Update langs & conf files & doc & test (#2674)

2022-08-30 23:17:03 +02:00 · 2022-08-30 23:17:03 +02:00 · a347014e69
parent 479a1a2ab4
commit a347014e69
34 changed files with 22 additions and 66 deletions
--- a/_example/etc/api-apache2.4.conf
+++ b/_example/etc/api-apache2.4.conf
@ -92,7 +92,4 @@
        Options +FollowSymLinks
        DirectoryIndex index.html start.html
    </Directory>
-
-    # Uncomment this if site if you use SSL only
-    #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>
--- a/_example/etc/api-apache2.X.conf
+++ b/_example/etc/api-apache2.X.conf
@ -105,7 +105,4 @@
        Options +FollowSymLinks
        DirectoryIndex index.html start.html
    </Directory>
-
-    # Uncomment this if site if you use SSL only
-    #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>
--- a/_example/etc/api-apache2.conf
+++ b/_example/etc/api-apache2.conf
@ -94,7 +94,4 @@
        Options +FollowSymLinks
        DirectoryIndex index.html start.html
    </Directory>
-
-    # Uncomment this if site if you use SSL only
-    #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>
--- a/_example/etc/api-nginx.conf
+++ b/_example/etc/api-nginx.conf
@ -40,9 +40,6 @@ server {
    #uwsgi_param SCRIPT_FILENAME $document_root$sc;
    #uwsgi_param SCRIPT_NAME $sc;

-    # Uncomment this if you use https only
-    #add_header Strict-Transport-Security "max-age=15768000";
-
  }

  # By default, access to this VHost is denied
--- a/_example/etc/handler-apache2.4.conf
+++ b/_example/etc/handler-apache2.4.conf
@ -44,9 +44,6 @@ ErrorDocument 503 http://auth.__DNSDOMAIN__/lmerror/503
    #    # an upper PerlHeaderParserHandler directive
    #    #PerlHeaderParserHandler Apache2::Const::DECLINED
    #</Location>
-
-    # Uncomment this if site if you use SSL only
-    #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>


--- a/_example/etc/handler-apache2.X.conf
+++ b/_example/etc/handler-apache2.X.conf
@ -61,9 +61,6 @@ ErrorDocument 503 http://auth.__DNSDOMAIN__/lmerror/503
    #    # an upper PerlHeaderParserHandler directive
    #    #PerlHeaderParserHandler Apache2::Const::DECLINED
    #</Location>
-
-    # Uncomment this if site if you use SSL only
-    #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>


--- a/_example/etc/handler-apache2.conf
+++ b/_example/etc/handler-apache2.conf
@ -51,9 +51,6 @@ ErrorDocument 503 http://auth.__DNSDOMAIN__/lmerror/503
    #    # an upper PerlHeaderParserHandler directive
    #    #PerlHeaderParserHandler Apache2::Const::DECLINED
    #</Location>
-
-    # Uncomment this if site if you use SSL only
-    #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>


--- a/_example/etc/handler-nginx.conf
+++ b/_example/etc/handler-nginx.conf
@ -50,9 +50,6 @@ server {
  # Client requests
  location / {
    deny all;
-
-    # Uncomment this if you use https only
-    #add_header Strict-Transport-Security "max-age=15768000";
  }

  # Uncomment this if status is enabled
--- a/_example/etc/manager-apache2.4.conf
+++ b/_example/etc/manager-apache2.4.conf
@ -95,7 +95,4 @@
        Options +FollowSymLinks
        DirectoryIndex index.html start.html
    </Directory>
-
-    # Uncomment this if site if you use SSL only
-    #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>
--- a/_example/etc/manager-apache2.X.conf
+++ b/_example/etc/manager-apache2.X.conf
@ -114,7 +114,4 @@
        Options +FollowSymLinks
        DirectoryIndex index.html start.html
    </Directory>
-
-    # Uncomment this if site if you use SSL only
-    #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>
--- a/_example/etc/manager-apache2.conf
+++ b/_example/etc/manager-apache2.conf
@ -98,7 +98,4 @@
        Options +FollowSymLinks
        DirectoryIndex index.html start.html
    </Directory>
-
-    # Uncomment this if site if you use SSL only
-    #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>
--- a/_example/etc/manager-nginx.conf
+++ b/_example/etc/manager-nginx.conf
@ -35,9 +35,6 @@ server {
    #uwsgi_param LLTYPE psgi;
    #uwsgi_param SCRIPT_FILENAME $document_root$sc;
    #uwsgi_param SCRIPT_NAME $sc;
-
-    # Uncomment this if you use https only
-    #add_header Strict-Transport-Security "max-age=15768000";
  }

  location / {
--- a/_example/etc/portal-apache2.4.conf
+++ b/_example/etc/portal-apache2.4.conf
@ -113,8 +113,5 @@
                Header append Vary User-Agent env=!dont-vary
        </IfModule>
    </Location>
-
-    # Uncomment this if site if you use SSL only
-    #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>

--- a/_example/etc/portal-apache2.X.conf
+++ b/_example/etc/portal-apache2.X.conf
@ -144,8 +144,5 @@
                Header append Vary User-Agent env=!dont-vary
        </IfModule>
    </Location>
-
-    # Uncomment this if site if you use SSL only
-    #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>

--- a/_example/etc/portal-apache2.conf
+++ b/_example/etc/portal-apache2.conf
@ -110,8 +110,5 @@
                Header append Vary User-Agent env=!dont-vary
        </IfModule>
    </Location>
-
-    # Uncomment this if site if you use SSL only
-    #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>

--- a/_example/etc/portal-nginx.conf
+++ b/_example/etc/portal-nginx.conf
@ -88,9 +88,6 @@ server {
  index index.psgi;
  location / {
    try_files $uri $uri/ =404;
-
-    # Uncomment this if you use https only
-    #add_header Strict-Transport-Security "max-age=15768000";
  }

  location /static/ {
--- a/_example/etc/test-apache2.4.conf
+++ b/_example/etc/test-apache2.4.conf
@ -41,7 +41,4 @@ PerlModule Lemonldap::NG::Handler::ApacheMP2::Menu
    <IfModule mod_dir.c>
        DirectoryIndex index.pl index.html
    </IfModule>
-
-    # Uncomment this if site if you use SSL only
-    #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>
--- a/_example/etc/test-apache2.X.conf
+++ b/_example/etc/test-apache2.X.conf
@ -41,7 +41,4 @@ PerlModule Lemonldap::NG::Handler::ApacheMP2::Menu
    <IfModule mod_dir.c>
        DirectoryIndex index.pl index.html
    </IfModule>
-
-    # Uncomment this if site if you use SSL only
-    #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>
--- a/_example/etc/test-apache2.conf
+++ b/_example/etc/test-apache2.conf
@ -36,7 +36,4 @@ PerlModule Lemonldap::NG::Handler::ApacheMP2::Menu
    <IfModule mod_dir.c>
        DirectoryIndex index.pl index.html
    </IfModule>
-
-    # Uncomment this if site if you use SSL only
-    #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>
--- a/_example/etc/test-nginx.conf
+++ b/_example/etc/test-nginx.conf
@ -88,9 +88,6 @@ server {
    # OR in the corresponding block
    #fastcgi_param HTTP_COOKIE $lmcookie;

-    # Uncomment this if you use https only
-    #add_header Strict-Transport-Security "max-age=15768000";
-
    # Set REMOTE_USER and REMOTE_CUSTOM (for FastCGI apps only)
    #fastcgi_param REMOTE_USER $lmremote_user;
    #fastcgi_param REMOTE_CUSTOM $lmremote_custom;
--- a/doc/sources/admin/authssl.rst
+++ b/doc/sources/admin/authssl.rst
@ -181,7 +181,6 @@ Nginx SSL Virtual Host example with uWSGI
     #index index.psgi;
     location / {
       try_files $uri $uri/ =404;
-       add_header Strict-Transport-Security "max-age=15768000";
     }
   }

--- a/doc/sources/admin/security.rst
+++ b/doc/sources/admin/security.rst
@ -332,6 +332,7 @@ Go in Manager, ``General parameters`` » ``Advanced parameters`` »
 -  **Form timeout**: Form token timeout (default to 120 seconds)
 -  **Use global storage**: Local cache is used by default for one time
   tokens. To use global storage, set it to 'On'
+-  **Strict-Transport-Security Max-age**: set STS header max-age if you use SSL only (default=15768000)
 -  **CrowdSec Bouncer**: set to 'On' to enable :doc:`CrowdSec Bouncer plugin<crowdsec>`
 -  **Brute-Force Attack protection**: set to 'On' to enable :doc:`Brute-force protection plugin<bruteforceprotection>`
 -  **LWP::UserAgent and SSL options**: insert here options to pass to
--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@ -1134,6 +1134,7 @@
 "stayConnectedTimeout":"Expiration time",
 "storePassword":"تخزين كلمة مرور المستخدم في بيانات الجلسة",
 "string":"String",
+"strictTransportSecurityMax_Age":"Strict-Transport-Security max age",
 "subtitle":"Subtitle",
 "successLoginNumber":"Max successful logins count",
 "successfullySaved":"تم الحفظ بنجاح",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@ -1133,6 +1133,7 @@
 "stayConnectedCookieName":"Cookie name",
 "stayConnectedTimeout":"Expiration time",
 "storePassword":"Store user password in session",
+"strictTransportSecurityMax_Age":"Strict-Transport-Security max age",
 "string":"String",
 "subtitle":"Subtitle",
 "successLoginNumber":"Max successful logins count",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/es.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/es.json
@ -1134,6 +1134,7 @@
 "stayConnectedTimeout":"Expiration time",
 "storePassword":"Almacenar contraseña de usuario en la sesión",
 "string":"String",
+"strictTransportSecurityMax_Age":"Strict-Transport-Security max age",
 "subtitle":"Subtítulo",
 "successLoginNumber":"Max successful logins count",
 "successfullySaved":"Salvado con éxito",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@ -2,7 +2,7 @@
 "2faSessions":"Explorateur sessions 2ndFA",
 "2ndFA":"Seconds Facteurs",
 "ADPwdExpireWarning":"Avertissement avant expiration du mot de passe",
-"ADPwdMaxAge":"Âge maximal du mot de passe",
+"ADPwdMaxAge":"Age maximal du mot de passe",
 "AuthLDAPFilter":"Filtre d'authentification",
 "Configuration":"Configuration",
 "CrowdSecPlugin":"CrowdSec Bouncer",
@ -1134,6 +1134,7 @@
 "stayConnectedTimeout":"Durée de validité",
 "storePassword":"Stocke le mot de passe de l'utilisateur en session",
 "string":"Chaîne",
+"strictTransportSecurityMax_Age":"Age maximum Strict-Transport-Security",
 "subtitle":"Sous-titre",
 "successLoginNumber":"Nombre de connexions mémorisées",
 "successfullySaved":"Sauvegarde effectuée",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/he.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/he.json
@ -1134,6 +1134,7 @@
 "stayConnectedTimeout":"Expiration time",
 "storePassword":"Store user password in session",
 "string":"String",
+"strictTransportSecurityMax_Age":"Strict-Transport-Security max age",
 "subtitle":"Subtitle",
 "successLoginNumber":"Max successful logins count",
 "successfullySaved":"נשמר בהצלחה",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@ -1134,6 +1134,7 @@
 "stayConnectedTimeout":"Expiration time",
 "storePassword":"Memorizzare la password dell'utente nei dati di sessione",
 "string":"String",
+"strictTransportSecurityMax_Age":"Strict-Transport-Security max age",
 "subtitle":"Subtitle",
 "successLoginNumber":"Max successful logins count",
 "successfullySaved":"Salvato con successo",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
@ -1134,6 +1134,7 @@
 "stayConnectedTimeout":"Data ważności",
 "storePassword":"Przechowuj hasło użytkownika w sesji",
 "string":"Łańcuch znaków",
+"strictTransportSecurityMax_Age":"Strict-Transport-Security max age",
 "subtitle":"Podtytuł",
 "successLoginNumber":"Maksymalna liczba udanych logowań",
 "successfullySaved":"Pomyślnie zapisano",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
@ -1134,6 +1134,7 @@
 "stayConnectedTimeout":"Son kullanma süresi",
 "storePassword":"Kullanıcı parolasını oturumda sakla",
 "string":"Dize",
+"strictTransportSecurityMax_Age":"Strict-Transport-Security max age",
 "subtitle":"Altyazı",
 "successLoginNumber":"Maksimum başarılı giriş sayısı",
 "successfullySaved":"Başarıyla kaydedildi",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@ -1134,6 +1134,7 @@
 "stayConnectedTimeout":"Expiration time",
 "storePassword":"Lưu trữ mật khẩu người dùng trong các dữ liệu phiên",
 "string":"String",
+"strictTransportSecurityMax_Age":"Strict-Transport-Security max age",
 "subtitle":"Subtitle",
 "successLoginNumber":"Max successful logins count",
 "successfullySaved":"Lưu thành công",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
@ -1134,6 +1134,7 @@
 "stayConnectedTimeout":"過期名稱",
 "storePassword":"在工作階段中儲存使用者密碼",
 "string":"字串",
+"strictTransportSecurityMax_Age":"Strict-Transport-Security max age",
 "subtitle":"副標題",
 "successLoginNumber":"Max successful logins count",
 "successfullySaved":"成功儲存",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json
@ -1134,6 +1134,7 @@
 "stayConnectedTimeout":"過期名稱",
 "storePassword":"在工作階段中儲存使用者密碼",
 "string":"字串",
+"strictTransportSecurityMax_Age":"Strict-Transport-Security max age",
 "subtitle":"副標題",
 "successLoginNumber":"Max successful logins count",
 "successfullySaved":"成功儲存",
--- a/lemonldap-ng-portal/t/01-AuthDemo.t
+++ b/lemonldap-ng-portal/t/01-AuthDemo.t
@ -11,9 +11,11 @@ my $res;

 my $client = LLNG::Manager::Test->new( {
        ini => {
-            logLevel      => 'error',
-            useSafeJail   => 1,
-            portalFavicon => 'common/llng.ico'
+            logLevel                       => 'error',
+            portal                         => 'https://auth.example.com/',
+            useSafeJail                    => 1,
+            strictTransportSecurityMax_Age => '1977',
+            portalFavicon                  => 'common/llng.ico'
        }
    }
 );
@ -33,6 +35,9 @@ ok(
    ),
    'Get Menu'
 );
+ok( getHeader( $res, 'Strict-Transport-Security' ) =~ /^max-age=1977$/,
+    'Strict-Transport-Security is set' )
+  or explain( $res->[1], 'Content-Type => application/xml' );
 ok( $res->[2]->[0] =~ /<span trmsg="37">/, 'Rejected with PE_BADURL' )
  or print STDERR Dumper( $res->[2]->[0] );
 ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )
@ -40,7 +45,7 @@ ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )
 ok( $res->[2]->[0] =~ m%link href="/static/common/llng.ico%,
    ' Custom favicon found' )
  or print STDERR Dumper( $res->[2]->[0] );
-count(4);
+count(5);

 # Test "first access" with a wildcard-protected url
 ok(