9d3 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -146,7 +146,7 @@ sub types { test => sub { return ( $_[0] =~ -/^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?(?:Proc-Type:.*\r?\nDEK-Info:.*\r?\n[\r\n]*)?[a-zA-Z0-9\/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:RSA\s+)PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$/s +/^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?(?:Proc-Type:.*\r?\nDEK-Info:.*\r?\n[\r\n]*)?[a-zA-Z0-9\/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$/s ? (1) : ( 1, '__badPemEncoding__' ) ); From d2892a629bfd493f0952f7ff43f0eb6e15e6ca17 Mon Sep 17 00:00:00 2001 From: Xavier Date: Tue, 6 Aug 2019 20:18:13 +0200 Subject: [PATCH 13/28] Revert "More simple regexp" This reverts commit 2feb4a40aa779da124cd1046a043f7e8873c0f07. Closes: #1876 --- lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm index aa520e853..4c61bdc37 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm @@ -568,7 +568,7 @@ sub substitute { $expr =~ s/\$ip\b/\$ENV{REMOTE_ADDR}/sg; # substitute vars with session data, excepts special vars $_ and $\d+ - $expr =~ s/\$(?!(?:ENV|env)\b)([_a-zA-Z]\w*)/\$s->{$1}/sg; + $expr =~ s/\$(?!(?:ENV|env)\b)(_\w+|[a-zA-Z]\w*)/\$s->{$1}/sg; $expr =~ s/\$ENV\{/\$r->{env}->\{/g; $expr =~ s/\$env->\{/\$r->{env}->\{/g; From 742e7417d4d2cf41d4d84e17d4d9dd2bcaf03c93 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Tue, 6 Aug 2019 21:04:43 +0200 Subject: [PATCH 14/28] Better fix (#1867) --- .../lib/Lemonldap/NG/Portal/Auth/Combination.pm | 10 ++++++++-- lemonldap-ng-portal/t/36-Combination-with-TOTP.t | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm index 5957ed6f8..5912c6af8 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm @@ -129,8 +129,14 @@ sub getDisplayType { my ( $self, $req ) = @_; return $self->conf->{combinationForms} if ( $self->conf->{combinationForms} ); - return 'standardform' - if ( $req->{error} == PE_TOKENEXPIRED or $req->{error} == PE_NOTOKEN ); + + if ( $req->{error} > PE_OK ) { + $self->logger->notice('Start over combination schema'); + my $stack = $self->stackSub->( $req->env ); + my ( $res, $name ) = $stack->[0]->[0]->( 'getDisplayType', $req ); + return $res; + } + my ( $nb, $stack ) = ( $req->data->{dataKeep}->{combinationTry}, $req->data->{combinationStack} diff --git a/lemonldap-ng-portal/t/36-Combination-with-TOTP.t b/lemonldap-ng-portal/t/36-Combination-with-TOTP.t index 2531ab90f..d9b90fe7a 100644 --- a/lemonldap-ng-portal/t/36-Combination-with-TOTP.t +++ b/lemonldap-ng-portal/t/36-Combination-with-TOTP.t @@ -149,7 +149,7 @@ SKIP: { 'Code' ); $query =~ s/code=/code=$code/; - # Expired token -->> TO BE FIXED + # Expired token diag 'Waiting'; sleep 3; From ea713a3169c769320ae67203a2561d93eab5ca92 Mon Sep 17 00:00:00 2001 From: Xavier Date: Tue, 6 Aug 2019 21:54:41 +0200 Subject: [PATCH 15/28] Avoid conflict in $req->data between DBI and LDAP Closes: #1875 --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm | 6 +++--- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm | 4 ++-- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm | 6 +++--- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/LDAP.pm | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm index 25cf24801..5a34a4357 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm @@ -66,11 +66,11 @@ sub authenticate { my ( $self, $req ) = @_; my $res = $self->SUPER::authenticate($req); - my $pls = $self->ldap->getLdapValue( $req->data->{entry}, 'pwdLastSet' ); - my $computed = $self->ldap->getLdapValue( $req->data->{entry}, + my $pls = $self->ldap->getLdapValue( $req->data->{ldapentry}, 'pwdLastSet' ); + my $computed = $self->ldap->getLdapValue( $req->data->{ldapentry}, 'msDS-User-Account-Control-Computed' ); my $_adUac = - $self->ldap->getLdapValue( $req->data->{entry}, 'userAccountControl' ) + $self->ldap->getLdapValue( $req->data->{ldapentry}, 'userAccountControl' ) || 0; unless ( $res == PE_OK ) { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm index 087c8b09a..00a37ec9b 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm @@ -134,12 +134,12 @@ sub getUser { eval { $self->p->_authentication->setSecurity($req) }; return PE_BADCREDENTIALS; } - unless ( $req->data->{entry} = $mesg->entry(0) ) { + unless ( $req->data->{ldapentry} = $mesg->entry(0) ) { $self->userLogger->warn("$req->{user} was not found in LDAP directory"); eval { $self->p->_authentication->setSecurity($req) }; return PE_BADCREDENTIALS; } - $req->data->{dn} = $req->data->{entry}->dn(); + $req->data->{dn} = $req->data->{ldapentry}->dn(); PE_OK; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm index 436e80a21..37d6bb3ef 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm @@ -38,7 +38,7 @@ sub getUser { eval { $self->p->_authentication->setSecurity($req) }; return PE_ERROR; } - unless ( $req->data->{entry} = $sth->fetchrow_hashref() ) { + unless ( $req->data->{dbientry} = $sth->fetchrow_hashref() ) { $self->userLogger->warn("User $user not found"); eval { $self->p->_authentication->setSecurity($req) }; return PE_BADCREDENTIALS; @@ -54,8 +54,8 @@ sub setSessionInfo { foreach my $var ( keys %{ $self->exportedVars } ) { my $attr = $self->exportedVars->{$var}; - $req->{sessionInfo}->{$var} = $req->data->{entry}->{$attr} - if ( defined $req->data->{entry}->{$attr} ); + $req->{sessionInfo}->{$var} = $req->data->{dbientry}->{$attr} + if ( defined $req->data->{dbientry}->{$attr} ); } PE_OK; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/LDAP.pm index dda1d0c17..ca85e8c76 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/LDAP.pm @@ -40,7 +40,7 @@ sub setSessionInfo { %{ $self->conf->{ldapExportedVars} } ); while ( my ( $k, $v ) = each %vars ) { $req->sessionInfo->{$k} = - $self->ldap->getLdapValue( $req->data->{entry}, $v ) || ""; + $self->ldap->getLdapValue( $req->data->{ldapentry}, $v ) || ""; } PE_OK; @@ -56,7 +56,7 @@ sub setGroups { if ( $self->conf->{ldapGroupBase} ) { # Get value for group search - my $group_value = $self->ldap->getLdapValue( $req->data->{entry}, + my $group_value = $self->ldap->getLdapValue( $req->data->{ldapentry}, $self->conf->{ldapGroupAttributeNameUser} ); if ( $self->conf->{ldapGroupDecodeSearchedValue} ) { From c630a90064afb7cf8bbd9833604b6576597f951a Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Tue, 6 Aug 2019 22:25:02 +0200 Subject: [PATCH 16/28] Delete pdata cookie after notif validation & Improve unit test (#1861) --- .../lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm | 9 +++++++++ lemonldap-ng-portal/t/40-Notifications-JSON-DBI.t | 11 ++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm index eae7d354c..7a8228de6 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm @@ -201,6 +201,15 @@ sub getNotifBack { # launch 'controlUrl' to restore "urldc" using do() $self->logger->debug('All pending notifications have been accepted'); $self->p->rebuildCookies($req); + + $req->addCookie( + $self->p->cookie( + name => $self->conf->{cookieName} . 'pdata', + value => '', + expires => 'Wed, 21 Oct 2015 00:00:00 GMT' + ) + ) unless ( $req->{pdata}->{keepPdata} ); + return $self->p->do( $req, ['controlUrl'] ); } else { diff --git a/lemonldap-ng-portal/t/40-Notifications-JSON-DBI.t b/lemonldap-ng-portal/t/40-Notifications-JSON-DBI.t index 6030034b3..82dc86f18 100644 --- a/lemonldap-ng-portal/t/40-Notifications-JSON-DBI.t +++ b/lemonldap-ng-portal/t/40-Notifications-JSON-DBI.t @@ -4,7 +4,7 @@ use IO::String; my $res; my $file = 't/notifications.db'; -my $maintests = 8; +my $maintests = 10; eval { unlink $file }; require 't/test-lib.pm'; @@ -128,6 +128,15 @@ q{INSERT INTO notifications VALUES ('dwho','testref2','2016-05-30 00:00:00',?,nu ); expectRedirection( $res, 'http://test1.example.com/' ); + ok( expectCookie( $res, 'lemonldappdata' ) == '', + 'lemonldappdata cookie is deleted' ) + or explain( $res->[1], 'Set-Cookie => lemonldapidp=""' ); + ok( + ${ $res->[1] }[5] =~ + m%lemonldappdata=; path=/; expires=Wed, 21 Oct 2015 00:00:00 GMT%, + 'lemonldappdata expired' + ) or explain( $res->[1], 'lemonldappdata => expires=Wed, 21 Oct 2015' ); + # Verify that notification was tagged as 'done' my $sth = $dbh->prepare('SELECT * FROM notifications WHERE done IS NOT NULL'); From 7aad4705863de95bdfd4e373c654b3fd0d3772ac Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Tue, 6 Aug 2019 22:29:48 +0200 Subject: [PATCH 17/28] Delete pdata cookie after XML notif validation & Improve unit test (#1861) --- .../Lemonldap/NG/Portal/Lib/Notifications/XML.pm | 9 +++++++++ lemonldap-ng-portal/t/40-Notifications-XML-DBI.t | 13 +++++++++++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/XML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/XML.pm index f72ee593f..7bf22479b 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/XML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/XML.pm @@ -260,6 +260,15 @@ sub getNotifBack { # launch 'controlUrl' to restore "urldc" using do() $self->logger->debug('All pending notifications have been accepted'); $self->p->rebuildCookies($req); + + $req->addCookie( + $self->p->cookie( + name => $self->conf->{cookieName} . 'pdata', + value => '', + expires => 'Wed, 21 Oct 2015 00:00:00 GMT' + ) + ) unless ( $req->{pdata}->{keepPdata} ); + return $self->p->do( $req, ['controlUrl'] ); } else { diff --git a/lemonldap-ng-portal/t/40-Notifications-XML-DBI.t b/lemonldap-ng-portal/t/40-Notifications-XML-DBI.t index f224519bf..4a0c688f5 100644 --- a/lemonldap-ng-portal/t/40-Notifications-XML-DBI.t +++ b/lemonldap-ng-portal/t/40-Notifications-XML-DBI.t @@ -4,8 +4,8 @@ use IO::String; my $res; my $file = 't/notifications.db'; -my $maintests = 7; -#my $maintests = 8; +my $maintests = 9; +#my $maintests = 10; eval { unlink $file }; require 't/test-lib.pm'; @@ -127,6 +127,15 @@ qq{INSERT INTO notifications VALUES ('dwho','testref2','2016-05-30 00:00:00','[1], 'Set-Cookie => lemonldapidp=""' ); + ok( + ${ $res->[1] }[5] =~ + m%lemonldappdata=; path=/; expires=Wed, 21 Oct 2015 00:00:00 GMT%, + 'lemonldappdata expired' + ) or explain( $res->[1], 'lemonldappdata => expires=Wed, 21 Oct 2015' ); + # Verify that notification was tagged as 'done' my $sth = $dbh->prepare('SELECT * FROM notifications WHERE done IS NOT NULL'); From ce05b4417270c0e5da7635c47ec34b32f4641e11 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Tue, 6 Aug 2019 22:42:17 +0200 Subject: [PATCH 18/28] Remove useless constants (#1867) --- .../lib/Lemonldap/NG/Portal/Auth/Combination.pm | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm index 5912c6af8..a7c859b71 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm @@ -3,8 +3,7 @@ package Lemonldap::NG::Portal::Auth::Combination; use strict; use Mouse; use Lemonldap::NG::Common::Combination::Parser; -use Lemonldap::NG::Portal::Main::Constants - qw(PE_OK PE_ERROR PE_FIRSTACCESS PE_TOKENEXPIRED PE_NOTOKEN); +use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR PE_FIRSTACCESS); use Scalar::Util 'weaken'; our $VERSION = '2.0.6'; From 9b24fd02e5b64c924392f6ff648b467815ded504 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Wed, 7 Aug 2019 19:35:35 +0200 Subject: [PATCH 19/28] Log more detailed information about Kerberos failures --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm index efefc082f..00557e1a1 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm @@ -156,6 +156,9 @@ sub extractFormInfo { ); unless ($status) { $self->logger->error('Unable to accept security context'); + foreach ( $status->generic_message(), $status->specific_message() ) { + $self->logger->error($_); + } return PE_ERROR; } my $client_name; From 9dac92064c589ab17529d29af3fae5021be96ff1 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Wed, 7 Aug 2019 22:29:12 +0200 Subject: [PATCH 20/28] Better fix & update unit tests (#1861) --- .../NG/Portal/Lib/Notifications/JSON.pm | 11 +---------- .../NG/Portal/Lib/Notifications/XML.pm | 11 +---------- .../t/40-Notifications-JSON-DBI.t | 14 +++++--------- .../t/40-Notifications-XML-DBI.t | 17 +++++++---------- 4 files changed, 14 insertions(+), 39 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm index 7a8228de6..d2ac3cb14 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm @@ -201,16 +201,7 @@ sub getNotifBack { # launch 'controlUrl' to restore "urldc" using do() $self->logger->debug('All pending notifications have been accepted'); $self->p->rebuildCookies($req); - - $req->addCookie( - $self->p->cookie( - name => $self->conf->{cookieName} . 'pdata', - value => '', - expires => 'Wed, 21 Oct 2015 00:00:00 GMT' - ) - ) unless ( $req->{pdata}->{keepPdata} ); - - return $self->p->do( $req, ['controlUrl'] ); + return $self->p->do( $req, [ 'controlUrl', @{ $self->p->endAuth } ] ); } else { # No notifications checked here, this entry point must not be called. diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/XML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/XML.pm index 7bf22479b..7eecfe254 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/XML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/XML.pm @@ -260,16 +260,7 @@ sub getNotifBack { # launch 'controlUrl' to restore "urldc" using do() $self->logger->debug('All pending notifications have been accepted'); $self->p->rebuildCookies($req); - - $req->addCookie( - $self->p->cookie( - name => $self->conf->{cookieName} . 'pdata', - value => '', - expires => 'Wed, 21 Oct 2015 00:00:00 GMT' - ) - ) unless ( $req->{pdata}->{keepPdata} ); - - return $self->p->do( $req, ['controlUrl'] ); + return $self->p->do( $req, ['controlUrl', @{ $self->p->endAuth }] ); } else { # No notifications checked here, this entry point must not be called. diff --git a/lemonldap-ng-portal/t/40-Notifications-JSON-DBI.t b/lemonldap-ng-portal/t/40-Notifications-JSON-DBI.t index 82dc86f18..1102aebd7 100644 --- a/lemonldap-ng-portal/t/40-Notifications-JSON-DBI.t +++ b/lemonldap-ng-portal/t/40-Notifications-JSON-DBI.t @@ -4,7 +4,7 @@ use IO::String; my $res; my $file = 't/notifications.db'; -my $maintests = 10; +my $maintests = 9; eval { unlink $file }; require 't/test-lib.pm'; @@ -127,15 +127,11 @@ q{INSERT INTO notifications VALUES ('dwho','testref2','2016-05-30 00:00:00',?,nu "Accept notifications" ); expectRedirection( $res, 'http://test1.example.com/' ); - - ok( expectCookie( $res, 'lemonldappdata' ) == '', - 'lemonldappdata cookie is deleted' ) - or explain( $res->[1], 'Set-Cookie => lemonldapidp=""' ); + my $cookies = getCookies($res); ok( - ${ $res->[1] }[5] =~ - m%lemonldappdata=; path=/; expires=Wed, 21 Oct 2015 00:00:00 GMT%, - 'lemonldappdata expired' - ) or explain( $res->[1], 'lemonldappdata => expires=Wed, 21 Oct 2015' ); + !defined( $cookies->{lemonldappdata} ), + " Make sure no pdata is returned" + ); # Verify that notification was tagged as 'done' my $sth = diff --git a/lemonldap-ng-portal/t/40-Notifications-XML-DBI.t b/lemonldap-ng-portal/t/40-Notifications-XML-DBI.t index 4a0c688f5..197c8f1c1 100644 --- a/lemonldap-ng-portal/t/40-Notifications-XML-DBI.t +++ b/lemonldap-ng-portal/t/40-Notifications-XML-DBI.t @@ -4,8 +4,9 @@ use IO::String; my $res; my $file = 't/notifications.db'; -my $maintests = 9; -#my $maintests = 10; +my $maintests = 8; + +#my $maintests = 9; eval { unlink $file }; require 't/test-lib.pm'; @@ -126,15 +127,11 @@ qq{INSERT INTO notifications VALUES ('dwho','testref2','2016-05-30 00:00:00','[1], 'Set-Cookie => lemonldapidp=""' ); + my $cookies = getCookies($res); ok( - ${ $res->[1] }[5] =~ - m%lemonldappdata=; path=/; expires=Wed, 21 Oct 2015 00:00:00 GMT%, - 'lemonldappdata expired' - ) or explain( $res->[1], 'lemonldappdata => expires=Wed, 21 Oct 2015' ); + !defined( $cookies->{lemonldappdata} ), + " Make sure no pdata is returned" + ); # Verify that notification was tagged as 'done' my $sth = From d565dc66c34a992cb1582630c7ed554534d15072 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Wed, 7 Aug 2019 23:03:49 +0200 Subject: [PATCH 21/28] Improve unit test (#1878) --- lemonldap-ng-portal/t/29-AuthSSL.t | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/lemonldap-ng-portal/t/29-AuthSSL.t b/lemonldap-ng-portal/t/29-AuthSSL.t index 10074122a..79e0b057b 100644 --- a/lemonldap-ng-portal/t/29-AuthSSL.t +++ b/lemonldap-ng-portal/t/29-AuthSSL.t @@ -18,7 +18,16 @@ my $client = LLNG::Manager::Test->new( { } ); -ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu' ); +ok( + $res = $client->_get( + '/', + query => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29tLw==', + accept => 'text/html' + ), + 'Get Menu' +); +my $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' ); + ok( $res->[2]->[0] =~ m%%, @@ -32,12 +41,19 @@ ok( $res->[2]->[0] =~ /ssl\.(?:min\.)?js/, 'Get sslChoice javascript' ) count(4); ok( - $res = $client->_get( '/', custom => { SSL_CLIENT_S_DN_Custom => 'dwho' } ), + $res = $client->_get( + '/', + cookie => $pdata, + accept => 'text/html', + custom => { SSL_CLIENT_S_DN_Custom => 'dwho' } + ), 'Auth query' ); -expectOK($res); expectCookie($res); -count(1); +expectRedirection( $res, 'http://test1.example.com/' ); +$pdata = expectCookie( $res, 'lemonldappdata' ); +ok( $pdata eq '', 'pdata is empty' ); +count(2); &Lemonldap::NG::Handler::Main::cfgNum( 0, 0 ); $client = LLNG::Manager::Test->new( { From 33e7a05f8a52ee4567cc82bb2f3f4eac36aa082d Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Thu, 8 Aug 2019 22:39:09 +0200 Subject: [PATCH 22/28] Append parameter to set Manager default route (#1880) --- lemonldap-ng-common/lemonldap-ng.ini | 4 ++++ lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm | 14 +++++++++++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/lemonldap-ng-common/lemonldap-ng.ini b/lemonldap-ng-common/lemonldap-ng.ini index 6e352212e..d57e73000 100644 --- a/lemonldap-ng-common/lemonldap-ng.ini +++ b/lemonldap-ng-common/lemonldap-ng.ini @@ -370,6 +370,10 @@ languages = fr, en, it, vi, ar ; The first will be used as default module displayed enabledModules = conf, sessions, notifications, 2ndFA, viewer +; To avoid restricted users to edit configuration, defaulModule MUST be different than 'conf' +; 'viewer' is set by default +;defaultModule = viewer + ; Viewer module allows us to edit configuration in read-only mode ; Options can be set with specific rules like this : ;viewerAllowBrowser = $uid eq 'dwho' diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm index e02962b23..3c8746e5c 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm @@ -17,7 +17,7 @@ use JSON; use Lemonldap::NG::Common::Conf::Constants; use Lemonldap::NG::Common::PSGI::Constants; -our $VERSION = '2.0.5'; +our $VERSION = '2.0.6'; extends 'Lemonldap::NG::Common::Conf::AccessLib', 'Lemonldap::NG::Handler::PSGI::Router'; @@ -52,7 +52,7 @@ sub init { return 0; } - $self->{enabledModules} ||= "conf, sessions, notifications, 2ndFA"; + $self->{enabledModules} ||= "conf, sessions, notifications, 2ndFA, viewer"; my @links; my @enabledModules = map { push @links, $_; "Lemonldap::NG::Manager::" . ucfirst($_) } @@ -87,7 +87,15 @@ sub init { "default-src 'self' $portal;frame-ancestors 'none';form-action 'self';" ); - $self->defaultRoute( $working[0]->defaultRoute ); + # Avoid restricted users to access configuration by default route + my $defaultMod = $self->{defaultModule} || 'viewer'; + my @availableModules = split /[,\s]+/, $self->{enabledModules}; + $self->logger->debug("Default module -> $defaultMod"); + my ($index) = + grep { $availableModules[$_] eq $defaultMod } ( 0 .. $#availableModules ); + $index //= 0; + $self->logger->debug("Default index -> $index"); + $self->defaultRoute( $working[$index]->defaultRoute ); # Find out more glyphicones at https://www.w3schools.com/icons/bootstrap_icons_glyphicons.asp my $linksIcons = { From fdee58a120e0552b5857305714db01220ea626f2 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Fri, 9 Aug 2019 09:24:32 +0200 Subject: [PATCH 23/28] Better fix (#1880) --- lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm | 5 ++--- .../lib/Lemonldap/NG/Manager/Attributes.pm | 7 ++++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm index 3c8746e5c..ba4e60067 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm @@ -89,11 +89,10 @@ sub init { # Avoid restricted users to access configuration by default route my $defaultMod = $self->{defaultModule} || 'viewer'; - my @availableModules = split /[,\s]+/, $self->{enabledModules}; $self->logger->debug("Default module -> $defaultMod"); my ($index) = - grep { $availableModules[$_] eq $defaultMod } ( 0 .. $#availableModules ); - $index //= 0; + grep { $working[$_] =~ /::$defaultMod$/ } ( 0 .. $#working ); + $index //= $#working; $self->logger->debug("Default index -> $index"); $self->defaultRoute( $working[$index]->defaultRoute ); diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index 873ff2cc1..7888a9aba 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -137,7 +137,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a- eval { do { qr/$_[0]/; - } + } }; return $@ ? ( 0, "__badRegexp__: $@" ) : 1; } @@ -218,7 +218,8 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\ }, 'select' => { 'test' => sub { - my $test = grep( { $_ eq $_[0]; } + my $test = + grep( { $_ eq $_[0]; } map( { $_->{'k'}; } @{ $_[2]{'select'}; } ) ); return $test ? 1 @@ -1585,7 +1586,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][ eval { do { qr/$_[0]/; - } + } }; return $@ ? 0 : 1; }, From daa03a9a9cc213b55838ab99b001d4eced216c1d Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Fri, 9 Aug 2019 13:53:58 +0200 Subject: [PATCH 24/28] OIDC: tie client_id to authorization code (#1881) --- .../NG/Portal/Issuer/OpenIDConnect.pm | 10 + lemonldap-ng-portal/t/32-OIDC-Token-Spoof.t | 178 ++++++++++++++++++ 2 files changed, 188 insertions(+) create mode 100644 lemonldap-ng-portal/t/32-OIDC-Token-Spoof.t diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm index dd9e1239b..7fca927b3 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm @@ -602,6 +602,7 @@ sub run { { redirect_uri => $oidc_request->{'redirect_uri'}, scope => $oidc_request->{'scope'}, + client_id => $client_id, user_session_id => $req->id, _utime => time, nonce => $oidc_request->{'nonce'}, @@ -770,6 +771,7 @@ sub run { undef, { redirect_uri => $oidc_request->{'redirect_uri'}, + client_id => $client_id, scope => $oidc_request->{'scope'}, user_session_id => $req->id, _utime => time, @@ -1071,6 +1073,14 @@ sub token { } } + # Check we have the same client_id value + unless ( $client_id eq $codeSession->data->{client_id} ) + { + $self->userLogger->error( "Provided client_id does not match " + . $codeSession->data->{client_id} ); + return $self->p->sendError( $req, 'invalid_grant', 400 ); + } + # Check we have the same redirect_uri value unless ( $req->param("redirect_uri") eq $codeSession->data->{redirect_uri} ) { diff --git a/lemonldap-ng-portal/t/32-OIDC-Token-Spoof.t b/lemonldap-ng-portal/t/32-OIDC-Token-Spoof.t new file mode 100644 index 000000000..8e52f721b --- /dev/null +++ b/lemonldap-ng-portal/t/32-OIDC-Token-Spoof.t @@ -0,0 +1,178 @@ +use lib 'inc'; +use Test::More; +use strict; +use IO::String; +use LWP::UserAgent; +use LWP::Protocol::PSGI; +use MIME::Base64; + +BEGIN { + require 't/test-lib.pm'; +} + +my $debug = 'error'; + +# Initialization +my $op = LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'idp.com', + portal => 'http://auth.op.com', + authentication => 'Demo', + userDB => 'Same', + issuerDBOpenIDConnectActivation => 1, + issuerDBOpenIDConnectRule => '$uid eq "french"', + oidcRPMetaDataExportedVars => { + rp => { + email => "mail", + family_name => "cn", + name => "cn" + }, + rp2 => { + email => "mail", + family_name => "cn", + name => "cn" + } + }, + oidcServiceMetaDataIssuer => "http://auth.op.com", + oidcServiceMetaDataAuthorizeURI => "authorize", + oidcServiceMetaDataCheckSessionURI => "checksession.html", + oidcServiceMetaDataJWKSURI => "jwks", + oidcServiceMetaDataEndSessionURI => "logout", + oidcServiceMetaDataRegistrationURI => "register", + oidcServiceMetaDataTokenURI => "token", + oidcServiceMetaDataUserInfoURI => "userinfo", + oidcServiceAllowHybridFlow => 1, + oidcServiceAllowImplicitFlow => 1, + oidcServiceAllowDynamicRegistration => 1, + oidcServiceAllowAuthorizationCodeFlow => 1, + oidcRPMetaDataOptions => { + rp => { + oidcRPMetaDataOptionsDisplayName => "RP", + oidcRPMetaDataOptionsIDTokenExpiration => 3600, + oidcRPMetaDataOptionsClientID => "rpid", + oidcRPMetaDataOptionsIDTokenSignAlg => "HS512", + oidcRPMetaDataOptionsClientSecret => "rpsecret", + oidcRPMetaDataOptionsUserIDAttr => "", + oidcRPMetaDataOptionsAccessTokenExpiration => 3600, + oidcRPMetaDataOptionsBypassConsent => 1, + }, + rp2 => { + oidcRPMetaDataOptionsDisplayName => "RP2", + oidcRPMetaDataOptionsIDTokenExpiration => 3600, + oidcRPMetaDataOptionsClientID => "rp2id", + oidcRPMetaDataOptionsIDTokenSignAlg => "HS512", + oidcRPMetaDataOptionsClientSecret => "rp2secret", + oidcRPMetaDataOptionsUserIDAttr => "", + oidcRPMetaDataOptionsAccessTokenExpiration => 3600, + oidcRPMetaDataOptionsBypassConsent => 1, + oidcRPMetaDataOptionsRule => '$uid eq "dwho"', + } + }, + oidcOPMetaDataOptions => {}, + oidcOPMetaDataJSON => {}, + oidcOPMetaDataJWKS => {}, + oidcServiceMetaDataAuthnContext => { + 'loa-4' => 4, + 'loa-1' => 1, + 'loa-5' => 5, + 'loa-2' => 2, + 'loa-3' => 3 + }, + oidcServicePrivateKeySig => "-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAs2jsmIoFuWzMkilJaA8//5/T30cnuzX9GImXUrFR2k9EKTMt +GMHCdKlWOl3BV+BTAU9TLz7Jzd/iJ5GJ6B8TrH1PHFmHpy8/qE/S5OhinIpIi7eb +ABqnoVcwDdCa8ugzq8k8SWxhRNXfVIlwz4NH1caJ8lmiERFj7IvNKqEhzAk0pyDr +8hubveTC39xREujKlsqutpPAFPJ3f2ybVsdykX5rx0h5SslG3jVWYhZ/SOb2aIzO +r0RMjhQmsYRwbpt3anjlBZ98aOzg7GAkbO8093X5VVk9vaPRg0zxJQ0Do0YLyzkR +isSAIFb0tdKuDnjRGK6y/N2j6At2HjkxntbtGQIDAQABAoIBADYq6LxJd977LWy3 +0HT9nboFPIf+SM2qSEc/S5Po+6ipJBA4ZlZCMf7dHa6znet1TDpqA9iQ4YcqIHMH +6xZNQ7hhgSAzG9TrXBHqP+djDlrrGWotvjuy0IfS9ixFnnLWjrtAH9afRWLuG+a/ +NHNC1M6DiiTE0TzL/lpt/zzut3CNmWzH+t19X6UsxUg95AzooEeewEYkv25eumWD +mfQZfCtSlIw1sp/QwxeJa/6LJw7KcPZ1wXUm1BN0b9eiKt9Cmni1MS7elgpZlgGt +xtfGTZtNLQ7bgDiM8MHzUfPBhbceNSIx2BeCuOCs/7eaqgpyYHBbAbuBQex2H61l +Lcc3Tz0CgYEA4Kx/avpCPxnvsJ+nHVQm5d/WERuDxk4vH1DNuCYBvXTdVCGADf6a +F5No1JcTH3nPTyPWazOyGdT9LcsEJicLyD8vCM6hBFstG4XjqcAuqG/9DRsElpHQ +yi1zc5DNP7Vxmiz9wII0Mjy0abYKtxnXh9YK4a9g6wrcTpvShhIcIb8CgYEAzGzG +lorVCfX9jXULIznnR/uuP5aSnTEsn0xJeqTlbW0RFWLdj8aIL1peirh1X89HroB9 +GeTNqEJXD+3CVL2cx+BRggMDUmEz4hR59meZCDGUyT5fex4LIsceb/ESUl2jo6Sw +HXwWbN67rQ55N4oiOcOppsGxzOHkl5HdExKidycCgYEAr5Qev2tz+fw65LzfzHvH +Kj4S/KuT/5V6He731cFd+sEpdmX3vPgLVAFPG1Q1DZQT/rTzDDQKK0XX1cGiLG63 +NnaqOye/jbfzOF8Z277kt51NFMDYhRLPKDD82IOA4xjY/rPKWndmcxwdob8yAIWh +efY76sMz6ntCT+xWSZA9i+ECgYBWMZM2TIlxLsBfEbfFfZewOUWKWEGvd9l5vV/K +D5cRIYivfMUw5yPq2267jPUolayCvniBH4E7beVpuPVUZ7KgcEvNxtlytbt7muil +5Z6X3tf+VodJ0Swe2NhTmNEB26uwxzLe68BE3VFCsbSYn2y48HAq+MawPZr18bHG +ZfgMxwKBgHHRg6HYqF5Pegzk1746uH2G+OoCovk5ylGGYzcH2ghWTK4agCHfBcDt +EYqYAev/l82wi+OZ5O8U+qjFUpT1CVeUJdDs0o5u19v0UJjunU1cwh9jsxBZAWLy +PAGd6SWf4S3uQCTw6dLeMna25YIlPh5qPA6I/pAahe8e3nSu2ckl +-----END RSA PRIVATE KEY----- +", + oidcServicePublicKeySig => "-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2jsmIoFuWzMkilJaA8/ +/5/T30cnuzX9GImXUrFR2k9EKTMtGMHCdKlWOl3BV+BTAU9TLz7Jzd/iJ5GJ6B8T +rH1PHFmHpy8/qE/S5OhinIpIi7ebABqnoVcwDdCa8ugzq8k8SWxhRNXfVIlwz4NH +1caJ8lmiERFj7IvNKqEhzAk0pyDr8hubveTC39xREujKlsqutpPAFPJ3f2ybVsdy +kX5rx0h5SslG3jVWYhZ/SOb2aIzOr0RMjhQmsYRwbpt3anjlBZ98aOzg7GAkbO80 +93X5VVk9vaPRg0zxJQ0Do0YLyzkRisSAIFb0tdKuDnjRGK6y/N2j6At2Hjkxntbt +GQIDAQAB +-----END PUBLIC KEY----- +", + } + } + ); +my $res; + +# Authenticate to LLNG +my $url = "/"; +my $query = "user=french&password=french"; +ok( + $res = $op->_post( + "/", + IO::String->new($query), + accept => 'text/html', + length => length($query), + ), + "Post authentication" +); +count(1); +my $idpId = expectCookie($res); + +# Get code for RP1 +my $query="response_type=code&scope=openid%20profile%20email&client_id=rpid&state=af0ifjsldkj&redirect_uri=http%3A%2F%2Frp2.com%2F"; +ok( + $res = $op->_get( + "/oauth2/authorize", + query => "$query", + accept => 'text/html', + cookie => "lemonldap=$idpId", + ), + "Get authorization code" +); +count(1); + +my ( $code ) = expectRedirection( $res, qr#http://rp2\.com/.*code=([^\&]*)#); + +# Play code on RP2 +$query="grant_type=authorization_code&code=$code&redirect_uri=http%3A%2F%2Frp2.com%2F"; + +ok( + $res = $op->_post( + "/oauth2/token", + IO::String->new($query), + accept => 'text/html', + length => length($query), + custom => { + HTTP_AUTHORIZATION => "Basic ". encode_base64("rp2id:rp2secret"), + }, + ), + "Post token" +); +count(1); + +# Expect an invalid request +ok ($res->[0] = 400); +count(1); + +clean_sessions(); +done_testing( count() ); + From b453647b266142b82090586c17cf1bb3c9668b15 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Fri, 9 Aug 2019 22:11:05 +0200 Subject: [PATCH 25/28] Fix langs directory (#1870) --- .../lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm index 41826107a..e67f3f3bd 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm @@ -535,11 +535,7 @@ sub delKeyInMySession { sub getError { my ( $self, $req, $lang, $errNum ) = @_; my $json; - my $langsDir = - $self->conf->{templateDir} - . '/../htdocs' - . $self->conf->{staticPrefix} - . '/languages'; + my $langsDir = 'site/htdocs/static/languages'; $lang ||= 'en'; $errNum From bee0e675f39e0854d7d9bdf1fce8b4ddf799cbe2 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Fri, 9 Aug 2019 22:46:43 +0200 Subject: [PATCH 26/28] Revert "Fix langs directory (#1870)" This reverts commit b453647b266142b82090586c17cf1bb3c9668b15. --- .../lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm index e67f3f3bd..41826107a 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm @@ -535,7 +535,11 @@ sub delKeyInMySession { sub getError { my ( $self, $req, $lang, $errNum ) = @_; my $json; - my $langsDir = 'site/htdocs/static/languages'; + my $langsDir = + $self->conf->{templateDir} + . '/../htdocs' + . $self->conf->{staticPrefix} + . '/languages'; $lang ||= 'en'; $errNum From 869dbb9e42996501fdfe58a6290e78dee2f9a680 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Fri, 9 Aug 2019 23:07:58 +0200 Subject: [PATCH 27/28] Fix unit test (#1870) --- lemonldap-ng-portal/t/35-REST-config-backend.t | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lemonldap-ng-portal/t/35-REST-config-backend.t b/lemonldap-ng-portal/t/35-REST-config-backend.t index 7e6384b2a..041b445af 100644 --- a/lemonldap-ng-portal/t/35-REST-config-backend.t +++ b/lemonldap-ng-portal/t/35-REST-config-backend.t @@ -244,6 +244,8 @@ sub issuer { userDB => 'Same', restSessionServer => 1, restConfigServer => 1, + templateDir => 'templates', + staticPrefix => '/static', } } ); From 13378c31501e342f0ee10c92aeb704118f71936e Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Fri, 9 Aug 2019 23:28:43 +0200 Subject: [PATCH 28/28] Fix unit test (#1870) --- lemonldap-ng-portal/t/35-REST-config-backend.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lemonldap-ng-portal/t/35-REST-config-backend.t b/lemonldap-ng-portal/t/35-REST-config-backend.t index 041b445af..ab25a339d 100644 --- a/lemonldap-ng-portal/t/35-REST-config-backend.t +++ b/lemonldap-ng-portal/t/35-REST-config-backend.t @@ -244,7 +244,7 @@ sub issuer { userDB => 'Same', restSessionServer => 1, restConfigServer => 1, - templateDir => 'templates', + templateDir => 'site/templates', staticPrefix => '/static', } }