dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'v2.0'

This commit is contained in:
Christophe Maudoux 2019-10-29 19:33:11 +01:00
parent 3f7ae26d49 fb74d03a89
commit 9231711a41
21 changed files with 85 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_example/conf/lmConf-1.json
View File

@ -142,7 +142,7 @@
"loginHistoryEnabled" : 1,
"macros" : {
"UA" : "$ENV{HTTP_USER_AGENT}",
"_whatToTrace" : "$_auth eq 'SAML' ? lc($_user.'@'.$_idpConfKey) : $_auth eq 'OpenIDConnect' ? lc($_user.'@'.$_oidcConnectedRP) : lc($_user)"
"_whatToTrace" : "$_auth eq 'SAML' ? lc($_user.'@'.$_idpConfKey) : $_auth eq 'OpenIDConnect' ? lc($_user.'@'.$_oidc_OP) : lc($_user)"
},
"mailUrl" : "http://auth.__DNSDOMAIN__/resetpwd",
"notification" : 1,

2
e2e-tests/lmConf-1.json
View File

@ -167,7 +167,7 @@
"loginHistoryEnabled": 1,
"macros": {
"UA" : "$ENV{HTTP_USER_AGENT}",
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : $_auth eq 'OpenIDConnect' ? \"$_user\\@$_oidcConnectedRP\" : \"$_user\""
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : $_auth eq 'OpenIDConnect' ? \"$_user\\@$_oidc_OP\" : \"$_user\""
},
"mailUrl": "http://auth.example.com:__port__/resetpwd",
"notification": 1,

13
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
View File

@ -276,7 +276,12 @@ sub locationRulesInit {
foreach my $vhost ( keys %$orules ) {
my $rules = $orules->{$vhost};
$class->tsv->{locationCount}->{$vhost} = 0;
$class->tsv->{locationCount}->{$vhost} = 0;
$class->tsv->{locationCondition}->{$vhost} = [];
$class->tsv->{locationProtection}->{$vhost} = [];
$class->tsv->{locationRegexp}->{$vhost} = [];
$class->tsv->{locationConditionText}->{$vhost} = [];
foreach my $url ( sort keys %{$rules} ) {
my ( $cond, $prot ) = $class->conditionSub( $rules->{$url} );
unless ($cond) {
@ -296,8 +301,8 @@ sub locationRulesInit {
push @{ $class->tsv->{locationProtection}->{$vhost} }, $prot;
push @{ $class->tsv->{locationRegexp}->{$vhost} }, qr/$url/;
push @{ $class->tsv->{locationConditionText}->{$vhost} },
$cond =~ /^\(\?#(.*?)\)/ ? $1
: $cond =~ /^(.*?)##(.+)$/ ? $2
$url =~ /^\(\?#(.*?)\)/ ? $1
: $url =~ /^(.*?)##(.+)$/ ? $2
: $url;
$class->tsv->{locationCount}->{$vhost}++;
}
@ -362,7 +367,7 @@ sub sessionStorageInit {
$class->tsv->{statusPipe}->print("RELOADCACHE $params\n");
}
}
return 1;
return 1;
}
## @imethod void headersInit(hashRef args)

11
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Parser.pm
View File

@ -849,10 +849,13 @@ sub _scanNodes {
# authChoiceModules
if ( $name eq 'authChoiceModules' ) {
hdebug(' authChoiceModules');
$n->{data}->[5] ||= {};
$n->{data}->[5] =
to_json( { map { @$_ } @{ $n->{data}->[5] } } )
if ref( $n->{data}->[5] ) eq 'ARRAY';
if ( ref( $n->{data}->[5] ) eq 'ARRAY' ) {
$n->{data}->[5] = to_json(
{ map { @$_ } @{ $n->{data}->[5] } } );
}
else {
$n->{data}->[5] = '{}';
}
}
$n->{data} = join ';', @{ $n->{data} };

2
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Zero.pm
View File

@ -108,7 +108,7 @@ sub zeroConf {
},
'macros' => {
'_whatToTrace' =>
'$_auth eq \'SAML\' ? lc($_user.\'@\'.$_idpConfKey) : $_auth eq \'OpenIDConnect\' ? lc($_user.\'@\'.$_oidcConnectedRP) : lc($_user)',
'$_auth eq \'SAML\' ? lc($_user.\'@\'.$_idpConfKey) : $_auth eq \'OpenIDConnect\' ? lc($_user.\'@\'.$_oidc_OP) : lc($_user)',
'UA' => '$ENV{HTTP_USER_AGENT}'
},
'notificationStorageOptions' => {

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
View File

@ -269,7 +269,8 @@ sub display {
# Avoid issue 1867
or ( $self->conf->{authentication} eq 'Combination'
and $req->{error} > PE_OK
and $req->{error} != PE_FIRSTACCESS )
and $req->{error} != PE_FIRSTACCESS
and $req->{error} != PE_PP_PASSWORD_EXPIRED )
# and ( $req->{error} == PE_TOKENEXPIRED or $req->{error} == PE_NOTOKEN )
)

13
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
View File

@ -140,24 +140,24 @@ sub init {
# psgi.js
->addUnauthRoute( 'psgi.js' => 'sendJs', ['GET'] )
->addAuthRoute( 'psgi.js' => 'sendJs', ['GET'] )
->addAuthRoute( 'psgi.js' => 'sendJs', ['GET'] )
# portal.css
->addUnauthRoute( 'portal.css' => 'sendCss', ['GET'] )
->addAuthRoute( 'portal.css' => 'sendCss', ['GET'] )
->addAuthRoute( 'portal.css' => 'sendCss', ['GET'] )
# lmerror
->addUnauthRoute( lmerror => { ':code' => 'lmError' }, ['GET'] )
->addAuthRoute( lmerror => { ':code' => 'lmError' }, ['GET'] )
->addAuthRoute( lmerror => { ':code' => 'lmError' }, ['GET'] )
# Core REST API
->addUnauthRoute( ping => 'pleaseAuth', ['GET'] )
->addUnauthRoute( ping => 'pleaseAuth', ['GET'] )
->addAuthRoute( ping => 'authenticated', ['GET'] )
# Refresh session
->addAuthRoute( refresh => 'refresh', ['GET'] )
->addAuthRoute( '*' => 'corsPreflight', ['OPTIONS'] )
->addAuthRoute( '*' => 'corsPreflight', ['OPTIONS'] )
->addUnauthRoute( '*' => 'corsPreflight', ['OPTIONS'] )
# Logout
@ -367,7 +367,8 @@ sub reloadConf {
delete $_[0]->pdata->{$k};
}
}
$self->userLogger->notice( $_[0]->user . ' connected' ) if $_[0]->user;
my $user_log = $_[0]->{sessionInfo}->{ $self->conf->{whatToTrace} };
$self->userLogger->notice( $user_log . ' connected' ) if $user_log;
if (@$tmp) {
$self->logger->debug(
'Add ' . join( ',', @$tmp ) . ' in keepPdata' );

5
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
View File

@ -320,7 +320,7 @@ sub authenticate {
$req->steps( [
'setSessionInfo', 'setMacros',
'setPersistentSessionInfo', 'storeHistory',
@{ $self->afterData }, sub { PE_BADCREDENTIALS }
@{ $self->afterData }, sub { PE_BADCREDENTIALS }
]
);
@ -520,8 +520,9 @@ sub buildCookie {
);
}
}
my $user_log = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
$self->userLogger->notice(
"User $req->{user} successfully authenticated at level $req->{sessionInfo}->{authenticationLevel}"
"User $user_log successfully authenticated at level $req->{sessionInfo}->{authenticationLevel}"
);
PE_OK;
}

5
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm
View File

@ -28,7 +28,8 @@ has ott => (
sub init {
my ($self) = @_;
if ( $self->conf->{forceGlobalStorageUpgradeOTT} ) {
$self->logger->debug("Upgrade token will be stored into global storage");
$self->logger->debug(
"Upgrade token will be stored into global storage");
$self->ott->cache(undef);
}
$self->addAuthRoute( upgradesession => 'ask', ['GET'] );
@ -52,6 +53,8 @@ sub ask {
$req,
'upgradesession',
params => {
MAIN_LOGO => $self->conf->{portalMainLogo},
LANGS => $self->conf->{showLanguages},
MSG => 'askToUpgrade',
CONFIRMKEY => $self->p->stamp,
PORTAL => $self->conf->{portal},

3
lemonldap-ng-portal/site/templates/bootstrap/checkuser.tpl
View File

@ -1,9 +1,6 @@
<TMPL_INCLUDE NAME="header.tpl">
<div id="errorcontent" class="container">
<!--
<div class="message message-positive alert"><span trspan="<TMPL_VAR NAME="MSG">"></span></div>
-->
<div class="alert <TMPL_VAR NAME="ALERTE"> alert"><div class="text-center"><span trspan="<TMPL_VAR NAME="MSG">"></span></div></div>
<form id="checkuser" action="/checkuser" method="post" class="password" role="form">
<div class="buttons">

5
lemonldap-ng-portal/t/20-Auth-DBI-utf8.t
View File

@ -5,7 +5,7 @@ use IO::String;
require 't/test-lib.pm';
my $res;
my $maintests = 8;
my $maintests = 7;
my $userdb = tempdb();
@ -58,8 +58,7 @@ SKIP: {
ok( $res = $client->_get("/sessions/global/$id"), 'Get UTF-8' );
expectOK($res);
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
or print STDERR $@;
$res = expectJSON($res);
ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
or explain( $res, 'cn => Frédéric Accents' );

6
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t
View File

@ -152,12 +152,10 @@ count(1);
# Verify UTF-8
switch ('rp');
ok( $res = $rp->_get("/sessions/global/$spId"), 'Get UTF-8' );
expectOK($res);
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
or print STDERR $@;
$res = expectJSON($res);
ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
or explain( $res, 'cn => Frédéric Accents' );
count(3);
count(2);
# Logout initiated by OP
switch ('op');

5
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t
View File

@ -163,11 +163,10 @@ ok(
),
'Get userinfo'
);
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
or print STDERR $@;
$res = expectJSON($res);
ok( $res->{name} eq 'Frédéric Accents', 'UTF-8 values' )
or explain( $res, 'name => Frédéric Accents' );
count(3);
count(2);
ok( $res = $op->_get("/sessions/global/$spId"), 'Get UTF-8' );
expectOK($res);

17
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-none-alg.t
View File

@ -163,28 +163,23 @@ ok(
),
'Get userinfo'
);
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
or print STDERR $@;
$res = expectJSON($res);
ok( $res->{name} eq 'Frédéric Accents', 'UTF-8 values' )
or explain( $res, 'name => Frédéric Accents' );
count(3);
count(2);
ok( $res = $op->_get("/sessions/global/$spId"), 'Get UTF-8' );
expectOK($res);
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
or print STDERR $@;
$res = expectJSON($res);
ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
or explain( $res, 'cn => Frédéric Accents' );
count(3);
count(2);
switch ('rp');
ok( $res = $rp->_get("/sessions/global/$spId"), 'Get UTF-8' );
expectOK($res);
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
or print STDERR $@;
$res = expectJSON($res);
ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
or explain( $res, 'cn => Frédéric Accents' );
count(3);
count(2);
# Logout initiated by RP
ok(

17
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t
View File

@ -163,28 +163,23 @@ ok(
),
'Get userinfo'
);
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
or print STDERR $@;
$res = expectJSON($res);
ok( $res->{name} eq 'Frédéric Accents', 'UTF-8 values' )
or explain( $res, 'name => Frédéric Accents' );
count(3);
count(2);
ok( $res = $op->_get("/sessions/global/$spId"), 'Get UTF-8' );
expectOK($res);
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
or print STDERR $@;
$res = expectJSON($res);
ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
or explain( $res, 'cn => Frédéric Accents' );
count(3);
count(2);
switch ('rp');
ok( $res = $rp->_get("/sessions/global/$spId"), 'Get UTF-8' );
expectOK($res);
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
or print STDERR $@;
$res = expectJSON($res);
ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
or explain( $res, 'cn => Frédéric Accents' );
count(3);
count(2);
# Logout initiated by RP
ok(

5
lemonldap-ng-portal/t/32-OIDC-Token-Introspection.t
View File

@ -202,9 +202,8 @@ ok(
"Post introspection"
);
expectOK($res);
$json = from_json( $res->[2]->[0] );
ok( !$json->{active}, "Token is no longer valid" );
$res = expectJSON($res);
ok( !$res->{active}, "Token is no longer valid" );
clean_sessions();
done_testing();

4
lemonldap-ng-portal/t/32-OIDC-Token-Security.t
View File

@ -192,8 +192,8 @@ ok(
"Post token"
);
count(1);
my $json = from_json( $res->[2]->[0] );
my $token = $json->{access_token};
$res = expectJSON($res);
my $token = $res->{access_token};
ok( $token, 'Access token present' );
count(1);
sleep(2);

2
lemonldap-ng-portal/t/67-CheckUser-with-issuer-SAML-POST.t
View File

@ -287,7 +287,7 @@ SKIP: {
);
ok(
$res->[2]->[0] =~
m%<div class="message message-positive alert"><span trspan="PE5"></span></div>%,
m%<div class="alert alert-warning alert"><div class="text-center"><span trspan="PE5"></span></div></div>%,
' PE5 found'
) or explain( $res->[2]->[0], 'PE5 - Unknown identity' );
count(2);

6
lemonldap-ng-portal/t/67-CheckUser.t
View File

@ -444,7 +444,7 @@ ok(
);
ok(
$res->[2]->[0] =~
m%<div class="message message-positive alert"><span trspan="PE5"></span></div>%,
m%<div class="alert alert-warning alert"><div class="text-center"><span trspan="PE5"></span></div></div>%,
' PE5 found'
) or explain( $res->[2]->[0], 'PE5 - Forbidden identity' );
count(2);
@ -463,7 +463,7 @@ ok(
);
ok(
$res->[2]->[0] =~
m%<div class="message message-positive alert"><span trspan="PE5"></span></div>%,
m%<div class="alert alert-warning alert"><div class="text-center"><span trspan="PE5"></span></div></div>%,
' PE5 found'
) or explain( $res->[2]->[0], 'PE5 - Unknown identity' );
count(2);
@ -482,7 +482,7 @@ ok(
);
ok(
$res->[2]->[0] =~
m%<div class="message message-positive alert"><span trspan="PE5"></span></div>%,
m%<div class="alert alert-warning alert"><div class="text-center"><span trspan="PE5"></span></div></div>%,
' PE5 found'
) or explain( $res->[2]->[0], 'PE5 - Unvalid identity' );
count(2);

7
lemonldap-ng-portal/t/78-2F-Upgrade.t
View File

@ -60,10 +60,15 @@ ok(
),
'Upgrade session query'
);
count(1);
my ( $host, $url, $query ) =
expectForm( $res, undef, '/upgradesession', 'confirm', 'url' );
ok( $res->[2]->[0] =~ qq%<img src="/static/common/logos/logo_llng_400px.png"%,
'Found custom Main Logo' )
or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )
or print STDERR Dumper( $res->[2]->[0] );
count(3);
# Accept session upgrade
# ----------------------

18
lemonldap-ng-portal/t/test-lib.pm
View File

@ -324,6 +324,24 @@ sub expectOK {
count(1);
}
=head4 expectJSON($res)
Verify that the HTTP response contains valid JSON and returns the corresponding object
=cut
sub expectJSON {
my ($res) = @_;
is( $res->[0], 200, ' HTTP code is 200' ) or explain( $res, 200 );
my %hdr = @{$res->[1]};
like( $hdr{'Content-Type'}, qr,^application/json,i , ' Content-Type is JSON' ) or explain( $res );
my $json;
eval { $json = JSON::from_json($res->[2]->[0]) };
ok( not($@), 'Content is valid JSON' );
count(3);
return $json;
}
=head4 expectBadRequest($res)
Verify that returned code is 400. Note that it works only for Ajax request