tidy
This commit is contained in:
parent
c0472d41db
commit
b88a72c267
9
Makefile
9
Makefile
|
@ -1176,15 +1176,14 @@ test-diff:
|
|||
done
|
||||
|
||||
tidy: clean
|
||||
@if perltidy -v|grep v20181120 >/dev/null; then \
|
||||
find lemon*/ -type f \( -name '*.pm' -or -name '*.pl' -or -name '*.fcgi' -or -name '*.t' \) -print -exec perltidy -se -b {} \; ; \
|
||||
else echo "Wrong perltidy version, please install Perl::Tidy@20181120" ; exit 1 ;\
|
||||
fi
|
||||
@if perltidy -v|grep v20210717 >/dev/null; then \
|
||||
for f in `find lemon*/ -type f \( -name '*.pm' -or -name '*.pl' -or -name '*.fcgi' -or -name '*.t' \)`; do \
|
||||
echo -n $$f; \
|
||||
perltidy -se -b $$f; \
|
||||
echo; \
|
||||
done
|
||||
done; \
|
||||
else echo "Wrong perltidy version, please install Perl::Tidy@20210717" ; exit 1 ;\
|
||||
fi
|
||||
find lemon*/ -name '*.bak' -delete
|
||||
$(MAKE) json
|
||||
|
||||
|
|
|
@ -66,7 +66,8 @@ sub testEmail {
|
|||
my $error = $@;
|
||||
if ($error) {
|
||||
die $error;
|
||||
} else {
|
||||
}
|
||||
else {
|
||||
print STDERR "Test email successfully sent to $dest\n";
|
||||
}
|
||||
}
|
||||
|
|
|
@ -36,7 +36,8 @@ sub available {
|
|||
my $sth =
|
||||
$self->_dbh->prepare( "SELECT DISTINCT cfgNum from "
|
||||
. $self->{dbiTable}
|
||||
. " order by cfgNum" ) or $self->logError;
|
||||
. " order by cfgNum" )
|
||||
or $self->logError;
|
||||
$sth->execute() or $self->logError;
|
||||
my @conf;
|
||||
while ( my @row = $sth->fetchrow_array ) {
|
||||
|
|
|
@ -398,6 +398,7 @@ sub _oidcMetaDataNodes {
|
|||
my $pk = eval { $self->getConfKey( $req, $query )->{$partner} } // {};
|
||||
return $self->sendError( $req, undef, 400 ) if ( $req->error );
|
||||
foreach my $h ( sort keys %$pk ) {
|
||||
|
||||
# Set default values for type and array
|
||||
my $data = [ split /;/, $pk->{$h} ];
|
||||
unless ( $data->[1] ) {
|
||||
|
@ -416,6 +417,7 @@ sub _oidcMetaDataNodes {
|
|||
}
|
||||
return $self->sendJSONresponse( $req, $resp );
|
||||
}
|
||||
|
||||
# Return all exported attributes if asked
|
||||
elsif ( $query =~
|
||||
/^(?:oidc${type}MetaDataExportedVars|oidcRPMetaDataOptionsExtraClaims|oidcRPMetaDataMacros|oidcRPMetaDataScopeRules)$/
|
||||
|
|
|
@ -356,7 +356,8 @@ sub _logAndHandle {
|
|||
if ( ref( $self->logger ) and $self->logger->can('setRequestObj') ) {
|
||||
$self->logger->setRequestObj($req);
|
||||
}
|
||||
if ( ref( $self->userLogger ) and $self->userLogger->can('setRequestObj') ) {
|
||||
if ( ref( $self->userLogger ) and $self->userLogger->can('setRequestObj') )
|
||||
{
|
||||
$self->userLogger->setRequestObj($req);
|
||||
}
|
||||
|
||||
|
@ -367,7 +368,9 @@ sub _logAndHandle {
|
|||
if ( ref( $self->logger ) and $self->logger->can('clearRequestObj') ) {
|
||||
$self->logger->clearRequestObj($req);
|
||||
}
|
||||
if ( ref( $self->userLogger ) and $self->userLogger->can('clearRequestObj') ) {
|
||||
if ( ref( $self->userLogger )
|
||||
and $self->userLogger->can('clearRequestObj') )
|
||||
{
|
||||
$self->userLogger->clearRequestObj($req);
|
||||
}
|
||||
|
||||
|
|
|
@ -48,8 +48,7 @@ sub userData {
|
|||
return $self->{userData}
|
||||
|| {
|
||||
( $Lemonldap::NG::Handler::Main::tsv->{whatToTrace}
|
||||
|| '_whatToTrace' ) => $self->{user},
|
||||
};
|
||||
|| '_whatToTrace' ) => $self->{user}, };
|
||||
}
|
||||
|
||||
sub respHeaders {
|
||||
|
|
|
@ -121,7 +121,6 @@ sub date {
|
|||
return $year . $mon . $mday . $hour . $min . $sec;
|
||||
}
|
||||
|
||||
|
||||
## @function integer dateToTime(string date)
|
||||
# Converts a LDAP date into epoch time or returns undef upon failure.
|
||||
# @param $date string Date in YYYYMMDDHHMMSS[+/-0000] format. It may contain a differential timezone, otherwise default TZ is GMT
|
||||
|
@ -131,10 +130,20 @@ sub dateToTime {
|
|||
return undef unless ($date);
|
||||
|
||||
# Parse date
|
||||
my ( $year, $month, $day, $hour, $min, $sec, $zone ) = ( $date =~ /(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})([-+\w]*)/ );
|
||||
my ( $year, $month, $day, $hour, $min, $sec, $zone ) =
|
||||
( $date =~ /(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})([-+\w]*)/ );
|
||||
|
||||
# Convert date to epoch time with GMT as default timezone if date contains none
|
||||
return str2time( $year . "-" . $month . "-" . $day . "T" . $hour . ":" . $min . ":" . $sec . $zone, "GMT" );
|
||||
return str2time(
|
||||
$year . "-"
|
||||
. $month . "-"
|
||||
. $day . "T"
|
||||
. $hour . ":"
|
||||
. $min . ":"
|
||||
. $sec
|
||||
. $zone,
|
||||
"GMT"
|
||||
);
|
||||
}
|
||||
|
||||
## @function boolean checkDate(string start, string end, boolean default_access)
|
||||
|
|
|
@ -55,8 +55,11 @@ ok(
|
|||
|
||||
# Test "and"
|
||||
|
||||
@tests = ( '[A and B, A]', '[A,B] and [B,C]',
|
||||
'if(0) then [A,B] else [A,B] and [B,C]' );
|
||||
@tests = (
|
||||
'[A and B, A]',
|
||||
'[A,B] and [B,C]',
|
||||
'if(0) then [A,B] else [A,B] and [B,C]'
|
||||
);
|
||||
|
||||
while ( my $expr = shift @tests ) {
|
||||
ok( [ getok($expr) ]->[0] == 0, qq{"$expr" returns PE_OK as auth result} )
|
||||
|
|
|
@ -48,7 +48,9 @@ sub launch {
|
|||
if ( ref( $class->logger ) and $class->logger->can('setRequestObj') ) {
|
||||
$class->logger->setRequestObj($req);
|
||||
}
|
||||
if ( ref( $class->userLogger ) and $class->userLogger->can('setRequestObj') ) {
|
||||
if ( ref( $class->userLogger )
|
||||
and $class->userLogger->can('setRequestObj') )
|
||||
{
|
||||
$class->userLogger->setRequestObj($req);
|
||||
}
|
||||
|
||||
|
@ -58,7 +60,9 @@ sub launch {
|
|||
if ( ref( $class->logger ) and $class->logger->can('clearRequestObj') ) {
|
||||
$class->logger->clearRequestObj($req);
|
||||
}
|
||||
if ( ref( $class->userLogger ) and $class->userLogger->can('clearRequestObj') ) {
|
||||
if ( ref( $class->userLogger )
|
||||
and $class->userLogger->can('clearRequestObj') )
|
||||
{
|
||||
$class->userLogger->clearRequestObj($req);
|
||||
}
|
||||
return $res;
|
||||
|
|
|
@ -53,8 +53,7 @@ sub _loadVhostConfig {
|
|||
my $resp = $class->ua->request($get);
|
||||
if ( $resp->is_success ) {
|
||||
$class->logger->debug('Response is success');
|
||||
eval {
|
||||
$json = from_json( $resp->content, { allow_nonref => 1 } ); };
|
||||
eval { $json = from_json( $resp->content, { allow_nonref => 1 } ); };
|
||||
if ($@) {
|
||||
$class->logger->debug('Bad json file received');
|
||||
$class->logger->error(
|
||||
|
|
|
@ -118,7 +118,8 @@ sub _logAuthTrace {
|
|||
if ( ref( $self->logger ) and $self->logger->can('setRequestObj') ) {
|
||||
$self->logger->setRequestObj($req);
|
||||
}
|
||||
if ( ref( $self->userLogger ) and $self->userLogger->can('setRequestObj') ) {
|
||||
if ( ref( $self->userLogger ) and $self->userLogger->can('setRequestObj') )
|
||||
{
|
||||
$self->userLogger->setRequestObj($req);
|
||||
}
|
||||
|
||||
|
@ -129,7 +130,9 @@ sub _logAuthTrace {
|
|||
if ( ref( $self->logger ) and $self->logger->can('clearRequestObj') ) {
|
||||
$self->logger->clearRequestObj($req);
|
||||
}
|
||||
if ( ref( $self->userLogger ) and $self->userLogger->can('clearRequestObj') ) {
|
||||
if ( ref( $self->userLogger )
|
||||
and $self->userLogger->can('clearRequestObj') )
|
||||
{
|
||||
$self->userLogger->clearRequestObj($req);
|
||||
}
|
||||
|
||||
|
|
|
@ -7,7 +7,8 @@ our $VERSION = '2.0.9';
|
|||
sub fetchId {
|
||||
my ( $class, $req ) = @_;
|
||||
my $token = $req->{env}->{HTTP_X_LLNG_TOKEN};
|
||||
return $class->Lemonldap::NG::Handler::Main::fetchId($req) unless ($token =~ /\w+/);
|
||||
return $class->Lemonldap::NG::Handler::Main::fetchId($req)
|
||||
unless ( $token =~ /\w+/ );
|
||||
$class->logger->debug("Found token: $token");
|
||||
|
||||
# Decrypt token
|
||||
|
|
|
@ -63,7 +63,9 @@ sub build_jail {
|
|||
|
||||
if ($build) {
|
||||
@builtCustomFunctions =
|
||||
$self->customFunctions ? split( /[,\s]+/, $self->customFunctions ) : ();
|
||||
$self->customFunctions
|
||||
? split( /[,\s]+/, $self->customFunctions )
|
||||
: ();
|
||||
foreach (@builtCustomFunctions) {
|
||||
no warnings 'redefine';
|
||||
$api->logger->debug("Custom function: $_");
|
||||
|
|
|
@ -65,7 +65,8 @@ sub checkConf {
|
|||
or $class->cfgNum != $conf->{cfgNum}
|
||||
or $class->cfgDate != $conf->{cfgDate} )
|
||||
{
|
||||
$class->logger->debug("Get configuration $conf->{cfgNum} aged $conf->{cfgDate}");
|
||||
$class->logger->debug(
|
||||
"Get configuration $conf->{cfgNum} aged $conf->{cfgDate}");
|
||||
unless ( $class->cfgNum( $conf->{cfgNum} )
|
||||
&& $class->cfgDate( $conf->{cfgDate} ) )
|
||||
{
|
||||
|
|
|
@ -536,8 +536,8 @@ sub retrieveSession {
|
|||
# (15 seconds)
|
||||
if ( defined $class->data->{_session_id}
|
||||
and $id eq $class->data->{_session_id}
|
||||
and
|
||||
( $now - $class->dataUpdate < $class->tsv->{handlerInternalCache} ) )
|
||||
and ( $now - $class->dataUpdate < $class->tsv->{handlerInternalCache} )
|
||||
)
|
||||
{
|
||||
$class->logger->debug("Get session $id from Handler internal cache");
|
||||
return $class->data;
|
||||
|
@ -899,7 +899,8 @@ sub postJavascript {
|
|||
foreach my $name ( keys %$data ) {
|
||||
use bytes;
|
||||
my @characterSet = ( '0' .. '9', 'A' .. 'Z', 'a' .. 'z' );
|
||||
my $value = join '' => map $characterSet[ rand @characterSet ], 1 .. bytes::length( $data->{$name} );
|
||||
my $value = join '' => map $characterSet[ rand @characterSet ],
|
||||
1 .. bytes::length( $data->{$name} );
|
||||
$filler .=
|
||||
"form.find('input[name=\"$name\"], select[name=\"$name\"], textarea[name=\"$name\"]').val('$value')\n";
|
||||
}
|
||||
|
|
|
@ -224,8 +224,13 @@ ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );
|
|||
count(2);
|
||||
|
||||
# Forged headers
|
||||
ok( $res = $client->_get( '/skipif/zz', undef, 'test1.example.com', undef, HTTP_AUTH_USER => 'rtyler' ),
|
||||
'Test skip() with forged header' );
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/skipif/zz', undef, 'test1.example.com', undef,
|
||||
HTTP_AUTH_USER => 'rtyler'
|
||||
),
|
||||
'Test skip() with forged header'
|
||||
);
|
||||
ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );
|
||||
count(2);
|
||||
|
||||
|
|
|
@ -82,12 +82,12 @@ no warnings 'redefine';
|
|||
|
||||
sub LWP::UserAgent::request {
|
||||
my ( $self, $req ) = @_;
|
||||
ok( $req->header('host') eq 'devops.example.com',
|
||||
'Host header found' )
|
||||
ok( $req->header('host') eq 'devops.example.com', 'Host header found' )
|
||||
or explain( $req->headers(), 'devops.example.com' );
|
||||
ok( $req->as_string() =~ m#http://devops.example.com/myfile.json#,
|
||||
'Rules file URL found' )
|
||||
or explain( $req->as_string(), 'GET http://devops.example.com/myfile.json' );
|
||||
or
|
||||
explain( $req->as_string(), 'GET http://devops.example.com/myfile.json' );
|
||||
count(2);
|
||||
my $httpResp;
|
||||
my $s = '{
|
||||
|
|
|
@ -73,8 +73,7 @@ no warnings 'redefine';
|
|||
|
||||
sub LWP::UserAgent::request {
|
||||
my ( $self, $req ) = @_;
|
||||
ok( $req->header('host') eq 'test3.example.com',
|
||||
'Host header found' )
|
||||
ok( $req->header('host') eq 'test3.example.com', 'Host header found' )
|
||||
or explain( $req->headers(), 'test3.example.com' );
|
||||
ok( $req->as_string() =~ m#http://127.0.0.1:80/rules.json#,
|
||||
'Rules file URL found' )
|
||||
|
|
|
@ -47,7 +47,8 @@ sub init {
|
|||
$self->{hiddenAttributes} //= "_password";
|
||||
$self->{hiddenAttributes} .= ' _session_id'
|
||||
unless $conf->{displaySessionId};
|
||||
$self->{TOTPCheck} = $self->{U2FCheck} = $self->{UBKCheck} = $self->{WebAuthnCheck} = '1';
|
||||
$self->{TOTPCheck} = $self->{U2FCheck} = $self->{UBKCheck} =
|
||||
$self->{WebAuthnCheck} = '1';
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
@ -207,7 +207,8 @@ EOF
|
|||
foreach (@simpleHashKeys) {
|
||||
$ra->add($_);
|
||||
}
|
||||
print F "our \$simpleHashKeys = '" . $ra->as_string . "';\n"
|
||||
print F "our \$simpleHashKeys = '"
|
||||
. $ra->as_string . "';\n"
|
||||
. "our \$specialNodeKeys = '${ignoreKeys}s';\n";
|
||||
foreach ( sort keys %cnodesRe ) {
|
||||
print F "our \$${_}Keys = '$cnodesRe{$_}';\n";
|
||||
|
@ -677,6 +678,7 @@ sub scanTree {
|
|||
my $type = $attr->{type};
|
||||
$type =~ s/Container//;
|
||||
foreach my $k ( sort keys( %{ $attr->{default} } ) ) {
|
||||
|
||||
# Special handling for oidcAttribute
|
||||
my $default = $attr->{default}->{$k};
|
||||
if ( $attr->{type} eq 'oidcAttributeContainer' ) {
|
||||
|
|
|
@ -2239,7 +2239,6 @@ sub attributes {
|
|||
documentation => 'WebAuthn Relying Party display name',
|
||||
},
|
||||
|
||||
|
||||
# Single session
|
||||
notifyDeleted => {
|
||||
default => 1,
|
||||
|
@ -3371,7 +3370,8 @@ sub attributes {
|
|||
},
|
||||
available2F => {
|
||||
type => 'text',
|
||||
default => 'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius',
|
||||
default =>
|
||||
'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius',
|
||||
documentation => 'Available second factor modules',
|
||||
},
|
||||
available2FSelfRegistration => {
|
||||
|
|
|
@ -20,9 +20,10 @@ sub diff {
|
|||
$res[$i]->{$key} = $tmp[$i] if ( $tmp[$i] );
|
||||
}
|
||||
}
|
||||
elsif ( $key =~ $hashParameters
|
||||
or
|
||||
( ref( $conf[0]->{$key} ) and ref( $conf[0]->{$key} ) eq 'HASH' ) )
|
||||
elsif (
|
||||
$key =~ $hashParameters
|
||||
or ( ref( $conf[0]->{$key} ) and ref( $conf[0]->{$key} ) eq 'HASH' )
|
||||
)
|
||||
{
|
||||
if ( ref $conf[1]->{$key} ) {
|
||||
my @tmp =
|
||||
|
|
|
@ -438,8 +438,8 @@ sub _scanNodes {
|
|||
$self->_scanNodes($subNodes);
|
||||
}
|
||||
}
|
||||
elsif (
|
||||
$target =~ /^oidc(?:O|R)PMetaData(?:ExportedVars|Macros|ScopeRules)$/ )
|
||||
elsif ( $target =~
|
||||
/^oidc(?:O|R)PMetaData(?:ExportedVars|Macros|ScopeRules)$/ )
|
||||
{
|
||||
hdebug(" $target");
|
||||
if ( $leaf->{cnodes} ) {
|
||||
|
|
|
@ -248,7 +248,8 @@ sub sessions {
|
|||
value => $uid,
|
||||
count => scalar( @{ $r->{$uid} } ),
|
||||
sessions => [
|
||||
map { {
|
||||
map {
|
||||
{
|
||||
session =>
|
||||
$self->_maybeEncryptSessionId( $_->{_sessionId} ),
|
||||
date => $_->{_utime}
|
||||
|
@ -399,7 +400,8 @@ qq{Use of an uninitialized attribute "$group" to group sessions},
|
|||
else {
|
||||
$res = [
|
||||
sort { $a->{date} <=> $b->{date} }
|
||||
map { {
|
||||
map {
|
||||
{
|
||||
session => $self->_maybeEncryptSessionId($_),
|
||||
date => $res->{$_}->{_utime}
|
||||
}
|
||||
|
|
|
@ -646,7 +646,9 @@ my $casApp = {
|
|||
given_name => '$firstName',
|
||||
},
|
||||
options => {
|
||||
service => [ 'http://mycasapp.example.com', 'http://mycasapp2.example.com/test' ],
|
||||
service => [
|
||||
'http://mycasapp.example.com', 'http://mycasapp2.example.com/test'
|
||||
],
|
||||
rule => '$uid eq \'dwho\'',
|
||||
userAttribute => 'uid'
|
||||
}
|
||||
|
|
|
@ -18,7 +18,8 @@ sub body {
|
|||
|
||||
# Test that key value is sent
|
||||
my $res = &client->jsonResponse('/view/1/portalDisplayOidcConsents');
|
||||
ok( $res->{value} eq '$_oidcConsents && $_oidcConsents =~ /\\w+/', 'Key found' );
|
||||
ok( $res->{value} eq '$_oidcConsents && $_oidcConsents =~ /\\w+/',
|
||||
'Key found' );
|
||||
count(1);
|
||||
|
||||
# Test that hidden key values are NOT sent
|
||||
|
|
|
@ -385,7 +385,8 @@ sub run {
|
|||
MSG => $self->canUpdateSfa($req) || 'choose2f',
|
||||
ALERT => ( $self->canUpdateSfa($req) ? 'warning' : 'positive' ),
|
||||
MODULES => [
|
||||
map { {
|
||||
map {
|
||||
{
|
||||
CODE => $_->prefix,
|
||||
LOGO => $_->logo,
|
||||
LABEL => $_->label
|
||||
|
|
|
@ -255,8 +255,7 @@ sub authenticate {
|
|||
sub setAuthSessionInfo {
|
||||
my ( $self, $req ) = @_;
|
||||
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{casAuthnLevel};
|
||||
$req->{sessionInfo}->{_casSrv}
|
||||
= $req->data->{_casSrvCurrent};
|
||||
$req->{sessionInfo}->{_casSrv} = $req->data->{_casSrvCurrent};
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
|
|
|
@ -155,8 +155,7 @@ sub extractFormInfo {
|
|||
|
||||
$self->logger->debug("Response from GitHub User API: $user_content");
|
||||
|
||||
eval {
|
||||
$json_hash = from_json( $user_content, { allow_nonref => 1 } ); };
|
||||
eval { $json_hash = from_json( $user_content, { allow_nonref => 1 } ); };
|
||||
if ($@) {
|
||||
$self->logger->error("Unable to decode JSON $user_content");
|
||||
return PE_ERROR;
|
||||
|
|
|
@ -90,11 +90,13 @@ sub extractFormInfo {
|
|||
# 3. If user and oldpassword defined -> password form
|
||||
elsif ( $defUser and $defOldPassword ) {
|
||||
$res = PE_PASSWORDFORMEMPTY
|
||||
unless ( ( $req->{user} = $req->param('user') )
|
||||
unless (
|
||||
( $req->{user} = $req->param('user') )
|
||||
&& ( $req->data->{oldpassword} = $req->param('oldpassword') )
|
||||
&& ( $req->data->{newpassword} = $req->param('newpassword') )
|
||||
&& ( $req->data->{confirmpassword} =
|
||||
$req->param('confirmpassword') ) );
|
||||
$req->param('confirmpassword') )
|
||||
);
|
||||
}
|
||||
|
||||
# If form seems empty
|
||||
|
|
|
@ -72,8 +72,8 @@ has findUserFilter => (
|
|||
is => 'ro',
|
||||
lazy => 1,
|
||||
builder => sub {
|
||||
$_[0]->conf->{AuthLDAPFilter} ||
|
||||
$_[0]->conf->{LDAPFilter}
|
||||
$_[0]->conf->{AuthLDAPFilter}
|
||||
|| $_[0]->conf->{LDAPFilter}
|
||||
|| '(&(uid=$user)(objectClass=inetOrgPerson))';
|
||||
}
|
||||
);
|
||||
|
|
|
@ -1888,7 +1888,8 @@ sub resolveArtifact {
|
|||
$self->logger->debug("Get message $message");
|
||||
}
|
||||
else {
|
||||
$self->logger->error("Error while sending message: ".$soap_answer->status_line);
|
||||
$self->logger->error(
|
||||
"Error while sending message: " . $soap_answer->status_line );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -29,7 +29,8 @@ sub displayInit {
|
|||
else {
|
||||
$self->logger->error(
|
||||
qq(Skin rule "$skinRule" returns an error: )
|
||||
. HANDLER->tsv->{jail}->error || 'Unable to compile rule' );
|
||||
. HANDLER->tsv->{jail}->error
|
||||
|| 'Unable to compile rule' );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -50,9 +50,11 @@ sub init {
|
|||
|
||||
sub delegate {
|
||||
my ( $self, $req, $name, @args ) = @_;
|
||||
|
||||
# The user might want to override which password DB is used with a macro
|
||||
# This is useful when using SASL delegation in OpenLDAP
|
||||
my $userDB = $req->sessionInfo->{_cmbPasswordDB} || $req->sessionInfo->{_userDB};
|
||||
my $userDB =
|
||||
$req->sessionInfo->{_cmbPasswordDB} || $req->sessionInfo->{_userDB};
|
||||
unless ( $self->mods->{$userDB} ) {
|
||||
$self->logger->error("No Password module available for $userDB");
|
||||
return PE_ERROR;
|
||||
|
|
|
@ -39,12 +39,14 @@ sub modifyPassword {
|
|||
|
||||
if ( $req->data->{dn} ) {
|
||||
$dn = $req->data->{dn};
|
||||
$requireOldPassword = $self->requireOldPwdRule->( $req, $req->userData );
|
||||
$requireOldPassword =
|
||||
$self->requireOldPwdRule->( $req, $req->userData );
|
||||
$self->logger->debug("Get DN from request data: $dn");
|
||||
}
|
||||
else {
|
||||
$dn = $req->sessionInfo->{_dn};
|
||||
$requireOldPassword = $self->requireOldPwdRule->( $req, $req->sessionInfo );
|
||||
$requireOldPassword =
|
||||
$self->requireOldPwdRule->( $req, $req->sessionInfo );
|
||||
$self->logger->debug("Get DN from session data: $dn");
|
||||
}
|
||||
unless ($dn) {
|
||||
|
|
|
@ -207,7 +207,8 @@ sub activeSessions {
|
|||
}
|
||||
$_;
|
||||
}
|
||||
sort { $b->{startTime} cmp $a->{startTime} } map { {
|
||||
sort { $b->{startTime} cmp $a->{startTime} } map {
|
||||
{
|
||||
id => $_,
|
||||
customParam => $sessions->{$_}->{$customParam},
|
||||
ipAddr => $sessions->{$_}->{ipAddr},
|
||||
|
|
|
@ -107,8 +107,10 @@ has exportedAttr => (
|
|||
|
||||
# Convert @attributes into hash to remove duplicates
|
||||
my %attributes = map( { $_ => 1 } @attributes );
|
||||
%attributes =
|
||||
( %attributes, %{ $conf->{exportedVars} }, %{ $conf->{macros} },
|
||||
%attributes = (
|
||||
%attributes,
|
||||
%{ $conf->{exportedVars} },
|
||||
%{ $conf->{macros} },
|
||||
);
|
||||
return '[' . join( ',', keys %attributes ) . ']';
|
||||
}
|
||||
|
|
|
@ -60,8 +60,10 @@ has exportedAttr => (
|
|||
|
||||
# Convert @attributes into hash to remove duplicates
|
||||
my %attributes = map( { $_ => 1 } @attributes );
|
||||
%attributes =
|
||||
( %attributes, %{ $conf->{exportedVars} }, %{ $conf->{macros} },
|
||||
%attributes = (
|
||||
%attributes,
|
||||
%{ $conf->{exportedVars} },
|
||||
%{ $conf->{macros} },
|
||||
);
|
||||
|
||||
return [ sort keys %attributes ];
|
||||
|
|
|
@ -136,8 +136,10 @@ sub findUser {
|
|||
sub setSessionInfo {
|
||||
my ( $self, $req ) = @_;
|
||||
|
||||
my %vars = ( %{ $self->conf->{exportedVars} },
|
||||
%{ $self->conf->{demoExportedVars} } );
|
||||
my %vars = (
|
||||
%{ $self->conf->{exportedVars} },
|
||||
%{ $self->conf->{demoExportedVars} }
|
||||
);
|
||||
while ( my ( $k, $v ) = each %vars ) {
|
||||
$req->{sessionInfo}->{$k} = $demoAccounts{ $req->{user} }->{$v};
|
||||
}
|
||||
|
|
|
@ -36,8 +36,10 @@ sub setSessionInfo {
|
|||
my ( $self, $req ) = @_;
|
||||
$req->{sessionInfo}->{_dn} = $req->data->{dn};
|
||||
|
||||
my %vars = ( %{ $self->conf->{exportedVars} },
|
||||
%{ $self->conf->{ldapExportedVars} } );
|
||||
my %vars = (
|
||||
%{ $self->conf->{exportedVars} },
|
||||
%{ $self->conf->{ldapExportedVars} }
|
||||
);
|
||||
while ( my ( $k, $v ) = each %vars ) {
|
||||
|
||||
my $value = $self->ldap->getLdapValue( $req->data->{ldapentry}, $v );
|
||||
|
|
|
@ -26,8 +26,7 @@ count(3);
|
|||
# Test unauthenticated logout request access with route
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/logout',
|
||||
accept => 'text/html'
|
||||
'/logout', accept => 'text/html'
|
||||
),
|
||||
'Get logout page'
|
||||
);
|
||||
|
|
|
@ -32,8 +32,7 @@ ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, 'Language icons found' )
|
|||
count(3);
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/logout',
|
||||
accept => 'text/html'
|
||||
'/logout', accept => 'text/html'
|
||||
),
|
||||
'Get logout page'
|
||||
);
|
||||
|
|
|
@ -16,8 +16,7 @@ SKIP: {
|
|||
}
|
||||
my $dbh = DBI->connect("dbi:SQLite:dbname=$userdb");
|
||||
$dbh->do('CREATE TABLE users (user text,password text,cn text)');
|
||||
$dbh->do(
|
||||
"INSERT INTO users VALUES ('french','french','Frédéric Accents')");
|
||||
$dbh->do("INSERT INTO users VALUES ('french','french','Frédéric Accents')");
|
||||
$dbh->do("INSERT INTO users VALUES ('russian','russian','Русский')");
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
|
|
|
@ -33,6 +33,7 @@ SKIP: {
|
|||
}
|
||||
}
|
||||
);
|
||||
|
||||
# my $postString = 'user='
|
||||
# . ( $ENV{LDAPACCOUNT} || 'dwho' )
|
||||
# . '&password='
|
||||
|
|
|
@ -52,9 +52,7 @@ $query =~ s/user=[^&]*/user=dwho/;
|
|||
$query =~ s/password=/password=dwho/;
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new($query),
|
||||
length => length($query)
|
||||
'/', IO::String->new($query), length => length($query)
|
||||
),
|
||||
'Auth query'
|
||||
);
|
||||
|
|
|
@ -54,8 +54,10 @@ SKIP: {
|
|||
query => buildForm( {
|
||||
IDPInitiated => 1,
|
||||
spConfKey => 'sp.com',
|
||||
spDest => 'http://auth.alternate.com/saml/proxySingleSignOnPost',
|
||||
}),
|
||||
spDest =>
|
||||
'http://auth.alternate.com/saml/proxySingleSignOnPost',
|
||||
}
|
||||
),
|
||||
cookie => "lemonldap=$idpId",
|
||||
accept => 'test/html'
|
||||
),
|
||||
|
@ -72,8 +74,10 @@ SKIP: {
|
|||
query => buildForm( {
|
||||
IDPInitiated => 1,
|
||||
spConfKey => 'sp.com',
|
||||
spDest => 'http://auth.perdu.com/saml/proxySingleSignOnPost',
|
||||
}),
|
||||
spDest =>
|
||||
'http://auth.perdu.com/saml/proxySingleSignOnPost',
|
||||
}
|
||||
),
|
||||
cookie => "lemonldap=$idpId",
|
||||
accept => 'test/html'
|
||||
),
|
||||
|
|
|
@ -239,8 +239,7 @@ clean_sessions();
|
|||
done_testing( count() );
|
||||
|
||||
sub issuer {
|
||||
return LLNG::Manager::Test->new(
|
||||
{
|
||||
return LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => $debug,
|
||||
domain => 'idp.com',
|
||||
|
@ -271,8 +270,7 @@ sub issuer {
|
|||
}
|
||||
|
||||
sub sp {
|
||||
return LLNG::Manager::Test->new(
|
||||
{
|
||||
return LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => $debug,
|
||||
domain => 'sp.com',
|
||||
|
|
|
@ -120,8 +120,7 @@ done_testing( count() );
|
|||
|
||||
sub issuer {
|
||||
my ($strict) = @_;
|
||||
return LLNG::Manager::Test->new(
|
||||
{
|
||||
return LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => $debug,
|
||||
domain => 'idp.com',
|
||||
|
|
|
@ -119,7 +119,8 @@ sub runTest {
|
|||
ok( !defined $refresh_token2, "Refresh token not present" );
|
||||
|
||||
$id_token_payload = id_token_payload($id_token);
|
||||
is( $id_token_payload->{auth_time}, $auth_time, 'Original auth_time retained' );
|
||||
is( $id_token_payload->{auth_time},
|
||||
$auth_time, 'Original auth_time retained' );
|
||||
is(
|
||||
$id_token_payload->{name},
|
||||
'Frédéric Accents',
|
||||
|
|
|
@ -114,6 +114,7 @@ done_testing( count() );
|
|||
|
||||
# Redefine LWP methods for tests
|
||||
no warnings 'redefine';
|
||||
|
||||
sub switch {
|
||||
my $type = shift;
|
||||
@Lemonldap::NG::Handler::Main::_onReload = @{
|
||||
|
|
|
@ -6,7 +6,6 @@ use LWP::UserAgent;
|
|||
use LWP::Protocol::PSGI;
|
||||
use MIME::Base64;
|
||||
|
||||
|
||||
# ------------ --------------------------- ----------------
|
||||
# | OIDC RP | <-> | OIDC provider + SAML SP | <-> | SAML IdP |
|
||||
# ------------ --------------------------- ----------------
|
||||
|
@ -24,6 +23,7 @@ BEGIN {
|
|||
|
||||
my $maintests = 17;
|
||||
my $debug = 'error';
|
||||
|
||||
#my $debug = 'error';
|
||||
my ( $op, $rp, $idp, $res );
|
||||
|
||||
|
@ -31,7 +31,8 @@ my ( $op, $rp, $idp, $res );
|
|||
LWP::Protocol::PSGI->register(
|
||||
sub {
|
||||
my $req = Plack::Request->new(@_);
|
||||
ok( $req->uri =~ m#http://auth.((?:op|rp|idp)).com(.*)#, ' REST request' );
|
||||
ok( $req->uri =~ m#http://auth.((?:op|rp|idp)).com(.*)#,
|
||||
' REST request' );
|
||||
my $host = $1;
|
||||
my $url = $2;
|
||||
my ( $res, $client );
|
||||
|
@ -83,8 +84,6 @@ LWP::Protocol::PSGI->register(
|
|||
}
|
||||
);
|
||||
|
||||
|
||||
|
||||
SKIP: {
|
||||
eval "use Lasso";
|
||||
if ($@) {
|
||||
|
@ -112,7 +111,6 @@ SKIP: {
|
|||
|
||||
$rp = register( 'rp', sub { rp( $jwks, $metadata ) } );
|
||||
|
||||
|
||||
# LOGIN PROCESS ############################################################
|
||||
|
||||
# Query RP for auth
|
||||
|
@ -138,10 +136,12 @@ SKIP: {
|
|||
# Try to authenticate to IdP
|
||||
ok(
|
||||
$res = $idp->_get( $urlidp, query => $queryidp, accept => 'text/html' ),
|
||||
"SAML Authentication on idp, endpoint $urlidp" );
|
||||
"SAML Authentication on idp, endpoint $urlidp"
|
||||
);
|
||||
my $pdataidp = expectCookie( $res, 'lemonldappdata' );
|
||||
|
||||
my ( $host, $tmp );
|
||||
|
||||
# expectForm (result, host, uri, @requiredfield)
|
||||
( $host, $tmp, $query ) = expectForm( $res, '#', undef,
|
||||
( 'url', 'timezone', 'skin', 'user', 'password' ) );
|
||||
|
@ -162,7 +162,6 @@ SKIP: {
|
|||
$pdataidp = expectCookie( $res, 'lemonldappdata' );
|
||||
my $cookieidp = expectCookie( $res, 'lemonldap' );
|
||||
|
||||
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, 'auth.op.com', '/saml/proxySingleSignOnPost',
|
||||
'SAMLResponse', 'RelayState' );
|
||||
|
@ -184,14 +183,18 @@ SKIP: {
|
|||
$pdataop = expectCookie( $res, 'lemonldappdata' );
|
||||
my $cookieop = expectCookie( $res, 'lemonldap' );
|
||||
|
||||
( $url, $query ) =
|
||||
expectRedirection( $res, qr#^http://auth.op.com(/oauth2)\?*(.*)$# );
|
||||
|
||||
( $url, $query ) = expectRedirection( $res, qr#^http://auth.op.com(/oauth2)\?*(.*)$# );
|
||||
|
||||
ok( $res = $op->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $op->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop",
|
||||
),
|
||||
'Call OP from SAML SP' );
|
||||
'Call OP from SAML SP'
|
||||
);
|
||||
|
||||
$pdataop = expectCookie( $res, 'lemonldappdata' );
|
||||
|
||||
|
@ -199,7 +202,6 @@ SKIP: {
|
|||
|
||||
($query) = expectRedirection( $res, qr#^http://auth.rp.com/?\?(.*)$# );
|
||||
|
||||
|
||||
# Push OP response to RP
|
||||
switch ('rp');
|
||||
|
||||
|
@ -209,30 +211,38 @@ SKIP: {
|
|||
|
||||
# Authentication done on RP + OP + IDP
|
||||
|
||||
|
||||
# LOGOUT PROCESS ###########################################################
|
||||
$url = '/';
|
||||
$query = 'logout=1';
|
||||
ok( $res = $rp->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $rp->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$cookierp",
|
||||
),
|
||||
'Call logout from RP' );
|
||||
'Call logout from RP'
|
||||
);
|
||||
|
||||
# lemonldap cookie set to "0"
|
||||
$cookierp = expectCookie( $res, 'lemonldap' );
|
||||
ok( $cookierp eq "0", 'Test empty cookie on RP' );
|
||||
|
||||
# forward logout to OP
|
||||
( $url, $query ) = expectRedirection( $res, qr#^http://auth.op.com(/.*)\?(.*)$# );
|
||||
( $url, $query ) =
|
||||
expectRedirection( $res, qr#^http://auth.op.com(/.*)\?(.*)$# );
|
||||
|
||||
switch ('op');
|
||||
|
||||
ok( $res = $op->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $op->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop",
|
||||
),
|
||||
'Forward logout to OP' );
|
||||
'Forward logout to OP'
|
||||
);
|
||||
|
||||
# expectForm (result, host, uri, @requiredfield)
|
||||
( $host, $tmp, $query ) = expectForm( $res, '#', undef,
|
||||
|
@ -253,29 +263,39 @@ SKIP: {
|
|||
$cookieop = expectCookie( $res, 'lemonldap' );
|
||||
ok( $cookieop eq "0", 'Test empty cookie on OP' );
|
||||
|
||||
( $url, $query ) = expectRedirection( $res, qr#^http://auth.idp.com(/.*)\?(.*)$# );
|
||||
( $url, $query ) =
|
||||
expectRedirection( $res, qr#^http://auth.idp.com(/.*)\?(.*)$# );
|
||||
|
||||
switch ('idp');
|
||||
|
||||
ok( $res = $idp->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $idp->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldappdata=$pdataidp; lemonldap=$cookieidp",
|
||||
),
|
||||
'redirect to IdP' );
|
||||
'redirect to IdP'
|
||||
);
|
||||
|
||||
# lemonldap cookie set to "0"
|
||||
$cookieidp = expectCookie( $res, 'lemonldap' );
|
||||
ok( $cookieidp eq "0", 'Test empty cookie on IDP' );
|
||||
|
||||
( $url, $query ) = expectRedirection( $res, qr#^http://auth.op.com(/.*)\?(.*)$# );
|
||||
( $url, $query ) =
|
||||
expectRedirection( $res, qr#^http://auth.op.com(/.*)\?(.*)$# );
|
||||
|
||||
switch ('op');
|
||||
|
||||
ok( $res = $op->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $op->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop",
|
||||
),
|
||||
'redirect to OP' );
|
||||
'redirect to OP'
|
||||
);
|
||||
|
||||
expectOK($res);
|
||||
|
||||
|
@ -443,7 +463,8 @@ sub idp {
|
|||
'samlSPMetaDataOptionsNameIDFormat' => '',
|
||||
'samlSPMetaDataOptionsNotOnOrAfterTimeout' => 72000,
|
||||
'samlSPMetaDataOptionsOneTimeUse' => 0,
|
||||
'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => 72000,
|
||||
'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' =>
|
||||
72000,
|
||||
'samlSPMetaDataOptionsSignSLOMessage' => -1,
|
||||
'samlSPMetaDataOptionsSignSSOMessage' => 1,
|
||||
'samlSPMetaDataOptionsSignatureMethod' => ''
|
||||
|
|
|
@ -6,7 +6,6 @@ use LWP::UserAgent;
|
|||
use LWP::Protocol::PSGI;
|
||||
use MIME::Base64;
|
||||
|
||||
|
||||
# ------------ --------------------------- ----------------
|
||||
# | OIDC RP | <-> | OIDC provider + SAML SP | <-> | SAML IdP |
|
||||
# ------------ --------------------------- ----------------
|
||||
|
@ -24,6 +23,7 @@ BEGIN {
|
|||
|
||||
my $maintests = 17;
|
||||
my $debug = 'error';
|
||||
|
||||
#my $debug = 'error';
|
||||
my ( $op, $rp, $idp, $res );
|
||||
|
||||
|
@ -31,7 +31,8 @@ my ( $op, $rp, $idp, $res );
|
|||
LWP::Protocol::PSGI->register(
|
||||
sub {
|
||||
my $req = Plack::Request->new(@_);
|
||||
ok( $req->uri =~ m#http://auth.((?:op|rp|idp)).com(.*)#, ' REST request' );
|
||||
ok( $req->uri =~ m#http://auth.((?:op|rp|idp)).com(.*)#,
|
||||
' REST request' );
|
||||
my $host = $1;
|
||||
my $url = $2;
|
||||
my ( $res, $client );
|
||||
|
@ -75,16 +76,18 @@ LWP::Protocol::PSGI->register(
|
|||
);
|
||||
}
|
||||
ok( $res->[0] == 200, ' Response is 200' );
|
||||
ok( getHeader( $res, 'Content-Type' ) =~ m#^(application/json|text/xml)#,
|
||||
' Content is JSON|XML' )
|
||||
or explain( $res->[1], 'Content-Type => (application/json|text/xml)' );
|
||||
ok(
|
||||
getHeader( $res, 'Content-Type' ) =~
|
||||
m#^(application/json|text/xml)#,
|
||||
' Content is JSON|XML'
|
||||
)
|
||||
or
|
||||
explain( $res->[1], 'Content-Type => (application/json|text/xml)' );
|
||||
count(4);
|
||||
return $res;
|
||||
}
|
||||
);
|
||||
|
||||
|
||||
|
||||
SKIP: {
|
||||
eval "use Lasso";
|
||||
if ($@) {
|
||||
|
@ -112,7 +115,6 @@ SKIP: {
|
|||
|
||||
$rp = register( 'rp', sub { rp( $jwks, $metadata ) } );
|
||||
|
||||
|
||||
# LOGIN PROCESS ############################################################
|
||||
|
||||
# Query RP for auth
|
||||
|
@ -138,10 +140,12 @@ SKIP: {
|
|||
# Try to authenticate to IdP
|
||||
ok(
|
||||
$res = $idp->_get( $urlidp, query => $queryidp, accept => 'text/html' ),
|
||||
"SAML Authentication on idp, endpoint $urlidp" );
|
||||
"SAML Authentication on idp, endpoint $urlidp"
|
||||
);
|
||||
my $pdataidp = expectCookie( $res, 'lemonldappdata' );
|
||||
|
||||
my ( $host, $tmp );
|
||||
|
||||
# expectForm (result, host, uri, @requiredfield)
|
||||
( $host, $tmp, $query ) = expectForm( $res, '#', undef,
|
||||
( 'url', 'timezone', 'skin', 'user', 'password' ) );
|
||||
|
@ -162,7 +166,6 @@ SKIP: {
|
|||
$pdataidp = expectCookie( $res, 'lemonldappdata' );
|
||||
my $cookieidp = expectCookie( $res, 'lemonldap' );
|
||||
|
||||
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, 'auth.op.com', '/saml/proxySingleSignOnPost',
|
||||
'SAMLResponse', 'RelayState' );
|
||||
|
@ -184,14 +187,18 @@ SKIP: {
|
|||
$pdataop = expectCookie( $res, 'lemonldappdata' );
|
||||
my $cookieop = expectCookie( $res, 'lemonldap' );
|
||||
|
||||
( $url, $query ) =
|
||||
expectRedirection( $res, qr#^http://auth.op.com(/oauth2)\?*(.*)$# );
|
||||
|
||||
( $url, $query ) = expectRedirection( $res, qr#^http://auth.op.com(/oauth2)\?*(.*)$# );
|
||||
|
||||
ok( $res = $op->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $op->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop",
|
||||
),
|
||||
'Call OP from SAML SP' );
|
||||
'Call OP from SAML SP'
|
||||
);
|
||||
|
||||
$pdataop = expectCookie( $res, 'lemonldappdata' );
|
||||
|
||||
|
@ -199,7 +206,6 @@ SKIP: {
|
|||
|
||||
($query) = expectRedirection( $res, qr#^http://auth.rp.com/?\?(.*)$# );
|
||||
|
||||
|
||||
# Push OP response to RP
|
||||
switch ('rp');
|
||||
|
||||
|
@ -209,30 +215,38 @@ SKIP: {
|
|||
|
||||
# Authentication done on RP + OP + IDP
|
||||
|
||||
|
||||
# LOGOUT PROCESS ###########################################################
|
||||
$url = '/';
|
||||
$query = 'logout=1';
|
||||
ok( $res = $rp->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $rp->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$cookierp",
|
||||
),
|
||||
'Call logout from RP' );
|
||||
'Call logout from RP'
|
||||
);
|
||||
|
||||
# lemonldap cookie set to "0"
|
||||
$cookierp = expectCookie( $res, 'lemonldap' );
|
||||
ok( $cookierp eq "0", 'Test empty cookie on RP' );
|
||||
|
||||
# forward logout to OP
|
||||
( $url, $query ) = expectRedirection( $res, qr#^http://auth.op.com(/.*)\?(.*)$# );
|
||||
( $url, $query ) =
|
||||
expectRedirection( $res, qr#^http://auth.op.com(/.*)\?(.*)$# );
|
||||
|
||||
switch ('op');
|
||||
|
||||
ok( $res = $op->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $op->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop",
|
||||
),
|
||||
'Forward logout to OP' );
|
||||
'Forward logout to OP'
|
||||
);
|
||||
|
||||
# expectForm (result, host, uri, @requiredfield)
|
||||
( $host, $tmp, $query ) = expectForm( $res, '#', undef,
|
||||
|
@ -253,27 +267,37 @@ SKIP: {
|
|||
$cookieop = expectCookie( $res, 'lemonldap' );
|
||||
ok( $cookieop eq "0", 'Test empty cookie on OP' );
|
||||
|
||||
( $url, $query ) = expectRedirection( $res, qr#^http://auth.rp.com(/?.*)\?(.*)$# );
|
||||
( $url, $query ) =
|
||||
expectRedirection( $res, qr#^http://auth.rp.com(/?.*)\?(.*)$# );
|
||||
|
||||
switch ('rp');
|
||||
|
||||
ok( $res = $rp->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $rp->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$cookierp",
|
||||
),
|
||||
'redirect to RP' );
|
||||
'redirect to RP'
|
||||
);
|
||||
|
||||
expectOK($res);
|
||||
|
||||
# test connexion on IDP
|
||||
switch ('idp');
|
||||
ok( $res = $idp->_get( '/', query => '',
|
||||
ok(
|
||||
$res = $idp->_get(
|
||||
'/',
|
||||
query => '',
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$cookieidp",
|
||||
),
|
||||
'Test if still logged on IDP' );
|
||||
'Test if still logged on IDP'
|
||||
);
|
||||
|
||||
like( $res->[2]->[0], qr/userfield/,
|
||||
like( $res->[2]->[0],
|
||||
qr/userfield/,
|
||||
'test presence of user field in form (prove successful logout)' );
|
||||
|
||||
}
|
||||
|
@ -311,7 +335,8 @@ sub op {
|
|||
oidcRPMetaDataOptionsClientSecret => "rpsecret",
|
||||
oidcRPMetaDataOptionsUserIDAttr => "",
|
||||
oidcRPMetaDataOptionsAccessTokenExpiration => 3600,
|
||||
oidcRPMetaDataOptionsPostLogoutRedirectUris => 'http://auth.rp.com?logout=1',
|
||||
oidcRPMetaDataOptionsPostLogoutRedirectUris =>
|
||||
'http://auth.rp.com?logout=1',
|
||||
}
|
||||
},
|
||||
oidcOPMetaDataOptions => {},
|
||||
|
@ -338,8 +363,9 @@ sub op {
|
|||
samlSPSSODescriptorWantAssertionsSigned => 1,
|
||||
samlIDPMetaDataXML => {
|
||||
'idp' => {
|
||||
samlIDPMetaDataXML =>
|
||||
samlIDPComplexMetaDataXML( 'idp', 'HTTP-Redirect', 'SOAP' )
|
||||
samlIDPMetaDataXML => samlIDPComplexMetaDataXML(
|
||||
'idp', 'HTTP-Redirect', 'SOAP'
|
||||
)
|
||||
},
|
||||
},
|
||||
samlIDPMetaDataOptions => {
|
||||
|
@ -441,7 +467,8 @@ sub idp {
|
|||
'samlSPMetaDataOptionsNameIDFormat' => '',
|
||||
'samlSPMetaDataOptionsNotOnOrAfterTimeout' => 72000,
|
||||
'samlSPMetaDataOptionsOneTimeUse' => 0,
|
||||
'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => 72000,
|
||||
'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' =>
|
||||
72000,
|
||||
'samlSPMetaDataOptionsSignSLOMessage' => -1,
|
||||
'samlSPMetaDataOptionsSignSSOMessage' => 1,
|
||||
'samlSPMetaDataOptionsSignatureMethod' => ''
|
||||
|
@ -449,8 +476,9 @@ sub idp {
|
|||
},
|
||||
samlSPMetaDataXML => {
|
||||
sp => {
|
||||
samlSPMetaDataXML =>
|
||||
samlSPComplexMetaDataXML( 'op', 'HTTP-Redirect', 'SOAP' ),
|
||||
samlSPMetaDataXML => samlSPComplexMetaDataXML(
|
||||
'op', 'HTTP-Redirect', 'SOAP'
|
||||
),
|
||||
'samlSPSSODescriptorAuthnRequestsSigned' => 1,
|
||||
'samlSPSSODescriptorWantAssertionsSigned' => 1,
|
||||
}
|
||||
|
|
|
@ -98,8 +98,7 @@ my $notifs = q%[{
|
|||
|
||||
my $content = '{"uid":"dwho"}';
|
||||
|
||||
my $client = LLNG::Manager::Test->new(
|
||||
{
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
useSafeJail => 1,
|
||||
|
@ -377,7 +376,8 @@ ok(
|
|||
m%<input class="form-check-input" type="checkbox" name="check1x2x1" id="1x2x1" value="accepted"/>%,
|
||||
'Checkbox is displayed'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
my @c = ( $res->[2]->[0] =~ m%<input class="form-check-input" type="checkbox"%gs );
|
||||
my @c =
|
||||
( $res->[2]->[0] =~ m%<input class="form-check-input" type="checkbox"%gs );
|
||||
|
||||
## One entry found
|
||||
ok( @c == 1, ' -> One checkbox found' )
|
||||
|
|
|
@ -52,11 +52,8 @@ SKIP: {
|
|||
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Unauth request' );
|
||||
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<input[^>]*name="password"%,
|
||||
'Password: Found text input'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ m%<input[^>]*name="password"%,
|
||||
'Password: Found text input' );
|
||||
|
||||
$query =~ s/.*\btoken=([^&]+).*/token=$1/;
|
||||
my $token;
|
||||
|
|
|
@ -23,11 +23,8 @@ ok( $res = $client->_get( '/', accept => 'text/html' ), 'Unauth request' );
|
|||
count(1);
|
||||
|
||||
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<input[^>]*name="password"%,
|
||||
'Password: Found password input'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ m%<input[^>]*name="password"%,
|
||||
'Password: Found password input' );
|
||||
count(1);
|
||||
|
||||
$query =~ s/.*\b(token=[^&]+).*/$1/;
|
||||
|
|
|
@ -58,7 +58,8 @@ SKIP: {
|
|||
ok( $subject eq 'Demonstration', 'Found subject' )
|
||||
or explain( $subject, 'Custom subject' );
|
||||
ok( $mail =~ m#a href="http://auth.example.com/register\?(.+?)"#,
|
||||
'Found register token' ) or explain( $mail, 'Confirm body' );
|
||||
'Found register token' )
|
||||
or explain( $mail, 'Confirm body' );
|
||||
$query = $1;
|
||||
ok( $query =~ /register_token=/, 'Found register_token' );
|
||||
ok( $mail =~ /Fôo/, 'UTF-8 works' ) or explain( $mail, 'Fôo' );
|
||||
|
|
|
@ -212,7 +212,8 @@ ok( $res->[2]->[0] =~ m%<span trspan="PE104"></span>%,
|
|||
ok( $res->[2]->[0] =~ m%<span trspan="unknownAttributes">%,
|
||||
'Found unknownAttributes' )
|
||||
or explain( $res->[2]->[0], 'trspan="unknownAttributes"' );
|
||||
ok( $res->[2]->[0] =~ m%dalek; none; other; test%, 'Found 4 unknown attributes' )
|
||||
ok( $res->[2]->[0] =~ m%dalek; none; other; test%,
|
||||
'Found 4 unknown attributes' )
|
||||
or explain( $res->[2]->[0], 'Unknown attributes' );
|
||||
count(4);
|
||||
|
||||
|
|
|
@ -18,7 +18,9 @@ my $client = LLNG::Manager::Test->new( {
|
|||
bruteForceProtection => 0,
|
||||
requireToken => 0,
|
||||
restSessionServer => 1,
|
||||
logoutServices => { 'mytest' => 'http://test1.example.com/logout.html' }, # page that does not exist
|
||||
logoutServices =>
|
||||
{ 'mytest' => 'http://test1.example.com/logout.html' }
|
||||
, # page that does not exist
|
||||
locationRules => {
|
||||
'test1.example.com' => {
|
||||
'(?#logout)^/logout.html' => 'unprotect',
|
||||
|
@ -30,7 +32,6 @@ my $client = LLNG::Manager::Test->new( {
|
|||
}
|
||||
);
|
||||
|
||||
|
||||
# Handler part
|
||||
use_ok('Lemonldap::NG::Handler::Server');
|
||||
use_ok('Lemonldap::NG::Common::PSGI::Cli::Lib');
|
||||
|
@ -40,7 +41,6 @@ my ( $cli, $app );
|
|||
ok( $app = Lemonldap::NG::Handler::Server->run( $client->ini ), 'App' );
|
||||
count(1);
|
||||
|
||||
|
||||
## First successful connection for 'dwho'
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
|
@ -68,7 +68,6 @@ ok(
|
|||
);
|
||||
count(1);
|
||||
|
||||
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<h3 trspan="logoutFromOtherApp">logoutFromOtherApp</h3>%,
|
||||
|
|
|
@ -209,11 +209,8 @@ ok(
|
|||
count(1);
|
||||
expectOK($res);
|
||||
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="47">%,
|
||||
'Dwho has been well disconnected'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="47">%, 'Dwho has been well disconnected' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
|
||||
clean_sessions();
|
||||
|
|
|
@ -119,11 +119,8 @@ ok(
|
|||
count(1);
|
||||
expectOK($res);
|
||||
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="47">%,
|
||||
'Dwho has been well disconnected'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="47">%, 'Dwho has been well disconnected' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
|
||||
clean_sessions();
|
||||
|
|
|
@ -224,9 +224,11 @@ $id1 = expectCookie($res);
|
|||
|
||||
ok( $res->[2]->[0] =~ /trspan="lastLogins"/, 'History found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ /<caption trspan="lastFailedLoginsCaptionLabel">/, 'History found' )
|
||||
ok( $res->[2]->[0] =~ /<caption trspan="lastFailedLoginsCaptionLabel">/,
|
||||
'History found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ /<caption trspan="lastLoginsCaptionLabel">/, 'History found' )
|
||||
ok( $res->[2]->[0] =~ /<caption trspan="lastLoginsCaptionLabel">/,
|
||||
'History found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
|
||||
my @c = ( $res->[2]->[0] =~ /<td>127.0.0.1/gs );
|
||||
|
|
|
@ -60,11 +60,8 @@ ok(
|
|||
),
|
||||
'Form Authentification'
|
||||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="1">%,
|
||||
'Found PE_SESSIONEXPIRED code'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="1">%, 'Found PE_SESSIONEXPIRED code' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(2);
|
||||
|
||||
$client->logout($id1);
|
||||
|
|
|
@ -59,11 +59,8 @@ ok(
|
|||
),
|
||||
'Form Authentification'
|
||||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="1">%,
|
||||
'Found PE_SESSIONEXPIRED code'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="1">%, 'Found PE_SESSIONEXPIRED code' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(2);
|
||||
|
||||
$client->logout($id1);
|
||||
|
|
|
@ -124,7 +124,11 @@ ok( $res->[2]->[0] =~ /trspan="lastFailedLoginsCaptionLabel"/,
|
|||
or explain( $res->[2]->[0] );
|
||||
count(3);
|
||||
|
||||
like( $res->[2]->[0], qr,<th trspan="Language">Language</th>,, "Found plugin-set label" );
|
||||
like(
|
||||
$res->[2]->[0],
|
||||
qr,<th trspan="Language">Language</th>,,
|
||||
"Found plugin-set label"
|
||||
);
|
||||
count(1);
|
||||
|
||||
@c = ( $res->[2]->[0] =~ /<td>127.0.0.1/gs );
|
||||
|
|
|
@ -198,7 +198,8 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new('user=dwho&password=dwho&stayconnected=1&checkLogins=1'),
|
||||
IO::String->new(
|
||||
'user=dwho&password=dwho&stayconnected=1&checkLogins=1'),
|
||||
length => 53
|
||||
),
|
||||
'Auth query'
|
||||
|
|
|
@ -4,7 +4,6 @@ use IO::String;
|
|||
|
||||
require 't/test-lib.pm';
|
||||
|
||||
|
||||
my $res;
|
||||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
|
@ -89,7 +88,8 @@ count(2);
|
|||
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
|
||||
|
||||
# Bad VHost (checkXSS)
|
||||
$query =~ s/url=http%3A%2F%2Fappli.example.llng/url=http%3A%2F%2Fappli'.example.llng/;
|
||||
$query =~
|
||||
s/url=http%3A%2F%2Fappli.example.llng/url=http%3A%2F%2Fappli'.example.llng/;
|
||||
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
|
|
|
@ -4,7 +4,6 @@ use IO::String;
|
|||
|
||||
require 't/test-lib.pm';
|
||||
|
||||
|
||||
my $res;
|
||||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
|
|
|
@ -4,7 +4,6 @@ use IO::String;
|
|||
|
||||
require 't/test-lib.pm';
|
||||
|
||||
|
||||
my $res;
|
||||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
|
|
|
@ -293,7 +293,8 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
my $devices;
|
||||
ok(
|
||||
$devices = $res->[2]->[0] =~ s%<span device=\'(?:TOTP|U2F)\' epoch=\'\d{10}\'%%g,
|
||||
$devices =
|
||||
$res->[2]->[0] =~ s%<span device=\'(?:TOTP|U2F)\' epoch=\'\d{10}\'%%g,
|
||||
'2F device found'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $devices == 2, '2F devices found' )
|
||||
|
@ -412,7 +413,8 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
'Found choose 2F' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$devices = $res->[2]->[0] =~ s%<span device=\'TOTP\' epoch=\'\d{10}\'%%g,
|
||||
$devices =
|
||||
$res->[2]->[0] =~ s%<span device=\'TOTP\' epoch=\'\d{10}\'%%g,
|
||||
'2F device found'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $devices == 1, '2F device found' )
|
||||
|
@ -537,13 +539,14 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
ok( $res->[2]->[0] =~ /<span id="msg" trspan="choose2f">/,
|
||||
'Found choose 2F' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$res->[2]->[0] =~ m%<span device=\'TOTP\' epoch=\'(\d{10})\'%,
|
||||
'TOTP found'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span device=\'TOTP\' epoch=\'(\d{10})\'%,
|
||||
'TOTP found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
$epoch = $1;
|
||||
ok(
|
||||
$devices = $res->[2]->[0] =~ s%<span device=\'(?:TOTP|U2F)\' epoch=\'(?:\d{10})\'%%g,
|
||||
$devices =
|
||||
$res->[2]->[0] =~
|
||||
s%<span device=\'(?:TOTP|U2F)\' epoch=\'(?:\d{10})\'%%g,
|
||||
'2F devices found'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $devices == 2, '2F devices registered' )
|
||||
|
@ -574,14 +577,15 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
),
|
||||
'Form 2fregisters'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ /<span trspan="remove2fWarning">/,
|
||||
'Found 2F modal' )
|
||||
ok( $res->[2]->[0] =~ /<span trspan="remove2fWarning">/, 'Found 2F modal' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ /<span id="msg" trspan="choose2f">/,
|
||||
'Found choose 2F' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$devices = $res->[2]->[0] =~ s%<span device=\'(?:TOTP|U2F)\' epoch=\'(\d{10})\'%%g,
|
||||
$devices =
|
||||
$res->[2]->[0] =~
|
||||
s%<span device=\'(?:TOTP|U2F)\' epoch=\'(\d{10})\'%%g,
|
||||
'2F device found'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $devices == 1, '2F device registered' )
|
||||
|
|
|
@ -255,11 +255,8 @@ ok(
|
|||
'Get Menu',
|
||||
);
|
||||
expectOK($res);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="47">%,
|
||||
'Dwho has been well disconnected'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="47">%, 'Dwho has been well disconnected' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(2);
|
||||
|
||||
clean_sessions();
|
||||
|
|
|
@ -106,11 +106,8 @@ ok(
|
|||
),
|
||||
'POST expired switchcontext'
|
||||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="82"></span>%,
|
||||
'Found "<span trmsg="82">"'
|
||||
) or explain( $res->[2]->[0], '<span trmsg="82">' );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="82"></span>%, 'Found "<span trmsg="82">"' )
|
||||
or explain( $res->[2]->[0], '<span trmsg="82">' );
|
||||
count(3);
|
||||
|
||||
# ContextSwitching form
|
||||
|
|
|
@ -418,11 +418,8 @@ ok(
|
|||
);
|
||||
expectOK($res);
|
||||
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="47">%,
|
||||
'Dwho has been well disconnected'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="47">%, 'Dwho has been well disconnected' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(2);
|
||||
|
||||
clean_sessions();
|
||||
|
|
|
@ -12,7 +12,8 @@ my $client = LLNG::Manager::Test->new( {
|
|||
logLevel => 'error',
|
||||
passwordDB => 'Demo',
|
||||
impersonationRule => 1,
|
||||
customFunctions => 'My::accesToTrace My::return0,, My::return1 ',
|
||||
customFunctions =>
|
||||
'My::accesToTrace My::return0,, My::return1 ',
|
||||
customPlugins =>
|
||||
't::AfterDataCustomPlugin t::CasHookPlugin,, t::OidcHookPlugin ',
|
||||
customPluginsParams => { uid => 'rtyler' }
|
||||
|
|
|
@ -75,11 +75,8 @@ ok(
|
|||
),
|
||||
'Auth query'
|
||||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="5">%,
|
||||
' PE5 found'
|
||||
) or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="5">%, ' PE5 found' )
|
||||
or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
|
||||
count(2);
|
||||
|
||||
## Try to Impersonate a forbidden identity with an Unrestricted user
|
||||
|
|
|
@ -81,11 +81,8 @@ ok(
|
|||
),
|
||||
'Auth query'
|
||||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="5">%,
|
||||
' PE5 found'
|
||||
) or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="5">%, ' PE5 found' )
|
||||
or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
|
||||
count(2);
|
||||
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
|
||||
|
@ -110,11 +107,8 @@ ok(
|
|||
),
|
||||
'Auth query'
|
||||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="93">%,
|
||||
' PE93 found'
|
||||
) or explain( $res->[2]->[0], "PE93 - Impersonation service not allowed" );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="93">%, ' PE93 found' )
|
||||
or explain( $res->[2]->[0], "PE93 - Impersonation service not allowed" );
|
||||
count(2);
|
||||
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
|
||||
|
|
|
@ -156,14 +156,15 @@ count(1);
|
|||
my $json;
|
||||
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
|
||||
or print STDERR "$@\n" . Dumper($res);
|
||||
my @real_hGroups = map { $_->{key} eq 'real_hGroups' ? $_ : () }
|
||||
@{ $json->{ATTRIBUTES} };
|
||||
ok( keys %{$real_hGroups[0]->{value}} == 5, 'Right number of real_hGroups found' )
|
||||
or explain( $real_hGroups[0]->{value}, 'Wrong real_hGroups' );
|
||||
my @real_hGroups =
|
||||
map { $_->{key} eq 'real_hGroups' ? $_ : () } @{ $json->{ATTRIBUTES} };
|
||||
ok(
|
||||
keys %{ $real_hGroups[0]->{value} } == 5,
|
||||
'Right number of real_hGroups found'
|
||||
) or explain( $real_hGroups[0]->{value}, 'Wrong real_hGroups' );
|
||||
count(2);
|
||||
|
||||
my @hGroups = map { $_->{key} eq 'hGroups' ? $_ : () }
|
||||
@{ $json->{ATTRIBUTES} };
|
||||
my @hGroups = map { $_->{key} eq 'hGroups' ? $_ : () } @{ $json->{ATTRIBUTES} };
|
||||
ok( keys %{ $hGroups[0]->{value} } == 4, 'Right number of hGroups found' )
|
||||
or explain( $hGroups[0]->{value}, 'Wrong hGroups' );
|
||||
count(1);
|
||||
|
|
|
@ -164,14 +164,15 @@ count(1);
|
|||
my $json;
|
||||
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
|
||||
or print STDERR "$@\n" . Dumper($res);
|
||||
my @real_hGroups = map { $_->{key} eq 'real_hGroups' ? $_ : () }
|
||||
@{ $json->{ATTRIBUTES} };
|
||||
ok( keys %{$real_hGroups[0]->{value}} == 5, 'Right number of real_hGroups found' )
|
||||
or explain( $real_hGroups[0]->{value}, 'Wrong real_hGroups' );
|
||||
my @real_hGroups =
|
||||
map { $_->{key} eq 'real_hGroups' ? $_ : () } @{ $json->{ATTRIBUTES} };
|
||||
ok(
|
||||
keys %{ $real_hGroups[0]->{value} } == 5,
|
||||
'Right number of real_hGroups found'
|
||||
) or explain( $real_hGroups[0]->{value}, 'Wrong real_hGroups' );
|
||||
count(2);
|
||||
|
||||
my @hGroups = map { $_->{key} eq 'hGroups' ? $_ : () }
|
||||
@{ $json->{ATTRIBUTES} };
|
||||
my @hGroups = map { $_->{key} eq 'hGroups' ? $_ : () } @{ $json->{ATTRIBUTES} };
|
||||
ok( keys %{ $hGroups[0]->{value} } == 6, 'Right number of hGroups found' )
|
||||
or explain( $hGroups[0]->{value}, 'Wrong hGroups' );
|
||||
count(1);
|
||||
|
|
|
@ -81,11 +81,8 @@ ok(
|
|||
),
|
||||
'Auth query'
|
||||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="5">%,
|
||||
' PE5 found'
|
||||
) or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="5">%, ' PE5 found' )
|
||||
or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
|
||||
count(2);
|
||||
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
|
||||
|
@ -110,11 +107,8 @@ ok(
|
|||
),
|
||||
'Auth query'
|
||||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="93">%,
|
||||
' PE93 found'
|
||||
) or explain( $res->[2]->[0], "PE93 - Impersonation service not allowed" );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="93">%, ' PE93 found' )
|
||||
or explain( $res->[2]->[0], "PE93 - Impersonation service not allowed" );
|
||||
count(2);
|
||||
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
|
||||
|
|
|
@ -152,11 +152,9 @@ qr%<input type="hidden" name="reference1x1" value="Remov-e-TOTP-(\d{10})"/>%,
|
|||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( time() + 295 <= $1 && $1 <= time() + 305, 'Right reference found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] ), time(), " / $1";
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
qr%<p class="notifText">1 SF removed = myTOTP</p>%,
|
||||
'Notification message found'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ qr%<p class="notifText">1 SF removed = myTOTP</p>%,
|
||||
'Notification message found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
$id = expectCookie($res);
|
||||
$client->logout($id);
|
||||
}
|
||||
|
|
|
@ -491,8 +491,7 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
or print STDERR Dumper($res);
|
||||
|
||||
# No 2F device left
|
||||
@sf = map m%<span device=\'(TOTP|U2F)\' epoch=\'\d{10}\'%g,
|
||||
$res->[2]->[0];
|
||||
@sf = map m%<span device=\'(TOTP|U2F)\' epoch=\'\d{10}\'%g, $res->[2]->[0];
|
||||
ok( scalar @sf == 0, 'No 2F device found' )
|
||||
or print STDERR Dumper($res);
|
||||
|
||||
|
|
|
@ -22,8 +22,7 @@ expectOK($res);
|
|||
my $id = expectCookie($res);
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/logout',
|
||||
accept => 'text/html'
|
||||
'/logout', accept => 'text/html'
|
||||
),
|
||||
'Get logout page'
|
||||
);
|
||||
|
|
|
@ -31,6 +31,7 @@ LrY+vU6d9cIVPcG8yei6s7zLCDED4tcdUxL1a1XvWUr5eVglVARkGu739Qta2G5c
|
|||
ZnWPY16ZL7eafmAm8QRKMNh1So9dnEe8MzBMvHBno67JFVSWjyNY/A==
|
||||
-----END RSA PRIVATE KEY-----";
|
||||
}
|
||||
|
||||
sub saml_key_proxy_private_sig {
|
||||
"-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpgIBAAKCAQEAztmb1JZk/agkYYm23D4dqaLS4EKHKrjO4eBvwtWZLexAGR1K
|
||||
|
@ -1355,7 +1356,6 @@ EOF
|
|||
;
|
||||
}
|
||||
|
||||
|
||||
=head4 expectXPath($xml_string, $xpath, $namespaces, $value, $message)
|
||||
|
||||
Match a XPath expression against the provided string, and verify that the correct value is
|
||||
|
|
Loading…
Reference in New Issue