Fix default value (#1825)
This commit is contained in:
parent
69d2a2db0c
commit
b94cbe0144
|
@ -24,7 +24,7 @@ use constant MANAGERSECTION => "manager";
|
|||
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
|
||||
use constant APPLYSECTION => "apply";
|
||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustomAddParam|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|p(?:ortal(?:ErrorOn(?:ExpiredSession|MailNotFound)|DisplayRe(?:setPassword|gister)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|(?:mai(?:lOnPasswordChang|ntenanc)|enablePersistentStorag|vhostMaintenanc)e|no(?:tif(?:ication(?:Server)?|y(?:Deleted|Other))|AjaxHook)|rest(?:(?:Session|Config)Server|ExportSecretKeys)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs)|dbiDynamicHashEnabled|bruteForceProtection)$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|p(?:ortal(?:ErrorOn(?:ExpiredSession|MailNotFound)|DisplayRe(?:setPassword|gister)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|no(?:tif(?:ication(?:Server)?|y(?:Deleted|Other))|AjaxHook)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|rest(?:(?:Session|Config)Server|ExportSecretKeys)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs)|bruteForceProtection)$/;
|
||||
|
||||
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
|
||||
|
||||
|
|
|
@ -57,9 +57,8 @@ sub defaultValues {
|
|||
'mail' => 'mail',
|
||||
'uid' => 'uid'
|
||||
},
|
||||
'domain' => 'example.com',
|
||||
'enablePersistentStorage' => 1,
|
||||
'exportedVars' => {
|
||||
'domain' => 'example.com',
|
||||
'exportedVars' => {
|
||||
'UA' => 'HTTP_USER_AGENT'
|
||||
},
|
||||
'ext2fActivation' => 0,
|
||||
|
|
|
@ -1095,6 +1095,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'test' => qr/^[a-zA-Z][a-zA-Z0-9_:\-]*$/,
|
||||
'type' => 'keyTextContainer'
|
||||
},
|
||||
'disablePersistentStorage' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'domain' => {
|
||||
'default' => 'example.com',
|
||||
'msgFail' => '__badDomainName__',
|
||||
|
@ -1102,10 +1106,6 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/,
|
||||
'type' => 'text'
|
||||
},
|
||||
'enablePersistentStorage' => {
|
||||
'default' => 1,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'exportedAttr' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
|
|
|
@ -1143,8 +1143,8 @@ sub attributes {
|
|||
keyMsgFail => '__invalidSessionData__',
|
||||
documentation => 'Data to remember in login history',
|
||||
},
|
||||
enablePersistentStorage => {
|
||||
default => 1,
|
||||
disablePersistentStorage => {
|
||||
default => 0,
|
||||
type => 'bool',
|
||||
documentation => 'Enabled persistent storage',
|
||||
},
|
||||
|
|
|
@ -542,7 +542,7 @@ sub tree {
|
|||
{
|
||||
title => 'persistentSessions',
|
||||
nodes => [
|
||||
'enablePersistentStorage',
|
||||
'disablePersistentStorage',
|
||||
'persistentStorage',
|
||||
'persistentStorageOptions'
|
||||
]
|
||||
|
|
|
@ -655,7 +655,7 @@ sub tests {
|
|||
|
||||
# Warn if persistent storage is disabled with 2FA, History, OIDCConsents and Notifications
|
||||
persistentStorage => sub {
|
||||
return 1 if ( $conf->{enablePersistentStorage} );
|
||||
return 1 unless ( $conf->{disablePersistentStorage} );
|
||||
return ( 1, "2FA enabled WITHOUT persistent session storage" )
|
||||
if ( $conf->{totp2fActivation}
|
||||
|| $conf->{yubikey2fActivation}
|
||||
|
|
|
@ -256,7 +256,7 @@
|
|||
"emptyConf":"إعدادات فارغة",
|
||||
"emptyValueNotAllowed":"القيمة الفارغة غير مسموح بها",
|
||||
"enabled":"مفعلة",
|
||||
"enablePersistentStorage":"Storage",
|
||||
"disablePersistentStorage":"Disable storage",
|
||||
"enterPassword":"أدخل كلمة المرور (اختياري)",
|
||||
"error":"خطأ",
|
||||
"errors":"ERRORS",
|
||||
|
|
|
@ -256,7 +256,7 @@
|
|||
"emptyConf":"Empty configuration",
|
||||
"emptyValueNotAllowed":"Empty value not allowed",
|
||||
"enabled":"Aktiviert",
|
||||
"enablePersistentStorage":"Storage",
|
||||
"disablePersistentStorage":"Disable storage",
|
||||
"enterPassword":"Enter password (optional)",
|
||||
"error":"Error",
|
||||
"errors":"ERRORS",
|
||||
|
|
|
@ -256,7 +256,7 @@
|
|||
"emptyConf":"Empty configuration",
|
||||
"emptyValueNotAllowed":"Empty value not allowed",
|
||||
"enabled":"Enabled",
|
||||
"enablePersistentStorage":"Storage",
|
||||
"disablePersistentStorage":"Disable storage",
|
||||
"enterPassword":"Enter password (optional)",
|
||||
"error":"Error",
|
||||
"errors":"ERRORS",
|
||||
|
|
|
@ -256,7 +256,7 @@
|
|||
"emptyConf":"Configuration vide",
|
||||
"emptyValueNotAllowed":"Valeur nulle non accordé",
|
||||
"enabled":"Activé",
|
||||
"enablePersistentStorage":"Stockage",
|
||||
"disablePersistentStorage":"Désactiver le stockage",
|
||||
"enterPassword":"Entrer le mot de passe (optionnel)",
|
||||
"error":"Erreur",
|
||||
"errors":"ERREURS",
|
||||
|
|
|
@ -256,7 +256,7 @@
|
|||
"emptyConf":"Configurazione vuota",
|
||||
"emptyValueNotAllowed":"Valore vuoto non consentito",
|
||||
"enabled":"Abilitato",
|
||||
"enablePersistentStorage":"Storage",
|
||||
"disablePersistentStorage":"Disable storage",
|
||||
"enterPassword":"Inserisci password (opzionale)",
|
||||
"error":"Errore",
|
||||
"errors":"ERRORI",
|
||||
|
|
|
@ -256,7 +256,7 @@
|
|||
"emptyConf":"Cấu hình trống rỗng",
|
||||
"emptyValueNotAllowed":"Không cho phép giá trị trống",
|
||||
"enabled":"Đã bật",
|
||||
"enablePersistentStorage":"Storage",
|
||||
"disablePersistentStorage":"Disable storage",
|
||||
"enterPassword":"Nhập mật khẩu (tùy chọn)",
|
||||
"error":"Lỗi",
|
||||
"errors":"ERRORS",
|
||||
|
|
|
@ -256,7 +256,7 @@
|
|||
"emptyConf":"Empty configuration",
|
||||
"emptyValueNotAllowed":"Empty value not allowed",
|
||||
"enabled":"开启",
|
||||
"enablePersistentStorage":"Storage",
|
||||
"disablePersistentStorage":"Disable storage",
|
||||
"enterPassword":"输入密码(可选)",
|
||||
"error":"错误",
|
||||
"errors":"ERRORS",
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -1348,11 +1348,11 @@
|
|||
"id": "persistentSessions",
|
||||
"title": "persistentSessions",
|
||||
"nodes": [{
|
||||
"default": 1,
|
||||
"id": "enablePersistentStorage",
|
||||
"title": "enablePersistentStorage",
|
||||
"default": 0,
|
||||
"id": "disablePersistentStorage",
|
||||
"title": "disablePersistentStorage",
|
||||
"type": "bool",
|
||||
"data": 1
|
||||
"data": 0
|
||||
}, {
|
||||
"id": "persistentStorage",
|
||||
"title": "persistentStorage",
|
||||
|
|
|
@ -1348,11 +1348,11 @@
|
|||
"id": "persistentSessions",
|
||||
"title": "persistentSessions",
|
||||
"nodes": [{
|
||||
"default": 1,
|
||||
"id": "enablePersistentStorage",
|
||||
"title": "enablePersistentStorage",
|
||||
"default": 0,
|
||||
"id": "disablePersistentStorage",
|
||||
"title": "disablePersistentStorage",
|
||||
"type": "bool",
|
||||
"data": 1
|
||||
"data": 0
|
||||
}, {
|
||||
"id": "persistentStorage",
|
||||
"title": "persistentStorage",
|
||||
|
|
|
@ -403,9 +403,8 @@ sub getApacheSession {
|
|||
# Try to recover the persistent session corresponding to uid and return session data.
|
||||
sub getPersistentSession {
|
||||
my ( $self, $uid, $info ) = @_;
|
||||
my $enabledStorage = $self->conf->{enablePersistentStorage} // 1;
|
||||
|
||||
return unless ( defined $uid and $enabledStorage );
|
||||
return unless ( defined $uid and !$self->conf->{disablePersistentStorage} );
|
||||
|
||||
# Compute persistent identifier
|
||||
my $pid = $self->_md5hash($uid);
|
||||
|
@ -450,10 +449,9 @@ sub getPersistentSession {
|
|||
# @return nothing
|
||||
sub updatePersistentSession {
|
||||
my ( $self, $req, $infos, $uid, $id ) = @_;
|
||||
my $enabledStorage = $self->conf->{enablePersistentStorage} // 1;
|
||||
|
||||
# Return if no infos to update
|
||||
return () unless ( ref $infos eq 'HASH' and %$infos and $enabledStorage );
|
||||
return () unless ( ref $infos eq 'HASH' and %$infos and !$self->conf->{disablePersistentStorage} );
|
||||
|
||||
$uid ||= $req->{sessionInfo}->{ $self->conf->{whatToTrace} }
|
||||
|| $req->userData->{ $self->conf->{whatToTrace} };
|
||||
|
|
|
@ -24,7 +24,7 @@ SKIP: {
|
|||
totp2fDigits => 8,
|
||||
totp2fTTL => -1,
|
||||
loginHistoryEnabled => 1,
|
||||
enablePersistentStorage => 0,
|
||||
disablePersistentStorage => 1,
|
||||
}
|
||||
}
|
||||
);
|
||||
|
|
Loading…
Reference in New Issue
Block a user