Append options to use Notifications plugin & set notification reference (#1796)

This commit is contained in:
Christophe Maudoux 2019-06-17 22:24:20 +02:00
parent 8b488e4d51
commit 9fa11709e6
18 changed files with 83 additions and 41 deletions

View File

@ -24,7 +24,7 @@ use constant MANAGERSECTION => "manager";
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
use constant APPLYSECTION => "apply";
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustomAddParam|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:ErrorOn(?:ExpiredSession|MailNotFound)|DisplayRe(?:setPassword|gister)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|orsEnabled|da)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|no(?:tif(?:ication(?:Server)?|y(?:Deleted|Other))|AjaxHook)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs)|dbiDynamicHashEnabled|bruteForceProtection)$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:ErrorOn(?:ExpiredSession|MailNotFound)|DisplayRe(?:setPassword|gister)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|orsEnabled|da)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|no(?:tif(?:ication(?:Server)?|y(?:Deleted|Other))|AjaxHook)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs)|dbiDynamicHashEnabled|bruteForceProtection)$/;
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );

View File

@ -277,9 +277,10 @@ sub defaultValues {
'samlSPSSODescriptorWantAssertionsSigned' => 1,
'securedCookie' => 0,
'sfEngine' => '::2F::Engines::Default',
'sfRemovedMsgRule' => 0,
'sfRemovedNotifMsg' =>
'_removedSF_ expired second factor(s) has/have been removed!',
'sfRemovedNotifRule' => 0,
'sfRemovedNotifRef' => 'RemoveSF',
'sfRemovedNotifTitle' => 'Second factor notification',
'sfRequired' => 0,
'showLanguages' => 1,

View File

@ -3186,19 +3186,27 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => '::2F::Engines::Default',
'type' => 'text'
},
'sfRemovedMsgRule' => {
'default' => 0,
'type' => 'boolOrExpr'
},
'sfRemovedNotifMsg' => {
'default' =>
'_removedSF_ expired second factor(s) has/have been removed!',
'type' => 'text'
},
'sfRemovedNotifRule' => {
'default' => 0,
'type' => 'boolOrExpr'
'sfRemovedNotifRef' => {
'default' => 'RemoveSF',
'type' => 'text'
},
'sfRemovedNotifTitle' => {
'default' => 'Second factor notification',
'type' => 'text'
},
'sfRemovedUseNotif' => {
'default' => 0,
'type' => 'bool'
},
'sfRequired' => {
'default' => 0,
'type' => 'boolOrExpr'

View File

@ -2575,21 +2575,34 @@ sub attributes {
help => 'secondfactor.html',
documentation => 'Second factor required',
},
sfRemovedNotifRule => {
type => 'boolOrExpr',
default => 0,
help => 'secondfactor.html',
documentation => 'Display a message if at leat one expired SF has been removed',
sfRemovedMsgRule => {
type => 'boolOrExpr',
default => 0,
help => 'secondfactor.html',
documentation =>
'Display a message if at leat one expired SF has been removed',
},
sfRemovedUseNotif => {
default => 0,
type => 'bool',
documentation => 'Use Notifications plugin to display message',
},
sfRemovedNotifRef => {
type => 'text',
default => 'RemoveSF',
help => 'secondfactor.html',
documentation => 'Notification reference',
},
sfRemovedNotifTitle => {
type => 'text',
default => 'Second factor notification',
help => 'secondfactor.html',
documentation => 'Notification title',
type => 'text',
default => 'Second factor notification',
help => 'secondfactor.html',
documentation => 'Notification title',
},
sfRemovedNotifMsg => {
type => 'text',
default => '_removedSF_ expired second factor(s) has/have been removed!',
type => 'text',
default =>
'_removedSF_ expired second factor(s) has/have been removed!',
help => 'secondfactor.html',
documentation => 'Notification message',
},

View File

@ -756,7 +756,8 @@ sub tree {
help => 'secondfactor.html',
form => 'simpleInputContainer',
nodes => [
'sfRemovedNotifRule', 'sfRemovedNotifTitle',
'sfRemovedMsgRule', 'sfRemovedUseNotif',
'sfRemovedNotifRef', 'sfRemovedNotifTitle',
'sfRemovedNotifMsg',
],
},

View File

@ -730,8 +730,10 @@
"sfaTitle":"Second Factors Authentication",
"sfRequired":"Require 2FA",
"sfRemovedNotification":"Display a message if an expired SF is removed",
"sfRemovedNotifRule":"تفعيل",
"sfRemovedMsgRule":"تفعيل",
"sfRemovedUseNotif":"Use Notifications plugin",
"sfRemovedNotifMsg":"Notification message",
"sfRemovedNotifRef":"Notification reference",
"sfRemovedNotifTitle":"Notification title",
"sfRemovedMsg":"Display a message if an expired SF is removed",
"show":"عرض",

View File

@ -730,8 +730,10 @@
"sfaTitle":"Second Factors Authentication",
"sfRequired":"Require 2FA",
"sfRemovedNotification":"Display a message if an expired SF is removed",
"sfRemovedNotifRule":"Activation",
"sfRemovedMsgRule":"Activation",
"sfRemovedUseNotif":"Use Notifications plugin",
"sfRemovedNotifMsg":"Notification message",
"sfRemovedNotifRef":"Notification reference",
"sfRemovedNotifTitle":"Notification title",
"sfRemovedMsg":"Display a message if an expired SF is removed",
"show":"Show",

View File

@ -730,8 +730,10 @@
"sfaTitle":"Second Factors Authentication",
"sfRequired":"Require 2FA",
"sfRemovedNotification":"Display a message if an expired SF is removed",
"sfRemovedNotifRule":"Activation",
"sfRemovedMsgRule":"Activation",
"sfRemovedUseNotif":"Use Notifications plugin",
"sfRemovedNotifMsg":"Notification message",
"sfRemovedNotifRef":"Notification reference",
"sfRemovedNotifTitle":"Notification title",
"sfRemovedMsg":"Display a message if an expired SF is removed",
"show":"Show",

View File

@ -730,8 +730,10 @@
"sfaTitle":"Seconds Facteurs d'Authentification",
"sfRequired":"Exiger 2FA",
"sfRemovedNotification":"Afficher un message si un SF expiré a été supprimé",
"sfRemovedNotifRule":"Activation",
"sfRemovedMsgRule":"Activation",
"sfRemovedUseNotif":"Utiliser les notifications",
"sfRemovedNotifMsg":"Message de la notification",
"sfRemovedNotifRef":"Référence de la notification",
"sfRemovedNotifTitle":"Titre de la notification",
"sfRemovedMsg":"Afficher un message si un SF expiré est supprimé",
"show":"Montrer",

View File

@ -730,8 +730,10 @@
"sfaTitle":"Autenticazione a due fattori",
"sfRequired":"Richiedi 2FA",
"sfRemovedNotification":"Display a message if an expired SF is removed",
"sfRemovedNotifRule":"Attivazione",
"sfRemovedMsgRule":"Attivazione",
"sfRemovedUseNotif":"Use Notifications plugin",
"sfRemovedNotifMsg":"Notification message",
"sfRemovedNotifRef":"Notification reference",
"sfRemovedNotifTitle":"Notification title",
"sfRemovedMsg":"Display a message if an expired SF is removed",
"show":"Mostra",

View File

@ -730,8 +730,10 @@
"sfaTitle":"Second Factors Authentication",
"sfRequired":"Require 2FA",
"sfRemovedNotification":"Display a message if an expired SF is removed",
"sfRemovedNotifRule":"Kích hoạt",
"sfRemovedMsgRule":"Kích hoạt",
"sfRemovedUseNotif":"Use Notifications plugin",
"sfRemovedNotifMsg":"Notification message",
"sfRemovedNotifRef":"Notification reference",
"sfRemovedNotifTitle":"Notification title",
"sfRemovedMsg":"Display a message if an expired SF is removed",
"show":"Hiển thị",

View File

@ -730,8 +730,10 @@
"sfaTitle":"Second Factors Authentication",
"sfRequired":"Require 2FA",
"sfRemovedNotification":"Display a message if an expired SF is removed",
"sfRemovedNotifRule":"Activation",
"sfRemovedMsgRule":"Activation",
"sfRemovedUseNotif":"Use Notifications plugin",
"sfRemovedNotifMsg":"Notification message",
"sfRemovedNotifRef":"Notification reference",
"sfRemovedNotifTitle":"Notification title",
"sfRemovedMsg":"Display a message if an expired SF is removed",
"show":"Show",

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View File

@ -31,7 +31,7 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
has sfModules => ( is => 'rw', default => sub { [] } );
has sfRModules => ( is => 'rw', default => sub { [] } );
has sfReq => ( is => 'rw' );
has sfRule => ( is => 'rw' );
has sfRule => ( is => 'rw' );
has ott => (
is => 'rw',
@ -111,7 +111,7 @@ sub init {
$self->sfRule(
$self->p->HANDLER->buildSub(
$self->p->HANDLER->substitute(
$self->conf->{sfRemovedNotifRule}
$self->conf->{sfRemovedMsgRule}
)
)
)
@ -205,10 +205,9 @@ sub run {
# Display notification or message if required
my $res = 0;
if ( $self->sfRule->( $req, $req->sessionInfo ) ) {
if ( my $notifEngine =
$self->p->loadedModules->{
'Lemonldap::NG::Portal::Plugins::Notifications'} )
{
my $notifEngine = $self->p->loadedModules->{
'Lemonldap::NG::Portal::Plugins::Notifications'};
if ( $notifEngine && $self->conf->{sfRemovedUseNotif} ) {
$self->logger->debug("Notifications plugin enabled");
$res =
$self->_sendNotification( $req, $notifEngine, $removed );
@ -517,18 +516,22 @@ sub _sendInfo {
sub _sendNotification {
my ( $self, $req, $notifEngine, $removed ) = @_;
my $uid = $req->user;
my $date = strftime "%Y-%m-%d", localtime;
my $title = $self->conf->{sfRemovedNotifTitle} || 'Second factor notification';
my $msg = $self->conf->{sfRemovedNotifMsg} || "$removed expired second factor(s) has/have been removed!";
my $uid = $req->user;
my $date = strftime "%Y-%m-%d", localtime;
my $ref = $self->conf->{sfRemovedNotifRef} || 'RemoveSF';
my $title =
$self->conf->{sfRemovedNotifTitle} || 'Second factor notification';
my $msg = $self->conf->{sfRemovedNotifMsg}
|| "$removed expired second factor(s) has/have been removed!";
$msg =~ s/_removedSF_/$removed/;
# Prepare notification
my $content =
$self->conf->{oldNotifFormat}
? '<?xml version="1.0" encoding="UTF-8"?><root><notification uid="_uid_" date="_date_" reference="RemoveSF"><title>_title_</title><text>_msg_</text></notification></root>'
: '[{"uid":"_uid_","date":"_date_","title":"_title_","reference":"RemoveSF","text":"_msg_"}]';
? '<?xml version="1.0" encoding="UTF-8"?><root><notification uid="_uid_" date="_date_" reference="_ref_"><title>_title_</title><text>_msg_</text></notification></root>'
: '[{"uid":"_uid_","date":"_date_","title":"_title_","reference":"_ref_","text":"_msg_"}]';
$content =~ s/_uid_/$uid/;
$content =~ s/_ref_/$ref/;
$content =~ s/_date_/$date/;
$content =~ s/_title_/$title/;
$content =~ s/_msg_/$msg/;

View File

@ -19,7 +19,8 @@ SKIP: {
totp2fSelfRegistration => 1,
totp2fActivation => 1,
totp2fTTL => 2,
sfRemovedNotifRule => '$uid eq "dwho"',
sfRemovedMsgRule => '$uid eq "dwho"',
sfRemovedUseNotif => 1,
portalMainLogo => 'common/logos/logo_llng_old.png',
notification => 1,
templatesDir => 'site/templates/',

View File

@ -19,7 +19,8 @@ SKIP: {
totp2fSelfRegistration => 1,
totp2fActivation => 1,
totp2fTTL => 2,
sfRemovedNotifRule => '$uid eq "dwho"',
sfRemovedMsgRule => '$uid eq "dwho"',
sfRemovedUseNotif => 1,
portalMainLogo => 'common/logos/logo_llng_old.png',
notification => 1,
templatesDir => 'site/templates/',

View File

@ -20,7 +20,7 @@ SKIP: {
portalMainLogo => 'common/logos/logo_llng_old.png',
totp2fTTL => 2,
u2fTTL => 2,
sfRemovedNotifRule => 1,
sfRemovedMsgRule => 1,
}
}
);