Tidy
This commit is contained in:
parent
372b95fba9
commit
bb9e03d1e5
|
@ -23,16 +23,20 @@ use constant HANDLERSECTION => "handler";
|
|||
use constant MANAGERSECTION => "manager";
|
||||
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
|
||||
use constant APPLYSECTION => "apply";
|
||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|o(?:ntextSwitchingStopWithLogout|mpactConf|rsEnabled)|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
|
||||
our $hashParameters =
|
||||
qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||
our $boolKeys =
|
||||
qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|o(?:ntextSwitchingStopWithLogout|mpactConf|rsEnabled)|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
|
||||
|
||||
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
|
||||
our @sessionTypes = (
|
||||
'remoteGlobal', 'global', 'localSession', 'persistent',
|
||||
'saml', 'oidc', 'cas'
|
||||
);
|
||||
|
||||
sub NO {qr/^(?:off|no|0)?$/i}
|
||||
sub NO { qr/^(?:off|no|0)?$/i }
|
||||
|
||||
our %EXPORT_TAGS = (
|
||||
'all' => [
|
||||
qw(
|
||||
'all' => [ qw(
|
||||
CONFIG_WAS_CHANGED
|
||||
UNKNOWN_ERROR
|
||||
DATABASE_LOCKED
|
||||
|
|
|
@ -7,30 +7,54 @@ use base qw(Exporter);
|
|||
|
||||
our $VERSION = '2.0.9';
|
||||
|
||||
our %EXPORT_TAGS = ( 'all' => [qw($simpleHashKeys $doubleHashKeys $specialNodeKeys $casAppMetaDataNodeKeys $casSrvMetaDataNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters $casServiceParameters)] );
|
||||
our %EXPORT_TAGS = (
|
||||
'all' => [
|
||||
qw($simpleHashKeys $doubleHashKeys $specialNodeKeys $casAppMetaDataNodeKeys $casSrvMetaDataNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters $casServiceParameters)
|
||||
]
|
||||
);
|
||||
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
|
||||
our @EXPORT = ( @{ $EXPORT_TAGS{'all'} } );
|
||||
|
||||
our $specialNodeHash = {
|
||||
virtualHosts => [qw(exportedHeaders locationRules post vhostOptions)],
|
||||
samlIDPMetaDataNodes => [qw(samlIDPMetaDataXML samlIDPMetaDataExportedAttributes samlIDPMetaDataOptions)],
|
||||
samlSPMetaDataNodes => [qw(samlSPMetaDataXML samlSPMetaDataExportedAttributes samlSPMetaDataOptions samlSPMetaDataMacros)],
|
||||
oidcOPMetaDataNodes => [qw(oidcOPMetaDataJSON oidcOPMetaDataJWKS oidcOPMetaDataOptions oidcOPMetaDataExportedVars)],
|
||||
oidcRPMetaDataNodes => [qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims oidcRPMetaDataMacros)],
|
||||
casSrvMetaDataNodes => [qw(casSrvMetaDataOptions casSrvMetaDataExportedVars)],
|
||||
casAppMetaDataNodes => [qw(casAppMetaDataOptions casAppMetaDataExportedVars casAppMetaDataMacros)],
|
||||
samlIDPMetaDataNodes => [
|
||||
qw(samlIDPMetaDataXML samlIDPMetaDataExportedAttributes samlIDPMetaDataOptions)
|
||||
],
|
||||
samlSPMetaDataNodes => [
|
||||
qw(samlSPMetaDataXML samlSPMetaDataExportedAttributes samlSPMetaDataOptions samlSPMetaDataMacros)
|
||||
],
|
||||
oidcOPMetaDataNodes => [
|
||||
qw(oidcOPMetaDataJSON oidcOPMetaDataJWKS oidcOPMetaDataOptions oidcOPMetaDataExportedVars)
|
||||
],
|
||||
oidcRPMetaDataNodes => [
|
||||
qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims oidcRPMetaDataMacros)
|
||||
],
|
||||
casSrvMetaDataNodes =>
|
||||
[qw(casSrvMetaDataOptions casSrvMetaDataExportedVars)],
|
||||
casAppMetaDataNodes => [
|
||||
qw(casAppMetaDataOptions casAppMetaDataExportedVars casAppMetaDataMacros)
|
||||
],
|
||||
};
|
||||
|
||||
our $doubleHashKeys = 'issuerDBGetParameters';
|
||||
our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustom(?:Plugins|Add)Param|ombModule)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|macro)s|o(?:idcS(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember|fExtra)|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
|
||||
our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
|
||||
our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:UserAttribut|Servic|Rul)e|(?:ExportedVar|Macro)s)';
|
||||
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)';
|
||||
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
|
||||
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:(?:uthorizationCode|ccessToken)Expiration|llow(?:PasswordGrant|Offline)|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|(?:ExportedVar|Macro)s)';
|
||||
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
|
||||
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|(?:ExportedAttribute|Macro)s|XML)';
|
||||
our $virtualHostKeys = '(?:vhost(?:A(?:uthnLevel|liases)|(?:Maintenanc|Typ)e|ServiceTokenTTL|Https|Port)|(?:exportedHeader|locationRule)s|post)';
|
||||
our $simpleHashKeys =
|
||||
'(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustom(?:Plugins|Add)Param|ombModule)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|macro)s|o(?:idcS(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember|fExtra)|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
|
||||
our $specialNodeKeys =
|
||||
'(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
|
||||
our $casAppMetaDataNodeKeys =
|
||||
'casAppMetaData(?:Options(?:UserAttribut|Servic|Rul)e|(?:ExportedVar|Macro)s)';
|
||||
our $casSrvMetaDataNodeKeys =
|
||||
'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)';
|
||||
our $oidcOPMetaDataNodeKeys =
|
||||
'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
|
||||
our $oidcRPMetaDataNodeKeys =
|
||||
'oidcRPMetaData(?:Options(?:A(?:(?:uthorizationCode|ccessToken)Expiration|llow(?:PasswordGrant|Offline)|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|(?:ExportedVar|Macro)s)';
|
||||
our $samlIDPMetaDataNodeKeys =
|
||||
'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
|
||||
our $samlSPMetaDataNodeKeys =
|
||||
'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|(?:ExportedAttribute|Macro)s|XML)';
|
||||
our $virtualHostKeys =
|
||||
'(?:vhost(?:A(?:uthnLevel|liases)|(?:Maintenanc|Typ)e|ServiceTokenTTL|Https|Port)|(?:exportedHeader|locationRule)s|post)';
|
||||
|
||||
our $authParameters = {
|
||||
adParams => [qw(ADPwdMaxAge ADPwdExpireWarning)],
|
||||
|
@ -38,37 +62,72 @@ our $authParameters = {
|
|||
casParams => [qw(casAuthnLevel)],
|
||||
choiceParams => [qw(authChoiceParam authChoiceModules authChoiceAuthBasic)],
|
||||
combinationParams => [qw(combination combModules)],
|
||||
customParams => [qw(customAuth customUserDB customPassword customRegister customResetCertByMail customAddParams)],
|
||||
dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash dbiDynamicHashEnabled dbiDynamicHashValidSchemes dbiDynamicHashValidSaltedSchemes dbiDynamicHashNewPasswordScheme)],
|
||||
customParams => [
|
||||
qw(customAuth customUserDB customPassword customRegister customResetCertByMail customAddParams)
|
||||
],
|
||||
dbiParams => [
|
||||
qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash dbiDynamicHashEnabled dbiDynamicHashValidSchemes dbiDynamicHashValidSaltedSchemes dbiDynamicHashNewPasswordScheme)
|
||||
],
|
||||
demoParams => [qw(demoExportedVars)],
|
||||
facebookParams => [qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret facebookUserField)],
|
||||
githubParams => [qw(githubAuthnLevel githubClientID githubClientSecret githubUserField githubScope)],
|
||||
facebookParams => [
|
||||
qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret facebookUserField)
|
||||
],
|
||||
githubParams => [
|
||||
qw(githubAuthnLevel githubClientID githubClientSecret githubUserField githubScope)
|
||||
],
|
||||
gpgParams => [qw(gpgAuthnLevel gpgDb)],
|
||||
kerberosParams => [qw(krbAuthnLevel krbKeytab krbByJs krbRemoveDomain)],
|
||||
ldapParams => [qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupDecodeSearchedValue ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue ldapAllowResetExpiredPassword ldapITDS)],
|
||||
linkedinParams => [qw(linkedInAuthnLevel linkedInClientID linkedInClientSecret linkedInFields linkedInUserField linkedInScope)],
|
||||
ldapParams => [
|
||||
qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupDecodeSearchedValue ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue ldapAllowResetExpiredPassword ldapITDS)
|
||||
],
|
||||
linkedinParams => [
|
||||
qw(linkedInAuthnLevel linkedInClientID linkedInClientSecret linkedInFields linkedInUserField linkedInScope)
|
||||
],
|
||||
nullParams => [qw(nullAuthnLevel)],
|
||||
oidcParams => [qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)],
|
||||
openidParams => [qw(openIdAuthnLevel openIdExportedVars openIdSecret openIdIDPList)],
|
||||
oidcParams =>
|
||||
[qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)],
|
||||
openidParams =>
|
||||
[qw(openIdAuthnLevel openIdExportedVars openIdSecret openIdIDPList)],
|
||||
pamParams => [qw(pamAuthnLevel pamService)],
|
||||
proxyParams => [qw(proxyAuthnLevel proxyAuthService proxySessionService remoteCookieName proxyUseSoap)],
|
||||
proxyParams => [
|
||||
qw(proxyAuthnLevel proxyAuthService proxySessionService remoteCookieName proxyUseSoap)
|
||||
],
|
||||
radiusParams => [qw(radiusAuthnLevel radiusSecret radiusServer)],
|
||||
remoteParams => [qw(remotePortal remoteCookieName remoteGlobalStorage remoteGlobalStorageOptions)],
|
||||
restParams => [qw(restAuthnLevel restAuthUrl restUserDBUrl restPwdConfirmUrl restPwdModifyUrl)],
|
||||
slaveParams => [qw(slaveAuthnLevel slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent slaveDisplayLogo slaveExportedVars)],
|
||||
remoteParams => [
|
||||
qw(remotePortal remoteCookieName remoteGlobalStorage remoteGlobalStorageOptions)
|
||||
],
|
||||
restParams => [
|
||||
qw(restAuthnLevel restAuthUrl restUserDBUrl restPwdConfirmUrl restPwdModifyUrl)
|
||||
],
|
||||
slaveParams => [
|
||||
qw(slaveAuthnLevel slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent slaveDisplayLogo slaveExportedVars)
|
||||
],
|
||||
sslParams => [qw(SSLAuthnLevel SSLVar SSLVarIf sslByAjax sslHost)],
|
||||
twitterParams => [qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName twitterUserField)],
|
||||
twitterParams => [
|
||||
qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName twitterUserField)
|
||||
],
|
||||
webidParams => [qw(webIDAuthnLevel webIDExportedVars webIDWhitelist)],
|
||||
};
|
||||
our $issuerParameters = {
|
||||
issuerDBCAS => [qw(issuerDBCASActivation issuerDBCASPath issuerDBCASRule)],
|
||||
issuerDBGet => [qw(issuerDBGetActivation issuerDBGetPath issuerDBGetRule issuerDBGetParameters)],
|
||||
issuerDBOpenID => [qw(issuerDBOpenIDActivation issuerDBOpenIDPath issuerDBOpenIDRule openIdIssuerSecret openIdAttr openIdSPList openIdSreg_fullname openIdSreg_nickname openIdSreg_language openIdSreg_postcode openIdSreg_timezone openIdSreg_country openIdSreg_gender openIdSreg_email openIdSreg_dob)],
|
||||
issuerDBOpenIDConnect => [qw(issuerDBOpenIDConnectActivation issuerDBOpenIDConnectPath issuerDBOpenIDConnectRule)],
|
||||
issuerDBSAML => [qw(issuerDBSAMLActivation issuerDBSAMLPath issuerDBSAMLRule)],
|
||||
issuerDBGet => [
|
||||
qw(issuerDBGetActivation issuerDBGetPath issuerDBGetRule issuerDBGetParameters)
|
||||
],
|
||||
issuerDBOpenID => [
|
||||
qw(issuerDBOpenIDActivation issuerDBOpenIDPath issuerDBOpenIDRule openIdIssuerSecret openIdAttr openIdSPList openIdSreg_fullname openIdSreg_nickname openIdSreg_language openIdSreg_postcode openIdSreg_timezone openIdSreg_country openIdSreg_gender openIdSreg_email openIdSreg_dob)
|
||||
],
|
||||
issuerDBOpenIDConnect => [
|
||||
qw(issuerDBOpenIDConnectActivation issuerDBOpenIDConnectPath issuerDBOpenIDConnectRule)
|
||||
],
|
||||
issuerDBSAML =>
|
||||
[qw(issuerDBSAMLActivation issuerDBSAMLPath issuerDBSAMLRule)],
|
||||
issuerOptions => [qw(issuersTimeout)],
|
||||
};
|
||||
our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlMetadataForceUTF8 samlRelayStateTimeout samlUseQueryStringSpecific samlOverrideIDPEntityID samlStorage samlStorageOptions samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive)];
|
||||
our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataIntrospectionURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcServiceAuthorizationCodeExpiration oidcServiceAccessTokenExpiration oidcServiceIDTokenExpiration oidcServiceOfflineSessionExpiration oidcStorage oidcStorageOptions oidcServiceDynamicRegistrationExportedVars oidcServiceDynamicRegistrationExtraClaims)];
|
||||
our $samlServiceParameters = [
|
||||
qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlMetadataForceUTF8 samlRelayStateTimeout samlUseQueryStringSpecific samlOverrideIDPEntityID samlStorage samlStorageOptions samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive)
|
||||
];
|
||||
our $oidcServiceParameters = [
|
||||
qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataIntrospectionURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcServiceAuthorizationCodeExpiration oidcServiceAccessTokenExpiration oidcServiceIDTokenExpiration oidcServiceOfflineSessionExpiration oidcStorage oidcStorageOptions oidcServiceDynamicRegistrationExportedVars oidcServiceDynamicRegistrationExtraClaims)
|
||||
];
|
||||
|
||||
1;
|
||||
|
|
|
@ -1444,7 +1444,8 @@ sub attributes {
|
|||
portalRequireOldPassword => {
|
||||
default => 1,
|
||||
type => 'boolOrExpr',
|
||||
documentation => 'Rule to require old password to change the password',
|
||||
documentation =>
|
||||
'Rule to require old password to change the password',
|
||||
},
|
||||
hideOldPassword => {
|
||||
default => 0,
|
||||
|
@ -3006,8 +3007,7 @@ sub attributes {
|
|||
type => 'boolOrExpr',
|
||||
default => 1,
|
||||
help => 'secondfactor.html',
|
||||
documentation =>
|
||||
'Rule to display second factor Manager link',
|
||||
documentation => 'Rule to display second factor Manager link',
|
||||
},
|
||||
sfRemovedMsgRule => {
|
||||
type => 'boolOrExpr',
|
||||
|
@ -4021,6 +4021,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
type => 'select',
|
||||
select => [
|
||||
{ k => 'front', v => 'Front Channel' },
|
||||
|
||||
#TODO #1194
|
||||
# { k => 'back', v => 'Back Channel' },
|
||||
],
|
||||
|
|
|
@ -568,8 +568,8 @@ sub tree {
|
|||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'singleSession', 'singleIP',
|
||||
'singleUserByIP',
|
||||
'notifyDeleted', 'notifyOther'
|
||||
'singleUserByIP', 'notifyDeleted',
|
||||
'notifyOther'
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
|
@ -23,11 +23,7 @@ my $res;
|
|||
|
||||
# Test 'set' command
|
||||
@cmd = qw(-yes 1 set notification 1);
|
||||
combined_like(
|
||||
sub { llclient->run(@cmd) },
|
||||
qr/Saved under/,
|
||||
'"addKey" OK'
|
||||
);
|
||||
combined_like( sub { llclient->run(@cmd) }, qr/Saved under/, '"addKey" OK' );
|
||||
|
||||
# Test 'get' command
|
||||
@cmd = qw(get notification);
|
||||
|
@ -37,11 +33,7 @@ ok( $res =~ /^notification\s+=\s+1$/, '"get notification" OK' )
|
|||
|
||||
# Test 'addKey' command
|
||||
@cmd = qw(-yes 1 addKey locationRules/test1.example.com ^/reject deny);
|
||||
combined_like(
|
||||
sub { llclient->run(@cmd) },
|
||||
qr/Saved under/,
|
||||
'"addKey" OK'
|
||||
);
|
||||
combined_like( sub { llclient->run(@cmd) }, qr/Saved under/, '"addKey" OK' );
|
||||
|
||||
# Test 'delKey' command
|
||||
@cmd = qw(-yes 1 delKey locationRules/test1.example.com ^/reject);
|
||||
|
@ -59,11 +51,7 @@ ok( $res =~ m#accept#, '"get key/subkey" OK' )
|
|||
|
||||
# Test 'set' command with key/subkey
|
||||
@cmd = qw(-yes 1 set locationRules/test1.example.com/default deny);
|
||||
combined_like(
|
||||
sub { llclient->run(@cmd) },
|
||||
qr/Saved under/,
|
||||
'"addKey" OK'
|
||||
);
|
||||
combined_like( sub { llclient->run(@cmd) }, qr/Saved under/, '"addKey" OK' );
|
||||
|
||||
# Test 'save' command
|
||||
@cmd = qw(-cfgNum 1 save);
|
||||
|
@ -96,8 +84,7 @@ combined_like(
|
|||
qr#\bAuthor IP\b#s,
|
||||
'"Author IP" OK'
|
||||
);
|
||||
combined_like( sub { llcommonClient->run(@cmd) },
|
||||
qr#\bLog\b#s, '"Log" OK' );
|
||||
combined_like( sub { llcommonClient->run(@cmd) }, qr#\bLog\b#s, '"Log" OK' );
|
||||
combined_like( sub { llcommonClient->run(@cmd) },
|
||||
qr#\bVersion\b#s, '"Version" OK' );
|
||||
|
||||
|
|
|
@ -111,8 +111,8 @@ sub verify {
|
|||
return PE_OK;
|
||||
}
|
||||
else {
|
||||
$self->userLogger->notice( 'Invalid TOTP for '
|
||||
. $session->{ $self->conf->{whatToTrace} } );
|
||||
$self->userLogger->notice(
|
||||
'Invalid TOTP for ' . $session->{ $self->conf->{whatToTrace} } );
|
||||
return PE_BADOTP;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -25,7 +25,7 @@ sub init {
|
|||
$hd->buildSub( $hd->substitute( $self->conf->{issuerDBGetRule} ) );
|
||||
unless ($rule) {
|
||||
my $error = $hd->tsv->{jail}->error || '???';
|
||||
$self->error( "Bad GET activation rule -> $error" );
|
||||
$self->error("Bad GET activation rule -> $error");
|
||||
return 0;
|
||||
}
|
||||
$self->{rule} = $rule;
|
||||
|
|
|
@ -65,7 +65,7 @@ sub init {
|
|||
$hd->buildSub( $hd->substitute( $self->conf->{issuerDBOpenIDRule} ) );
|
||||
unless ($rule) {
|
||||
my $error = $hd->tsv->{jail}->error || '???';
|
||||
$self->error( "Bad OpenID activation rule -> $error" );
|
||||
$self->error("Bad OpenID activation rule -> $error");
|
||||
return 0;
|
||||
}
|
||||
$self->{rule} = $rule;
|
||||
|
|
|
@ -35,7 +35,7 @@ sub checkForNotifications {
|
|||
unless ($notifs) {
|
||||
$self->logger->info("No notification found");
|
||||
return 0;
|
||||
};
|
||||
}
|
||||
|
||||
# Transform notifications
|
||||
my $i = 0; # Files count
|
||||
|
@ -125,7 +125,7 @@ sub viewNotification {
|
|||
unless ($notifs) {
|
||||
$self->logger->info("No accepted notification found");
|
||||
return 0;
|
||||
};
|
||||
}
|
||||
|
||||
# Transform notifications
|
||||
my $i = 0; # Files count
|
||||
|
|
|
@ -66,7 +66,7 @@ sub checkForNotifications {
|
|||
unless ($notifs) {
|
||||
$self->logger->info("No notification found");
|
||||
return 0;
|
||||
};
|
||||
}
|
||||
|
||||
# Transform notifications
|
||||
my $i = 0; # Files count
|
||||
|
@ -173,7 +173,7 @@ sub viewNotification {
|
|||
unless ($notifs) {
|
||||
$self->logger->info("No accepted notification found");
|
||||
return 0;
|
||||
};
|
||||
}
|
||||
|
||||
# Transform notifications
|
||||
my $i = 0; # Files count
|
||||
|
|
|
@ -1743,8 +1743,10 @@ sub replayProtection {
|
|||
return 0;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$self->logger->warn( "No assertion session found for request ID ".$samlID);
|
||||
}
|
||||
else {
|
||||
$self->logger->warn(
|
||||
"No assertion session found for request ID " . $samlID );
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
|
|
@ -231,7 +231,8 @@ sub display {
|
|||
LOGOUT_URL => $self->conf->{portal} . "?logout=1",
|
||||
APPSLIST_ORDER => $req->{sessionInfo}->{'_appsListOrder'},
|
||||
PING => $self->conf->{portalPingInterval},
|
||||
REQUIRE_OLDPASSWORD => $self->requireOldPwd->($req, $req->userData),
|
||||
REQUIRE_OLDPASSWORD =>
|
||||
$self->requireOldPwd->( $req, $req->userData ),
|
||||
HIDE_OLDPASSWORD => 0,
|
||||
DISPLAY_PPOLICY => $self->conf->{portalDisplayPasswordPolicy},
|
||||
PPOLICY_MINSIZE => $self->conf->{passwordPolicyMinSize},
|
||||
|
|
|
@ -152,7 +152,7 @@ sub _forAuthUser {
|
|||
|
||||
# In case a confirm form is shown, we need it to POST on the
|
||||
# current Path
|
||||
$req->data->{confirmFormAction} = URI->new($req->uri)->path;
|
||||
$req->data->{confirmFormAction} = URI->new( $req->uri )->path;
|
||||
}
|
||||
|
||||
# Clean pdata: keepPdata has been set, so pdata must be cleaned here
|
||||
|
|
|
@ -42,14 +42,17 @@ sub _modifyPassword {
|
|||
return PE_PASSWORD_MISMATCH
|
||||
unless ( $req->data->{newpassword} eq $req->param('confirmpassword') );
|
||||
|
||||
my $rule =
|
||||
$self->p->HANDLER->buildSub( $self->p->HANDLER->substitute( $self->conf->{portalRequireOldPassword} ) );
|
||||
my $rule = $self->p->HANDLER->buildSub(
|
||||
$self->p->HANDLER->substitute(
|
||||
$self->conf->{portalRequireOldPassword}
|
||||
)
|
||||
);
|
||||
unless ($rule) {
|
||||
my $error = $self->p->HANDLER->tsv->{jail}->error || '???';
|
||||
}
|
||||
|
||||
# Check if portal require old password
|
||||
if ( $rule->($req, $req->userData) or $requireOldPwd ) {
|
||||
if ( $rule->( $req, $req->userData ) or $requireOldPwd ) {
|
||||
|
||||
# TODO: verify oldpassword
|
||||
unless ( $req->data->{oldpassword} = $req->param('oldpassword') ) {
|
||||
|
@ -157,9 +160,13 @@ sub checkPasswordQuality {
|
|||
# Fobidden special characters
|
||||
$password =~ s/[\Q$speChars\E\w]//g;
|
||||
if ($password) {
|
||||
$self->logger->error(
|
||||
'Password contains ' . length($password) . " forbidden character(s): $password");
|
||||
return length($password) > 1 ? PE_PP_NOT_ALLOWED_CHARACTERS : PE_PP_NOT_ALLOWED_CHARACTER;
|
||||
$self->logger->error( 'Password contains '
|
||||
. length($password)
|
||||
. " forbidden character(s): $password" );
|
||||
return
|
||||
length($password) > 1
|
||||
? PE_PP_NOT_ALLOWED_CHARACTERS
|
||||
: PE_PP_NOT_ALLOWED_CHARACTER;
|
||||
}
|
||||
|
||||
return PE_OK;
|
||||
|
|
|
@ -59,7 +59,8 @@ sub modifyPassword {
|
|||
|
||||
# Call the modify password method
|
||||
my $code =
|
||||
$self->ldap->userModifyPassword( $dn, $pwd, $req->data->{oldpassword}, 0 , $requireOldPassword );
|
||||
$self->ldap->userModifyPassword( $dn, $pwd, $req->data->{oldpassword},
|
||||
0, $requireOldPassword );
|
||||
|
||||
unless ( $code == PE_PASSWORD_OK ) {
|
||||
return $code;
|
||||
|
|
|
@ -66,7 +66,8 @@ sub init {
|
|||
$lockTimes = $self->conf->{failedLoginNumber};
|
||||
}
|
||||
|
||||
my $sum = $self->conf->{bruteForceProtectionMaxAge} * ( 1 + $self->conf->{failedLoginNumber} - $lockTimes );
|
||||
my $sum = $self->conf->{bruteForceProtectionMaxAge} *
|
||||
( 1 + $self->conf->{failedLoginNumber} - $lockTimes );
|
||||
$sum += $_ foreach @{ $self->lockTimes };
|
||||
$self->maxAge($sum);
|
||||
}
|
||||
|
|
|
@ -277,7 +277,8 @@ sub check {
|
|||
"checkUser requested for an unvalid user ($user)");
|
||||
$req->{sessionInfo} = {};
|
||||
$self->logger->debug('Identity not authorized');
|
||||
$req->error(PE_BADCREDENTIALS); # Catch error to preserve protected Id
|
||||
$req->error(PE_BADCREDENTIALS)
|
||||
; # Catch error to preserve protected Id
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -191,7 +191,8 @@ sub run {
|
|||
# Main session
|
||||
$self->p->updateSession( $req, $req->sessionInfo );
|
||||
$self->userLogger->notice(
|
||||
"ContextSwitching: Update \"$realId\" session with \"$spoofId\" session data");
|
||||
"ContextSwitching: Update \"$realId\" session with \"$spoofId\" session data"
|
||||
);
|
||||
|
||||
return $self->p->do( $req, [ sub { $statut } ] );
|
||||
}
|
||||
|
|
|
@ -167,7 +167,8 @@ sub myNotifs {
|
|||
my ( $self, $req, $ref ) = @_;
|
||||
|
||||
if ($ref) {
|
||||
return $self->sendJSONresponse( $req, { error => 'Missing epoch parameter' } )
|
||||
return $self->sendJSONresponse( $req,
|
||||
{ error => 'Missing epoch parameter' } )
|
||||
unless $req->param('epoch');
|
||||
|
||||
# Retrieve notification reference=$ref with epoch
|
||||
|
@ -228,10 +229,11 @@ sub retrieveNotifs {
|
|||
sub _viewNotif {
|
||||
my ( $self, $req, $ref, $epoch ) = @_;
|
||||
|
||||
$self->logger->debug( "Retrieve notification with reference: \"$ref\" and epoch: \"$epoch\"" );
|
||||
$self->logger->debug(
|
||||
"Retrieve notification with reference: \"$ref\" and epoch: \"$epoch\"");
|
||||
my $notif = eval { $self->module->viewNotification( $req, $ref, $epoch ); };
|
||||
if ($@) {
|
||||
$self->logger->debug( "Notification not found" );
|
||||
$self->logger->debug("Notification not found");
|
||||
$self->logger->error($@);
|
||||
return '';
|
||||
}
|
||||
|
|
|
@ -25,8 +25,7 @@ ok(
|
|||
),
|
||||
'Get Menu'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ /<span trmsg="37">/,
|
||||
'Rejected with PE_BADURL' )
|
||||
ok( $res->[2]->[0] =~ /<span trmsg="37">/, 'Rejected with PE_BADURL' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
|
@ -41,8 +40,7 @@ ok(
|
|||
),
|
||||
'Get Menu'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ /<span trmsg="9">/,
|
||||
'Rejected with PE_FIRSTACCESS' )
|
||||
ok( $res->[2]->[0] =~ /<span trmsg="9">/, 'Rejected with PE_FIRSTACCESS' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
|
@ -73,9 +71,10 @@ ok(
|
|||
),
|
||||
'Auth query'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ /<span trmsg="5">/,
|
||||
'jdoe rejected with PE_BADCREDENTIALS' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$res->[2]->[0] =~ /<span trmsg="5">/,
|
||||
'jdoe rejected with PE_BADCREDENTIALS'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="connect">Connect</span>%,
|
||||
'Found connect button' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
|
@ -93,9 +92,10 @@ ok(
|
|||
'Auth query'
|
||||
);
|
||||
count(1);
|
||||
ok( $res->[2]->[0] =~ /<span trmsg="5">/,
|
||||
'dwho rejected with PE_BADCREDENTIALS' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$res->[2]->[0] =~ /<span trmsg="5">/,
|
||||
'dwho rejected with PE_BADCREDENTIALS'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="connect">Connect</span>%,
|
||||
'Found connect button' )
|
||||
|
|
|
@ -10,8 +10,7 @@ require 't/test-lib.pm';
|
|||
|
||||
my $res;
|
||||
|
||||
my $client = LLNG::Manager::Test->new(
|
||||
{
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
useSafeJail => 1,
|
||||
|
@ -31,8 +30,7 @@ ok( $app = Lemonldap::NG::Handler::Server->run( $client->ini ), 'App' );
|
|||
count(1);
|
||||
|
||||
ok(
|
||||
$res = $app->(
|
||||
{
|
||||
$res = $app->( {
|
||||
'HTTP_ACCEPT' => 'text/html',
|
||||
'SCRIPT_NAME' => '/',
|
||||
'SERVER_NAME' => '127.0.0.1',
|
||||
|
@ -69,8 +67,7 @@ expectForm( $res, undef, undef, 'url' );
|
|||
count(1);
|
||||
|
||||
ok(
|
||||
$res = $app->(
|
||||
{
|
||||
$res = $app->( {
|
||||
'HTTP_ACCEPT' => 'text/html',
|
||||
'SCRIPT_NAME' => '/',
|
||||
'SERVER_NAME' => '127.0.0.1',
|
||||
|
@ -88,7 +85,7 @@ ok(
|
|||
'HTTP_HOST' => 'courriel.example.com',
|
||||
}
|
||||
),
|
||||
'Standard Handler with host value that contains a + character after base64 encoding'
|
||||
'Standard Handler with host value that contains a + character after base64 encoding'
|
||||
);
|
||||
count(1);
|
||||
|
||||
|
|
|
@ -300,7 +300,7 @@ ok(
|
|||
$res->[2]->[0] =~
|
||||
m%<li><span trspan="passwordPolicyMinSize">Minimal size:</span> 6</li>%,
|
||||
' passwordPolicyMinSize'
|
||||
) or print STDERR Dumper( $res->[2]->[0], 'passwordPolicyMinSize');
|
||||
) or print STDERR Dumper( $res->[2]->[0], 'passwordPolicyMinSize' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<li><span trspan="passwordPolicyMinLower">Minimal lower characters:</span> 3</li>%,
|
||||
|
@ -320,7 +320,7 @@ ok(
|
|||
$res->[2]->[0] =~
|
||||
m%<li><span trspan="passwordPolicyMinSpeChar">Minimal special characters:</span> 2</li>%,
|
||||
' passwordPolicyMinSpeChar'
|
||||
) or print STDERR Dumper( $res->[2]->[0], 'passwordPolicyMinSpeChar');
|
||||
) or print STDERR Dumper( $res->[2]->[0], 'passwordPolicyMinSpeChar' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%\Q<li><span trspan="passwordPolicySpecialChar">Allowed special characters:</span> [ } \</li>\E%,
|
||||
|
@ -328,7 +328,7 @@ m%\Q<li><span trspan="passwordPolicySpecialChar">Allowed special characters:</sp
|
|||
) or print STDERR Dumper( $res->[2]->[0], 'passwordPolicySpecialChar' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<span id=\'show-hide-icon-button\' class="fa fa-eye"></span>%,
|
||||
m%<span id=\'show-hide-icon-button\' class="fa fa-eye"></span>%,
|
||||
'Show/Hide toogle button'
|
||||
) or print STDERR Dumper( $res->[2]->[0], 'Toogle button' );
|
||||
count(8);
|
||||
|
|
|
@ -70,9 +70,10 @@ m#<img class="renewcaptchaclick" src="/static/common/icons/arrow_refresh.png" al
|
|||
( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'password', 'token' );
|
||||
|
||||
ok( $res->[2]->[0] =~ /<span trmsg="5">/,
|
||||
'dalek rejected with PE_BADCREDENTIALS' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$res->[2]->[0] =~ /<span trmsg="5">/,
|
||||
'dalek rejected with PE_BADCREDENTIALS'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
|
||||
# Try to authenticate
|
||||
# -------------------
|
||||
|
|
|
@ -50,9 +50,10 @@ ok(
|
|||
( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'password', 'token' );
|
||||
|
||||
ok( $res->[2]->[0] =~ /<span trmsg="5">/,
|
||||
'dalek rejected with PE_BADCREDENTIALS' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$res->[2]->[0] =~ /<span trmsg="5">/,
|
||||
'dalek rejected with PE_BADCREDENTIALS'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
|
||||
# Try to authenticate
|
||||
# -------------------
|
||||
|
|
|
@ -1,296 +0,0 @@
|
|||
use lib 'inc';
|
||||
use Test::More;
|
||||
use strict;
|
||||
use IO::String;
|
||||
use LWP::UserAgent;
|
||||
use LWP::Protocol::PSGI;
|
||||
use MIME::Base64;
|
||||
|
||||
BEGIN {
|
||||
require 't/test-lib.pm';
|
||||
require 't/saml-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 14;
|
||||
my $debug = 'error';
|
||||
my $timeout = 72000;
|
||||
my ( $issuer, $sp, $res );
|
||||
|
||||
# Redefine LWP methods for tests
|
||||
LWP::Protocol::PSGI->register(
|
||||
sub {
|
||||
my $req = Plack::Request->new(@_);
|
||||
fail('POST should not launch SOAP requests');
|
||||
count(1);
|
||||
return [ 500, [], [] ];
|
||||
}
|
||||
);
|
||||
|
||||
SKIP: {
|
||||
eval "use Lasso";
|
||||
if ($@) {
|
||||
skip 'Lasso not found', $maintests;
|
||||
}
|
||||
|
||||
# Initialization
|
||||
$issuer = register( 'issuer', \&issuer );
|
||||
$sp = register( 'sp', \&sp );
|
||||
|
||||
# Simple SP access
|
||||
my $res;
|
||||
ok(
|
||||
$res = $sp->_get(
|
||||
'/', accept => 'text/html',
|
||||
),
|
||||
'Unauth SP request'
|
||||
);
|
||||
expectOK($res);
|
||||
my ( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
||||
# Push SAML request to IdP
|
||||
switch ('issuer');
|
||||
ok(
|
||||
$res = $issuer->_post(
|
||||
$url,
|
||||
IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s)
|
||||
),
|
||||
'Post SAML request to IdP'
|
||||
);
|
||||
expectOK($res);
|
||||
my $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
|
||||
|
||||
# Try to authenticate with an unauthorized user to IdP
|
||||
$s = "user=dwho&password=dwho&$s";
|
||||
ok(
|
||||
$res = $issuer->_post(
|
||||
$url,
|
||||
IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
cookie => $pdata,
|
||||
length => length($s),
|
||||
),
|
||||
'Post authentication'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ /trmsg="89"/, 'Reject reason is 89' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
|
||||
# Simple SP access
|
||||
ok(
|
||||
$res = $sp->_get(
|
||||
'/', accept => 'text/html',
|
||||
),
|
||||
'Unauth SP request'
|
||||
);
|
||||
expectOK($res);
|
||||
( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
|
||||
'SAMLRequest' );
|
||||
|
||||
# Push SAML request to IdP
|
||||
ok(
|
||||
$res = $issuer->_post(
|
||||
$url,
|
||||
IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s)
|
||||
),
|
||||
'Post SAML request to IdP'
|
||||
);
|
||||
expectOK($res);
|
||||
$pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
|
||||
|
||||
# Try to authenticate with an authorized user to IdP
|
||||
$s = "user=french&password=french&$s";
|
||||
ok(
|
||||
$res = $issuer->_post(
|
||||
$url,
|
||||
IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
cookie => $pdata,
|
||||
length => length($s),
|
||||
),
|
||||
'Post authentication'
|
||||
);
|
||||
my $idpId = expectCookie($res);
|
||||
|
||||
# Expect pdata to be cleared
|
||||
$pdata = expectCookie( $res, 'lemonldappdata' );
|
||||
ok( $pdata !~ 'issuerRequestsaml', 'SAML request cleared from pdata' );
|
||||
|
||||
( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.sp.com', '/saml/proxySingleSignOnPost',
|
||||
'SAMLResponse' );
|
||||
|
||||
# Post SAML response to SP
|
||||
switch ('sp');
|
||||
ok(
|
||||
$res = $sp->_post(
|
||||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
|
||||
# Verify authentication on SP
|
||||
expectRedirection( $res, 'http://auth.sp.com' );
|
||||
my $spId = expectCookie($res);
|
||||
|
||||
ok( $res = $sp->_get( '/', cookie => "lemonldap=$spId" ), 'Get / on SP' );
|
||||
expectOK($res);
|
||||
expectAuthenticatedAs( $res, 'fa@badwolf.org@idp' );
|
||||
|
||||
# Logout initiated by SP
|
||||
ok(
|
||||
$res = $sp->_get(
|
||||
'/',
|
||||
query => 'logout',
|
||||
cookie => "lemonldap=$spId",
|
||||
accept => 'text/html'
|
||||
),
|
||||
'Query SP for logout'
|
||||
);
|
||||
( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.idp.com', '/saml/singleLogout',
|
||||
'SAMLRequest' );
|
||||
|
||||
# Jump ahead in time
|
||||
Time::Fake->offset( "+" . ( $timeout * 1.5 ) . "s" );
|
||||
|
||||
# Push SAML logout request to IdP
|
||||
switch ('issuer');
|
||||
ok(
|
||||
$res = $issuer->_post(
|
||||
$url,
|
||||
IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$idpId",
|
||||
length => length($s)
|
||||
),
|
||||
'Post SAML logout request to IdP'
|
||||
);
|
||||
( $host, $url, $s ) =
|
||||
expectAutoPost( $res, 'auth.sp.com', '/saml/proxySingleLogoutReturn',
|
||||
'SAMLResponse' );
|
||||
|
||||
# Post SAML response to SP
|
||||
switch ('sp');
|
||||
ok(
|
||||
$res = $sp->_post(
|
||||
$url, IO::String->new($s),
|
||||
accept => 'text/html',
|
||||
length => length($s),
|
||||
),
|
||||
'Post SAML response to SP'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ /trmsg="56"/, 'Found SLO error' );
|
||||
}
|
||||
|
||||
count($maintests);
|
||||
clean_sessions();
|
||||
done_testing( count() );
|
||||
|
||||
sub issuer {
|
||||
return LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
timeout => $timeout,
|
||||
logLevel => $debug,
|
||||
domain => 'idp.com',
|
||||
portal => 'http://auth.idp.com',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
issuerDBSAMLActivation => 1,
|
||||
issuerDBSAMLRule => '$uid eq "french"',
|
||||
samlSPMetaDataOptions => {
|
||||
'sp.com' => {
|
||||
samlSPMetaDataOptionsEncryptionMode => 'none',
|
||||
samlSPMetaDataOptionsSignSSOMessage => 1,
|
||||
samlSPMetaDataOptionsSignSLOMessage => 1,
|
||||
samlSPMetaDataOptionsCheckSSOMessageSignature => 1,
|
||||
samlSPMetaDataOptionsCheckSLOMessageSignature => 1,
|
||||
}
|
||||
},
|
||||
samlSPMetaDataExportedAttributes => {
|
||||
'sp.com' => {
|
||||
cn =>
|
||||
'1;cn;urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
|
||||
uid =>
|
||||
'1;uid;urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
|
||||
}
|
||||
},
|
||||
samlOrganizationDisplayName => "IDP",
|
||||
samlOrganizationName => "IDP",
|
||||
samlOrganizationURL => "http://www.idp.com/",
|
||||
samlServicePrivateKeyEnc => saml_key_idp_private_enc,
|
||||
samlServicePrivateKeySig => saml_key_idp_private_sig,
|
||||
samlServicePublicKeyEnc => saml_key_idp_public_enc,
|
||||
samlServicePublicKeySig => saml_key_idp_public_sig,
|
||||
samlSPMetaDataXML => {
|
||||
"sp.com" => {
|
||||
samlSPMetaDataXML =>
|
||||
samlSPMetaDataXML( 'sp', 'HTTP-POST' )
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
sub sp {
|
||||
return LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => $debug,
|
||||
timeout => $timeout,
|
||||
domain => 'sp.com',
|
||||
portal => 'http://auth.sp.com',
|
||||
authentication => 'SAML',
|
||||
userDB => 'Same',
|
||||
issuerDBSAMLActivation => 0,
|
||||
restSessionServer => 1,
|
||||
samlIDPMetaDataExportedAttributes => {
|
||||
idp => {
|
||||
mail => "0;mail;;",
|
||||
uid => "1;uid",
|
||||
cn => "0;cn"
|
||||
}
|
||||
},
|
||||
samlIDPMetaDataOptions => {
|
||||
idp => {
|
||||
samlIDPMetaDataOptionsEncryptionMode => 'none',
|
||||
samlIDPMetaDataOptionsSSOBinding => 'post',
|
||||
samlIDPMetaDataOptionsSLOBinding => 'post',
|
||||
samlIDPMetaDataOptionsSignSSOMessage => 1,
|
||||
samlIDPMetaDataOptionsSignSLOMessage => 1,
|
||||
samlIDPMetaDataOptionsCheckSSOMessageSignature => 1,
|
||||
samlIDPMetaDataOptionsCheckSLOMessageSignature => 1,
|
||||
samlIDPMetaDataOptionsForceUTF8 => 1,
|
||||
}
|
||||
},
|
||||
samlIDPMetaDataExportedAttributes => {
|
||||
idp => {
|
||||
"uid" => "0;uid;;",
|
||||
"cn" => "1;cn;;",
|
||||
},
|
||||
},
|
||||
samlIDPMetaDataXML => {
|
||||
idp => {
|
||||
samlIDPMetaDataXML =>
|
||||
samlIDPMetaDataXML( 'idp', 'HTTP-POST' )
|
||||
}
|
||||
},
|
||||
samlOrganizationDisplayName => "SP",
|
||||
samlOrganizationName => "SP",
|
||||
samlOrganizationURL => "http://www.sp.com",
|
||||
samlServicePublicKeySig => saml_key_sp_public_sig,
|
||||
samlServicePrivateKeyEnc => saml_key_sp_private_enc,
|
||||
samlServicePrivateKeySig => saml_key_sp_private_sig,
|
||||
samlServicePublicKeyEnc => saml_key_sp_public_enc,
|
||||
samlSPSSODescriptorAuthnRequestsSigned => 1,
|
||||
},
|
||||
}
|
||||
);
|
||||
}
|
|
@ -198,10 +198,10 @@ ok( $prms{state}, ' state found' );
|
|||
ok( $prms{session_state}, ' session_state found' );
|
||||
count(6);
|
||||
|
||||
my $id_token_payload = id_token_payload($prms{id_token});
|
||||
ok( $id_token_payload->{c_hash}, "ID token contains c_hash");
|
||||
ok( $id_token_payload->{at_hash}, "ID token contains at_hash");
|
||||
is( $id_token_payload->{nonce}, "qwerty", "ID token contains nonce");
|
||||
my $id_token_payload = id_token_payload( $prms{id_token} );
|
||||
ok( $id_token_payload->{c_hash}, "ID token contains c_hash" );
|
||||
ok( $id_token_payload->{at_hash}, "ID token contains at_hash" );
|
||||
is( $id_token_payload->{nonce}, "qwerty", "ID token contains nonce" );
|
||||
count(3);
|
||||
|
||||
my $at;
|
||||
|
|
|
@ -144,7 +144,7 @@ ok( $prms{state}, ' state found' );
|
|||
count(5);
|
||||
|
||||
# Check attributes in ID Token
|
||||
my $id_token_decoded = id_token_payload($prms{id_token});
|
||||
my $id_token_decoded = id_token_payload( $prms{id_token} );
|
||||
ok( $id_token_decoded->{sub} eq "dwho", 'Check sub value' );
|
||||
ok( $id_token_decoded->{name} eq "Doctor Who", 'Check name value' );
|
||||
count(2);
|
||||
|
|
|
@ -235,7 +235,8 @@ m%<span notif=\'testref\' epoch=\'(\d{10})\' class="btn btn-success" role="butto
|
|||
);
|
||||
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
|
||||
or print STDERR "$@\n" . Dumper($res);
|
||||
ok( $json->{error} eq 'Missing epoch parameter', ' Missing epoch parameter' )
|
||||
ok( $json->{error} eq 'Missing epoch parameter',
|
||||
' Missing epoch parameter' )
|
||||
or explain( $json, "Missing epoch parameter" );
|
||||
|
||||
# Bad request
|
||||
|
|
|
@ -38,7 +38,7 @@ ok(
|
|||
);
|
||||
count(1);
|
||||
expectCookie($res);
|
||||
my $id = expectCookie($res, 'lemonldaphttp');
|
||||
my $id = expectCookie( $res, 'lemonldaphttp' );
|
||||
expectRedirection( $res, 'http://auth.example.com/' );
|
||||
|
||||
## Second successful connection for "dwho"
|
||||
|
@ -53,7 +53,7 @@ ok(
|
|||
);
|
||||
count(1);
|
||||
expectCookie($res);
|
||||
expectCookie($res, 'lemonldaphttp');
|
||||
expectCookie( $res, 'lemonldaphttp' );
|
||||
expectRedirection( $res, 'http://auth.example.com/' );
|
||||
|
||||
## Third successful connection for 'dwho'
|
||||
|
@ -68,7 +68,7 @@ ok(
|
|||
);
|
||||
count(1);
|
||||
expectCookie($res);
|
||||
expectCookie($res, 'lemonldaphttp');
|
||||
expectCookie( $res, 'lemonldaphttp' );
|
||||
expectRedirection( $res, 'http://auth.example.com/' );
|
||||
|
||||
## Logout request for 'dwho'
|
||||
|
|
|
@ -38,7 +38,7 @@ ok(
|
|||
);
|
||||
count(1);
|
||||
expectCookie($res);
|
||||
my $id = expectCookie($res, 'lemonldaphttp');
|
||||
my $id = expectCookie( $res, 'lemonldaphttp' );
|
||||
expectRedirection( $res, 'http://auth.example.com/' );
|
||||
|
||||
## Second successful connection for "dwho"
|
||||
|
@ -53,7 +53,7 @@ ok(
|
|||
);
|
||||
count(1);
|
||||
expectCookie($res);
|
||||
expectCookie($res, 'lemonldaphttp');
|
||||
expectCookie( $res, 'lemonldaphttp' );
|
||||
expectRedirection( $res, 'http://auth.example.com/' );
|
||||
|
||||
## Third successful connection for 'dwho'
|
||||
|
@ -68,7 +68,7 @@ ok(
|
|||
);
|
||||
count(1);
|
||||
expectCookie($res);
|
||||
expectCookie($res, 'lemonldaphttp');
|
||||
expectCookie( $res, 'lemonldaphttp' );
|
||||
expectRedirection( $res, 'http://auth.example.com/' );
|
||||
|
||||
## Logout request for 'dwho'
|
||||
|
|
|
@ -50,8 +50,11 @@ ok(
|
|||
);
|
||||
count(1);
|
||||
|
||||
ok( $res->[2]->[0] =~ m%<h3 trspan="logoutFromOtherApp">logoutFromOtherApp</h3>%, 'Found Logout Forward page' )
|
||||
or explain( $res->[2]->[0], "PE_LOGOUT_OK" );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<h3 trspan="logoutFromOtherApp">logoutFromOtherApp</h3>%,
|
||||
'Found Logout Forward page'
|
||||
) or explain( $res->[2]->[0], "PE_LOGOUT_OK" );
|
||||
count(1);
|
||||
$client->logout( $idd[0] );
|
||||
|
||||
|
|
|
@ -211,7 +211,7 @@ expectOK($res);
|
|||
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="message message-positive alert"><span trmsg="47">%,
|
||||
m%<div class="message message-positive alert"><span trmsg="47">%,
|
||||
'Dwho has been well disconnected'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
|
|
|
@ -121,7 +121,7 @@ expectOK($res);
|
|||
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="message message-positive alert"><span trmsg="47">%,
|
||||
m%<div class="message message-positive alert"><span trmsg="47">%,
|
||||
'Dwho has been well disconnected'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
|
|
|
@ -114,8 +114,7 @@ SKIP: {
|
|||
),
|
||||
'Auth query'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ /<span trspan="enterTotpCode">/,
|
||||
'Enter TOTP code' )
|
||||
ok( $res->[2]->[0] =~ /<span trspan="enterTotpCode">/, 'Enter TOTP code' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(2);
|
||||
|
||||
|
@ -170,8 +169,7 @@ SKIP: {
|
|||
),
|
||||
'Auth query'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ /<span trspan="enterTotpCode">/,
|
||||
'Enter TOTP code' )
|
||||
ok( $res->[2]->[0] =~ /<span trspan="enterTotpCode">/, 'Enter TOTP code' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(2);
|
||||
|
||||
|
|
|
@ -51,9 +51,10 @@ ok(
|
|||
'Auth query'
|
||||
);
|
||||
count(1);
|
||||
ok( $res->[2]->[0] =~ /<span trmsg="5">/,
|
||||
'dwho rejected with PE_BADCREDENTIALS' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$res->[2]->[0] =~ /<span trmsg="5">/,
|
||||
'dwho rejected with PE_BADCREDENTIALS'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="connect">Connect</span>%,
|
||||
'Found connect button' )
|
||||
|
|
|
@ -62,7 +62,7 @@ ok(
|
|||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="message message-warning alert"><span trmsg="1">%,
|
||||
m%<div class="message message-warning alert"><span trmsg="1">%,
|
||||
'Found PE_SESSIONEXPIRED code'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(2);
|
||||
|
|
|
@ -61,7 +61,7 @@ ok(
|
|||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="message message-warning alert"><span trmsg="1">%,
|
||||
m%<div class="message message-warning alert"><span trmsg="1">%,
|
||||
'Found PE_SESSIONEXPIRED code'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(2);
|
||||
|
|
|
@ -204,10 +204,8 @@ ok(
|
|||
m%<a href="http://auth.example.com/removeOther\?token=\d{10}_\d+" onclick="_go=0" trspan="removeOtherSessions"></a>%,
|
||||
'Link found'
|
||||
) or explain( $res->[2]->[0], 'Link found' );
|
||||
ok(
|
||||
$res->[2]->[0] =~ m%action="http://test1.example.com/"%,
|
||||
'action found'
|
||||
) or explain( $res->[2]->[0], 'action found' );
|
||||
ok( $res->[2]->[0] =~ m%action="http://test1.example.com/"%, 'action found' )
|
||||
or explain( $res->[2]->[0], 'action found' );
|
||||
count(4);
|
||||
|
||||
clean_sessions();
|
||||
|
|
|
@ -177,9 +177,11 @@ ok( $res->[2]->[0] =~ m%<td scope="row">Macro_1</td>%, 'Found uid' )
|
|||
ok( $nbr = ( $res->[2]->[0] =~ s%<td scope="row">Macro_1</td>%%g ),
|
||||
'Found two well computed macros' )
|
||||
or explain( $res->[2]->[0], 'Macros not well computed' );
|
||||
ok( $res->[2]->[0] =~ m%<div class="col">authGroup</div>%, 'Found group "authGroup"' )
|
||||
ok( $res->[2]->[0] =~ m%<div class="col">authGroup</div>%,
|
||||
'Found group "authGroup"' )
|
||||
or explain( $res->[2]->[0], 'Group "authgroup"' );
|
||||
ok( $res->[2]->[0] =~ m%<div class="col">realAuthGroup</div>%, 'Found group "realAuthGroup"' )
|
||||
ok( $res->[2]->[0] =~ m%<div class="col">realAuthGroup</div>%,
|
||||
'Found group "realAuthGroup"' )
|
||||
or explain( $res->[2]->[0], 'Found group "realAuthGroup"' );
|
||||
count(7);
|
||||
|
||||
|
|
|
@ -253,7 +253,8 @@ ok( $res->[2]->[0] =~ m%<td scope="row">dwho</td>%, 'Found dwho' )
|
|||
or explain( $res->[2]->[0], 'Macro Value dwho' );
|
||||
ok( $res->[2]->[0] =~ m%<td scope="row">array</td>%, 'Found empty macro' )
|
||||
or explain( $res->[2]->[0], 'Macro: empty' );
|
||||
ok( $res->[2]->[0] =~ m%<td scope="row">real_array</td>%, 'Found empty real_macro' )
|
||||
ok( $res->[2]->[0] =~ m%<td scope="row">real_array</td>%,
|
||||
'Found empty real_macro' )
|
||||
or explain( $res->[2]->[0], 'Macro: empty real' );
|
||||
count(9);
|
||||
|
||||
|
|
|
@ -61,13 +61,19 @@ ok( $res->[2]->[0] =~ qr%<span id="languages"></span>%, 'Found language flags' )
|
|||
expectAuthenticatedAs( $res, 'rtyler' );
|
||||
ok( $res->[2]->[0] !~ m%contextSwitching_ON%, 'Connected as dwho' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ qr%href="http://test1\.example\.com/" title="Application Test 1"%, 'Found test1 & title' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ qr%href="http://test2\.example\.com/" title="A nice application!"%, 'Found test2 & title' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
qr%href="http://test1\.example\.com/" title="Application Test 1"%,
|
||||
'Found test1 & title'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
qr%href="http://test2\.example\.com/" title="A nice application!"%,
|
||||
'Found test2 & title'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
|
||||
my @appdesc = ($res->[2]->[0] =~ qr%class="appdesc%);
|
||||
ok( @appdesc == 1 , 'Found only one description' )
|
||||
my @appdesc = ( $res->[2]->[0] =~ qr%class="appdesc% );
|
||||
ok( @appdesc == 1, 'Found only one description' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(6);
|
||||
|
||||
|
@ -406,7 +412,7 @@ expectOK($res);
|
|||
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="message message-positive alert"><span trmsg="47">%,
|
||||
m%<div class="message message-positive alert"><span trmsg="47">%,
|
||||
'Dwho has been well disconnected'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(2);
|
||||
|
|
|
@ -77,7 +77,7 @@ ok(
|
|||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="message message-negative alert"><span trmsg="5">%,
|
||||
m%<div class="message message-negative alert"><span trmsg="5">%,
|
||||
' PE5 found'
|
||||
) or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
|
||||
count(2);
|
||||
|
|
|
@ -83,7 +83,7 @@ ok(
|
|||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="message message-negative alert"><span trmsg="5">%,
|
||||
m%<div class="message message-negative alert"><span trmsg="5">%,
|
||||
' PE5 found'
|
||||
) or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
|
||||
count(2);
|
||||
|
@ -112,7 +112,7 @@ ok(
|
|||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="message message-negative alert"><span trmsg="93">%,
|
||||
m%<div class="message message-negative alert"><span trmsg="93">%,
|
||||
' PE93 found'
|
||||
) or explain( $res->[2]->[0], "PE93 - Impersonation service not allowed" );
|
||||
count(2);
|
||||
|
|
|
@ -83,7 +83,7 @@ ok(
|
|||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="message message-negative alert"><span trmsg="5">%,
|
||||
m%<div class="message message-negative alert"><span trmsg="5">%,
|
||||
' PE5 found'
|
||||
) or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
|
||||
count(2);
|
||||
|
@ -112,7 +112,7 @@ ok(
|
|||
);
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="message message-negative alert"><span trmsg="93">%,
|
||||
m%<div class="message message-negative alert"><span trmsg="93">%,
|
||||
' PE93 found'
|
||||
) or explain( $res->[2]->[0], "PE93 - Impersonation service not allowed" );
|
||||
count(2);
|
||||
|
@ -329,8 +329,8 @@ count(17);
|
|||
my %attributes = map /<td scope="row">(.+)?<\/td>/g, $res->[2]->[0];
|
||||
ok( keys %attributes == 34, 'Found 34 attributes' )
|
||||
or print STDERR ( keys %attributes < 34 )
|
||||
? "Missing attributes -> " . scalar keys (%attributes) . "\n"
|
||||
: "Too much attributes -> " . scalar keys (%attributes). "\n";
|
||||
? "Missing attributes -> " . scalar keys(%attributes) . "\n"
|
||||
: "Too much attributes -> " . scalar keys(%attributes) . "\n";
|
||||
ok( $attributes{'_auth'} eq 'Demo', '_auth' )
|
||||
or print STDERR Dumper( \%attributes );
|
||||
ok( $attributes{'uid'}, 'uid' ) or print STDERR Dumper( \%attributes );
|
||||
|
|
|
@ -32,6 +32,7 @@ TODO: {
|
|||
local $TODO = "Not yet fully cleaned";
|
||||
|
||||
fail "Unable to really destroy a portal object for now";
|
||||
|
||||
# Test with initialization
|
||||
#my $p = Lemonldap::NG::Portal::Main->new();
|
||||
#$p->init($ini);
|
||||
|
@ -45,6 +46,6 @@ TODO: {
|
|||
my $p = Lemonldap::NG::Portal::Main->new();
|
||||
$p->init($ini);
|
||||
leaks_cmp_ok {
|
||||
$p->reloadConf($p->conf);
|
||||
$p->reloadConf( $p->conf );
|
||||
}
|
||||
'<', 1;
|
||||
|
|
Loading…
Reference in New Issue
Block a user