Merge branch 'v2.0'
This commit is contained in:
Xavier Guimard
commit
b40f292d8a
|
|
@ -86,7 +86,7 @@
|
|||
"authentication" : "Demo",
|
||||
"cfgAuthor" : "The LemonLDAP::NG team",
|
||||
"cfgNum" : 1,
|
||||
"cfgVersion" : "2.0.2",
|
||||
"cfgVersion" : "2.0.3",
|
||||
"cookieName" : "lemonldap",
|
||||
"demoExportedVars" : {
|
||||
"cn" : "cn",
|
||||
|
|
@ -119,8 +119,13 @@
|
|||
"namespace" : "lemonldap-ng-sessions"
|
||||
},
|
||||
"locationRules" : {
|
||||
"auth.__DNSDOMAIN__" : {
|
||||
"(?#checkUser)^/checkuser" : "$uid eq \"dwho\"",
|
||||
"(?#errors)^/lmerror/" : "accept",
|
||||
"default" : "accept"
|
||||
},
|
||||
"manager.__DNSDOMAIN__" : {
|
||||
"(?#Configuration)^/(manager\\.html|conf/)" : "$uid eq \"dwho\"",
|
||||
"(?#Configuration)^/(manager\\.html|$)" : "$uid eq \"dwho\"",
|
||||
"(?#Notifications)/notifications" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
|
||||
"(?#Sessions)/sessions" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
|
||||
"default" : "$uid eq \"dwho\" or $uid eq \"rtyler\""
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ use Encode;
|
|||
|
||||
our $VERSION = '2.1.0';
|
||||
our $initDone;
|
||||
$YAML::Numify = 1;
|
||||
|
||||
sub Lemonldap::NG::Common::Conf::_yamlLock {
|
||||
my ( $self, $cfgNum ) = @_;
|
||||
|
|
|
|||
|
|
@ -207,6 +207,7 @@ t/40-sessions.t
|
|||
t/50-notifications-DBI.t
|
||||
t/50-notifications.t
|
||||
t/60-2ndfa.t
|
||||
t/70-viewer.t
|
||||
t/80-attributes.t
|
||||
t/90-translations.t
|
||||
t/99-pod.t
|
||||
|
|
@ -218,5 +219,6 @@ t/jsonfiles/12-modified.json
|
|||
t/jsonfiles/14-bad.json
|
||||
t/jsonfiles/15-combination.json
|
||||
t/lemonldap-ng-dbi.ini
|
||||
t/lemonldap-ng-noBrowser.ini
|
||||
t/lemonldap-ng.ini
|
||||
t/test-lib.pm
|
||||
|
|
|
|||
|
|
@ -147,6 +147,11 @@ sub zeroConf {
|
|||
'portal' => "http://auth.$domain/",
|
||||
'notificationStorage' => 'File',
|
||||
'locationRules' => {
|
||||
"auth.$domain" => {
|
||||
'(?#checkUser)^/checkuser' => '$uid eq "dwho"',
|
||||
'(?#errors)^/lmerror/' => 'accept',
|
||||
'default' => 'accept'
|
||||
},
|
||||
"test1.$domain" => {
|
||||
'default' => 'accept',
|
||||
'^/logout' => 'logout_sso'
|
||||
|
|
@ -157,7 +162,7 @@ sub zeroConf {
|
|||
},
|
||||
"manager.$domain" => {
|
||||
'default' => '$uid eq "dwho" or $uid eq "rtyler"',
|
||||
'(?#Configuration)^/(manager\.html|conf/)' => '$uid eq "dwho"',
|
||||
'(?#Configuration)^/(manager\.html|$)' => '$uid eq "dwho"',
|
||||
'(?#Sessions)/sessions' => '$uid eq "dwho" or $uid eq "rtyler"',
|
||||
'(?#Notifications)/notifications' =>
|
||||
'$uid eq "dwho" or $uid eq "rtyler"',
|
||||
|
|
|
|||
|
|
@ -1,9 +1,3 @@
|
|||
# This module implements all the methods that responds to '/confs/*' requests
|
||||
# It contains 2 sections:
|
||||
# - initialization methods
|
||||
# - upload method
|
||||
#
|
||||
# Read methods are inherited from Lemonldap::NG::Common::Conf::RESTServer
|
||||
package Lemonldap::NG::Manager::Viewer;
|
||||
|
||||
use 5.10.0;
|
||||
|
|
@ -31,8 +25,8 @@ sub addRoutes {
|
|||
my ( $self, $conf ) = @_;
|
||||
$self->ua( Lemonldap::NG::Common::UserAgent->new($conf) );
|
||||
|
||||
my $hiddenPK = '';
|
||||
$hiddenPK = $self->{viewerHiddenPK} || $conf->{viewerHiddenPK};
|
||||
my $hiddenPK = '';
|
||||
$hiddenPK = $self->{viewerHiddenPK} || $conf->{viewerHiddenPK};
|
||||
my @enabledPK = ();
|
||||
my @keys = qw(virtualHosts samlIDPMetaDataNodes samlSPMetaDataNodes
|
||||
applicationList oidcOPMetaDataNodes oidcRPMetaDataNodes
|
||||
|
|
@ -65,6 +59,12 @@ sub addRoutes {
|
|||
['GET']
|
||||
);
|
||||
}
|
||||
unless ( $self->{viewerAllowBrowser} || $conf->{viewerAllowBrowser} ) {
|
||||
$self->addRoute(
|
||||
view => { ':cfgNum' => 'rejectKey' },
|
||||
['GET']
|
||||
);
|
||||
}
|
||||
|
||||
# Other keys
|
||||
$self->addRoute( view => { ':cfgNum' => { '*' => 'getKey' } }, ['GET'] )
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@
|
|||
<td ng-if="n.type=='bool'">
|
||||
<div class="input-group-solid" role="radiogroup">
|
||||
<label class="radio-inline">
|
||||
<input id="bopeOn/{{n.title}}" type="radio" ng-value="1" ng-model="n.data" role="radio" aria-labelledby="lbopeOn{{n.title}}"/>
|
||||
<input id="bopeOn/{{n.title}}" type="radio" ng-value="1" ng-model="n.data" ng-checked="n.data==1||n.data=='1'" role="radio" aria-labelledby="lbopeOn{{n.title}}"/>
|
||||
<span id="lbopeOn{{n.title}}" for="bopeOn/{{n.title}}" trspan="on"></span>
|
||||
</label>
|
||||
<label class="radio-inline">
|
||||
|
|
|
|||
|
|
@ -887,9 +887,9 @@
|
|||
"samlIDPMetaDataOptionsSession":"جلسة",
|
||||
"samlIDPMetaDataOptionsSignature":"توقيع",
|
||||
"samlIDPMetaDataOptionsBinding":"ربط",
|
||||
"samlIDPMetaDataOptionsDisplay":"Display",
|
||||
"samlIDPMetaDataOptionsDisplay":"عرض",
|
||||
"samlIDPMetaDataOptionsDisplayName":"Display name",
|
||||
"samlIDPMetaDataOptionsDisplayParams":"Display",
|
||||
"samlIDPMetaDataOptionsDisplayParams":"عرض",
|
||||
"samlIDPMetaDataOptionsIcon":"Logo",
|
||||
"samlIDPMetaDataOptionsSecurity":"الحماية",
|
||||
"samlIDPMetaDataOptionsStoreSAMLToken":"حفظ SAML توكن",
|
||||
|
|
@ -980,5 +980,5 @@
|
|||
"samlCommonDomainCookieWriter":"يو آر إل الكاتب",
|
||||
"samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ",
|
||||
"samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين",
|
||||
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
|
||||
}
|
||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||
}
|
||||
|
|
@ -980,5 +980,5 @@
|
|||
"samlCommonDomainCookieWriter":"Writer URL",
|
||||
"samlRelayStateTimeout":"RelayState session timeout",
|
||||
"samlUseQueryStringSpecific":"Use specific query_string method",
|
||||
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
|
||||
}
|
||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||
}
|
||||
|
|
@ -980,5 +980,5 @@
|
|||
"samlCommonDomainCookieWriter":"URL dell'autore",
|
||||
"samlRelayStateTimeout":"Timeout di sessione di RelayState",
|
||||
"samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string",
|
||||
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
|
||||
}
|
||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||
}
|
||||
|
|
@ -980,5 +980,5 @@
|
|||
"samlCommonDomainCookieWriter":"Trình viết URL",
|
||||
"samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ",
|
||||
"samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể",
|
||||
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
|
||||
}
|
||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||
}
|
||||
|
|
@ -980,5 +980,5 @@
|
|||
"samlCommonDomainCookieWriter":"Writer URL",
|
||||
"samlRelayStateTimeout":"RelayState session timeout",
|
||||
"samlUseQueryStringSpecific":"Use specific query_string method",
|
||||
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
|
||||
}
|
||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||
}
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
# Test viewer API
|
||||
|
||||
use Test::More;
|
||||
use strict;
|
||||
use IO::String;
|
||||
use JSON qw(from_json);
|
||||
|
||||
require 't/test-lib.pm';
|
||||
|
||||
# Test that key value is sent
|
||||
my $res = &client->jsonResponse('/view/1/portalDisplayOidcConsents');
|
||||
ok( $res->{value} eq '$_oidcConnectedRP', 'Key found' );
|
||||
count(1);
|
||||
|
||||
# Test that hidden key values are NOT sent
|
||||
$res = &client->jsonResponse('/view/1/portalDisplayLogout');
|
||||
ok( $res->{value} eq '_Hidden_', 'Key is hidden' );
|
||||
$res = &client->jsonResponse('/view/1/samlIDPMetaDataNodes');
|
||||
ok( $res->{value} eq '_Hidden_', 'Key is hidden' );
|
||||
count(2);
|
||||
|
||||
# Try to display latest conf
|
||||
$res = &client->jsonResponse('/view/latest');
|
||||
ok( $res->{cfgNum} eq '1', 'Browser is allowed' );
|
||||
count(1);
|
||||
|
||||
# Load lemonldap-ng-noBrowser.ini
|
||||
use_ok('Lemonldap::NG::Manager::Cli::Lib');
|
||||
my $client2;
|
||||
ok(
|
||||
$client2 = Lemonldap::NG::Manager::Cli::Lib->new(
|
||||
iniFile => 't/lemonldap-ng-noBrowser.ini'
|
||||
),
|
||||
'Client object'
|
||||
);
|
||||
|
||||
# Try to display latest conf
|
||||
$res = $client2->jsonResponse('/view/1');
|
||||
ok( $res->{value} eq '_Hidden_', 'Browser is NOT allowed' );
|
||||
count(3);
|
||||
|
||||
done_testing( count() );
|
||||
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
[all]
|
||||
|
||||
logLevel = error
|
||||
localSessionStorage =
|
||||
localSessionStorageOptions =
|
||||
|
||||
[configuration]
|
||||
|
||||
type=File
|
||||
dirName=t/conf
|
||||
|
||||
[portal]
|
||||
|
||||
checkXSS = 0
|
||||
|
||||
[handler]
|
||||
|
||||
https = 0
|
||||
;port = 8080
|
||||
status = 0
|
||||
useRedirectOnError = 0
|
||||
|
||||
[manager]
|
||||
|
||||
protection = manager
|
||||
staticPrefix = app/
|
||||
languages = fr, en, vi, ar
|
||||
templateDir = site/templates/
|
||||
enabledModules = conf, sessions, notifications, 2ndFA, viewer
|
||||
viewerHiddenPK = samlIDPMetaDataNodes samlSPMetaDataNodes portalDisplayLogout
|
||||
viewerAllowBrowser = 0
|
||||
|
||||
[sessionsExplorer]
|
||||
|
||||
;protection = authenticate
|
||||
|
||||
[apply]
|
||||
|
||||
|
|
@ -26,6 +26,9 @@ protection = manager
|
|||
staticPrefix = app/
|
||||
languages = fr, en, vi, ar
|
||||
templateDir = site/templates/
|
||||
enabledModules = conf, sessions, notifications, 2ndFA, viewer
|
||||
viewerHiddenPK = samlIDPMetaDataNodes samlSPMetaDataNodes portalDisplayLogout
|
||||
viewerAllowBrowser = 1
|
||||
|
||||
[sessionsExplorer]
|
||||
|
||||
|
|
|
|||
|
|
@ -1621,7 +1621,7 @@ sub sloServer {
|
|||
$req->{urldc} =
|
||||
$self->conf->{portal} . '/saml/relaySingleLogoutTermination';
|
||||
$self->p->setHiddenFormValue( $req, 'relay', $relayID );
|
||||
return $self->do( $req, [] );
|
||||
return $self->p->do( $req, [] );
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -181,7 +181,7 @@ sub reloadConf {
|
|||
|
||||
# Initialize content-security-policy header
|
||||
my $csp = '';
|
||||
foreach (qw(default img src style font connect)) {
|
||||
foreach (qw(default img src style font connect script)) {
|
||||
my $prm = $self->conf->{ 'csp' . ucfirst($_) };
|
||||
$csp .= "$_-src $prm;" if ($prm);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -104,6 +104,7 @@ sub error_type {
|
|||
PE_CONFIRM, PE_MAILFORMEMPTY,
|
||||
PE_MAILCONFIRMATION_ALREADY_SENT, PE_PASSWORDFORMEMPTY,
|
||||
PE_CAPTCHAEMPTY, PE_REGISTERFORMEMPTY,
|
||||
PE_PP_CHANGE_AFTER_RESET
|
||||
)
|
||||
)
|
||||
);
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ has wsdl => (
|
|||
|
||||
my $attrList = join "\n", map {
|
||||
"<element name='$_' type='xsd:string' nillable='true'></element>"
|
||||
} $self->exportedAttr;
|
||||
} @{ $self->exportedAttr };
|
||||
my $resp = join( '', <DATA> );
|
||||
close DATA;
|
||||
$resp =~ s/\$cookieList/$cookieList/g;
|
||||
|
|
|
|||
|
|
@ -259,4 +259,4 @@
|
|||
"yourPhone":"رقم هاتفك",
|
||||
"yourProfile":"ملفك الشخصي",
|
||||
"yourTotpKey":"Your TOTP key"
|
||||
}
|
||||
}
|
||||
|
|
@ -259,4 +259,4 @@
|
|||
"yourPhone":"Ihre Telefonnummer",
|
||||
"yourProfile":"Ihr Profil",
|
||||
"yourTotpKey":"Your TOTP key"
|
||||
}
|
||||
}
|
||||
|
|
@ -259,4 +259,4 @@
|
|||
"yourPhone":"Your phone number",
|
||||
"yourProfile":"Your profile",
|
||||
"yourTotpKey":"Your TOTP key"
|
||||
}
|
||||
}
|
||||
|
|
@ -259,4 +259,4 @@
|
|||
"yourPhone":"Numero di telefono",
|
||||
"yourProfile":"Il tuo profilo",
|
||||
"yourTotpKey":"La tua chiave TOTP"
|
||||
}
|
||||
}
|
||||
|
|
@ -259,4 +259,4 @@
|
|||
"yourPhone":"Your phone number",
|
||||
"yourProfile":"Your profile",
|
||||
"yourTotpKey":"Your TOTP key"
|
||||
}
|
||||
}
|
||||
|
|
@ -259,4 +259,4 @@
|
|||
"yourPhone":"Your phone number",
|
||||
"yourProfile":"Your profile",
|
||||
"yourTotpKey":"Your TOTP key"
|
||||
}
|
||||
}
|
||||
|
|
@ -99,8 +99,8 @@
|
|||
"accountCreated":"Your account has been created, your temporary password has been sent to your mail address.",
|
||||
"accountCreationSuccess":"Your account was successfully created.",
|
||||
"action":"Action",
|
||||
"anotherInformation":"Another information:",
|
||||
"allowed":"Access ALLOWED",
|
||||
"anotherInformation":"Another information:",
|
||||
"areYouSure":"Are you sure?",
|
||||
"askToRenew":"This application needs a more recent authentication. Do you want to reauthenticate?",
|
||||
"askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate?",
|
||||
|
|
@ -259,4 +259,4 @@
|
|||
"yourPhone":"Your phone number",
|
||||
"yourProfile":"Your profile",
|
||||
"yourTotpKey":"Your TOTP key"
|
||||
}
|
||||
}
|
||||
|
|
@ -99,8 +99,8 @@
|
|||
"accountCreated":"Tài khoản của bạn đã được tạo, mật khẩu tạm thời của bạn đã được gửi đến địa chỉ mail của bạn.",
|
||||
"accountCreationSuccess":"Tài khoản của bạn đã được tạo thành công.",
|
||||
"action":"Action",
|
||||
"anotherInformation":"Thông tin khác:",
|
||||
"allowed":"Access ALLOWED",
|
||||
"anotherInformation":"Thông tin khác:",
|
||||
"areYouSure":"Bạn có chắc không?",
|
||||
"askToRenew":"Ứng dụng này cần có chứng thực gần đây hơn. Bạn có muốn chứng thực lại?",
|
||||
"askToUpgrade":"Ứng dụng này cần một mức xác thực cao hơn. Bạn có muốn chứng thực lại?",
|
||||
|
|
@ -259,4 +259,4 @@
|
|||
"yourPhone":"Số điện thoại của bạn",
|
||||
"yourProfile":"Profile của bạn",
|
||||
"yourTotpKey":"Your TOTP key"
|
||||
}
|
||||
}
|
||||
|
|
@ -141,8 +141,8 @@
|
|||
"errorMsg":"错误消息",
|
||||
"fillTheForm":"Fill the form",
|
||||
"firstName":"名",
|
||||
"forgotPwd":"忘记密码?",
|
||||
"forbidden":"Access FORBIDDEN",
|
||||
"forgotPwd":"忘记密码?",
|
||||
"generatePwd":"自动生成密码",
|
||||
"gotNewMessages":"您有一些新消息",
|
||||
"goToPortal":"回到首页",
|
||||
|
|
@ -259,4 +259,4 @@
|
|||
"yourPhone":"您的电话号码",
|
||||
"yourProfile":"您的档案",
|
||||
"yourTotpKey":"Your TOTP key"
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue