tidy
This commit is contained in:
Yadd
parent
c0472d41db
commit
b88a72c267
9
Makefile
9
Makefile
|
|
@ -1176,15 +1176,14 @@ test-diff:
|
|||
done
|
||||
|
||||
tidy: clean
|
||||
@if perltidy -v|grep v20181120 >/dev/null; then \
|
||||
find lemon*/ -type f \( -name '*.pm' -or -name '*.pl' -or -name '*.fcgi' -or -name '*.t' \) -print -exec perltidy -se -b {} \; ; \
|
||||
else echo "Wrong perltidy version, please install Perl::Tidy@20181120" ; exit 1 ;\
|
||||
fi
|
||||
@if perltidy -v|grep v20210717 >/dev/null; then \
|
||||
for f in `find lemon*/ -type f \( -name '*.pm' -or -name '*.pl' -or -name '*.fcgi' -or -name '*.t' \)`; do \
|
||||
echo -n $$f; \
|
||||
perltidy -se -b $$f; \
|
||||
echo; \
|
||||
done
|
||||
done; \
|
||||
else echo "Wrong perltidy version, please install Perl::Tidy@20210717" ; exit 1 ;\
|
||||
fi
|
||||
find lemon*/ -name '*.bak' -delete
|
||||
$(MAKE) json
|
||||
|
||||
|
|
|
|||
|
|
@ -66,7 +66,8 @@ sub testEmail {
|
|||
my $error = $@;
|
||||
if ($error) {
|
||||
die $error;
|
||||
} else {
|
||||
}
|
||||
else {
|
||||
print STDERR "Test email successfully sent to $dest\n";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ sub store {
|
|||
$req = $self->_dbh->prepare(
|
||||
"INSERT INTO $self->{dbiTable} (cfgNum,field,value) VALUES (?,?,?)");
|
||||
|
||||
_delete($self,$cfgNum) if $lastCfg == $cfgNum;
|
||||
_delete( $self, $cfgNum ) if $lastCfg == $cfgNum;
|
||||
unless ($req) {
|
||||
$self->logError;
|
||||
return UNKNOWN_ERROR;
|
||||
|
|
|
|||
|
|
@ -36,7 +36,8 @@ sub available {
|
|||
my $sth =
|
||||
$self->_dbh->prepare( "SELECT DISTINCT cfgNum from "
|
||||
. $self->{dbiTable}
|
||||
. " order by cfgNum" ) or $self->logError;
|
||||
. " order by cfgNum" )
|
||||
or $self->logError;
|
||||
$sth->execute() or $self->logError;
|
||||
my @conf;
|
||||
while ( my @row = $sth->fetchrow_array ) {
|
||||
|
|
|
|||
|
|
@ -394,16 +394,17 @@ sub _oidcMetaDataNodes {
|
|||
my ( $id, $resp ) = ( 1, [] );
|
||||
|
||||
# Handle RP Attributes
|
||||
if ($query eq "oidcRPMetaDataExportedVars") {
|
||||
if ( $query eq "oidcRPMetaDataExportedVars" ) {
|
||||
my $pk = eval { $self->getConfKey( $req, $query )->{$partner} } // {};
|
||||
return $self->sendError( $req, undef, 400 ) if ( $req->error );
|
||||
foreach my $h ( sort keys %$pk ) {
|
||||
|
||||
# Set default values for type and array
|
||||
my $data = [ split /;/, $pk->{$h} ];
|
||||
unless ( $data->[1]) {
|
||||
unless ( $data->[1] ) {
|
||||
$data->[1] = "string";
|
||||
}
|
||||
unless ( $data->[2]) {
|
||||
unless ( $data->[2] ) {
|
||||
$data->[2] = "auto";
|
||||
}
|
||||
push @$resp,
|
||||
|
|
@ -416,6 +417,7 @@ sub _oidcMetaDataNodes {
|
|||
}
|
||||
return $self->sendJSONresponse( $req, $resp );
|
||||
}
|
||||
|
||||
# Return all exported attributes if asked
|
||||
elsif ( $query =~
|
||||
/^(?:oidc${type}MetaDataExportedVars|oidcRPMetaDataOptionsExtraClaims|oidcRPMetaDataMacros|oidcRPMetaDataScopeRules)$/
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ sub configTest {
|
|||
}
|
||||
|
||||
sub sendTestMail {
|
||||
my ($conf, $dest) = @_;
|
||||
my ( $conf, $dest ) = @_;
|
||||
my $transport = Lemonldap::NG::Common::EmailTransport->new($conf);
|
||||
my $message = MIME::Entity->build(
|
||||
From => $conf->{mailFrom},
|
||||
|
|
|
|||
|
|
@ -58,12 +58,12 @@ sub new {
|
|||
}
|
||||
|
||||
sub setRequestObj {
|
||||
my ($self, $req) = @_;
|
||||
my ( $self, $req ) = @_;
|
||||
Log::Log4perl::MDC->put( "req", $req );
|
||||
}
|
||||
|
||||
sub clearRequestObj {
|
||||
my ($self, $req) = @_;
|
||||
my ( $self, $req ) = @_;
|
||||
my $text = Log::Log4perl::MDC->remove();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -356,7 +356,8 @@ sub _logAndHandle {
|
|||
if ( ref( $self->logger ) and $self->logger->can('setRequestObj') ) {
|
||||
$self->logger->setRequestObj($req);
|
||||
}
|
||||
if ( ref( $self->userLogger ) and $self->userLogger->can('setRequestObj') ) {
|
||||
if ( ref( $self->userLogger ) and $self->userLogger->can('setRequestObj') )
|
||||
{
|
||||
$self->userLogger->setRequestObj($req);
|
||||
}
|
||||
|
||||
|
|
@ -367,7 +368,9 @@ sub _logAndHandle {
|
|||
if ( ref( $self->logger ) and $self->logger->can('clearRequestObj') ) {
|
||||
$self->logger->clearRequestObj($req);
|
||||
}
|
||||
if ( ref( $self->userLogger ) and $self->userLogger->can('clearRequestObj') ) {
|
||||
if ( ref( $self->userLogger )
|
||||
and $self->userLogger->can('clearRequestObj') )
|
||||
{
|
||||
$self->userLogger->clearRequestObj($req);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -48,8 +48,7 @@ sub userData {
|
|||
return $self->{userData}
|
||||
|| {
|
||||
( $Lemonldap::NG::Handler::Main::tsv->{whatToTrace}
|
||||
|| '_whatToTrace' ) => $self->{user},
|
||||
};
|
||||
|| '_whatToTrace' ) => $self->{user}, };
|
||||
}
|
||||
|
||||
sub respHeaders {
|
||||
|
|
|
|||
|
|
@ -121,20 +121,29 @@ sub date {
|
|||
return $year . $mon . $mday . $hour . $min . $sec;
|
||||
}
|
||||
|
||||
|
||||
## @function integer dateToTime(string date)
|
||||
# Converts a LDAP date into epoch time or returns undef upon failure.
|
||||
# @param $date string Date in YYYYMMDDHHMMSS[+/-0000] format. It may contain a differential timezone, otherwise default TZ is GMT
|
||||
# @return Date converted to time
|
||||
sub dateToTime {
|
||||
my $date = shift;
|
||||
return undef unless ( $date );
|
||||
return undef unless ($date);
|
||||
|
||||
# Parse date
|
||||
my ( $year, $month, $day, $hour, $min, $sec, $zone ) = ( $date =~ /(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})([-+\w]*)/ );
|
||||
my ( $year, $month, $day, $hour, $min, $sec, $zone ) =
|
||||
( $date =~ /(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})([-+\w]*)/ );
|
||||
|
||||
# Convert date to epoch time with GMT as default timezone if date contains none
|
||||
return str2time( $year . "-" . $month . "-" . $day . "T" . $hour . ":" . $min . ":" . $sec . $zone, "GMT" );
|
||||
return str2time(
|
||||
$year . "-"
|
||||
. $month . "-"
|
||||
. $day . "T"
|
||||
. $hour . ":"
|
||||
. $min . ":"
|
||||
. $sec
|
||||
. $zone,
|
||||
"GMT"
|
||||
);
|
||||
}
|
||||
|
||||
## @function boolean checkDate(string start, string end, boolean default_access)
|
||||
|
|
@ -161,7 +170,7 @@ sub checkDate {
|
|||
my $endtime = &dateToTime($end);
|
||||
|
||||
# Convert current GMT date to epoch time
|
||||
my $datetime = &dateToTime(&date(1));
|
||||
my $datetime = &dateToTime( &date(1) );
|
||||
|
||||
return 1 if ( ( $datetime >= $starttime ) and ( $datetime <= $endtime ) );
|
||||
return 0;
|
||||
|
|
|
|||
|
|
@ -127,7 +127,7 @@ sub BUILD {
|
|||
if ( $self->{info} ) {
|
||||
foreach ( keys %{ $self->{info} } ) {
|
||||
next if ( $_ eq "_session_id" and $data->{_session_id} );
|
||||
next if ( $_ eq "_session_kind" and $data->{_session_kind});
|
||||
next if ( $_ eq "_session_kind" and $data->{_session_kind} );
|
||||
if ( defined $self->{info}->{$_} ) {
|
||||
$data->{$_} = $self->{info}->{$_};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -294,7 +294,7 @@ sub getMod {
|
|||
}
|
||||
|
||||
sub getGlobal {
|
||||
my ( $self ) = @_;
|
||||
my ($self) = @_;
|
||||
return $self->sessionTypes->{global};
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -55,8 +55,11 @@ ok(
|
|||
|
||||
# Test "and"
|
||||
|
||||
@tests = ( '[A and B, A]', '[A,B] and [B,C]',
|
||||
'if(0) then [A,B] else [A,B] and [B,C]' );
|
||||
@tests = (
|
||||
'[A and B, A]',
|
||||
'[A,B] and [B,C]',
|
||||
'if(0) then [A,B] else [A,B] and [B,C]'
|
||||
);
|
||||
|
||||
while ( my $expr = shift @tests ) {
|
||||
ok( [ getok($expr) ]->[0] == 0, qq{"$expr" returns PE_OK as auth result} )
|
||||
|
|
|
|||
|
|
@ -48,7 +48,9 @@ sub launch {
|
|||
if ( ref( $class->logger ) and $class->logger->can('setRequestObj') ) {
|
||||
$class->logger->setRequestObj($req);
|
||||
}
|
||||
if ( ref( $class->userLogger ) and $class->userLogger->can('setRequestObj') ) {
|
||||
if ( ref( $class->userLogger )
|
||||
and $class->userLogger->can('setRequestObj') )
|
||||
{
|
||||
$class->userLogger->setRequestObj($req);
|
||||
}
|
||||
|
||||
|
|
@ -58,7 +60,9 @@ sub launch {
|
|||
if ( ref( $class->logger ) and $class->logger->can('clearRequestObj') ) {
|
||||
$class->logger->clearRequestObj($req);
|
||||
}
|
||||
if ( ref( $class->userLogger ) and $class->userLogger->can('clearRequestObj') ) {
|
||||
if ( ref( $class->userLogger )
|
||||
and $class->userLogger->can('clearRequestObj') )
|
||||
{
|
||||
$class->userLogger->clearRequestObj($req);
|
||||
}
|
||||
return $res;
|
||||
|
|
|
|||
|
|
@ -53,8 +53,7 @@ sub _loadVhostConfig {
|
|||
my $resp = $class->ua->request($get);
|
||||
if ( $resp->is_success ) {
|
||||
$class->logger->debug('Response is success');
|
||||
eval {
|
||||
$json = from_json( $resp->content, { allow_nonref => 1 } ); };
|
||||
eval { $json = from_json( $resp->content, { allow_nonref => 1 } ); };
|
||||
if ($@) {
|
||||
$class->logger->debug('Bad json file received');
|
||||
$class->logger->error(
|
||||
|
|
|
|||
|
|
@ -118,7 +118,8 @@ sub _logAuthTrace {
|
|||
if ( ref( $self->logger ) and $self->logger->can('setRequestObj') ) {
|
||||
$self->logger->setRequestObj($req);
|
||||
}
|
||||
if ( ref( $self->userLogger ) and $self->userLogger->can('setRequestObj') ) {
|
||||
if ( ref( $self->userLogger ) and $self->userLogger->can('setRequestObj') )
|
||||
{
|
||||
$self->userLogger->setRequestObj($req);
|
||||
}
|
||||
|
||||
|
|
@ -129,7 +130,9 @@ sub _logAuthTrace {
|
|||
if ( ref( $self->logger ) and $self->logger->can('clearRequestObj') ) {
|
||||
$self->logger->clearRequestObj($req);
|
||||
}
|
||||
if ( ref( $self->userLogger ) and $self->userLogger->can('clearRequestObj') ) {
|
||||
if ( ref( $self->userLogger )
|
||||
and $self->userLogger->can('clearRequestObj') )
|
||||
{
|
||||
$self->userLogger->clearRequestObj($req);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,8 @@ our $VERSION = '2.0.9';
|
|||
sub fetchId {
|
||||
my ( $class, $req ) = @_;
|
||||
my $token = $req->{env}->{HTTP_X_LLNG_TOKEN};
|
||||
return $class->Lemonldap::NG::Handler::Main::fetchId($req) unless ($token =~ /\w+/);
|
||||
return $class->Lemonldap::NG::Handler::Main::fetchId($req)
|
||||
unless ( $token =~ /\w+/ );
|
||||
$class->logger->debug("Found token: $token");
|
||||
|
||||
# Decrypt token
|
||||
|
|
|
|||
|
|
@ -63,7 +63,9 @@ sub build_jail {
|
|||
|
||||
if ($build) {
|
||||
@builtCustomFunctions =
|
||||
$self->customFunctions ? split( /[,\s]+/, $self->customFunctions ) : ();
|
||||
$self->customFunctions
|
||||
? split( /[,\s]+/, $self->customFunctions )
|
||||
: ();
|
||||
foreach (@builtCustomFunctions) {
|
||||
no warnings 'redefine';
|
||||
$api->logger->debug("Custom function: $_");
|
||||
|
|
|
|||
|
|
@ -65,7 +65,8 @@ sub checkConf {
|
|||
or $class->cfgNum != $conf->{cfgNum}
|
||||
or $class->cfgDate != $conf->{cfgDate} )
|
||||
{
|
||||
$class->logger->debug("Get configuration $conf->{cfgNum} aged $conf->{cfgDate}");
|
||||
$class->logger->debug(
|
||||
"Get configuration $conf->{cfgNum} aged $conf->{cfgDate}");
|
||||
unless ( $class->cfgNum( $conf->{cfgNum} )
|
||||
&& $class->cfgDate( $conf->{cfgDate} ) )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -536,8 +536,8 @@ sub retrieveSession {
|
|||
# (15 seconds)
|
||||
if ( defined $class->data->{_session_id}
|
||||
and $id eq $class->data->{_session_id}
|
||||
and
|
||||
( $now - $class->dataUpdate < $class->tsv->{handlerInternalCache} ) )
|
||||
and ( $now - $class->dataUpdate < $class->tsv->{handlerInternalCache} )
|
||||
)
|
||||
{
|
||||
$class->logger->debug("Get session $id from Handler internal cache");
|
||||
return $class->data;
|
||||
|
|
@ -898,8 +898,9 @@ sub postJavascript {
|
|||
my $filler;
|
||||
foreach my $name ( keys %$data ) {
|
||||
use bytes;
|
||||
my @characterSet = ( '0' ..'9', 'A' .. 'Z', 'a' .. 'z' );
|
||||
my $value = join '' => map $characterSet[ rand @characterSet ], 1 .. bytes::length( $data->{$name} );
|
||||
my @characterSet = ( '0' .. '9', 'A' .. 'Z', 'a' .. 'z' );
|
||||
my $value = join '' => map $characterSet[ rand @characterSet ],
|
||||
1 .. bytes::length( $data->{$name} );
|
||||
$filler .=
|
||||
"form.find('input[name=\"$name\"], select[name=\"$name\"], textarea[name=\"$name\"]').val('$value')\n";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -224,8 +224,13 @@ ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );
|
|||
count(2);
|
||||
|
||||
# Forged headers
|
||||
ok( $res = $client->_get( '/skipif/zz', undef, 'test1.example.com', undef, HTTP_AUTH_USER => 'rtyler' ),
|
||||
'Test skip() with forged header' );
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/skipif/zz', undef, 'test1.example.com', undef,
|
||||
HTTP_AUTH_USER => 'rtyler'
|
||||
),
|
||||
'Test skip() with forged header'
|
||||
);
|
||||
ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );
|
||||
count(2);
|
||||
|
||||
|
|
|
|||
|
|
@ -82,12 +82,12 @@ no warnings 'redefine';
|
|||
|
||||
sub LWP::UserAgent::request {
|
||||
my ( $self, $req ) = @_;
|
||||
ok( $req->header('host') eq 'devops.example.com',
|
||||
'Host header found' )
|
||||
ok( $req->header('host') eq 'devops.example.com', 'Host header found' )
|
||||
or explain( $req->headers(), 'devops.example.com' );
|
||||
ok( $req->as_string() =~ m#http://devops.example.com/myfile.json#,
|
||||
'Rules file URL found' )
|
||||
or explain( $req->as_string(), 'GET http://devops.example.com/myfile.json' );
|
||||
or
|
||||
explain( $req->as_string(), 'GET http://devops.example.com/myfile.json' );
|
||||
count(2);
|
||||
my $httpResp;
|
||||
my $s = '{
|
||||
|
|
|
|||
|
|
@ -73,8 +73,7 @@ no warnings 'redefine';
|
|||
|
||||
sub LWP::UserAgent::request {
|
||||
my ( $self, $req ) = @_;
|
||||
ok( $req->header('host') eq 'test3.example.com',
|
||||
'Host header found' )
|
||||
ok( $req->header('host') eq 'test3.example.com', 'Host header found' )
|
||||
or explain( $req->headers(), 'test3.example.com' );
|
||||
ok( $req->as_string() =~ m#http://127.0.0.1:80/rules.json#,
|
||||
'Rules file URL found' )
|
||||
|
|
|
|||
|
|
@ -47,7 +47,8 @@ sub init {
|
|||
$self->{hiddenAttributes} //= "_password";
|
||||
$self->{hiddenAttributes} .= ' _session_id'
|
||||
unless $conf->{displaySessionId};
|
||||
$self->{TOTPCheck} = $self->{U2FCheck} = $self->{UBKCheck} = $self->{WebAuthnCheck} = '1';
|
||||
$self->{TOTPCheck} = $self->{U2FCheck} = $self->{UBKCheck} =
|
||||
$self->{WebAuthnCheck} = '1';
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
@ -68,7 +69,7 @@ sub del2F {
|
|||
my $epoch = $params->{epoch}
|
||||
or return $self->sendError( $req, 'Missing "epoch" parameter', 400 );
|
||||
|
||||
if ( grep { $_ eq $type } @{_2FTYPES()} ) {
|
||||
if ( grep { $_ eq $type } @{ _2FTYPES() } ) {
|
||||
$self->logger->debug(
|
||||
"Call procedure delete2F with type=$type and epoch=$epoch");
|
||||
return $self->delete2F( $req, $session, $skey );
|
||||
|
|
@ -118,7 +119,7 @@ sub sfa {
|
|||
$moduleOptions->{backend} = $mod->{module};
|
||||
|
||||
# Select 2FA sessions to display
|
||||
foreach (@{_2FTYPES()}) {
|
||||
foreach ( @{ _2FTYPES() } ) {
|
||||
$self->{ $_ . 'Check' } = delete $params->{ $_ . 'Check' }
|
||||
if ( defined $params->{ $_ . 'Check' } );
|
||||
}
|
||||
|
|
@ -189,7 +190,7 @@ sub sfa {
|
|||
# Remove sessions without at least one 2F device(s)
|
||||
$self->logger->debug(
|
||||
"Removing sessions without at least one 2F device(s)...");
|
||||
my $_2f_types_re = join ('|', @{_2FTYPES()});
|
||||
my $_2f_types_re = join( '|', @{ _2FTYPES() } );
|
||||
foreach my $session ( keys %$res ) {
|
||||
delete $res->{$session}
|
||||
unless ( defined $res->{$session}->{_2fDevices}
|
||||
|
|
@ -200,7 +201,7 @@ sub sfa {
|
|||
# Filter 2FA sessions if needed
|
||||
$self->logger->debug("Filtering 2F sessions...");
|
||||
my $all = ( keys %$res );
|
||||
foreach (@{_2FTYPES()}) {
|
||||
foreach ( @{ _2FTYPES() } ) {
|
||||
if ( $self->{ $_ . 'Check' } eq '2' ) {
|
||||
foreach my $session ( keys %$res ) {
|
||||
delete $res->{$session}
|
||||
|
|
|
|||
|
|
@ -207,7 +207,8 @@ EOF
|
|||
foreach (@simpleHashKeys) {
|
||||
$ra->add($_);
|
||||
}
|
||||
print F "our \$simpleHashKeys = '" . $ra->as_string . "';\n"
|
||||
print F "our \$simpleHashKeys = '"
|
||||
. $ra->as_string . "';\n"
|
||||
. "our \$specialNodeKeys = '${ignoreKeys}s';\n";
|
||||
foreach ( sort keys %cnodesRe ) {
|
||||
print F "our \$${_}Keys = '$cnodesRe{$_}';\n";
|
||||
|
|
@ -467,7 +468,7 @@ sub buildPortalConstants() {
|
|||
|
||||
printf STDERR $format, $self->portalConstantsFile;
|
||||
open( F, '>', $self->portalConstantsFile ) or die($!);
|
||||
my $urire = $RE{URI}{HTTP}{ -scheme=>qr/https?/ }{-keep};
|
||||
my $urire = $RE{URI}{HTTP}{ -scheme => qr/https?/ }{-keep};
|
||||
$urire =~ s/([\$\@])/\\$1/g;
|
||||
my $content = <<EOF;
|
||||
# This file is generated by $module. Don't modify it by hand
|
||||
|
|
@ -677,6 +678,7 @@ sub scanTree {
|
|||
my $type = $attr->{type};
|
||||
$type =~ s/Container//;
|
||||
foreach my $k ( sort keys( %{ $attr->{default} } ) ) {
|
||||
|
||||
# Special handling for oidcAttribute
|
||||
my $default = $attr->{default}->{$k};
|
||||
if ( $attr->{type} eq 'oidcAttributeContainer' ) {
|
||||
|
|
|
|||
|
|
@ -2205,7 +2205,7 @@ sub attributes {
|
|||
webauthn2fAuthnLevel => {
|
||||
type => 'int',
|
||||
documentation =>
|
||||
'Authentication level for users authentified by WebAuthn second factor'
|
||||
'Authentication level for users authentified by WebAuthn second factor'
|
||||
},
|
||||
webauthn2fLabel => {
|
||||
type => 'text',
|
||||
|
|
@ -2239,7 +2239,6 @@ sub attributes {
|
|||
documentation => 'WebAuthn Relying Party display name',
|
||||
},
|
||||
|
||||
|
||||
# Single session
|
||||
notifyDeleted => {
|
||||
default => 1,
|
||||
|
|
@ -3371,7 +3370,8 @@ sub attributes {
|
|||
},
|
||||
available2F => {
|
||||
type => 'text',
|
||||
default => 'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius',
|
||||
default =>
|
||||
'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,WebAuthn,Yubikey,Radius',
|
||||
documentation => 'Available second factor modules',
|
||||
},
|
||||
available2FSelfRegistration => {
|
||||
|
|
|
|||
|
|
@ -20,9 +20,10 @@ sub diff {
|
|||
$res[$i]->{$key} = $tmp[$i] if ( $tmp[$i] );
|
||||
}
|
||||
}
|
||||
elsif ( $key =~ $hashParameters
|
||||
or
|
||||
( ref( $conf[0]->{$key} ) and ref( $conf[0]->{$key} ) eq 'HASH' ) )
|
||||
elsif (
|
||||
$key =~ $hashParameters
|
||||
or ( ref( $conf[0]->{$key} ) and ref( $conf[0]->{$key} ) eq 'HASH' )
|
||||
)
|
||||
{
|
||||
if ( ref $conf[1]->{$key} ) {
|
||||
my @tmp =
|
||||
|
|
|
|||
|
|
@ -438,8 +438,8 @@ sub _scanNodes {
|
|||
$self->_scanNodes($subNodes);
|
||||
}
|
||||
}
|
||||
elsif (
|
||||
$target =~ /^oidc(?:O|R)PMetaData(?:ExportedVars|Macros|ScopeRules)$/ )
|
||||
elsif ( $target =~
|
||||
/^oidc(?:O|R)PMetaData(?:ExportedVars|Macros|ScopeRules)$/ )
|
||||
{
|
||||
hdebug(" $target");
|
||||
if ( $leaf->{cnodes} ) {
|
||||
|
|
|
|||
|
|
@ -248,7 +248,8 @@ sub sessions {
|
|||
value => $uid,
|
||||
count => scalar( @{ $r->{$uid} } ),
|
||||
sessions => [
|
||||
map { {
|
||||
map {
|
||||
{
|
||||
session =>
|
||||
$self->_maybeEncryptSessionId( $_->{_sessionId} ),
|
||||
date => $_->{_utime}
|
||||
|
|
@ -399,7 +400,8 @@ qq{Use of an uninitialized attribute "$group" to group sessions},
|
|||
else {
|
||||
$res = [
|
||||
sort { $a->{date} <=> $b->{date} }
|
||||
map { {
|
||||
map {
|
||||
{
|
||||
session => $self->_maybeEncryptSessionId($_),
|
||||
date => $res->{$_}->{_utime}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -326,7 +326,7 @@ checkAddFailsOnInvalidConfkey( $test, 'cat', $cat3 );
|
|||
|
||||
checkAddFailsOnInvalidConfkey
|
||||
|
||||
$test = "Cat - Update should succeed and keep existing values";
|
||||
$test = "Cat - Update should succeed and keep existing values";
|
||||
$cat1->{order} = 3;
|
||||
delete $cat1->{catname};
|
||||
checkUpdate( $test, 'cat', 'mycat1', $cat1 );
|
||||
|
|
@ -419,7 +419,7 @@ $test = "App - Get app myapp1 from mycat3 should err on not found";
|
|||
checkGetNotFound( $test, 'app/mycat3', 'myapp1' );
|
||||
|
||||
$test = "App - Add app myapp1 to mycat3 should err on not found";
|
||||
checkAddNotFound( $test, 'app/mycat3', $app1);
|
||||
checkAddNotFound( $test, 'app/mycat3', $app1 );
|
||||
|
||||
$test = "App - Add app1 to cat1 should succeed";
|
||||
checkAdd( $test, 'app/mycat1', $app1 );
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ is( $brokenconfig->{status}, 'ko', 'Got expected global status' );
|
|||
is( $brokenconfig->{status_config}, 'ko', 'Got expected config status' );
|
||||
rename 't/conf/lmConf-1.json.broken', 't/conf/lmConf-1.json';
|
||||
|
||||
my $allfine = getStatus( "Back to normal" );
|
||||
my $allfine = getStatus("Back to normal");
|
||||
is( $allfine->{status}, 'ok', 'Got expected global status' );
|
||||
is( $allfine->{status_config}, 'ok', 'Got expected config status' );
|
||||
is( $allfine->{status_sessions}, 'unknown', 'Not implemented yet' );
|
||||
|
|
|
|||
|
|
@ -276,7 +276,7 @@ sub checkFindByProviderId {
|
|||
($gotProviderId) = $result->{metadata} =~ m/entityID=['"](.+?)['"]/i;
|
||||
}
|
||||
elsif ( $providerIdName eq 'serviceUrl' ) {
|
||||
$gotProviderId = shift @{$result->{options}->{service}};
|
||||
$gotProviderId = shift @{ $result->{options}->{service} };
|
||||
}
|
||||
else {
|
||||
$gotProviderId = $result->{$providerIdName};
|
||||
|
|
@ -646,7 +646,9 @@ my $casApp = {
|
|||
given_name => '$firstName',
|
||||
},
|
||||
options => {
|
||||
service => [ 'http://mycasapp.example.com', 'http://mycasapp2.example.com/test' ],
|
||||
service => [
|
||||
'http://mycasapp.example.com', 'http://mycasapp2.example.com/test'
|
||||
],
|
||||
rule => '$uid eq \'dwho\'',
|
||||
userAttribute => 'uid'
|
||||
}
|
||||
|
|
@ -663,7 +665,7 @@ $test = "CasApp - Add should fail on duplicate confKey";
|
|||
checkAddFailsIfExists( $test, 'cas/app', $casApp );
|
||||
|
||||
$test = "CasApp - Update should succeed and keep existing values";
|
||||
$casApp->{options}->{service} = [ 'http://mycasapp.acme.com' ];
|
||||
$casApp->{options}->{service} = ['http://mycasapp.acme.com'];
|
||||
$casApp->{options}->{userAttribute} = 'cn';
|
||||
delete $casApp->{options}->{rule};
|
||||
delete $casApp->{macros};
|
||||
|
|
@ -672,7 +674,7 @@ $casApp->{macros}->{given_name} = '$givenName';
|
|||
$casApp->{exportedVars}->{cn} = 'uid';
|
||||
checkUpdate( $test, 'cas/app', 'myCasApp1', $casApp );
|
||||
checkGet( $test, 'cas/app', 'myCasApp1', 'options/service/0',
|
||||
'http://mycasapp.acme.com');
|
||||
'http://mycasapp.acme.com' );
|
||||
checkGet( $test, 'cas/app', 'myCasApp1', 'options/userAttribute', 'cn' );
|
||||
checkGet( $test, 'cas/app', 'myCasApp1', 'options/rule', '$uid eq \'dwho\'' );
|
||||
checkGet( $test, 'cas/app', 'myCasApp1', 'exportedVars/cn', 'uid' );
|
||||
|
|
@ -686,17 +688,17 @@ delete $casApp->{options}->{playingPossum};
|
|||
|
||||
$test = "CasApp - Add should fail on non existing options";
|
||||
$casApp->{confKey} = 'myCasApp2';
|
||||
$casApp->{options}->{service} = [ 'http://mycasapp.skynet.com' ];
|
||||
$casApp->{options}->{service} = ['http://mycasapp.skynet.com'];
|
||||
$casApp->{options}->{playingPossum} = 'ElephantInTheRoom';
|
||||
checkAddWithUnknownAttributes( $test, 'cas/app', $casApp );
|
||||
delete $casApp->{options}->{playingPossum};
|
||||
|
||||
$test = "CasApp - Add should fail because service host already exists";
|
||||
$casApp->{options}->{service} = [ 'http://mycasapp.acme.com/ignoredbyissuer' ];
|
||||
$casApp->{options}->{service} = ['http://mycasapp.acme.com/ignoredbyissuer'];
|
||||
checkAddFailsIfExists( $test, 'cas/app', $casApp );
|
||||
|
||||
$test = "CasApp - 2nd add should succeed";
|
||||
$casApp->{options}->{service} = [ 'http://mycasapp.skynet.com' ];
|
||||
$casApp->{options}->{service} = ['http://mycasapp.skynet.com'];
|
||||
checkAdd( $test, 'cas/app', $casApp );
|
||||
|
||||
$test = "CasApp - Update should fail if confKey not found";
|
||||
|
|
@ -714,7 +716,7 @@ $test = "CasApp - Replace should fail on non existing or invalid options";
|
|||
$casApp->{options}->{playingPossum} = 'elephant';
|
||||
checkReplaceWithInvalidAttribute( $test, 'cas/app', 'myCasApp2', $casApp );
|
||||
delete $casApp->{options}->{playingPossum};
|
||||
$casApp->{options}->{service} = [ "XXX" ];
|
||||
$casApp->{options}->{service} = ["XXX"];
|
||||
checkReplaceWithInvalidAttribute( $test, 'cas/app', 'myCasApp2', $casApp );
|
||||
|
||||
$test = "CasApp - Replace should fail if service is not an array";
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ count(6);
|
|||
foreach my $i ( 0 .. 3 ) {
|
||||
ok(
|
||||
$resBody->{details}->{__warnings__}->[$i]->{message} =~
|
||||
/\b(unprotected|cross-domain-authentication|retries|__badExpressionAssignment__)\b/,
|
||||
/\b(unprotected|cross-domain-authentication|retries|__badExpressionAssignment__)\b/,
|
||||
"Warning with 'unprotect', 'CDA', 'assignment' or 'retries' found"
|
||||
) or print STDERR Dumper($resBody);
|
||||
count(1);
|
||||
|
|
|
|||
|
|
@ -137,7 +137,7 @@ sub displayTests {
|
|||
) or diag Dumper($res);
|
||||
my $internal_ref = $res->{values}->[0]->{notification};
|
||||
my $ref = $res->{values}->[0]->{reference};
|
||||
$res = &client->jsonResponse( "notifications/$type/$internal_ref" );
|
||||
$res = &client->jsonResponse("notifications/$type/$internal_ref");
|
||||
ok( $res->{done} eq $internal_ref, 'Internal reference found' )
|
||||
or diag Dumper($res);
|
||||
ok( $res = eval { from_json( $res->{notifications}->[0] ) },
|
||||
|
|
|
|||
|
|
@ -18,7 +18,8 @@ sub body {
|
|||
|
||||
# Test that key value is sent
|
||||
my $res = &client->jsonResponse('/view/1/portalDisplayOidcConsents');
|
||||
ok( $res->{value} eq '$_oidcConsents && $_oidcConsents =~ /\\w+/', 'Key found' );
|
||||
ok( $res->{value} eq '$_oidcConsents && $_oidcConsents =~ /\\w+/',
|
||||
'Key found' );
|
||||
count(1);
|
||||
|
||||
# Test that hidden key values are NOT sent
|
||||
|
|
|
|||
|
|
@ -385,7 +385,8 @@ sub run {
|
|||
MSG => $self->canUpdateSfa($req) || 'choose2f',
|
||||
ALERT => ( $self->canUpdateSfa($req) ? 'warning' : 'positive' ),
|
||||
MODULES => [
|
||||
map { {
|
||||
map {
|
||||
{
|
||||
CODE => $_->prefix,
|
||||
LOGO => $_->logo,
|
||||
LABEL => $_->label
|
||||
|
|
|
|||
|
|
@ -255,8 +255,7 @@ sub authenticate {
|
|||
sub setAuthSessionInfo {
|
||||
my ( $self, $req ) = @_;
|
||||
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{casAuthnLevel};
|
||||
$req->{sessionInfo}->{_casSrv}
|
||||
= $req->data->{_casSrvCurrent};
|
||||
$req->{sessionInfo}->{_casSrv} = $req->data->{_casSrvCurrent};
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -155,8 +155,7 @@ sub extractFormInfo {
|
|||
|
||||
$self->logger->debug("Response from GitHub User API: $user_content");
|
||||
|
||||
eval {
|
||||
$json_hash = from_json( $user_content, { allow_nonref => 1 } ); };
|
||||
eval { $json_hash = from_json( $user_content, { allow_nonref => 1 } ); };
|
||||
if ($@) {
|
||||
$self->logger->error("Unable to decode JSON $user_content");
|
||||
return PE_ERROR;
|
||||
|
|
|
|||
|
|
@ -90,11 +90,13 @@ sub extractFormInfo {
|
|||
# 3. If user and oldpassword defined -> password form
|
||||
elsif ( $defUser and $defOldPassword ) {
|
||||
$res = PE_PASSWORDFORMEMPTY
|
||||
unless ( ( $req->{user} = $req->param('user') )
|
||||
unless (
|
||||
( $req->{user} = $req->param('user') )
|
||||
&& ( $req->data->{oldpassword} = $req->param('oldpassword') )
|
||||
&& ( $req->data->{newpassword} = $req->param('newpassword') )
|
||||
&& ( $req->data->{confirmpassword} =
|
||||
$req->param('confirmpassword') ) );
|
||||
$req->param('confirmpassword') )
|
||||
);
|
||||
}
|
||||
|
||||
# If form seems empty
|
||||
|
|
|
|||
|
|
@ -72,8 +72,8 @@ has findUserFilter => (
|
|||
is => 'ro',
|
||||
lazy => 1,
|
||||
builder => sub {
|
||||
$_[0]->conf->{AuthLDAPFilter} ||
|
||||
$_[0]->conf->{LDAPFilter}
|
||||
$_[0]->conf->{AuthLDAPFilter}
|
||||
|| $_[0]->conf->{LDAPFilter}
|
||||
|| '(&(uid=$user)(objectClass=inetOrgPerson))';
|
||||
}
|
||||
);
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ sub new {
|
|||
( $conf->{ldapVerify} ? ( verify => $conf->{ldapVerify} ) : () ),
|
||||
);
|
||||
unless ($self) {
|
||||
$portal->logger->error("LDAP initialization error: ". $@);
|
||||
$portal->logger->error( "LDAP initialization error: " . $@ );
|
||||
return 0;
|
||||
}
|
||||
elsif ( $Net::LDAP::VERSION < '0.64' ) {
|
||||
|
|
|
|||
|
|
@ -1888,7 +1888,8 @@ sub resolveArtifact {
|
|||
$self->logger->debug("Get message $message");
|
||||
}
|
||||
else {
|
||||
$self->logger->error("Error while sending message: ".$soap_answer->status_line);
|
||||
$self->logger->error(
|
||||
"Error while sending message: " . $soap_answer->status_line );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -11,6 +11,6 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
|
|||
|
||||
has authnLevel => ( is => 'rw' );
|
||||
|
||||
sub stop {0}
|
||||
sub stop { 0 }
|
||||
|
||||
1;
|
||||
|
|
|
|||
|
|
@ -29,7 +29,8 @@ sub displayInit {
|
|||
else {
|
||||
$self->logger->error(
|
||||
qq(Skin rule "$skinRule" returns an error: )
|
||||
. HANDLER->tsv->{jail}->error || 'Unable to compile rule' );
|
||||
. HANDLER->tsv->{jail}->error
|
||||
|| 'Unable to compile rule' );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -37,14 +38,14 @@ sub displayInit {
|
|||
HANDLER->substitute( $self->conf->{portalRequireOldPassword} ) );
|
||||
unless ($rule) {
|
||||
my $error = HANDLER->tsv->{jail}->error || 'Unable to compile rule';
|
||||
$self->logger->error( "Bad requireOldPwd rule: $error" );
|
||||
$self->logger->error("Bad requireOldPwd rule: $error");
|
||||
}
|
||||
$self->requireOldPwd($rule);
|
||||
$rule =
|
||||
HANDLER->buildSub( HANDLER->substitute( $self->conf->{stayConnected} ) );
|
||||
unless ($rule) {
|
||||
my $error = HANDLER->tsv->{jail}->error || 'Unable to compile rule';
|
||||
$self->logger->error( "Bad stayConnected rule: $error" );
|
||||
$self->logger->error("Bad stayConnected rule: $error");
|
||||
}
|
||||
$self->stayConnected($rule);
|
||||
|
||||
|
|
|
|||
|
|
@ -50,9 +50,11 @@ sub init {
|
|||
|
||||
sub delegate {
|
||||
my ( $self, $req, $name, @args ) = @_;
|
||||
|
||||
# The user might want to override which password DB is used with a macro
|
||||
# This is useful when using SASL delegation in OpenLDAP
|
||||
my $userDB = $req->sessionInfo->{_cmbPasswordDB} || $req->sessionInfo->{_userDB};
|
||||
my $userDB =
|
||||
$req->sessionInfo->{_cmbPasswordDB} || $req->sessionInfo->{_userDB};
|
||||
unless ( $self->mods->{$userDB} ) {
|
||||
$self->logger->error("No Password module available for $userDB");
|
||||
return PE_ERROR;
|
||||
|
|
|
|||
|
|
@ -39,12 +39,14 @@ sub modifyPassword {
|
|||
|
||||
if ( $req->data->{dn} ) {
|
||||
$dn = $req->data->{dn};
|
||||
$requireOldPassword = $self->requireOldPwdRule->( $req, $req->userData );
|
||||
$requireOldPassword =
|
||||
$self->requireOldPwdRule->( $req, $req->userData );
|
||||
$self->logger->debug("Get DN from request data: $dn");
|
||||
}
|
||||
else {
|
||||
$dn = $req->sessionInfo->{_dn};
|
||||
$requireOldPassword = $self->requireOldPwdRule->( $req, $req->sessionInfo );
|
||||
$requireOldPassword =
|
||||
$self->requireOldPwdRule->( $req, $req->sessionInfo );
|
||||
$self->logger->debug("Get DN from session data: $dn");
|
||||
}
|
||||
unless ($dn) {
|
||||
|
|
|
|||
|
|
@ -207,7 +207,8 @@ sub activeSessions {
|
|||
}
|
||||
$_;
|
||||
}
|
||||
sort { $b->{startTime} cmp $a->{startTime} } map { {
|
||||
sort { $b->{startTime} cmp $a->{startTime} } map {
|
||||
{
|
||||
id => $_,
|
||||
customParam => $sessions->{$_}->{$customParam},
|
||||
ipAddr => $sessions->{$_}->{ipAddr},
|
||||
|
|
|
|||
|
|
@ -107,8 +107,10 @@ has exportedAttr => (
|
|||
|
||||
# Convert @attributes into hash to remove duplicates
|
||||
my %attributes = map( { $_ => 1 } @attributes );
|
||||
%attributes =
|
||||
( %attributes, %{ $conf->{exportedVars} }, %{ $conf->{macros} },
|
||||
%attributes = (
|
||||
%attributes,
|
||||
%{ $conf->{exportedVars} },
|
||||
%{ $conf->{macros} },
|
||||
);
|
||||
return '[' . join( ',', keys %attributes ) . ']';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -60,8 +60,10 @@ has exportedAttr => (
|
|||
|
||||
# Convert @attributes into hash to remove duplicates
|
||||
my %attributes = map( { $_ => 1 } @attributes );
|
||||
%attributes =
|
||||
( %attributes, %{ $conf->{exportedVars} }, %{ $conf->{macros} },
|
||||
%attributes = (
|
||||
%attributes,
|
||||
%{ $conf->{exportedVars} },
|
||||
%{ $conf->{macros} },
|
||||
);
|
||||
|
||||
return [ sort keys %attributes ];
|
||||
|
|
|
|||
|
|
@ -136,8 +136,10 @@ sub findUser {
|
|||
sub setSessionInfo {
|
||||
my ( $self, $req ) = @_;
|
||||
|
||||
my %vars = ( %{ $self->conf->{exportedVars} },
|
||||
%{ $self->conf->{demoExportedVars} } );
|
||||
my %vars = (
|
||||
%{ $self->conf->{exportedVars} },
|
||||
%{ $self->conf->{demoExportedVars} }
|
||||
);
|
||||
while ( my ( $k, $v ) = each %vars ) {
|
||||
$req->{sessionInfo}->{$k} = $demoAccounts{ $req->{user} }->{$v};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,8 +36,10 @@ sub setSessionInfo {
|
|||
my ( $self, $req ) = @_;
|
||||
$req->{sessionInfo}->{_dn} = $req->data->{dn};
|
||||
|
||||
my %vars = ( %{ $self->conf->{exportedVars} },
|
||||
%{ $self->conf->{ldapExportedVars} } );
|
||||
my %vars = (
|
||||
%{ $self->conf->{exportedVars} },
|
||||
%{ $self->conf->{ldapExportedVars} }
|
||||
);
|
||||
while ( my ( $k, $v ) = each %vars ) {
|
||||
|
||||
my $value = $self->ldap->getLdapValue( $req->data->{ldapentry}, $v );
|
||||
|
|
|
|||
|
|
@ -26,8 +26,7 @@ count(3);
|
|||
# Test unauthenticated logout request access with route
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/logout',
|
||||
accept => 'text/html'
|
||||
'/logout', accept => 'text/html'
|
||||
),
|
||||
'Get logout page'
|
||||
);
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
|
||||
require 't/test-lib.pm';
|
||||
|
||||
my ($res, $json);
|
||||
my ( $res, $json );
|
||||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
|
|
|
|||
|
|
@ -32,8 +32,7 @@ ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, 'Language icons found' )
|
|||
count(3);
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/logout',
|
||||
accept => 'text/html'
|
||||
'/logout', accept => 'text/html'
|
||||
),
|
||||
'Get logout page'
|
||||
);
|
||||
|
|
|
|||
|
|
@ -16,8 +16,7 @@ SKIP: {
|
|||
}
|
||||
my $dbh = DBI->connect("dbi:SQLite:dbname=$userdb");
|
||||
$dbh->do('CREATE TABLE users (user text,password text,cn text)');
|
||||
$dbh->do(
|
||||
"INSERT INTO users VALUES ('french','french','Frédéric Accents')");
|
||||
$dbh->do("INSERT INTO users VALUES ('french','french','Frédéric Accents')");
|
||||
$dbh->do("INSERT INTO users VALUES ('russian','russian','Русский')");
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ SKIP: {
|
|||
}
|
||||
}
|
||||
);
|
||||
|
||||
# my $postString = 'user='
|
||||
# . ( $ENV{LDAPACCOUNT} || 'dwho' )
|
||||
# . '&password='
|
||||
|
|
|
|||
|
|
@ -52,9 +52,7 @@ $query =~ s/user=[^&]*/user=dwho/;
|
|||
$query =~ s/password=/password=dwho/;
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new($query),
|
||||
length => length($query)
|
||||
'/', IO::String->new($query), length => length($query)
|
||||
),
|
||||
'Auth query'
|
||||
);
|
||||
|
|
|
|||
|
|
@ -61,5 +61,5 @@ SKIP: {
|
|||
expectCookie($res);
|
||||
}
|
||||
|
||||
clean_sessions(count($mainTests));
|
||||
clean_sessions( count($mainTests) );
|
||||
done_testing();
|
||||
|
|
|
|||
|
|
@ -51,11 +51,13 @@ SKIP: {
|
|||
ok(
|
||||
$res = $issuer->_get(
|
||||
'/saml/singleSignOn',
|
||||
query => buildForm({
|
||||
query => buildForm( {
|
||||
IDPInitiated => 1,
|
||||
spConfKey => 'sp.com',
|
||||
spDest => 'http://auth.alternate.com/saml/proxySingleSignOnPost',
|
||||
}),
|
||||
spDest =>
|
||||
'http://auth.alternate.com/saml/proxySingleSignOnPost',
|
||||
}
|
||||
),
|
||||
cookie => "lemonldap=$idpId",
|
||||
accept => 'test/html'
|
||||
),
|
||||
|
|
@ -69,11 +71,13 @@ SKIP: {
|
|||
ok(
|
||||
$res = $issuer->_get(
|
||||
'/saml/singleSignOn',
|
||||
query => buildForm({
|
||||
query => buildForm( {
|
||||
IDPInitiated => 1,
|
||||
spConfKey => 'sp.com',
|
||||
spDest => 'http://auth.perdu.com/saml/proxySingleSignOnPost',
|
||||
}),
|
||||
spDest =>
|
||||
'http://auth.perdu.com/saml/proxySingleSignOnPost',
|
||||
}
|
||||
),
|
||||
cookie => "lemonldap=$idpId",
|
||||
accept => 'test/html'
|
||||
),
|
||||
|
|
@ -144,8 +148,8 @@ m#iframe src="http://auth.idp.com(/saml/relaySingleLogoutPOST)\?(relay=.*?)"#s,
|
|||
'Get iframe request'
|
||||
) or explain( $res, '' );
|
||||
( $url, $query ) = ( $1, $2 );
|
||||
expectCspChildOK($res, "auth.idp.com");
|
||||
expectCspChildOK($res, "http://auth.sp.com");
|
||||
expectCspChildOK( $res, "auth.idp.com" );
|
||||
expectCspChildOK( $res, "http://auth.sp.com" );
|
||||
|
||||
ok(
|
||||
$res = $issuer->_get(
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ m#iframe src="http://auth.sp.com(/saml/proxySingleLogout)\?(SAMLRequest=.*?)"#,
|
|||
);
|
||||
$url = $1;
|
||||
my $query = $2;
|
||||
expectCspChildOK($res, "auth.sp.com");
|
||||
expectCspChildOK( $res, "auth.sp.com" );
|
||||
|
||||
my $removedCookie = expectCookie($res);
|
||||
is( $removedCookie, 0, "SSO cookie removed" );
|
||||
|
|
|
|||
|
|
@ -239,8 +239,7 @@ clean_sessions();
|
|||
done_testing( count() );
|
||||
|
||||
sub issuer {
|
||||
return LLNG::Manager::Test->new(
|
||||
{
|
||||
return LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => $debug,
|
||||
domain => 'idp.com',
|
||||
|
|
@ -271,8 +270,7 @@ sub issuer {
|
|||
}
|
||||
|
||||
sub sp {
|
||||
return LLNG::Manager::Test->new(
|
||||
{
|
||||
return LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => $debug,
|
||||
domain => 'sp.com',
|
||||
|
|
|
|||
|
|
@ -200,7 +200,7 @@ count(1);
|
|||
# Query IdP with iframe src
|
||||
my $url = $1;
|
||||
$query = $2;
|
||||
expectCspChildOK($res, "auth.idp.com");
|
||||
expectCspChildOK( $res, "auth.idp.com" );
|
||||
|
||||
switch ('issuer');
|
||||
ok(
|
||||
|
|
|
|||
|
|
@ -200,7 +200,7 @@ count(1);
|
|||
# Query IdP with iframe src
|
||||
my $url = $1;
|
||||
$query = $2;
|
||||
expectCspChildOK($res, "auth.idp.com");
|
||||
expectCspChildOK( $res, "auth.idp.com" );
|
||||
|
||||
switch ('issuer');
|
||||
ok(
|
||||
|
|
|
|||
|
|
@ -170,7 +170,7 @@ count(1);
|
|||
# Query IdP with iframe src
|
||||
my $url = $1;
|
||||
$query = $2;
|
||||
expectCspChildOK($res, "auth.idp.com");
|
||||
expectCspChildOK( $res, "auth.idp.com" );
|
||||
|
||||
switch ('issuer');
|
||||
ok(
|
||||
|
|
|
|||
|
|
@ -160,7 +160,7 @@ count(1);
|
|||
# Query IdP with iframe src
|
||||
my $url = $1;
|
||||
$query = $2;
|
||||
expectCspChildOK($res, "auth.idp.com");
|
||||
expectCspChildOK( $res, "auth.idp.com" );
|
||||
|
||||
switch ('issuer');
|
||||
ok(
|
||||
|
|
|
|||
|
|
@ -254,7 +254,7 @@ SKIP: {
|
|||
# Query IdP with iframe src
|
||||
$url = $1;
|
||||
$query = $2;
|
||||
expectCspChildOK($res, "auth.idp.com");
|
||||
expectCspChildOK( $res, "auth.idp.com" );
|
||||
|
||||
# Get iframe from CAS server
|
||||
switch ('issuer');
|
||||
|
|
|
|||
|
|
@ -120,8 +120,7 @@ done_testing( count() );
|
|||
|
||||
sub issuer {
|
||||
my ($strict) = @_;
|
||||
return LLNG::Manager::Test->new(
|
||||
{
|
||||
return LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => $debug,
|
||||
domain => 'idp.com',
|
||||
|
|
|
|||
|
|
@ -158,7 +158,7 @@ $res = $op->_post(
|
|||
accept => 'application/json',
|
||||
length => length($badquery3),
|
||||
);
|
||||
expectReject($res, 400, "invalid_scope");
|
||||
expectReject( $res, 400, "invalid_scope" );
|
||||
|
||||
## Test a confidential RP
|
||||
$res = $op->_post(
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ sub runTest {
|
|||
|
||||
my $id_token_payload = id_token_payload($id_token);
|
||||
my $auth_time = $id_token_payload->{auth_time};
|
||||
ok( $auth_time, "Authentication date found in token");
|
||||
ok( $auth_time, "Authentication date found in token" );
|
||||
is(
|
||||
$id_token_payload->{name},
|
||||
'Frédéric Accents',
|
||||
|
|
@ -119,7 +119,8 @@ sub runTest {
|
|||
ok( !defined $refresh_token2, "Refresh token not present" );
|
||||
|
||||
$id_token_payload = id_token_payload($id_token);
|
||||
is( $id_token_payload->{auth_time}, $auth_time, 'Original auth_time retained' );
|
||||
is( $id_token_payload->{auth_time},
|
||||
$auth_time, 'Original auth_time retained' );
|
||||
is(
|
||||
$id_token_payload->{name},
|
||||
'Frédéric Accents',
|
||||
|
|
|
|||
|
|
@ -114,6 +114,7 @@ done_testing( count() );
|
|||
|
||||
# Redefine LWP methods for tests
|
||||
no warnings 'redefine';
|
||||
|
||||
sub switch {
|
||||
my $type = shift;
|
||||
@Lemonldap::NG::Handler::Main::_onReload = @{
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ use LWP::UserAgent;
|
|||
use LWP::Protocol::PSGI;
|
||||
use MIME::Base64;
|
||||
|
||||
|
||||
# ------------ --------------------------- ----------------
|
||||
# | OIDC RP | <-> | OIDC provider + SAML SP | <-> | SAML IdP |
|
||||
# ------------ --------------------------- ----------------
|
||||
|
|
@ -24,6 +23,7 @@ BEGIN {
|
|||
|
||||
my $maintests = 17;
|
||||
my $debug = 'error';
|
||||
|
||||
#my $debug = 'error';
|
||||
my ( $op, $rp, $idp, $res );
|
||||
|
||||
|
|
@ -31,7 +31,8 @@ my ( $op, $rp, $idp, $res );
|
|||
LWP::Protocol::PSGI->register(
|
||||
sub {
|
||||
my $req = Plack::Request->new(@_);
|
||||
ok( $req->uri =~ m#http://auth.((?:op|rp|idp)).com(.*)#, ' REST request' );
|
||||
ok( $req->uri =~ m#http://auth.((?:op|rp|idp)).com(.*)#,
|
||||
' REST request' );
|
||||
my $host = $1;
|
||||
my $url = $2;
|
||||
my ( $res, $client );
|
||||
|
|
@ -83,8 +84,6 @@ LWP::Protocol::PSGI->register(
|
|||
}
|
||||
);
|
||||
|
||||
|
||||
|
||||
SKIP: {
|
||||
eval "use Lasso";
|
||||
if ($@) {
|
||||
|
|
@ -112,7 +111,6 @@ SKIP: {
|
|||
|
||||
$rp = register( 'rp', sub { rp( $jwks, $metadata ) } );
|
||||
|
||||
|
||||
# LOGIN PROCESS ############################################################
|
||||
|
||||
# Query RP for auth
|
||||
|
|
@ -137,11 +135,13 @@ SKIP: {
|
|||
|
||||
# Try to authenticate to IdP
|
||||
ok(
|
||||
$res = $idp->_get( $urlidp, query => $queryidp, accept => 'text/html'),
|
||||
"SAML Authentication on idp, endpoint $urlidp" );
|
||||
$res = $idp->_get( $urlidp, query => $queryidp, accept => 'text/html' ),
|
||||
"SAML Authentication on idp, endpoint $urlidp"
|
||||
);
|
||||
my $pdataidp = expectCookie( $res, 'lemonldappdata' );
|
||||
|
||||
my ( $host, $tmp );
|
||||
|
||||
# expectForm (result, host, uri, @requiredfield)
|
||||
( $host, $tmp, $query ) = expectForm( $res, '#', undef,
|
||||
( 'url', 'timezone', 'skin', 'user', 'password' ) );
|
||||
|
|
@ -162,7 +162,6 @@ SKIP: {
|
|||
$pdataidp = expectCookie( $res, 'lemonldappdata' );
|
||||
my $cookieidp = expectCookie( $res, 'lemonldap' );
|
||||
|
||||
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, 'auth.op.com', '/saml/proxySingleSignOnPost',
|
||||
'SAMLResponse', 'RelayState' );
|
||||
|
|
@ -184,55 +183,66 @@ SKIP: {
|
|||
$pdataop = expectCookie( $res, 'lemonldappdata' );
|
||||
my $cookieop = expectCookie( $res, 'lemonldap' );
|
||||
|
||||
( $url, $query ) =
|
||||
expectRedirection( $res, qr#^http://auth.op.com(/oauth2)\?*(.*)$# );
|
||||
|
||||
( $url, $query ) = expectRedirection( $res, qr#^http://auth.op.com(/oauth2)\?*(.*)$# );
|
||||
|
||||
ok( $res = $op->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $op->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop",
|
||||
),
|
||||
'Call OP from SAML SP' );
|
||||
'Call OP from SAML SP'
|
||||
);
|
||||
|
||||
$pdataop = expectCookie( $res, 'lemonldappdata' );
|
||||
|
||||
# No consent here because we have disabled it (oidcRPMetaDataOptionsBypassConsent)
|
||||
# No consent here because we have disabled it (oidcRPMetaDataOptionsBypassConsent)
|
||||
|
||||
($query) = expectRedirection( $res, qr#^http://auth.rp.com/?\?(.*)$# );
|
||||
|
||||
|
||||
# Push OP response to RP
|
||||
switch ('rp');
|
||||
|
||||
ok( $res = $rp->_get( '/', query => $query, accept => 'text/html' ),
|
||||
'Call openidconnectcallback on RP' );
|
||||
my $cookierp = expectCookie($res, 'lemonldap');
|
||||
my $cookierp = expectCookie( $res, 'lemonldap' );
|
||||
|
||||
# Authentication done on RP + OP + IDP
|
||||
|
||||
|
||||
# LOGOUT PROCESS ###########################################################
|
||||
$url = '/';
|
||||
$query = 'logout=1';
|
||||
ok( $res = $rp->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $rp->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$cookierp",
|
||||
),
|
||||
'Call logout from RP' );
|
||||
'Call logout from RP'
|
||||
);
|
||||
|
||||
# lemonldap cookie set to "0"
|
||||
$cookierp = expectCookie( $res, 'lemonldap' );
|
||||
ok( $cookierp eq "0", 'Test empty cookie on RP' );
|
||||
|
||||
# forward logout to OP
|
||||
( $url, $query ) = expectRedirection( $res, qr#^http://auth.op.com(/.*)\?(.*)$# );
|
||||
( $url, $query ) =
|
||||
expectRedirection( $res, qr#^http://auth.op.com(/.*)\?(.*)$# );
|
||||
|
||||
switch ('op');
|
||||
|
||||
ok( $res = $op->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $op->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop",
|
||||
),
|
||||
'Forward logout to OP' );
|
||||
'Forward logout to OP'
|
||||
);
|
||||
|
||||
# expectForm (result, host, uri, @requiredfield)
|
||||
( $host, $tmp, $query ) = expectForm( $res, '#', undef,
|
||||
|
|
@ -253,29 +263,39 @@ SKIP: {
|
|||
$cookieop = expectCookie( $res, 'lemonldap' );
|
||||
ok( $cookieop eq "0", 'Test empty cookie on OP' );
|
||||
|
||||
( $url, $query ) = expectRedirection( $res, qr#^http://auth.idp.com(/.*)\?(.*)$# );
|
||||
( $url, $query ) =
|
||||
expectRedirection( $res, qr#^http://auth.idp.com(/.*)\?(.*)$# );
|
||||
|
||||
switch ('idp');
|
||||
|
||||
ok( $res = $idp->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $idp->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldappdata=$pdataidp; lemonldap=$cookieidp",
|
||||
),
|
||||
'redirect to IdP' );
|
||||
'redirect to IdP'
|
||||
);
|
||||
|
||||
# lemonldap cookie set to "0"
|
||||
$cookieidp = expectCookie( $res, 'lemonldap' );
|
||||
ok( $cookieidp eq "0", 'Test empty cookie on IDP' );
|
||||
|
||||
( $url, $query ) = expectRedirection( $res, qr#^http://auth.op.com(/.*)\?(.*)$# );
|
||||
( $url, $query ) =
|
||||
expectRedirection( $res, qr#^http://auth.op.com(/.*)\?(.*)$# );
|
||||
|
||||
switch ('op');
|
||||
|
||||
ok( $res = $op->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $op->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop",
|
||||
),
|
||||
'redirect to OP' );
|
||||
'redirect to OP'
|
||||
);
|
||||
|
||||
expectOK($res);
|
||||
|
||||
|
|
@ -443,7 +463,8 @@ sub idp {
|
|||
'samlSPMetaDataOptionsNameIDFormat' => '',
|
||||
'samlSPMetaDataOptionsNotOnOrAfterTimeout' => 72000,
|
||||
'samlSPMetaDataOptionsOneTimeUse' => 0,
|
||||
'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => 72000,
|
||||
'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' =>
|
||||
72000,
|
||||
'samlSPMetaDataOptionsSignSLOMessage' => -1,
|
||||
'samlSPMetaDataOptionsSignSSOMessage' => 1,
|
||||
'samlSPMetaDataOptionsSignatureMethod' => ''
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ use LWP::UserAgent;
|
|||
use LWP::Protocol::PSGI;
|
||||
use MIME::Base64;
|
||||
|
||||
|
||||
# ------------ --------------------------- ----------------
|
||||
# | OIDC RP | <-> | OIDC provider + SAML SP | <-> | SAML IdP |
|
||||
# ------------ --------------------------- ----------------
|
||||
|
|
@ -24,6 +23,7 @@ BEGIN {
|
|||
|
||||
my $maintests = 17;
|
||||
my $debug = 'error';
|
||||
|
||||
#my $debug = 'error';
|
||||
my ( $op, $rp, $idp, $res );
|
||||
|
||||
|
|
@ -31,7 +31,8 @@ my ( $op, $rp, $idp, $res );
|
|||
LWP::Protocol::PSGI->register(
|
||||
sub {
|
||||
my $req = Plack::Request->new(@_);
|
||||
ok( $req->uri =~ m#http://auth.((?:op|rp|idp)).com(.*)#, ' REST request' );
|
||||
ok( $req->uri =~ m#http://auth.((?:op|rp|idp)).com(.*)#,
|
||||
' REST request' );
|
||||
my $host = $1;
|
||||
my $url = $2;
|
||||
my ( $res, $client );
|
||||
|
|
@ -75,16 +76,18 @@ LWP::Protocol::PSGI->register(
|
|||
);
|
||||
}
|
||||
ok( $res->[0] == 200, ' Response is 200' );
|
||||
ok( getHeader( $res, 'Content-Type' ) =~ m#^(application/json|text/xml)#,
|
||||
' Content is JSON|XML' )
|
||||
or explain( $res->[1], 'Content-Type => (application/json|text/xml)' );
|
||||
ok(
|
||||
getHeader( $res, 'Content-Type' ) =~
|
||||
m#^(application/json|text/xml)#,
|
||||
' Content is JSON|XML'
|
||||
)
|
||||
or
|
||||
explain( $res->[1], 'Content-Type => (application/json|text/xml)' );
|
||||
count(4);
|
||||
return $res;
|
||||
}
|
||||
);
|
||||
|
||||
|
||||
|
||||
SKIP: {
|
||||
eval "use Lasso";
|
||||
if ($@) {
|
||||
|
|
@ -112,7 +115,6 @@ SKIP: {
|
|||
|
||||
$rp = register( 'rp', sub { rp( $jwks, $metadata ) } );
|
||||
|
||||
|
||||
# LOGIN PROCESS ############################################################
|
||||
|
||||
# Query RP for auth
|
||||
|
|
@ -137,11 +139,13 @@ SKIP: {
|
|||
|
||||
# Try to authenticate to IdP
|
||||
ok(
|
||||
$res = $idp->_get( $urlidp, query => $queryidp, accept => 'text/html'),
|
||||
"SAML Authentication on idp, endpoint $urlidp" );
|
||||
$res = $idp->_get( $urlidp, query => $queryidp, accept => 'text/html' ),
|
||||
"SAML Authentication on idp, endpoint $urlidp"
|
||||
);
|
||||
my $pdataidp = expectCookie( $res, 'lemonldappdata' );
|
||||
|
||||
my ( $host, $tmp );
|
||||
|
||||
# expectForm (result, host, uri, @requiredfield)
|
||||
( $host, $tmp, $query ) = expectForm( $res, '#', undef,
|
||||
( 'url', 'timezone', 'skin', 'user', 'password' ) );
|
||||
|
|
@ -162,7 +166,6 @@ SKIP: {
|
|||
$pdataidp = expectCookie( $res, 'lemonldappdata' );
|
||||
my $cookieidp = expectCookie( $res, 'lemonldap' );
|
||||
|
||||
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, 'auth.op.com', '/saml/proxySingleSignOnPost',
|
||||
'SAMLResponse', 'RelayState' );
|
||||
|
|
@ -184,55 +187,66 @@ SKIP: {
|
|||
$pdataop = expectCookie( $res, 'lemonldappdata' );
|
||||
my $cookieop = expectCookie( $res, 'lemonldap' );
|
||||
|
||||
( $url, $query ) =
|
||||
expectRedirection( $res, qr#^http://auth.op.com(/oauth2)\?*(.*)$# );
|
||||
|
||||
( $url, $query ) = expectRedirection( $res, qr#^http://auth.op.com(/oauth2)\?*(.*)$# );
|
||||
|
||||
ok( $res = $op->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $op->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop",
|
||||
),
|
||||
'Call OP from SAML SP' );
|
||||
'Call OP from SAML SP'
|
||||
);
|
||||
|
||||
$pdataop = expectCookie( $res, 'lemonldappdata' );
|
||||
|
||||
# No consent here because we have disabled it (oidcRPMetaDataOptionsBypassConsent)
|
||||
# No consent here because we have disabled it (oidcRPMetaDataOptionsBypassConsent)
|
||||
|
||||
($query) = expectRedirection( $res, qr#^http://auth.rp.com/?\?(.*)$# );
|
||||
|
||||
|
||||
# Push OP response to RP
|
||||
switch ('rp');
|
||||
|
||||
ok( $res = $rp->_get( '/', query => $query, accept => 'text/html' ),
|
||||
'Call openidconnectcallback on RP' );
|
||||
my $cookierp = expectCookie($res, 'lemonldap');
|
||||
my $cookierp = expectCookie( $res, 'lemonldap' );
|
||||
|
||||
# Authentication done on RP + OP + IDP
|
||||
|
||||
|
||||
# LOGOUT PROCESS ###########################################################
|
||||
$url = '/';
|
||||
$query = 'logout=1';
|
||||
ok( $res = $rp->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $rp->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$cookierp",
|
||||
),
|
||||
'Call logout from RP' );
|
||||
'Call logout from RP'
|
||||
);
|
||||
|
||||
# lemonldap cookie set to "0"
|
||||
$cookierp = expectCookie( $res, 'lemonldap' );
|
||||
ok( $cookierp eq "0", 'Test empty cookie on RP' );
|
||||
|
||||
# forward logout to OP
|
||||
( $url, $query ) = expectRedirection( $res, qr#^http://auth.op.com(/.*)\?(.*)$# );
|
||||
( $url, $query ) =
|
||||
expectRedirection( $res, qr#^http://auth.op.com(/.*)\?(.*)$# );
|
||||
|
||||
switch ('op');
|
||||
|
||||
ok( $res = $op->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $op->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldappdata=$pdataop; lemonldap=$cookieop",
|
||||
),
|
||||
'Forward logout to OP' );
|
||||
'Forward logout to OP'
|
||||
);
|
||||
|
||||
# expectForm (result, host, uri, @requiredfield)
|
||||
( $host, $tmp, $query ) = expectForm( $res, '#', undef,
|
||||
|
|
@ -253,27 +267,37 @@ SKIP: {
|
|||
$cookieop = expectCookie( $res, 'lemonldap' );
|
||||
ok( $cookieop eq "0", 'Test empty cookie on OP' );
|
||||
|
||||
( $url, $query ) = expectRedirection( $res, qr#^http://auth.rp.com(/?.*)\?(.*)$# );
|
||||
( $url, $query ) =
|
||||
expectRedirection( $res, qr#^http://auth.rp.com(/?.*)\?(.*)$# );
|
||||
|
||||
switch ('rp');
|
||||
|
||||
ok( $res = $rp->_get( $url, query => $query,
|
||||
ok(
|
||||
$res = $rp->_get(
|
||||
$url,
|
||||
query => $query,
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$cookierp",
|
||||
),
|
||||
'redirect to RP' );
|
||||
'redirect to RP'
|
||||
);
|
||||
|
||||
expectOK($res);
|
||||
|
||||
# test connexion on IDP
|
||||
switch('idp');
|
||||
ok( $res = $idp->_get( '/', query => '',
|
||||
switch ('idp');
|
||||
ok(
|
||||
$res = $idp->_get(
|
||||
'/',
|
||||
query => '',
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$cookieidp",
|
||||
),
|
||||
'Test if still logged on IDP' );
|
||||
'Test if still logged on IDP'
|
||||
);
|
||||
|
||||
like( $res->[2]->[0], qr/userfield/,
|
||||
like( $res->[2]->[0],
|
||||
qr/userfield/,
|
||||
'test presence of user field in form (prove successful logout)' );
|
||||
|
||||
}
|
||||
|
|
@ -311,7 +335,8 @@ sub op {
|
|||
oidcRPMetaDataOptionsClientSecret => "rpsecret",
|
||||
oidcRPMetaDataOptionsUserIDAttr => "",
|
||||
oidcRPMetaDataOptionsAccessTokenExpiration => 3600,
|
||||
oidcRPMetaDataOptionsPostLogoutRedirectUris => 'http://auth.rp.com?logout=1',
|
||||
oidcRPMetaDataOptionsPostLogoutRedirectUris =>
|
||||
'http://auth.rp.com?logout=1',
|
||||
}
|
||||
},
|
||||
oidcOPMetaDataOptions => {},
|
||||
|
|
@ -338,8 +363,9 @@ sub op {
|
|||
samlSPSSODescriptorWantAssertionsSigned => 1,
|
||||
samlIDPMetaDataXML => {
|
||||
'idp' => {
|
||||
samlIDPMetaDataXML =>
|
||||
samlIDPComplexMetaDataXML( 'idp', 'HTTP-Redirect', 'SOAP' )
|
||||
samlIDPMetaDataXML => samlIDPComplexMetaDataXML(
|
||||
'idp', 'HTTP-Redirect', 'SOAP'
|
||||
)
|
||||
},
|
||||
},
|
||||
samlIDPMetaDataOptions => {
|
||||
|
|
@ -441,7 +467,8 @@ sub idp {
|
|||
'samlSPMetaDataOptionsNameIDFormat' => '',
|
||||
'samlSPMetaDataOptionsNotOnOrAfterTimeout' => 72000,
|
||||
'samlSPMetaDataOptionsOneTimeUse' => 0,
|
||||
'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => 72000,
|
||||
'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' =>
|
||||
72000,
|
||||
'samlSPMetaDataOptionsSignSLOMessage' => -1,
|
||||
'samlSPMetaDataOptionsSignSSOMessage' => 1,
|
||||
'samlSPMetaDataOptionsSignatureMethod' => ''
|
||||
|
|
@ -449,8 +476,9 @@ sub idp {
|
|||
},
|
||||
samlSPMetaDataXML => {
|
||||
sp => {
|
||||
samlSPMetaDataXML =>
|
||||
samlSPComplexMetaDataXML( 'op', 'HTTP-Redirect', 'SOAP' ),
|
||||
samlSPMetaDataXML => samlSPComplexMetaDataXML(
|
||||
'op', 'HTTP-Redirect', 'SOAP'
|
||||
),
|
||||
'samlSPSSODescriptorAuthnRequestsSigned' => 1,
|
||||
'samlSPSSODescriptorWantAssertionsSigned' => 1,
|
||||
}
|
||||
|
|
|
|||
|
|
@ -98,8 +98,7 @@ my $notifs = q%[{
|
|||
|
||||
my $content = '{"uid":"dwho"}';
|
||||
|
||||
my $client = LLNG::Manager::Test->new(
|
||||
{
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
useSafeJail => 1,
|
||||
|
|
@ -374,10 +373,11 @@ ok(
|
|||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<input class="form-check-input" type="checkbox" name="check1x2x1" id="1x2x1" value="accepted"/>%,
|
||||
m%<input class="form-check-input" type="checkbox" name="check1x2x1" id="1x2x1" value="accepted"/>%,
|
||||
'Checkbox is displayed'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
my @c = ( $res->[2]->[0] =~ m%<input class="form-check-input" type="checkbox"%gs );
|
||||
my @c =
|
||||
( $res->[2]->[0] =~ m%<input class="form-check-input" type="checkbox"%gs );
|
||||
|
||||
## One entry found
|
||||
ok( @c == 1, ' -> One checkbox found' )
|
||||
|
|
@ -418,13 +418,13 @@ expectForm( $res, undef, '/notifback', 'reference1x1' );
|
|||
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<input class="form-check-input" type="checkbox" name="check1x1x1" id="1x1x1" value="accepted"/>%
|
||||
m%<input class="form-check-input" type="checkbox" name="check1x1x1" id="1x1x1" value="accepted"/>%
|
||||
and m%<label class="form-check-label" for="1x1x1">I agree</label>%,
|
||||
'Checkbox is displayed'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<input class="form-check-input" type="checkbox" name="check1x1x2" id="1x1x2" value="accepted"/>%
|
||||
m%<input class="form-check-input" type="checkbox" name="check1x1x2" id="1x1x2" value="accepted"/>%
|
||||
and m%<label class="form-check-label" for="1x1x2">I am sure</label>%,
|
||||
'Checkbox is displayed'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
|
|
|
|||
|
|
@ -52,11 +52,8 @@ SKIP: {
|
|||
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Unauth request' );
|
||||
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<input[^>]*name="password"%,
|
||||
'Password: Found text input'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ m%<input[^>]*name="password"%,
|
||||
'Password: Found text input' );
|
||||
|
||||
$query =~ s/.*\btoken=([^&]+).*/token=$1/;
|
||||
my $token;
|
||||
|
|
|
|||
|
|
@ -23,11 +23,8 @@ ok( $res = $client->_get( '/', accept => 'text/html' ), 'Unauth request' );
|
|||
count(1);
|
||||
|
||||
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<input[^>]*name="password"%,
|
||||
'Password: Found password input'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ m%<input[^>]*name="password"%,
|
||||
'Password: Found password input' );
|
||||
count(1);
|
||||
|
||||
$query =~ s/.*\b(token=[^&]+).*/$1/;
|
||||
|
|
|
|||
|
|
@ -58,7 +58,8 @@ SKIP: {
|
|||
ok( $subject eq 'Demonstration', 'Found subject' )
|
||||
or explain( $subject, 'Custom subject' );
|
||||
ok( $mail =~ m#a href="http://auth.example.com/register\?(.+?)"#,
|
||||
'Found register token' ) or explain( $mail, 'Confirm body' );
|
||||
'Found register token' )
|
||||
or explain( $mail, 'Confirm body' );
|
||||
$query = $1;
|
||||
ok( $query =~ /register_token=/, 'Found register_token' );
|
||||
ok( $mail =~ /Fôo/, 'UTF-8 works' ) or explain( $mail, 'Fôo' );
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ my $client = LLNG::Manager::Test->new( {
|
|||
checkDevOpsDownload => 0,
|
||||
checkDevOpsDisplayNormalizedHeaders => 0,
|
||||
hiddenAttributes => 'mail, UA',
|
||||
ldapExportedVars => { ldapExpVar => ''}
|
||||
ldapExportedVars => { ldapExpVar => '' }
|
||||
}
|
||||
}
|
||||
);
|
||||
|
|
@ -212,7 +212,8 @@ ok( $res->[2]->[0] =~ m%<span trspan="PE104"></span>%,
|
|||
ok( $res->[2]->[0] =~ m%<span trspan="unknownAttributes">%,
|
||||
'Found unknownAttributes' )
|
||||
or explain( $res->[2]->[0], 'trspan="unknownAttributes"' );
|
||||
ok( $res->[2]->[0] =~ m%dalek; none; other; test%, 'Found 4 unknown attributes' )
|
||||
ok( $res->[2]->[0] =~ m%dalek; none; other; test%,
|
||||
'Found 4 unknown attributes' )
|
||||
or explain( $res->[2]->[0], 'Unknown attributes' );
|
||||
count(4);
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,9 @@ my $client = LLNG::Manager::Test->new( {
|
|||
bruteForceProtection => 0,
|
||||
requireToken => 0,
|
||||
restSessionServer => 1,
|
||||
logoutServices => { 'mytest' => 'http://test1.example.com/logout.html' }, # page that does not exist
|
||||
logoutServices =>
|
||||
{ 'mytest' => 'http://test1.example.com/logout.html' }
|
||||
, # page that does not exist
|
||||
locationRules => {
|
||||
'test1.example.com' => {
|
||||
'(?#logout)^/logout.html' => 'unprotect',
|
||||
|
|
@ -30,7 +32,6 @@ my $client = LLNG::Manager::Test->new( {
|
|||
}
|
||||
);
|
||||
|
||||
|
||||
# Handler part
|
||||
use_ok('Lemonldap::NG::Handler::Server');
|
||||
use_ok('Lemonldap::NG::Common::PSGI::Cli::Lib');
|
||||
|
|
@ -40,7 +41,6 @@ my ( $cli, $app );
|
|||
ok( $app = Lemonldap::NG::Handler::Server->run( $client->ini ), 'App' );
|
||||
count(1);
|
||||
|
||||
|
||||
## First successful connection for 'dwho'
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
|
|
@ -52,7 +52,7 @@ ok(
|
|||
'1st "dwho" Auth query'
|
||||
);
|
||||
count(1);
|
||||
my $cookie = expectCookie($res, 'lemonldap');
|
||||
my $cookie = expectCookie( $res, 'lemonldap' );
|
||||
|
||||
expectRedirection( $res, 'http://auth.example.com/' );
|
||||
|
||||
|
|
@ -68,7 +68,6 @@ ok(
|
|||
);
|
||||
count(1);
|
||||
|
||||
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<h3 trspan="logoutFromOtherApp">logoutFromOtherApp</h3>%,
|
||||
|
|
@ -76,7 +75,7 @@ ok(
|
|||
) or explain( $res->[2]->[0], "PE_LOGOUT_OK" );
|
||||
count(1);
|
||||
|
||||
$cookie = expectCookie($res, 'lemonldap');
|
||||
$cookie = expectCookie( $res, 'lemonldap' );
|
||||
ok( $cookie eq "0", 'Test empty cookie sent at logout' );
|
||||
count(1);
|
||||
|
||||
|
|
@ -84,12 +83,12 @@ count(1);
|
|||
my $cookies = getCookies($res);
|
||||
my $id;
|
||||
ok(
|
||||
! defined( $id = $cookies->{'lemonldappdata'} ),
|
||||
!defined( $id = $cookies->{'lemonldappdata'} ),
|
||||
" Verify absence of cookie lemonldappdata"
|
||||
) or explain( 'Get lemonldappdata cookie' );
|
||||
) or explain('Get lemonldappdata cookie');
|
||||
count(1);
|
||||
|
||||
my ($logouturl) = grep(/iframe/, split("\n", $res->[2]->[0]));
|
||||
my ($logouturl) = grep( /iframe/, split( "\n", $res->[2]->[0] ) );
|
||||
$logouturl =~ s/.*<iframe src="([^"]+)".*/\1/;
|
||||
my $ep = $logouturl;
|
||||
$ep =~ s/https?:\/\/[^\/]+//;
|
||||
|
|
@ -126,9 +125,9 @@ count(1);
|
|||
$cookies = getCookies($res);
|
||||
$id;
|
||||
ok(
|
||||
! defined( $id = $cookies->{'lemonldappdata'} ),
|
||||
!defined( $id = $cookies->{'lemonldappdata'} ),
|
||||
" Verify absence of cookie lemonldappdata"
|
||||
) or explain( 'Get lemonldappdata cookie' );
|
||||
) or explain('Get lemonldappdata cookie');
|
||||
count(1);
|
||||
|
||||
clean_sessions();
|
||||
|
|
|
|||
|
|
@ -209,11 +209,8 @@ ok(
|
|||
count(1);
|
||||
expectOK($res);
|
||||
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="47">%,
|
||||
'Dwho has been well disconnected'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="47">%, 'Dwho has been well disconnected' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
|
||||
clean_sessions();
|
||||
|
|
|
|||
|
|
@ -119,11 +119,8 @@ ok(
|
|||
count(1);
|
||||
expectOK($res);
|
||||
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="47">%,
|
||||
'Dwho has been well disconnected'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="47">%, 'Dwho has been well disconnected' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
|
||||
clean_sessions();
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ BEGIN {
|
|||
require 't/test-lib.pm';
|
||||
}
|
||||
|
||||
my ($res, $id, $json);
|
||||
my ( $res, $id, $json );
|
||||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
|
|
|
|||
|
|
@ -224,9 +224,11 @@ $id1 = expectCookie($res);
|
|||
|
||||
ok( $res->[2]->[0] =~ /trspan="lastLogins"/, 'History found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ /<caption trspan="lastFailedLoginsCaptionLabel">/, 'History found' )
|
||||
ok( $res->[2]->[0] =~ /<caption trspan="lastFailedLoginsCaptionLabel">/,
|
||||
'History found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ /<caption trspan="lastLoginsCaptionLabel">/, 'History found' )
|
||||
ok( $res->[2]->[0] =~ /<caption trspan="lastLoginsCaptionLabel">/,
|
||||
'History found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
|
||||
my @c = ( $res->[2]->[0] =~ /<td>127.0.0.1/gs );
|
||||
|
|
|
|||
|
|
@ -60,11 +60,8 @@ ok(
|
|||
),
|
||||
'Form Authentification'
|
||||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="1">%,
|
||||
'Found PE_SESSIONEXPIRED code'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="1">%, 'Found PE_SESSIONEXPIRED code' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(2);
|
||||
|
||||
$client->logout($id1);
|
||||
|
|
|
|||
|
|
@ -59,11 +59,8 @@ ok(
|
|||
),
|
||||
'Form Authentification'
|
||||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="1">%,
|
||||
'Found PE_SESSIONEXPIRED code'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="1">%, 'Found PE_SESSIONEXPIRED code' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(2);
|
||||
|
||||
$client->logout($id1);
|
||||
|
|
|
|||
|
|
@ -124,7 +124,11 @@ ok( $res->[2]->[0] =~ /trspan="lastFailedLoginsCaptionLabel"/,
|
|||
or explain( $res->[2]->[0] );
|
||||
count(3);
|
||||
|
||||
like( $res->[2]->[0], qr,<th trspan="Language">Language</th>,, "Found plugin-set label" );
|
||||
like(
|
||||
$res->[2]->[0],
|
||||
qr,<th trspan="Language">Language</th>,,
|
||||
"Found plugin-set label"
|
||||
);
|
||||
count(1);
|
||||
|
||||
@c = ( $res->[2]->[0] =~ /<td>127.0.0.1/gs );
|
||||
|
|
|
|||
|
|
@ -198,7 +198,8 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new('user=dwho&password=dwho&stayconnected=1&checkLogins=1'),
|
||||
IO::String->new(
|
||||
'user=dwho&password=dwho&stayconnected=1&checkLogins=1'),
|
||||
length => 53
|
||||
),
|
||||
'Auth query'
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ ok(
|
|||
expectRedirection( $res, 'http://auth.example.com/' );
|
||||
my $cid = expectCookie( $res, 'llngpersistent' );
|
||||
ok( $res->[1]->[5] =~ /\bsecure\b/, ' Secure cookie found' )
|
||||
or explain($res->[1]->[5], 'Secure cookie found' );
|
||||
or explain( $res->[1]->[5], 'Secure cookie found' );
|
||||
count(2);
|
||||
$client->logout($id);
|
||||
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ ok(
|
|||
expectRedirection( $res, 'http://auth.example.com/' );
|
||||
my $cid = expectCookie( $res, 'llngconnection' );
|
||||
ok( $res->[1]->[5] =~ /\bHttpOnly=1\b/, ' HTTP cookie found' )
|
||||
or explain($res->[1]->[5], 'HTTP cookie found' );
|
||||
or explain( $res->[1]->[5], 'HTTP cookie found' );
|
||||
count(2);
|
||||
$client->logout($id);
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ use IO::String;
|
|||
|
||||
require 't/test-lib.pm';
|
||||
|
||||
|
||||
my $res;
|
||||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
|
|
@ -89,7 +88,8 @@ count(2);
|
|||
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
|
||||
|
||||
# Bad VHost (checkXSS)
|
||||
$query =~ s/url=http%3A%2F%2Fappli.example.llng/url=http%3A%2F%2Fappli'.example.llng/;
|
||||
$query =~
|
||||
s/url=http%3A%2F%2Fappli.example.llng/url=http%3A%2F%2Fappli'.example.llng/;
|
||||
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ use IO::String;
|
|||
|
||||
require 't/test-lib.pm';
|
||||
|
||||
|
||||
my $res;
|
||||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ use IO::String;
|
|||
|
||||
require 't/test-lib.pm';
|
||||
|
||||
|
||||
my $res;
|
||||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
|
|
|
|||
|
|
@ -293,7 +293,8 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
my $devices;
|
||||
ok(
|
||||
$devices = $res->[2]->[0] =~ s%<span device=\'(?:TOTP|U2F)\' epoch=\'\d{10}\'%%g,
|
||||
$devices =
|
||||
$res->[2]->[0] =~ s%<span device=\'(?:TOTP|U2F)\' epoch=\'\d{10}\'%%g,
|
||||
'2F device found'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $devices == 2, '2F devices found' )
|
||||
|
|
@ -412,7 +413,8 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
'Found choose 2F' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$devices = $res->[2]->[0] =~ s%<span device=\'TOTP\' epoch=\'\d{10}\'%%g,
|
||||
$devices =
|
||||
$res->[2]->[0] =~ s%<span device=\'TOTP\' epoch=\'\d{10}\'%%g,
|
||||
'2F device found'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $devices == 1, '2F device found' )
|
||||
|
|
@ -537,13 +539,14 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
ok( $res->[2]->[0] =~ /<span id="msg" trspan="choose2f">/,
|
||||
'Found choose 2F' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$res->[2]->[0] =~ m%<span device=\'TOTP\' epoch=\'(\d{10})\'%,
|
||||
'TOTP found'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span device=\'TOTP\' epoch=\'(\d{10})\'%,
|
||||
'TOTP found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
$epoch = $1;
|
||||
ok(
|
||||
$devices = $res->[2]->[0] =~ s%<span device=\'(?:TOTP|U2F)\' epoch=\'(?:\d{10})\'%%g,
|
||||
$devices =
|
||||
$res->[2]->[0] =~
|
||||
s%<span device=\'(?:TOTP|U2F)\' epoch=\'(?:\d{10})\'%%g,
|
||||
'2F devices found'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $devices == 2, '2F devices registered' )
|
||||
|
|
@ -574,14 +577,15 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
),
|
||||
'Form 2fregisters'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ /<span trspan="remove2fWarning">/,
|
||||
'Found 2F modal' )
|
||||
ok( $res->[2]->[0] =~ /<span trspan="remove2fWarning">/, 'Found 2F modal' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ /<span id="msg" trspan="choose2f">/,
|
||||
'Found choose 2F' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$devices = $res->[2]->[0] =~ s%<span device=\'(?:TOTP|U2F)\' epoch=\'(\d{10})\'%%g,
|
||||
$devices =
|
||||
$res->[2]->[0] =~
|
||||
s%<span device=\'(?:TOTP|U2F)\' epoch=\'(\d{10})\'%%g,
|
||||
'2F device found'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $devices == 1, '2F device registered' )
|
||||
|
|
|
|||
|
|
@ -255,11 +255,8 @@ ok(
|
|||
'Get Menu',
|
||||
);
|
||||
expectOK($res);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="47">%,
|
||||
'Dwho has been well disconnected'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="47">%, 'Dwho has been well disconnected' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(2);
|
||||
|
||||
clean_sessions();
|
||||
|
|
|
|||
|
|
@ -106,11 +106,8 @@ ok(
|
|||
),
|
||||
'POST expired switchcontext'
|
||||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="82"></span>%,
|
||||
'Found "<span trmsg="82">"'
|
||||
) or explain( $res->[2]->[0], '<span trmsg="82">' );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="82"></span>%, 'Found "<span trmsg="82">"' )
|
||||
or explain( $res->[2]->[0], '<span trmsg="82">' );
|
||||
count(3);
|
||||
|
||||
# ContextSwitching form
|
||||
|
|
|
|||
|
|
@ -418,11 +418,8 @@ ok(
|
|||
);
|
||||
expectOK($res);
|
||||
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="47">%,
|
||||
'Dwho has been well disconnected'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="47">%, 'Dwho has been well disconnected' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(2);
|
||||
|
||||
clean_sessions();
|
||||
|
|
|
|||
|
|
@ -12,7 +12,8 @@ my $client = LLNG::Manager::Test->new( {
|
|||
logLevel => 'error',
|
||||
passwordDB => 'Demo',
|
||||
impersonationRule => 1,
|
||||
customFunctions => 'My::accesToTrace My::return0,, My::return1 ',
|
||||
customFunctions =>
|
||||
'My::accesToTrace My::return0,, My::return1 ',
|
||||
customPlugins =>
|
||||
't::AfterDataCustomPlugin t::CasHookPlugin,, t::OidcHookPlugin ',
|
||||
customPluginsParams => { uid => 'rtyler' }
|
||||
|
|
|
|||
|
|
@ -75,11 +75,8 @@ ok(
|
|||
),
|
||||
'Auth query'
|
||||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="5">%,
|
||||
' PE5 found'
|
||||
) or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="5">%, ' PE5 found' )
|
||||
or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
|
||||
count(2);
|
||||
|
||||
## Try to Impersonate a forbidden identity with an Unrestricted user
|
||||
|
|
|
|||
|
|
@ -81,11 +81,8 @@ ok(
|
|||
),
|
||||
'Auth query'
|
||||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="5">%,
|
||||
' PE5 found'
|
||||
) or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="5">%, ' PE5 found' )
|
||||
or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
|
||||
count(2);
|
||||
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
|
||||
|
|
@ -110,11 +107,8 @@ ok(
|
|||
),
|
||||
'Auth query'
|
||||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span trmsg="93">%,
|
||||
' PE93 found'
|
||||
) or explain( $res->[2]->[0], "PE93 - Impersonation service not allowed" );
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="93">%, ' PE93 found' )
|
||||
or explain( $res->[2]->[0], "PE93 - Impersonation service not allowed" );
|
||||
count(2);
|
||||
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
|
||||
|
|
|
|||
|
|
@ -156,15 +156,16 @@ count(1);
|
|||
my $json;
|
||||
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
|
||||
or print STDERR "$@\n" . Dumper($res);
|
||||
my @real_hGroups = map { $_->{key} eq 'real_hGroups' ? $_ : () }
|
||||
@{ $json->{ATTRIBUTES} };
|
||||
ok( keys %{$real_hGroups[0]->{value}} == 5, 'Right number of real_hGroups found' )
|
||||
or explain( $real_hGroups[0]->{value}, 'Wrong real_hGroups' );
|
||||
my @real_hGroups =
|
||||
map { $_->{key} eq 'real_hGroups' ? $_ : () } @{ $json->{ATTRIBUTES} };
|
||||
ok(
|
||||
keys %{ $real_hGroups[0]->{value} } == 5,
|
||||
'Right number of real_hGroups found'
|
||||
) or explain( $real_hGroups[0]->{value}, 'Wrong real_hGroups' );
|
||||
count(2);
|
||||
|
||||
my @hGroups = map { $_->{key} eq 'hGroups' ? $_ : () }
|
||||
@{ $json->{ATTRIBUTES} };
|
||||
ok( keys %{$hGroups[0]->{value}} == 4, 'Right number of hGroups found' )
|
||||
my @hGroups = map { $_->{key} eq 'hGroups' ? $_ : () } @{ $json->{ATTRIBUTES} };
|
||||
ok( keys %{ $hGroups[0]->{value} } == 4, 'Right number of hGroups found' )
|
||||
or explain( $hGroups[0]->{value}, 'Wrong hGroups' );
|
||||
count(1);
|
||||
|
||||
|
|
|
|||
|
|
@ -164,15 +164,16 @@ count(1);
|
|||
my $json;
|
||||
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
|
||||
or print STDERR "$@\n" . Dumper($res);
|
||||
my @real_hGroups = map { $_->{key} eq 'real_hGroups' ? $_ : () }
|
||||
@{ $json->{ATTRIBUTES} };
|
||||
ok( keys %{$real_hGroups[0]->{value}} == 5, 'Right number of real_hGroups found' )
|
||||
or explain( $real_hGroups[0]->{value}, 'Wrong real_hGroups' );
|
||||
my @real_hGroups =
|
||||
map { $_->{key} eq 'real_hGroups' ? $_ : () } @{ $json->{ATTRIBUTES} };
|
||||
ok(
|
||||
keys %{ $real_hGroups[0]->{value} } == 5,
|
||||
'Right number of real_hGroups found'
|
||||
) or explain( $real_hGroups[0]->{value}, 'Wrong real_hGroups' );
|
||||
count(2);
|
||||
|
||||
my @hGroups = map { $_->{key} eq 'hGroups' ? $_ : () }
|
||||
@{ $json->{ATTRIBUTES} };
|
||||
ok( keys %{$hGroups[0]->{value}} == 6, 'Right number of hGroups found' )
|
||||
my @hGroups = map { $_->{key} eq 'hGroups' ? $_ : () } @{ $json->{ATTRIBUTES} };
|
||||
ok( keys %{ $hGroups[0]->{value} } == 6, 'Right number of hGroups found' )
|
||||
or explain( $hGroups[0]->{value}, 'Wrong hGroups' );
|
||||
count(1);
|
||||
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue