Append accessToTrace parameter (#2381)
This commit is contained in:
Christophe Maudoux
parent
231ec50d63
commit
a0feeae9a1
|
|
@ -8,4 +8,10 @@ sub get_additional_arg {
|
|||
return $_[0];
|
||||
}
|
||||
|
||||
sub accessToTrace {
|
||||
my $hash = shift;
|
||||
return
|
||||
"$hash->{custom} alias $hash->{params}->[0] $hash->{params}->[1]:$hash->{session}->{groups}";
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)
|
|||
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:uth(?:orizationCodeExpiration|nLevel)|llow(?:PasswordGrant|Offline)|ccessTokenExpiration|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|(?:ExportedVar|Macro)s)';
|
||||
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ign(?:S[LS]OMessage|atureMethod)|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
|
||||
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:S(?:ign(?:S[LS]OMessage|atureMethod)|essionNotOnOrAfterTimeout)|N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|AuthnLevel|ForceUTF8)|(?:ExportedAttribute|Macro)s|XML)';
|
||||
our $virtualHostKeys = '(?:vhost(?:A(?:uthnLevel|liases)|(?:Maintenanc|Typ)e|ServiceTokenTTL|Https|Port)|(?:exportedHeader|locationRule)s|post)';
|
||||
our $virtualHostKeys = '(?:vhost(?:A(?:ccessToTrace|uthnLevel|liases)|(?:Maintenanc|Typ)e|ServiceTokenTTL|Https|Port)|(?:exportedHeader|locationRule)s|post)';
|
||||
|
||||
our $authParameters = {
|
||||
adParams => [qw(ADPwdMaxAge ADPwdExpireWarning)],
|
||||
|
|
|
|||
|
|
@ -238,6 +238,8 @@ sub defaultValuesInit {
|
|||
$conf->{vhostOptions}->{$vhost}->{vhostAuthnLevel};
|
||||
$class->tsv->{serviceTokenTTL}->{$vhost} =
|
||||
$conf->{vhostOptions}->{$vhost}->{vhostServiceTokenTTL};
|
||||
$class->tsv->{accessToTrace}->{$vhost} =
|
||||
$conf->{vhostOptions}->{$vhost}->{vhostAccessToTrace};
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# Main running methods file
|
||||
package Lemonldap::NG::Handler::Main::Run;
|
||||
|
||||
our $VERSION = '2.0.9';
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
package Lemonldap::NG::Handler::Main;
|
||||
|
||||
|
|
@ -105,6 +105,7 @@ sub checkType {
|
|||
sub run {
|
||||
my ( $class, $req, $rule, $protection ) = @_;
|
||||
my ( $id, $session );
|
||||
my $vhost = $class->resolveAlias($req);
|
||||
|
||||
return $class->DECLINED unless ( $class->is_initial_req($req) );
|
||||
|
||||
|
|
@ -149,9 +150,41 @@ sub run {
|
|||
|
||||
# ACCOUNTING (1. Inform web server)
|
||||
$class->set_user( $req, $session->{ $class->tsv->{whatToTrace} } );
|
||||
$class->set_custom( $req, $session->{ $class->tsv->{customToTrace} } )
|
||||
if $class->tsv->{customToTrace}
|
||||
and $session->{ $class->tsv->{customToTrace} };
|
||||
|
||||
my $custom;
|
||||
$custom = $session->{ $class->tsv->{customToTrace} }
|
||||
if ( $class->tsv->{customToTrace}
|
||||
and $session->{ $class->tsv->{customToTrace} } );
|
||||
if ( $class->tsv->{accessToTrace}->{$vhost} ) {
|
||||
my ( $function, @params ) = split /\s*,\s*/,
|
||||
$class->tsv->{accessToTrace}->{$vhost};
|
||||
if ( $function =~ qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/ ) {
|
||||
my $c = eval {
|
||||
no strict 'refs';
|
||||
&{$function}( {
|
||||
req => $req,
|
||||
vhost => $vhost,
|
||||
session => $session,
|
||||
custom => $custom,
|
||||
params => \@params
|
||||
}
|
||||
);
|
||||
};
|
||||
if ($@) {
|
||||
$class->logger->error(
|
||||
"Failed to overwrite customToTrace: $@");
|
||||
}
|
||||
else {
|
||||
$class->logger->debug("Overwrite customToTrace with: $c");
|
||||
$custom = $c;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$class->logger->error(
|
||||
"accessToTrace: Bad custom function name");
|
||||
}
|
||||
}
|
||||
$class->set_custom( $req, $custom ) if $custom;
|
||||
|
||||
# AUTHORIZATION
|
||||
return ( $class->forbidden( $req, $session ), $session )
|
||||
|
|
|
|||
|
|
@ -4137,6 +4137,10 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
|
|||
'utotp2fLogo' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'vhostAccessToTrace' => {
|
||||
'default' => '',
|
||||
'type' => 'text'
|
||||
},
|
||||
'vhostAliases' => {
|
||||
'default' => '',
|
||||
'type' => 'text'
|
||||
|
|
|
|||
|
|
@ -2227,8 +2227,9 @@ sub attributes {
|
|||
type => 'int',
|
||||
default => -1,
|
||||
},
|
||||
vhostAliases => { type => 'text', default => '' },
|
||||
vhostType => {
|
||||
vhostAccessToTrace => { type => 'text', default => '' },
|
||||
vhostAliases => { type => 'text', default => '' },
|
||||
vhostType => {
|
||||
type => 'select',
|
||||
select => [
|
||||
{ k => 'AuthBasic', v => 'AuthBasic' },
|
||||
|
|
|
|||
|
|
@ -27,10 +27,10 @@ sub cTrees {
|
|||
help => 'configvhost.html#options',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'vhostPort', 'vhostHttps',
|
||||
'vhostMaintenance', 'vhostAliases',
|
||||
'vhostType', 'vhostAuthnLevel',
|
||||
'vhostServiceTokenTTL'
|
||||
'vhostPort', 'vhostHttps',
|
||||
'vhostMaintenance', 'vhostAliases',
|
||||
'vhostAccessToTrace', 'vhostType',
|
||||
'vhostAuthnLevel', 'vhostServiceTokenTTL'
|
||||
],
|
||||
},
|
||||
],
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -1327,6 +1327,12 @@ function templates(tpl,key) {
|
|||
"id" : tpl+"s/"+key+"/"+"vhostAliases",
|
||||
"title" : "vhostAliases"
|
||||
},
|
||||
{
|
||||
"default" : "",
|
||||
"get" : tpl+"s/"+key+"/"+"vhostAccessToTrace",
|
||||
"id" : tpl+"s/"+key+"/"+"vhostAccessToTrace",
|
||||
"title" : "vhostAccessToTrace"
|
||||
},
|
||||
{
|
||||
"default" : "Main",
|
||||
"get" : tpl+"s/"+key+"/"+"vhostType",
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue
Block a user