Merge branch 'v2.0'
This commit is contained in:
commit
9231711a41
|
@ -142,7 +142,7 @@
|
|||
"loginHistoryEnabled" : 1,
|
||||
"macros" : {
|
||||
"UA" : "$ENV{HTTP_USER_AGENT}",
|
||||
"_whatToTrace" : "$_auth eq 'SAML' ? lc($_user.'@'.$_idpConfKey) : $_auth eq 'OpenIDConnect' ? lc($_user.'@'.$_oidcConnectedRP) : lc($_user)"
|
||||
"_whatToTrace" : "$_auth eq 'SAML' ? lc($_user.'@'.$_idpConfKey) : $_auth eq 'OpenIDConnect' ? lc($_user.'@'.$_oidc_OP) : lc($_user)"
|
||||
},
|
||||
"mailUrl" : "http://auth.__DNSDOMAIN__/resetpwd",
|
||||
"notification" : 1,
|
||||
|
|
|
@ -167,7 +167,7 @@
|
|||
"loginHistoryEnabled": 1,
|
||||
"macros": {
|
||||
"UA" : "$ENV{HTTP_USER_AGENT}",
|
||||
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : $_auth eq 'OpenIDConnect' ? \"$_user\\@$_oidcConnectedRP\" : \"$_user\""
|
||||
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : $_auth eq 'OpenIDConnect' ? \"$_user\\@$_oidc_OP\" : \"$_user\""
|
||||
},
|
||||
"mailUrl": "http://auth.example.com:__port__/resetpwd",
|
||||
"notification": 1,
|
||||
|
|
|
@ -276,7 +276,12 @@ sub locationRulesInit {
|
|||
|
||||
foreach my $vhost ( keys %$orules ) {
|
||||
my $rules = $orules->{$vhost};
|
||||
$class->tsv->{locationCount}->{$vhost} = 0;
|
||||
$class->tsv->{locationCount}->{$vhost} = 0;
|
||||
$class->tsv->{locationCondition}->{$vhost} = [];
|
||||
$class->tsv->{locationProtection}->{$vhost} = [];
|
||||
$class->tsv->{locationRegexp}->{$vhost} = [];
|
||||
$class->tsv->{locationConditionText}->{$vhost} = [];
|
||||
|
||||
foreach my $url ( sort keys %{$rules} ) {
|
||||
my ( $cond, $prot ) = $class->conditionSub( $rules->{$url} );
|
||||
unless ($cond) {
|
||||
|
@ -296,8 +301,8 @@ sub locationRulesInit {
|
|||
push @{ $class->tsv->{locationProtection}->{$vhost} }, $prot;
|
||||
push @{ $class->tsv->{locationRegexp}->{$vhost} }, qr/$url/;
|
||||
push @{ $class->tsv->{locationConditionText}->{$vhost} },
|
||||
$cond =~ /^\(\?#(.*?)\)/ ? $1
|
||||
: $cond =~ /^(.*?)##(.+)$/ ? $2
|
||||
$url =~ /^\(\?#(.*?)\)/ ? $1
|
||||
: $url =~ /^(.*?)##(.+)$/ ? $2
|
||||
: $url;
|
||||
$class->tsv->{locationCount}->{$vhost}++;
|
||||
}
|
||||
|
@ -362,7 +367,7 @@ sub sessionStorageInit {
|
|||
$class->tsv->{statusPipe}->print("RELOADCACHE $params\n");
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
## @imethod void headersInit(hashRef args)
|
||||
|
|
|
@ -849,10 +849,13 @@ sub _scanNodes {
|
|||
# authChoiceModules
|
||||
if ( $name eq 'authChoiceModules' ) {
|
||||
hdebug(' authChoiceModules');
|
||||
$n->{data}->[5] ||= {};
|
||||
$n->{data}->[5] =
|
||||
to_json( { map { @$_ } @{ $n->{data}->[5] } } )
|
||||
if ref( $n->{data}->[5] ) eq 'ARRAY';
|
||||
if ( ref( $n->{data}->[5] ) eq 'ARRAY' ) {
|
||||
$n->{data}->[5] = to_json(
|
||||
{ map { @$_ } @{ $n->{data}->[5] } } );
|
||||
}
|
||||
else {
|
||||
$n->{data}->[5] = '{}';
|
||||
}
|
||||
}
|
||||
|
||||
$n->{data} = join ';', @{ $n->{data} };
|
||||
|
|
|
@ -108,7 +108,7 @@ sub zeroConf {
|
|||
},
|
||||
'macros' => {
|
||||
'_whatToTrace' =>
|
||||
'$_auth eq \'SAML\' ? lc($_user.\'@\'.$_idpConfKey) : $_auth eq \'OpenIDConnect\' ? lc($_user.\'@\'.$_oidcConnectedRP) : lc($_user)',
|
||||
'$_auth eq \'SAML\' ? lc($_user.\'@\'.$_idpConfKey) : $_auth eq \'OpenIDConnect\' ? lc($_user.\'@\'.$_oidc_OP) : lc($_user)',
|
||||
'UA' => '$ENV{HTTP_USER_AGENT}'
|
||||
},
|
||||
'notificationStorageOptions' => {
|
||||
|
|
|
@ -269,7 +269,8 @@ sub display {
|
|||
# Avoid issue 1867
|
||||
or ( $self->conf->{authentication} eq 'Combination'
|
||||
and $req->{error} > PE_OK
|
||||
and $req->{error} != PE_FIRSTACCESS )
|
||||
and $req->{error} != PE_FIRSTACCESS
|
||||
and $req->{error} != PE_PP_PASSWORD_EXPIRED )
|
||||
|
||||
# and ( $req->{error} == PE_TOKENEXPIRED or $req->{error} == PE_NOTOKEN )
|
||||
)
|
||||
|
|
|
@ -140,24 +140,24 @@ sub init {
|
|||
|
||||
# psgi.js
|
||||
->addUnauthRoute( 'psgi.js' => 'sendJs', ['GET'] )
|
||||
->addAuthRoute( 'psgi.js' => 'sendJs', ['GET'] )
|
||||
->addAuthRoute( 'psgi.js' => 'sendJs', ['GET'] )
|
||||
|
||||
# portal.css
|
||||
->addUnauthRoute( 'portal.css' => 'sendCss', ['GET'] )
|
||||
->addAuthRoute( 'portal.css' => 'sendCss', ['GET'] )
|
||||
->addAuthRoute( 'portal.css' => 'sendCss', ['GET'] )
|
||||
|
||||
# lmerror
|
||||
->addUnauthRoute( lmerror => { ':code' => 'lmError' }, ['GET'] )
|
||||
->addAuthRoute( lmerror => { ':code' => 'lmError' }, ['GET'] )
|
||||
->addAuthRoute( lmerror => { ':code' => 'lmError' }, ['GET'] )
|
||||
|
||||
# Core REST API
|
||||
->addUnauthRoute( ping => 'pleaseAuth', ['GET'] )
|
||||
->addUnauthRoute( ping => 'pleaseAuth', ['GET'] )
|
||||
->addAuthRoute( ping => 'authenticated', ['GET'] )
|
||||
|
||||
# Refresh session
|
||||
->addAuthRoute( refresh => 'refresh', ['GET'] )
|
||||
|
||||
->addAuthRoute( '*' => 'corsPreflight', ['OPTIONS'] )
|
||||
->addAuthRoute( '*' => 'corsPreflight', ['OPTIONS'] )
|
||||
->addUnauthRoute( '*' => 'corsPreflight', ['OPTIONS'] )
|
||||
|
||||
# Logout
|
||||
|
@ -367,7 +367,8 @@ sub reloadConf {
|
|||
delete $_[0]->pdata->{$k};
|
||||
}
|
||||
}
|
||||
$self->userLogger->notice( $_[0]->user . ' connected' ) if $_[0]->user;
|
||||
my $user_log = $_[0]->{sessionInfo}->{ $self->conf->{whatToTrace} };
|
||||
$self->userLogger->notice( $user_log . ' connected' ) if $user_log;
|
||||
if (@$tmp) {
|
||||
$self->logger->debug(
|
||||
'Add ' . join( ',', @$tmp ) . ' in keepPdata' );
|
||||
|
|
|
@ -320,7 +320,7 @@ sub authenticate {
|
|||
$req->steps( [
|
||||
'setSessionInfo', 'setMacros',
|
||||
'setPersistentSessionInfo', 'storeHistory',
|
||||
@{ $self->afterData }, sub { PE_BADCREDENTIALS }
|
||||
@{ $self->afterData }, sub { PE_BADCREDENTIALS }
|
||||
]
|
||||
);
|
||||
|
||||
|
@ -520,8 +520,9 @@ sub buildCookie {
|
|||
);
|
||||
}
|
||||
}
|
||||
my $user_log = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
|
||||
$self->userLogger->notice(
|
||||
"User $req->{user} successfully authenticated at level $req->{sessionInfo}->{authenticationLevel}"
|
||||
"User $user_log successfully authenticated at level $req->{sessionInfo}->{authenticationLevel}"
|
||||
);
|
||||
PE_OK;
|
||||
}
|
||||
|
|
|
@ -28,7 +28,8 @@ has ott => (
|
|||
sub init {
|
||||
my ($self) = @_;
|
||||
if ( $self->conf->{forceGlobalStorageUpgradeOTT} ) {
|
||||
$self->logger->debug("Upgrade token will be stored into global storage");
|
||||
$self->logger->debug(
|
||||
"Upgrade token will be stored into global storage");
|
||||
$self->ott->cache(undef);
|
||||
}
|
||||
$self->addAuthRoute( upgradesession => 'ask', ['GET'] );
|
||||
|
@ -52,6 +53,8 @@ sub ask {
|
|||
$req,
|
||||
'upgradesession',
|
||||
params => {
|
||||
MAIN_LOGO => $self->conf->{portalMainLogo},
|
||||
LANGS => $self->conf->{showLanguages},
|
||||
MSG => 'askToUpgrade',
|
||||
CONFIRMKEY => $self->p->stamp,
|
||||
PORTAL => $self->conf->{portal},
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
<TMPL_INCLUDE NAME="header.tpl">
|
||||
|
||||
<div id="errorcontent" class="container">
|
||||
<!--
|
||||
<div class="message message-positive alert"><span trspan="<TMPL_VAR NAME="MSG">"></span></div>
|
||||
-->
|
||||
<div class="alert <TMPL_VAR NAME="ALERTE"> alert"><div class="text-center"><span trspan="<TMPL_VAR NAME="MSG">"></span></div></div>
|
||||
<form id="checkuser" action="/checkuser" method="post" class="password" role="form">
|
||||
<div class="buttons">
|
||||
|
|
|
@ -5,7 +5,7 @@ use IO::String;
|
|||
require 't/test-lib.pm';
|
||||
|
||||
my $res;
|
||||
my $maintests = 8;
|
||||
my $maintests = 7;
|
||||
|
||||
my $userdb = tempdb();
|
||||
|
||||
|
@ -58,8 +58,7 @@ SKIP: {
|
|||
|
||||
ok( $res = $client->_get("/sessions/global/$id"), 'Get UTF-8' );
|
||||
expectOK($res);
|
||||
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
|
||||
or print STDERR $@;
|
||||
$res = expectJSON($res);
|
||||
ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
|
||||
or explain( $res, 'cn => Frédéric Accents' );
|
||||
|
||||
|
|
|
@ -152,12 +152,10 @@ count(1);
|
|||
# Verify UTF-8
|
||||
switch ('rp');
|
||||
ok( $res = $rp->_get("/sessions/global/$spId"), 'Get UTF-8' );
|
||||
expectOK($res);
|
||||
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
|
||||
or print STDERR $@;
|
||||
$res = expectJSON($res);
|
||||
ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
|
||||
or explain( $res, 'cn => Frédéric Accents' );
|
||||
count(3);
|
||||
count(2);
|
||||
|
||||
# Logout initiated by OP
|
||||
switch ('op');
|
||||
|
|
|
@ -163,11 +163,10 @@ ok(
|
|||
),
|
||||
'Get userinfo'
|
||||
);
|
||||
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
|
||||
or print STDERR $@;
|
||||
$res = expectJSON($res);
|
||||
ok( $res->{name} eq 'Frédéric Accents', 'UTF-8 values' )
|
||||
or explain( $res, 'name => Frédéric Accents' );
|
||||
count(3);
|
||||
count(2);
|
||||
|
||||
ok( $res = $op->_get("/sessions/global/$spId"), 'Get UTF-8' );
|
||||
expectOK($res);
|
||||
|
|
|
@ -163,28 +163,23 @@ ok(
|
|||
),
|
||||
'Get userinfo'
|
||||
);
|
||||
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
|
||||
or print STDERR $@;
|
||||
$res = expectJSON($res);
|
||||
ok( $res->{name} eq 'Frédéric Accents', 'UTF-8 values' )
|
||||
or explain( $res, 'name => Frédéric Accents' );
|
||||
count(3);
|
||||
count(2);
|
||||
|
||||
ok( $res = $op->_get("/sessions/global/$spId"), 'Get UTF-8' );
|
||||
expectOK($res);
|
||||
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
|
||||
or print STDERR $@;
|
||||
$res = expectJSON($res);
|
||||
ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
|
||||
or explain( $res, 'cn => Frédéric Accents' );
|
||||
count(3);
|
||||
count(2);
|
||||
|
||||
switch ('rp');
|
||||
ok( $res = $rp->_get("/sessions/global/$spId"), 'Get UTF-8' );
|
||||
expectOK($res);
|
||||
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
|
||||
or print STDERR $@;
|
||||
$res = expectJSON($res);
|
||||
ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
|
||||
or explain( $res, 'cn => Frédéric Accents' );
|
||||
count(3);
|
||||
count(2);
|
||||
|
||||
# Logout initiated by RP
|
||||
ok(
|
||||
|
|
|
@ -163,28 +163,23 @@ ok(
|
|||
),
|
||||
'Get userinfo'
|
||||
);
|
||||
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
|
||||
or print STDERR $@;
|
||||
$res = expectJSON($res);
|
||||
ok( $res->{name} eq 'Frédéric Accents', 'UTF-8 values' )
|
||||
or explain( $res, 'name => Frédéric Accents' );
|
||||
count(3);
|
||||
count(2);
|
||||
|
||||
ok( $res = $op->_get("/sessions/global/$spId"), 'Get UTF-8' );
|
||||
expectOK($res);
|
||||
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
|
||||
or print STDERR $@;
|
||||
$res = expectJSON($res);
|
||||
ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
|
||||
or explain( $res, 'cn => Frédéric Accents' );
|
||||
count(3);
|
||||
count(2);
|
||||
|
||||
switch ('rp');
|
||||
ok( $res = $rp->_get("/sessions/global/$spId"), 'Get UTF-8' );
|
||||
expectOK($res);
|
||||
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
|
||||
or print STDERR $@;
|
||||
$res = expectJSON($res);
|
||||
ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
|
||||
or explain( $res, 'cn => Frédéric Accents' );
|
||||
count(3);
|
||||
count(2);
|
||||
|
||||
# Logout initiated by RP
|
||||
ok(
|
||||
|
|
|
@ -202,9 +202,8 @@ ok(
|
|||
"Post introspection"
|
||||
);
|
||||
|
||||
expectOK($res);
|
||||
$json = from_json( $res->[2]->[0] );
|
||||
ok( !$json->{active}, "Token is no longer valid" );
|
||||
$res = expectJSON($res);
|
||||
ok( !$res->{active}, "Token is no longer valid" );
|
||||
|
||||
clean_sessions();
|
||||
done_testing();
|
||||
|
|
|
@ -192,8 +192,8 @@ ok(
|
|||
"Post token"
|
||||
);
|
||||
count(1);
|
||||
my $json = from_json( $res->[2]->[0] );
|
||||
my $token = $json->{access_token};
|
||||
$res = expectJSON($res);
|
||||
my $token = $res->{access_token};
|
||||
ok( $token, 'Access token present' );
|
||||
count(1);
|
||||
sleep(2);
|
||||
|
|
|
@ -287,7 +287,7 @@ SKIP: {
|
|||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="message message-positive alert"><span trspan="PE5"></span></div>%,
|
||||
m%<div class="alert alert-warning alert"><div class="text-center"><span trspan="PE5"></span></div></div>%,
|
||||
' PE5 found'
|
||||
) or explain( $res->[2]->[0], 'PE5 - Unknown identity' );
|
||||
count(2);
|
||||
|
|
|
@ -444,7 +444,7 @@ ok(
|
|||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="message message-positive alert"><span trspan="PE5"></span></div>%,
|
||||
m%<div class="alert alert-warning alert"><div class="text-center"><span trspan="PE5"></span></div></div>%,
|
||||
' PE5 found'
|
||||
) or explain( $res->[2]->[0], 'PE5 - Forbidden identity' );
|
||||
count(2);
|
||||
|
@ -463,7 +463,7 @@ ok(
|
|||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="message message-positive alert"><span trspan="PE5"></span></div>%,
|
||||
m%<div class="alert alert-warning alert"><div class="text-center"><span trspan="PE5"></span></div></div>%,
|
||||
' PE5 found'
|
||||
) or explain( $res->[2]->[0], 'PE5 - Unknown identity' );
|
||||
count(2);
|
||||
|
@ -482,7 +482,7 @@ ok(
|
|||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="message message-positive alert"><span trspan="PE5"></span></div>%,
|
||||
m%<div class="alert alert-warning alert"><div class="text-center"><span trspan="PE5"></span></div></div>%,
|
||||
' PE5 found'
|
||||
) or explain( $res->[2]->[0], 'PE5 - Unvalid identity' );
|
||||
count(2);
|
||||
|
|
|
@ -60,10 +60,15 @@ ok(
|
|||
),
|
||||
'Upgrade session query'
|
||||
);
|
||||
count(1);
|
||||
|
||||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/upgradesession', 'confirm', 'url' );
|
||||
ok( $res->[2]->[0] =~ qq%<img src="/static/common/logos/logo_llng_400px.png"%,
|
||||
'Found custom Main Logo' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(3);
|
||||
|
||||
# Accept session upgrade
|
||||
# ----------------------
|
||||
|
|
|
@ -324,6 +324,24 @@ sub expectOK {
|
|||
count(1);
|
||||
}
|
||||
|
||||
=head4 expectJSON($res)
|
||||
|
||||
Verify that the HTTP response contains valid JSON and returns the corresponding object
|
||||
|
||||
=cut
|
||||
|
||||
sub expectJSON {
|
||||
my ($res) = @_;
|
||||
is( $res->[0], 200, ' HTTP code is 200' ) or explain( $res, 200 );
|
||||
my %hdr = @{$res->[1]};
|
||||
like( $hdr{'Content-Type'}, qr,^application/json,i , ' Content-Type is JSON' ) or explain( $res );
|
||||
my $json;
|
||||
eval { $json = JSON::from_json($res->[2]->[0]) };
|
||||
ok( not($@), 'Content is valid JSON' );
|
||||
count(3);
|
||||
return $json;
|
||||
}
|
||||
|
||||
=head4 expectBadRequest($res)
|
||||
|
||||
Verify that returned code is 400. Note that it works only for Ajax request
|
||||
|
|
Loading…
Reference in New Issue