Please use our .perltidyrc
This commit is contained in:
parent
bfc2b7ca19
commit
bc2bef4ff4
|
@ -1,4 +1,4 @@
|
|||
.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
|
||||
.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
|
||||
.\"
|
||||
.\" Standard preamble:
|
||||
.\" ========================================================================
|
||||
|
@ -54,16 +54,20 @@
|
|||
.\" Avoid warning from groff about undefined register 'F'.
|
||||
.de IX
|
||||
..
|
||||
.if !\nF .nr F 0
|
||||
.if \nF>0 \{\
|
||||
. de IX
|
||||
. tm Index:\\$1\t\\n%\t"\\$2"
|
||||
.nr rF 0
|
||||
.if \n(.g .if rF .nr rF 1
|
||||
.if (\n(rF:(\n(.g==0)) \{\
|
||||
. if \nF \{\
|
||||
. de IX
|
||||
. tm Index:\\$1\t\\n%\t"\\$2"
|
||||
..
|
||||
. if !\nF==2 \{\
|
||||
. nr % 0
|
||||
. nr F 2
|
||||
. if !\nF==2 \{\
|
||||
. nr % 0
|
||||
. nr F 2
|
||||
. \}
|
||||
. \}
|
||||
.\}
|
||||
.rr rF
|
||||
.\"
|
||||
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
|
||||
.\" Fear. Run. Save yourself. No user-serviceable parts.
|
||||
|
@ -129,7 +133,7 @@
|
|||
.\" ========================================================================
|
||||
.\"
|
||||
.IX Title "llng-fastcgi-server 1"
|
||||
.TH llng-fastcgi-server 1 "2018-08-03" "perl v5.26.2" "User Contributed Perl Documentation"
|
||||
.TH llng-fastcgi-server 1 "2019-03-05" "perl v5.28.1" "User Contributed Perl Documentation"
|
||||
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
||||
.\" way too many mistakes in technical documents.
|
||||
.if n .ad l
|
||||
|
|
|
@ -41,12 +41,12 @@ sub serviceToXML {
|
|||
samlOrganizationURL
|
||||
);
|
||||
|
||||
if ($type and $type eq 'idp') {
|
||||
$template->param( 'hideSPMetadata', 1);
|
||||
if ( $type and $type eq 'idp' ) {
|
||||
$template->param( 'hideSPMetadata', 1 );
|
||||
}
|
||||
|
||||
if ($type and $type eq 'sp') {
|
||||
$template->param( 'hideIDPMetadata', 1);
|
||||
if ( $type and $type eq 'sp' ) {
|
||||
$template->param( 'hideIDPMetadata', 1 );
|
||||
}
|
||||
|
||||
foreach (@param_auto) {
|
||||
|
|
|
@ -32,7 +32,7 @@ sub new {
|
|||
}
|
||||
$self->env->{PATH_INFO} ||= '/';
|
||||
$self->env->{REQUEST_URI} =~ s|^//+|/|g;
|
||||
$self->{uri} = uri_unescape( $self->env->{REQUEST_URI} );
|
||||
$self->{uri} = uri_unescape( $self->env->{REQUEST_URI} );
|
||||
$self->{data} = {};
|
||||
$self->{error} = 0;
|
||||
$self->{respHeaders} = [];
|
||||
|
|
|
@ -44,20 +44,20 @@ sub getStatus {
|
|||
if ( $ENV{LLNGSTATUSHOST} ) {
|
||||
require IO::Socket::INET;
|
||||
foreach ( 64322 .. 64331 ) {
|
||||
if ( $statusOut
|
||||
= IO::Socket::INET->new( Proto => 'udp', LocalPort => $_ ) )
|
||||
if ( $statusOut =
|
||||
IO::Socket::INET->new( Proto => 'udp', LocalPort => $_ ) )
|
||||
{
|
||||
$args = ' host='
|
||||
. ( $ENV{LLNGSTATUSCLIENT} || 'localhost' ) . ":$_";
|
||||
$args =
|
||||
' host=' . ( $ENV{LLNGSTATUSCLIENT} || 'localhost' ) . ":$_";
|
||||
last;
|
||||
}
|
||||
}
|
||||
return $class->abort( $req,
|
||||
"$class: status page can not be displayed, unable to open socket"
|
||||
) unless ($statusOut);
|
||||
"$class: status page can not be displayed, unable to open socket" )
|
||||
unless ($statusOut);
|
||||
}
|
||||
return $class->abort( $req, "$class: status page can not be displayed" )
|
||||
unless ( $statusPipe and $statusOut );
|
||||
unless ( $statusPipe and $statusOut );
|
||||
my $q = $req->{env}->{QUERY_STRING} || '';
|
||||
if ( $q =~ /\s/ ) {
|
||||
$class->logger->error("Bad characters in query");
|
||||
|
@ -84,12 +84,12 @@ sub checkType {
|
|||
|
||||
if ( time() - $class->lastCheck > $class->checkTime ) {
|
||||
die("$class: No configuration found")
|
||||
unless ( $class->checkConf );
|
||||
unless ( $class->checkConf );
|
||||
}
|
||||
my $vhost = $class->resolveAlias($req);
|
||||
return ( defined $class->tsv->{type}->{$vhost} )
|
||||
? $class->tsv->{type}->{$vhost}
|
||||
: 'Main';
|
||||
? $class->tsv->{type}->{$vhost}
|
||||
: 'Main';
|
||||
}
|
||||
|
||||
## @rmethod int run
|
||||
|
@ -125,7 +125,7 @@ sub run {
|
|||
my ($cond);
|
||||
( $cond, $protection ) = $class->conditionSub($rule) if ($rule);
|
||||
$protection = $class->isUnprotected( $req, $uri ) || 0
|
||||
unless ( defined $protection );
|
||||
unless ( defined $protection );
|
||||
|
||||
if ( $protection == $class->SKIP ) {
|
||||
$class->logger->debug("Access control skipped");
|
||||
|
@ -150,7 +150,7 @@ sub run {
|
|||
|
||||
# AUTHORIZATION
|
||||
return ( $class->forbidden( $req, $session ), $session )
|
||||
unless ( $class->grant( $req, $session, $uri, $cond ) );
|
||||
unless ( $class->grant( $req, $session, $uri, $cond ) );
|
||||
$class->updateStatus( $req, 'OK',
|
||||
$session->{ $class->tsv->{whatToTrace} } );
|
||||
|
||||
|
@ -168,8 +168,8 @@ sub run {
|
|||
|
||||
# Log access granted
|
||||
$class->logger->debug( "User "
|
||||
. $session->{ $class->tsv->{whatToTrace} }
|
||||
. " was granted to access to $uri" );
|
||||
. $session->{ $class->tsv->{whatToTrace} }
|
||||
. " was granted to access to $uri" );
|
||||
|
||||
# Catch POST rules
|
||||
$class->postOutputFilter( $req, $session, $uri );
|
||||
|
@ -192,7 +192,7 @@ sub run {
|
|||
|
||||
# Redirect user to the portal
|
||||
$class->logger->info("No cookie found")
|
||||
unless ($id);
|
||||
unless ($id);
|
||||
|
||||
# if the cookie was fetched, a log is sent by retrieveSession()
|
||||
$class->updateStatus( $req, $id ? 'EXPIRED' : 'REDIRECT' );
|
||||
|
@ -243,10 +243,10 @@ sub lmLog {
|
|||
sub checkMaintenanceMode {
|
||||
my ( $class, $req ) = @_;
|
||||
my $vhost = $class->resolveAlias($req);
|
||||
my $_maintenance
|
||||
= ( defined $class->tsv->{maintenance}->{$vhost} )
|
||||
? $class->tsv->{maintenance}->{$vhost}
|
||||
: $class->tsv->{maintenance}->{_};
|
||||
my $_maintenance =
|
||||
( defined $class->tsv->{maintenance}->{$vhost} )
|
||||
? $class->tsv->{maintenance}->{$vhost}
|
||||
: $class->tsv->{maintenance}->{_};
|
||||
|
||||
if ($_maintenance) {
|
||||
$class->logger->debug("Maintenance mode enabled");
|
||||
|
@ -272,17 +272,17 @@ sub grant {
|
|||
}
|
||||
}
|
||||
for (
|
||||
my $i = 0;
|
||||
$i < ( $class->tsv->{locationCount}->{$vhost} || 0 );
|
||||
my $i = 0 ;
|
||||
$i < ( $class->tsv->{locationCount}->{$vhost} || 0 ) ;
|
||||
$i++
|
||||
)
|
||||
)
|
||||
{
|
||||
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) {
|
||||
$class->logger->debug( 'Regexp "'
|
||||
. $class->tsv->{locationConditionText}->{$vhost}->[$i]
|
||||
. '" match' );
|
||||
. $class->tsv->{locationConditionText}->{$vhost}->[$i]
|
||||
. '" match' );
|
||||
return $class->tsv->{locationCondition}->{$vhost}->[$i]
|
||||
->( $req, $session );
|
||||
->( $req, $session );
|
||||
}
|
||||
}
|
||||
unless ( $class->tsv->{defaultCondition}->{$vhost} ) {
|
||||
|
@ -319,8 +319,8 @@ sub forbidden {
|
|||
|
||||
# Log forbidding
|
||||
$class->userLogger->notice( "User "
|
||||
. $session->{ $class->tsv->{whatToTrace} }
|
||||
. " was forbidden to access to $vhost$uri" );
|
||||
. $session->{ $class->tsv->{whatToTrace} }
|
||||
. " was forbidden to access to $vhost$uri" );
|
||||
$class->updateStatus( $req, 'REJECT',
|
||||
$session->{ $class->tsv->{whatToTrace} } );
|
||||
|
||||
|
@ -377,9 +377,9 @@ sub goToPortal {
|
|||
$class->logger->debug(
|
||||
"Redirect $req->{env}->{REMOTE_ADDR} to portal (url was $url)");
|
||||
$class->set_header_out( $req,
|
||||
'Location' => $class->tsv->{portal}->()
|
||||
. "$path?url=$urlc_init"
|
||||
. ( $arg ? "&$arg" : "" ) );
|
||||
'Location' => $class->tsv->{portal}->()
|
||||
. "$path?url=$urlc_init"
|
||||
. ( $arg ? "&$arg" : "" ) );
|
||||
return $class->REDIRECT;
|
||||
}
|
||||
|
||||
|
@ -389,9 +389,9 @@ sub goToError {
|
|||
$class->logger->debug(
|
||||
"Redirect $req->{env}->{REMOTE_ADDR} to lmError (url was $url)");
|
||||
$class->set_header_out( $req,
|
||||
'Location' => $class->tsv->{portal}->()
|
||||
. "/lmerror/$code"
|
||||
. "?url=$urlc_init" );
|
||||
'Location' => $class->tsv->{portal}->()
|
||||
. "/lmerror/$code"
|
||||
. "?url=$urlc_init" );
|
||||
return $class->REDIRECT;
|
||||
}
|
||||
|
||||
|
@ -403,12 +403,12 @@ sub fetchId {
|
|||
my $t = $req->{env}->{HTTP_COOKIE} or return 0;
|
||||
my $vhost = $class->resolveAlias($req);
|
||||
my $lookForHttpCookie = ( $class->tsv->{securedCookie} =~ /^(2|3)$/
|
||||
and not $class->_isHttps( $req, $vhost ) );
|
||||
and not $class->_isHttps( $req, $vhost ) );
|
||||
my $cn = $class->tsv->{cookieName};
|
||||
my $value
|
||||
= $lookForHttpCookie
|
||||
? ( $t =~ /${cn}http=([^,; ]+)/o ? $1 : 0 )
|
||||
: ( $t =~ /$cn=([^,; ]+)/o ? $1 : 0 );
|
||||
my $value =
|
||||
$lookForHttpCookie
|
||||
? ( $t =~ /${cn}http=([^,; ]+)/o ? $1 : 0 )
|
||||
: ( $t =~ /$cn=([^,; ]+)/o ? $1 : 0 );
|
||||
|
||||
if ( $value && $lookForHttpCookie && $class->tsv->{securedCookie} == 3 ) {
|
||||
$value = $class->tsv->{cipher}->decryptHex( $value, "http" );
|
||||
|
@ -446,8 +446,8 @@ sub retrieveSession {
|
|||
|
||||
# 2. Get the session from cache or backend
|
||||
my $session = $req->data->{session} = (
|
||||
Lemonldap::NG::Common::Session->new(
|
||||
{ storageModule => $class->tsv->{sessionStorageModule},
|
||||
Lemonldap::NG::Common::Session->new( {
|
||||
storageModule => $class->tsv->{sessionStorageModule},
|
||||
storageModuleOptions => $class->tsv->{sessionStorageOptions},
|
||||
cacheModule => $class->tsv->{sessionCacheModule},
|
||||
cacheModuleOptions => $class->tsv->{sessionCacheOptions},
|
||||
|
@ -464,36 +464,36 @@ sub retrieveSession {
|
|||
|
||||
# Verify that session is valid
|
||||
$class->logger->error(
|
||||
"_utime is not defined. This should not happen. Check if it is well transmitted to handler"
|
||||
"_utime is not defined. This should not happen. Check if it is well transmitted to handler"
|
||||
) unless $session->data->{_utime};
|
||||
|
||||
$class->logger->debug("Check session validity from Handler");
|
||||
$class->logger->debug(
|
||||
"Session timeout -> " . $class->tsv->{timeout} );
|
||||
$class->logger->debug( "Session timeout -> " . $class->tsv->{timeout} );
|
||||
$class->logger->debug( "Session timeoutActivity -> "
|
||||
. $class->tsv->{timeoutActivity}
|
||||
. "s" )
|
||||
if ( $class->tsv->{timeoutActivity} );
|
||||
. $class->tsv->{timeoutActivity}
|
||||
. "s" )
|
||||
if ( $class->tsv->{timeoutActivity} );
|
||||
$class->logger->debug(
|
||||
"Session _utime -> " . $session->data->{_utime} );
|
||||
$class->logger->debug( "now -> " . $now );
|
||||
$class->logger->debug( "_lastSeen -> " . $session->data->{_lastSeen} )
|
||||
if ( $session->data->{_lastSeen} );
|
||||
if ( $session->data->{_lastSeen} );
|
||||
my $delta = $now - $session->data->{_lastSeen}
|
||||
if ( $session->data->{_lastSeen} );
|
||||
if ( $session->data->{_lastSeen} );
|
||||
$class->logger->debug( "now - _lastSeen = " . $delta )
|
||||
if ( $session->data->{_lastSeen} );
|
||||
if ( $session->data->{_lastSeen} );
|
||||
$class->logger->debug( "Session timeoutActivityInterval -> "
|
||||
. $class->tsv->{timeoutActivityInterval} )
|
||||
if ( $class->tsv->{timeoutActivityInterval} );
|
||||
. $class->tsv->{timeoutActivityInterval} )
|
||||
if ( $class->tsv->{timeoutActivityInterval} );
|
||||
my $ttl = $class->tsv->{timeout} - $now + $session->data->{_utime};
|
||||
$class->logger->debug( "Session TTL = " . $ttl );
|
||||
|
||||
if ($now - $session->data->{_utime} > $class->tsv->{timeout}
|
||||
if (
|
||||
$now - $session->data->{_utime} > $class->tsv->{timeout}
|
||||
or ( $class->tsv->{timeoutActivity}
|
||||
and $session->data->{_lastSeen}
|
||||
and $delta > $class->tsv->{timeoutActivity} )
|
||||
)
|
||||
)
|
||||
{
|
||||
$class->logger->info("Session $id expired");
|
||||
|
||||
|
@ -503,10 +503,11 @@ sub retrieveSession {
|
|||
}
|
||||
|
||||
# Update the session to notify activity, if necessary
|
||||
if ($class->tsv->{timeoutActivity}
|
||||
and ( $now - $session->data->{_lastSeen}
|
||||
> $class->tsv->{timeoutActivityInterval} )
|
||||
)
|
||||
if (
|
||||
$class->tsv->{timeoutActivity}
|
||||
and ( $now - $session->data->{_lastSeen} >
|
||||
$class->tsv->{timeoutActivityInterval} )
|
||||
)
|
||||
{
|
||||
$req->data->{session}->update( { '_lastSeen' => $now } );
|
||||
$class->data( $session->data );
|
||||
|
@ -593,9 +594,9 @@ sub _buildUrl {
|
|||
my $_https = $class->_isHttps( $req, $vhost );
|
||||
my $portString = $class->_getPort( $req, $vhost );
|
||||
$portString = (
|
||||
( $realvhost =~ /:\d+/ )
|
||||
or ( $_https && $portString == 443 )
|
||||
or ( !$_https && $portString == 80 )
|
||||
( $realvhost =~ /:\d+/ )
|
||||
or ( $_https && $portString == 443 )
|
||||
or ( !$_https && $portString == 80 )
|
||||
) ? '' : ":$portString";
|
||||
my $url = "http" . ( $_https ? "s" : "" ) . "://$realvhost$portString$s";
|
||||
$class->logger->debug("Build URL $url");
|
||||
|
@ -611,10 +612,10 @@ sub isUnprotected {
|
|||
my ( $class, $req, $uri ) = @_;
|
||||
my $vhost = $class->resolveAlias($req);
|
||||
for (
|
||||
my $i = 0;
|
||||
$i < ( $class->tsv->{locationCount}->{$vhost} || 0 );
|
||||
my $i = 0 ;
|
||||
$i < ( $class->tsv->{locationCount}->{$vhost} || 0 ) ;
|
||||
$i++
|
||||
)
|
||||
)
|
||||
{
|
||||
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) {
|
||||
return $class->tsv->{locationProtection}->{$vhost}->[$i];
|
||||
|
@ -631,8 +632,8 @@ sub sendHeaders {
|
|||
if ( defined $class->tsv->{forgeHeaders}->{$vhost} ) {
|
||||
|
||||
# Log headers in debug mode
|
||||
my %headers
|
||||
= $class->tsv->{forgeHeaders}->{$vhost}->( $req, $session );
|
||||
my %headers =
|
||||
$class->tsv->{forgeHeaders}->{$vhost}->( $req, $session );
|
||||
foreach my $h ( sort keys %headers ) {
|
||||
if ( defined( my $v = $headers{$h} ) ) {
|
||||
$class->logger->debug("Send header $h with value $v");
|
||||
|
@ -655,12 +656,12 @@ sub checkHeaders {
|
|||
if ( defined $class->tsv->{forgeHeaders}->{$vhost} ) {
|
||||
|
||||
# Create array of hashes with headers
|
||||
my %headers
|
||||
= $class->tsv->{forgeHeaders}->{$vhost}->( $req, $session );
|
||||
my %headers =
|
||||
$class->tsv->{forgeHeaders}->{$vhost}->( $req, $session );
|
||||
foreach my $h ( sort keys %headers ) {
|
||||
defined $headers{$h}
|
||||
? push @$array_headers, { key => $h, value => $headers{$h} }
|
||||
: push @$array_headers, { key => $h, value => '' };
|
||||
? push @$array_headers, { key => $h, value => $headers{$h} }
|
||||
: push @$array_headers, { key => $h, value => '' };
|
||||
}
|
||||
}
|
||||
return $array_headers;
|
||||
|
@ -685,7 +686,7 @@ sub resolveAlias {
|
|||
|
||||
$vhost =~ s/:\d+//;
|
||||
return $class->tsv->{vhostAlias}->{$vhost}
|
||||
if ( $class->tsv->{vhostAlias}->{$vhost} );
|
||||
if ( $class->tsv->{vhostAlias}->{$vhost} );
|
||||
return $vhost if ( $class->tsv->{defaultCondition}->{$vhost} );
|
||||
my $v = $vhost;
|
||||
while ( $v =~ s/[\w\-]+/\*/ ) {
|
||||
|
@ -758,8 +759,8 @@ sub postOutputFilter {
|
|||
$class->logger->debug("Filling a html form with fake data");
|
||||
|
||||
$class->unset_header_in( $req, "Accept-Encoding" );
|
||||
my %postdata = $class->tsv->{outputPostData}->{$vhost}->{$uri}
|
||||
->( $req, $session );
|
||||
my %postdata =
|
||||
$class->tsv->{outputPostData}->{$vhost}->{$uri}->( $req, $session );
|
||||
my $formParams = $class->tsv->{postFormParams}->{$vhost}->{$uri};
|
||||
my $js = $class->postJavascript( $req, \%postdata, $formParams );
|
||||
$class->addToHtmlHead( $req, $js );
|
||||
|
@ -776,8 +777,8 @@ sub postInputFilter {
|
|||
if ( defined( $class->tsv->{inputPostData}->{$vhost}->{$uri} ) ) {
|
||||
$class->logger->debug("Replacing fake data with real form data");
|
||||
|
||||
my %data = $class->tsv->{inputPostData}->{$vhost}->{$uri}
|
||||
->( $req, $session );
|
||||
my %data =
|
||||
$class->tsv->{inputPostData}->{$vhost}->{$uri}->( $req, $session );
|
||||
foreach ( keys %data ) {
|
||||
$data{$_} = uri_escape( $data{$_} );
|
||||
}
|
||||
|
@ -797,33 +798,32 @@ sub postJavascript {
|
|||
foreach my $name ( keys %$data ) {
|
||||
use bytes;
|
||||
my $value = "x" x bytes::length( $data->{$name} );
|
||||
$filler
|
||||
.= "form.find('input[name=\"$name\"], select[name=\"$name\"], textarea[name=\"$name\"]').val('$value')\n";
|
||||
$filler .=
|
||||
"form.find('input[name=\"$name\"], select[name=\"$name\"], textarea[name=\"$name\"]').val('$value')\n";
|
||||
}
|
||||
|
||||
my $submitter
|
||||
= $formParams->{buttonSelector} eq "none" ? ""
|
||||
: $formParams->{buttonSelector}
|
||||
? "form.find('$formParams->{buttonSelector}').click();\n"
|
||||
: "form.submit();\n";
|
||||
my $submitter =
|
||||
$formParams->{buttonSelector} eq "none" ? ""
|
||||
: $formParams->{buttonSelector}
|
||||
? "form.find('$formParams->{buttonSelector}').click();\n"
|
||||
: "form.submit();\n";
|
||||
|
||||
my $jqueryUrl = $formParams->{jqueryUrl} || "";
|
||||
$jqueryUrl
|
||||
= &{ $class->tsv->{portal} } . "skins/common/js/jquery-1.10.2.js"
|
||||
if ( $jqueryUrl eq "default" );
|
||||
$jqueryUrl = &{ $class->tsv->{portal} } . "skins/common/js/jquery-1.10.2.js"
|
||||
if ( $jqueryUrl eq "default" );
|
||||
$jqueryUrl = "<script type='text/javascript' src='$jqueryUrl'></script>\n"
|
||||
if ($jqueryUrl);
|
||||
if ($jqueryUrl);
|
||||
|
||||
return
|
||||
$jqueryUrl
|
||||
. "<script type='text/javascript'>\n"
|
||||
. "/* script added by Lemonldap::NG */\n"
|
||||
. "jQuery(window).on('load', function() {\n"
|
||||
. "var form = jQuery('$form');\n"
|
||||
. "form.attr('autocomplete', 'off');\n"
|
||||
. $filler
|
||||
. $submitter . "})\n"
|
||||
. "</script>\n";
|
||||
$jqueryUrl
|
||||
. "<script type='text/javascript'>\n"
|
||||
. "/* script added by Lemonldap::NG */\n"
|
||||
. "jQuery(window).on('load', function() {\n"
|
||||
. "var form = jQuery('$form');\n"
|
||||
. "form.attr('autocomplete', 'off');\n"
|
||||
. $filler
|
||||
. $submitter . "})\n"
|
||||
. "</script>\n";
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
@ -60,6 +60,7 @@ sub _run {
|
|||
$req->userData( $self->api->data );
|
||||
}
|
||||
elsif ( $res->[0] != 403 ) {
|
||||
|
||||
# Unset headers (handler adds a Location header)
|
||||
$self->logger->debug(
|
||||
"User not authenticated, Try in use, cancel redirection");
|
||||
|
|
|
@ -22,7 +22,8 @@ sub cTrees {
|
|||
'locationRules',
|
||||
'exportedHeaders',
|
||||
'post',
|
||||
{ title => 'vhostOptions',
|
||||
{
|
||||
title => 'vhostOptions',
|
||||
help => 'configvhost.html#options',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
|
@ -36,7 +37,8 @@ sub cTrees {
|
|||
'samlIDPMetaDataXML',
|
||||
'samlIDPMetaDataExportedAttributes',
|
||||
|
||||
{ title => "samlIDPMetaDataOptionsSession",
|
||||
{
|
||||
title => "samlIDPMetaDataOptionsSession",
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
"samlIDPMetaDataOptionsAdaptSessionUtime",
|
||||
|
@ -45,7 +47,8 @@ sub cTrees {
|
|||
"samlIDPMetaDataOptionsUserAttribute"
|
||||
]
|
||||
},
|
||||
{ title => "samlIDPMetaDataOptionsSignature",
|
||||
{
|
||||
title => "samlIDPMetaDataOptionsSignature",
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
"samlIDPMetaDataOptionsSignSSOMessage",
|
||||
|
@ -54,14 +57,16 @@ sub cTrees {
|
|||
"samlIDPMetaDataOptionsCheckSLOMessageSignature"
|
||||
]
|
||||
},
|
||||
{ title => "samlIDPMetaDataOptionsBinding",
|
||||
{
|
||||
title => "samlIDPMetaDataOptionsBinding",
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
"samlIDPMetaDataOptionsSSOBinding",
|
||||
"samlIDPMetaDataOptionsSLOBinding"
|
||||
]
|
||||
},
|
||||
{ title => "samlIDPMetaDataOptionsSecurity",
|
||||
{
|
||||
title => "samlIDPMetaDataOptionsSecurity",
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
"samlIDPMetaDataOptionsEncryptionMode",
|
||||
|
@ -69,7 +74,8 @@ sub cTrees {
|
|||
"samlIDPMetaDataOptionsCheckAudience"
|
||||
]
|
||||
},
|
||||
{ title => 'samlIDPMetaDataOptions',
|
||||
{
|
||||
title => 'samlIDPMetaDataOptions',
|
||||
help => 'authsaml.html#options',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
|
@ -83,7 +89,8 @@ sub cTrees {
|
|||
'samlIDPMetaDataOptionsRelayStateURL',
|
||||
],
|
||||
},
|
||||
{ title => "samlIDPMetaDataOptionsDisplay",
|
||||
{
|
||||
title => "samlIDPMetaDataOptionsDisplay",
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
"samlIDPMetaDataOptionsDisplayName",
|
||||
|
@ -94,10 +101,11 @@ sub cTrees {
|
|||
samlSPMetaDataNode => [
|
||||
"samlSPMetaDataXML",
|
||||
"samlSPMetaDataExportedAttributes",
|
||||
{ title => "samlSPMetaDataOptions",
|
||||
{
|
||||
title => "samlSPMetaDataOptions",
|
||||
help => 'idpsaml.html#options',
|
||||
nodes => [
|
||||
{ title => "samlSPMetaDataOptionsAuthnResponse",
|
||||
nodes => [ {
|
||||
title => "samlSPMetaDataOptionsAuthnResponse",
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
"samlSPMetaDataOptionsNameIDFormat",
|
||||
|
@ -108,7 +116,8 @@ sub cTrees {
|
|||
"samlSPMetaDataOptionsForceUTF8"
|
||||
]
|
||||
},
|
||||
{ title => "samlSPMetaDataOptionsSignature",
|
||||
{
|
||||
title => "samlSPMetaDataOptionsSignature",
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
"samlSPMetaDataOptionsSignSSOMessage",
|
||||
|
@ -117,7 +126,8 @@ sub cTrees {
|
|||
"samlSPMetaDataOptionsCheckSLOMessageSignature"
|
||||
]
|
||||
},
|
||||
{ title => "samlSPMetaDataOptionsSecurity",
|
||||
{
|
||||
title => "samlSPMetaDataOptionsSecurity",
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
"samlSPMetaDataOptionsEncryptionMode",
|
||||
|
@ -132,9 +142,10 @@ sub cTrees {
|
|||
'oidcOPMetaDataJSON',
|
||||
'oidcOPMetaDataJWKS',
|
||||
'oidcOPMetaDataExportedVars',
|
||||
{ title => 'oidcOPMetaDataOptions',
|
||||
nodes => [
|
||||
{ title => 'oidcOPMetaDataOptionsConfiguration',
|
||||
{
|
||||
title => 'oidcOPMetaDataOptions',
|
||||
nodes => [ {
|
||||
title => 'oidcOPMetaDataOptionsConfiguration',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'oidcOPMetaDataOptionsConfigurationURI',
|
||||
|
@ -144,7 +155,8 @@ sub cTrees {
|
|||
'oidcOPMetaDataOptionsStoreIDToken'
|
||||
]
|
||||
},
|
||||
{ title => 'oidcOPMetaDataOptionsProtocol',
|
||||
{
|
||||
title => 'oidcOPMetaDataOptionsProtocol',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'oidcOPMetaDataOptionsScope',
|
||||
|
@ -161,7 +173,8 @@ sub cTrees {
|
|||
},
|
||||
]
|
||||
},
|
||||
{ title => 'oidcOPMetaDataOptionsDisplayParams',
|
||||
{
|
||||
title => 'oidcOPMetaDataOptionsDisplayParams',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'oidcOPMetaDataOptionsDisplayName',
|
||||
|
@ -172,9 +185,10 @@ sub cTrees {
|
|||
oidcRPMetaDataNode => [
|
||||
'oidcRPMetaDataExportedVars',
|
||||
'oidcRPMetaDataOptionsExtraClaims',
|
||||
{ title => 'oidcRPMetaDataOptions',
|
||||
nodes => [
|
||||
{ title => 'oidcRPMetaDataOptionsAuthentication',
|
||||
{
|
||||
title => 'oidcRPMetaDataOptions',
|
||||
nodes => [ {
|
||||
title => 'oidcRPMetaDataOptionsAuthentication',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'oidcRPMetaDataOptionsClientID',
|
||||
|
@ -187,7 +201,8 @@ sub cTrees {
|
|||
'oidcRPMetaDataOptionsAccessTokenExpiration',
|
||||
'oidcRPMetaDataOptionsRedirectUris',
|
||||
'oidcRPMetaDataOptionsBypassConsent',
|
||||
{ title => 'logout',
|
||||
{
|
||||
title => 'logout',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'oidcRPMetaDataOptionsPostLogoutRedirectUris',
|
||||
|
@ -199,7 +214,8 @@ sub cTrees {
|
|||
'oidcRPMetaDataOptionsRule',
|
||||
]
|
||||
},
|
||||
{ title => 'oidcRPMetaDataOptionsDisplay',
|
||||
{
|
||||
title => 'oidcRPMetaDataOptionsDisplay',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'oidcRPMetaDataOptionsDisplayName',
|
||||
|
@ -210,7 +226,8 @@ sub cTrees {
|
|||
casSrvMetaDataNode => [
|
||||
'casSrvMetaDataExportedVars',
|
||||
'casSrvMetaDataOptionsProxiedServices',
|
||||
{ title => 'casSrvMetaDataOptions',
|
||||
{
|
||||
title => 'casSrvMetaDataOptions',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'casSrvMetaDataOptionsUrl',
|
||||
|
@ -218,7 +235,8 @@ sub cTrees {
|
|||
'casSrvMetaDataOptionsGateway',
|
||||
]
|
||||
},
|
||||
{ title => 'casSrvMetaDataOptionsDisplay',
|
||||
{
|
||||
title => 'casSrvMetaDataOptionsDisplay',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'casSrvMetaDataOptionsDisplayName',
|
||||
|
@ -226,8 +244,8 @@ sub cTrees {
|
|||
]
|
||||
},
|
||||
],
|
||||
casAppMetaDataNode => [
|
||||
{ title => 'casAppMetaDataOptions',
|
||||
casAppMetaDataNode => [ {
|
||||
title => 'casAppMetaDataOptions',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'casAppMetaDataOptionsService',
|
||||
|
|
|
@ -498,8 +498,7 @@ sub tree {
|
|||
title => 'logParams',
|
||||
help => 'logs.html',
|
||||
form => 'simpleInputContainer',
|
||||
nodes =>
|
||||
[ 'whatToTrace', 'hiddenAttributes' ]
|
||||
nodes => [ 'whatToTrace', 'hiddenAttributes' ]
|
||||
},
|
||||
{
|
||||
title => 'cookieParams',
|
||||
|
@ -652,7 +651,7 @@ sub tree {
|
|||
title => 'impersonation',
|
||||
help => 'impersonation.html',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
nodes => [
|
||||
'impersonationRule',
|
||||
'impersonationPrefix',
|
||||
'impersonationHiddenAttributes',
|
||||
|
|
|
@ -31,7 +31,8 @@ sub tests {
|
|||
portalIsInDomain => sub {
|
||||
return (
|
||||
1,
|
||||
( index( $conf->{portal}, $conf->{domain} ) > 0
|
||||
(
|
||||
index( $conf->{portal}, $conf->{domain} ) > 0
|
||||
? ''
|
||||
: "Portal seems not to be in the domain $conf->{domain}"
|
||||
)
|
||||
|
@ -43,7 +44,7 @@ sub tests {
|
|||
|
||||
# Checking for ending slash
|
||||
$conf->{portal} .= '/'
|
||||
unless ( $conf->{portal} =~ qr#/$# );
|
||||
unless ( $conf->{portal} =~ qr#/$# );
|
||||
|
||||
# Deleting trailing ending slash
|
||||
my $regex = qr#/+$#;
|
||||
|
@ -61,10 +62,11 @@ sub tests {
|
|||
}
|
||||
return (
|
||||
1,
|
||||
( @pb
|
||||
(
|
||||
@pb
|
||||
? 'Virtual hosts '
|
||||
. join( ', ', @pb )
|
||||
. " are not in $conf->{domain} and cross-domain-authentication is not set"
|
||||
. join( ', ', @pb )
|
||||
. " are not in $conf->{domain} and cross-domain-authentication is not set"
|
||||
: undef
|
||||
)
|
||||
);
|
||||
|
@ -78,9 +80,9 @@ sub tests {
|
|||
}
|
||||
if (@pb) {
|
||||
return ( 0,
|
||||
'Virtual hosts '
|
||||
. join( ', ', @pb )
|
||||
. " contain a port, this is not allowed" );
|
||||
'Virtual hosts '
|
||||
. join( ', ', @pb )
|
||||
. " contain a port, this is not allowed" );
|
||||
}
|
||||
else { return 1; }
|
||||
},
|
||||
|
@ -93,9 +95,9 @@ sub tests {
|
|||
}
|
||||
if (@pb) {
|
||||
return ( 0,
|
||||
'Virtual hosts '
|
||||
. join( ', ', @pb )
|
||||
. " must be in lower case" );
|
||||
'Virtual hosts '
|
||||
. join( ', ', @pb )
|
||||
. " must be in lower case" );
|
||||
}
|
||||
else { return 1; }
|
||||
},
|
||||
|
@ -103,12 +105,12 @@ sub tests {
|
|||
# Check if "userDB" and "authentication" are consistent
|
||||
authAndUserDBConsistency => sub {
|
||||
foreach
|
||||
my $type (qw(Facebook Google OpenID OpenIDConnect SAML WebID))
|
||||
my $type (qw(Facebook Google OpenID OpenIDConnect SAML WebID))
|
||||
{
|
||||
return ( 0,
|
||||
"\"$type\" can not be used as user database without using \"$type\" for authentication"
|
||||
)
|
||||
if ($conf->{userDB} =~ /$type/
|
||||
"\"$type\" can not be used as user database without using \"$type\" for authentication"
|
||||
)
|
||||
if ( $conf->{userDB} =~ /$type/
|
||||
and $conf->{authentication} !~ /$type/ );
|
||||
}
|
||||
return 1;
|
||||
|
@ -118,29 +120,30 @@ sub tests {
|
|||
checkAttrAndMacros => sub {
|
||||
my @tmp;
|
||||
foreach my $k ( keys %$conf ) {
|
||||
if ( $k
|
||||
=~ /^(?:openIdSreg_(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)|whatToTrace)$/
|
||||
)
|
||||
if ( $k =~
|
||||
/^(?:openIdSreg_(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)|whatToTrace)$/
|
||||
)
|
||||
{
|
||||
my $v = $conf->{$k};
|
||||
$v =~ s/^$//;
|
||||
next if ( $v =~ /^_/ );
|
||||
push @tmp,
|
||||
$k
|
||||
unless (
|
||||
$k
|
||||
unless (
|
||||
defined(
|
||||
$conf->{exportedVars}->{$v}
|
||||
or defined( $conf->{macros}->{$v} )
|
||||
or defined( $conf->{macros}->{$v} )
|
||||
)
|
||||
);
|
||||
);
|
||||
}
|
||||
}
|
||||
return (
|
||||
1,
|
||||
( @tmp
|
||||
(
|
||||
@tmp
|
||||
? 'Values of parameter(s) "'
|
||||
. join( ', ', @tmp )
|
||||
. '" are not defined in exported attributes or macros'
|
||||
. join( ', ', @tmp )
|
||||
. '" are not defined in exported attributes or macros'
|
||||
: ''
|
||||
)
|
||||
);
|
||||
|
@ -152,18 +155,18 @@ sub tests {
|
|||
if ( $conf->{userDB} =~ /^Google$/ ) {
|
||||
foreach my $k ( keys %{ $conf->{exportedVars} } ) {
|
||||
my $v = $conf->{exportedVars}->{$k};
|
||||
if ( $v !~ Lemonldap::NG::Common::Regexp::GOOGLEAXATTR() )
|
||||
{
|
||||
if ( $v !~ Lemonldap::NG::Common::Regexp::GOOGLEAXATTR() ) {
|
||||
push @tmp, $v;
|
||||
}
|
||||
}
|
||||
}
|
||||
return (
|
||||
1,
|
||||
( @tmp
|
||||
(
|
||||
@tmp
|
||||
? 'Values of parameter(s) "'
|
||||
. join( ', ', @tmp )
|
||||
. '" are not exported by Google'
|
||||
. join( ', ', @tmp )
|
||||
. '" are not exported by Google'
|
||||
: ''
|
||||
)
|
||||
);
|
||||
|
@ -175,8 +178,7 @@ sub tests {
|
|||
if ( $conf->{userDB} =~ /^OpenID$/ ) {
|
||||
foreach my $k ( keys %{ $conf->{exportedVars} } ) {
|
||||
my $v = $conf->{exportedVars}->{$k};
|
||||
if ( $v
|
||||
!~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() )
|
||||
if ( $v !~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() )
|
||||
{
|
||||
push @tmp, $v;
|
||||
}
|
||||
|
@ -184,10 +186,11 @@ sub tests {
|
|||
}
|
||||
return (
|
||||
1,
|
||||
( @tmp
|
||||
(
|
||||
@tmp
|
||||
? 'Values of parameter(s) "'
|
||||
. join( ', ', @tmp )
|
||||
. '" are not exported by OpenID SREG'
|
||||
. join( ', ', @tmp )
|
||||
. '" are not exported by OpenID SREG'
|
||||
: ''
|
||||
)
|
||||
);
|
||||
|
@ -196,40 +199,39 @@ sub tests {
|
|||
# Try to use Apache::Session module
|
||||
testApacheSession => sub {
|
||||
my ( $id, %h );
|
||||
my $gc
|
||||
= Lemonldap::NG::Handler::Main->tsv->{sessionStorageModule};
|
||||
my $gc = Lemonldap::NG::Handler::Main->tsv->{sessionStorageModule};
|
||||
return 1
|
||||
if ( ( $gc and $gc eq $conf->{globalStorage} )
|
||||
or $conf->{globalStorage}
|
||||
=~ /^Lemonldap::NG::Common::Apache::Session::/ );
|
||||
if ( ( $gc and $gc eq $conf->{globalStorage} )
|
||||
or $conf->{globalStorage} =~
|
||||
/^Lemonldap::NG::Common::Apache::Session::/ );
|
||||
eval "use $conf->{globalStorage}";
|
||||
return ( -1, "Unknown package $conf->{globalStorage}" ) if ($@);
|
||||
eval {
|
||||
tie %h, 'Lemonldap::NG::Common::Apache::Session', undef,
|
||||
{
|
||||
{
|
||||
%{ $conf->{globalStorageOptions} },
|
||||
backend => $conf->{globalStorage}
|
||||
};
|
||||
};
|
||||
};
|
||||
return ( -1, "Unable to create a session ($@)" )
|
||||
if ( $@ or not tied(%h) );
|
||||
if ( $@ or not tied(%h) );
|
||||
eval {
|
||||
$h{a} = 1;
|
||||
$id = $h{_session_id} or return ( -1, 'No _session_id' );
|
||||
untie(%h);
|
||||
tie %h, 'Lemonldap::NG::Common::Apache::Session', $id,
|
||||
{
|
||||
{
|
||||
%{ $conf->{globalStorageOptions} },
|
||||
backend => $conf->{globalStorage}
|
||||
};
|
||||
};
|
||||
};
|
||||
return ( -1, "Unable to insert data ($@)" ) if ($@);
|
||||
return ( -1, "Unable to recover data stored" )
|
||||
unless ( $h{a} == 1 );
|
||||
unless ( $h{a} == 1 );
|
||||
eval { tied(%h)->delete; };
|
||||
return ( -1, "Unable to delete session ($@)" ) if ($@);
|
||||
return ( -1,
|
||||
'All sessions may be lost and you must restart all your Apache servers'
|
||||
'All sessions may be lost and you must restart all your Apache servers'
|
||||
) if ( $gc and $conf->{globalStorage} ne $gc );
|
||||
return 1;
|
||||
},
|
||||
|
@ -239,8 +241,9 @@ sub tests {
|
|||
my $cn = Lemonldap::NG::Handler::Main->tsv->{cookieName};
|
||||
return (
|
||||
1,
|
||||
( $cn
|
||||
and $cn ne $conf->{cookieName}
|
||||
(
|
||||
$cn
|
||||
and $cn ne $conf->{cookieName}
|
||||
? 'Cookie name has changed, you must restart all your web servers'
|
||||
: ()
|
||||
)
|
||||
|
@ -251,10 +254,10 @@ sub tests {
|
|||
cookieTTL => sub {
|
||||
return 1 unless ( defined $conf->{cookieExpiration} );
|
||||
return ( 0, "Cookie TTL must be higher than one minute" )
|
||||
unless ( $conf->{cookieExpiration} == 0
|
||||
unless ( $conf->{cookieExpiration} == 0
|
||||
|| $conf->{cookieExpiration} > 60 );
|
||||
return ( 1, "Cookie TTL should be higher or equal than one hour" )
|
||||
unless ( $conf->{cookieExpiration} >= 3600
|
||||
unless ( $conf->{cookieExpiration} >= 3600
|
||||
|| $conf->{cookieExpiration} == 0 );
|
||||
|
||||
# Return
|
||||
|
@ -265,7 +268,7 @@ sub tests {
|
|||
sessionTimeout => sub {
|
||||
return 1 unless ( defined $conf->{timeout} );
|
||||
return ( -1, "Session timeout should be higher than ten minutes" )
|
||||
unless ( $conf->{timeout} > 600
|
||||
unless ( $conf->{timeout} > 600
|
||||
|| $conf->{timeout} == 0 );
|
||||
|
||||
# Return
|
||||
|
@ -276,9 +279,9 @@ sub tests {
|
|||
sessionTimeoutActivity => sub {
|
||||
return 1 unless ( defined $conf->{timeoutActivity} );
|
||||
return ( 0,
|
||||
"Session activity timeout must be higher or equal than one minute"
|
||||
)
|
||||
unless ( $conf->{timeoutActivity} > 59
|
||||
"Session activity timeout must be higher or equal than one minute"
|
||||
)
|
||||
unless ( $conf->{timeoutActivity} > 59
|
||||
|| $conf->{timeoutActivity} == 0 );
|
||||
|
||||
# Return
|
||||
|
@ -289,11 +292,11 @@ sub tests {
|
|||
timeoutActivityInterval => sub {
|
||||
return 1 unless ( defined $conf->{timeoutActivityInterval} );
|
||||
return ( 0,
|
||||
"Activity timeout interval must be lower than session activity timeout"
|
||||
)
|
||||
if ($conf->{timeoutActivity}
|
||||
and $conf->{timeoutActivity}
|
||||
<= $conf->{timeoutActivityInterval} );
|
||||
"Activity timeout interval must be lower than session activity timeout"
|
||||
)
|
||||
if ( $conf->{timeoutActivity}
|
||||
and $conf->{timeoutActivity} <=
|
||||
$conf->{timeoutActivityInterval} );
|
||||
|
||||
# Return
|
||||
return 1;
|
||||
|
@ -303,7 +306,8 @@ sub tests {
|
|||
managerProtection => sub {
|
||||
return (
|
||||
1,
|
||||
( $conf->{cfgAuthor} eq 'anonymous'
|
||||
(
|
||||
$conf->{cfgAuthor} eq 'anonymous'
|
||||
? 'Your manager seems to be unprotected'
|
||||
: ''
|
||||
)
|
||||
|
@ -319,7 +323,7 @@ sub tests {
|
|||
# Use SMTP
|
||||
eval "use Net::SMTP";
|
||||
return ( 1, "Net::SMTP module is required to use SMTP server" )
|
||||
if ($@);
|
||||
if ($@);
|
||||
|
||||
# Create SMTP object
|
||||
my $smtp = Net::SMTP->new(
|
||||
|
@ -329,15 +333,15 @@ sub tests {
|
|||
);
|
||||
return ( 1,
|
||||
"SMTP connection to " . $conf->{SMTPServer} . " failed" )
|
||||
unless ($smtp);
|
||||
unless ($smtp);
|
||||
|
||||
# Skip other tests if no authentication
|
||||
return 1
|
||||
unless ( $conf->{SMTPAuthUser} and $conf->{SMTPAuthPass} );
|
||||
unless ( $conf->{SMTPAuthUser} and $conf->{SMTPAuthPass} );
|
||||
|
||||
# Try authentication
|
||||
return ( 1, "SMTP authentication failed" )
|
||||
unless $smtp->auth( $conf->{SMTPAuthUser},
|
||||
unless $smtp->auth( $conf->{SMTPAuthUser},
|
||||
$conf->{SMTPAuthPass} );
|
||||
|
||||
# Return
|
||||
|
@ -347,14 +351,15 @@ sub tests {
|
|||
# SAML entity ID must be uniq
|
||||
samlIDPEntityIdUniqueness => sub {
|
||||
return 1
|
||||
unless ( $conf->{samlIDPMetaDataXML}
|
||||
unless ( $conf->{samlIDPMetaDataXML}
|
||||
and %{ $conf->{samlIDPMetaDataXML} } );
|
||||
my @msg;
|
||||
my $res = 1;
|
||||
my %entityIds;
|
||||
foreach my $idpId ( keys %{ $conf->{samlIDPMetaDataXML} } ) {
|
||||
unless ( $conf->{samlIDPMetaDataXML}->{$idpId}
|
||||
->{samlIDPMetaDataXML} =~ /entityID=(['"])(.+?)\1/si )
|
||||
unless (
|
||||
$conf->{samlIDPMetaDataXML}->{$idpId}->{samlIDPMetaDataXML}
|
||||
=~ /entityID=(['"])(.+?)\1/si )
|
||||
{
|
||||
push @msg, "$idpId SAML metadata has no EntityID";
|
||||
$res = 0;
|
||||
|
@ -363,7 +368,7 @@ sub tests {
|
|||
my $eid = $2;
|
||||
if ( defined $entityIds{$eid} ) {
|
||||
push @msg,
|
||||
"$idpId and $entityIds{$eid} have the same SAML EntityID";
|
||||
"$idpId and $entityIds{$eid} have the same SAML EntityID";
|
||||
$res = 0;
|
||||
next;
|
||||
}
|
||||
|
@ -373,15 +378,15 @@ sub tests {
|
|||
},
|
||||
samlSPEntityIdUniqueness => sub {
|
||||
return 1
|
||||
unless ( $conf->{samlSPMetaDataXML}
|
||||
unless ( $conf->{samlSPMetaDataXML}
|
||||
and %{ $conf->{samlSPMetaDataXML} } );
|
||||
my @msg;
|
||||
my $res = 1;
|
||||
my %entityIds;
|
||||
foreach my $spId ( keys %{ $conf->{samlSPMetaDataXML} } ) {
|
||||
unless (
|
||||
$conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML}
|
||||
=~ /entityID=(['"])(.+?)\1/si )
|
||||
$conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML} =~
|
||||
/entityID=(['"])(.+?)\1/si )
|
||||
{
|
||||
push @msg, "$spId SAML metadata has no EntityID";
|
||||
$res = 0;
|
||||
|
@ -390,7 +395,7 @@ sub tests {
|
|||
my $eid = $2;
|
||||
if ( defined $entityIds{$eid} ) {
|
||||
push @msg,
|
||||
"$spId and $entityIds{$eid} have the same SAML EntityID";
|
||||
"$spId and $entityIds{$eid} have the same SAML EntityID";
|
||||
$res = 0;
|
||||
next;
|
||||
}
|
||||
|
@ -404,7 +409,7 @@ sub tests {
|
|||
return 1 unless ( $conf->{authentication} eq 'Combination' );
|
||||
require Lemonldap::NG::Common::Combination::Parser;
|
||||
return ( 0, 'No module declared for combination' )
|
||||
unless ( $conf->{combModules} and %{ $conf->{combModules} } );
|
||||
unless ( $conf->{combModules} and %{ $conf->{combModules} } );
|
||||
my $moduleList;
|
||||
foreach my $md ( keys %{ $conf->{combModules} } ) {
|
||||
my $entry = $conf->{combModules}->{$md};
|
||||
|
@ -415,8 +420,8 @@ sub tests {
|
|||
);
|
||||
}
|
||||
eval {
|
||||
Lemonldap::NG::Common::Combination::Parser->parse(
|
||||
$moduleList, $conf->{combination} );
|
||||
Lemonldap::NG::Common::Combination::Parser->parse( $moduleList,
|
||||
$conf->{combination} );
|
||||
};
|
||||
return ( 0, $@ ) if ($@);
|
||||
|
||||
|
@ -428,9 +433,9 @@ sub tests {
|
|||
combinationParameters => sub {
|
||||
return 1 unless ( $conf->{authentication} eq "Combination" );
|
||||
return ( 0, "Combination rule must be defined" )
|
||||
unless ( $conf->{combination} );
|
||||
unless ( $conf->{combination} );
|
||||
return ( 0, 'userDB must be set to "Same" to enable Combination' )
|
||||
unless ( $conf->{userDB} eq "Same" );
|
||||
unless ( $conf->{userDB} eq "Same" );
|
||||
|
||||
# Return
|
||||
return 1;
|
||||
|
@ -453,7 +458,7 @@ sub tests {
|
|||
eval "use Convert::Base32";
|
||||
return ( 1,
|
||||
"Convert::Base32 module is required to enable TOTP" )
|
||||
if ($@);
|
||||
if ($@);
|
||||
}
|
||||
|
||||
# Use U2F
|
||||
|
@ -462,7 +467,7 @@ sub tests {
|
|||
{
|
||||
eval "use Crypt::U2F::Server::Simple";
|
||||
return ( 1,
|
||||
"Crypt::U2F::Server::Simple module is required to enable U2F"
|
||||
"Crypt::U2F::Server::Simple module is required to enable U2F"
|
||||
) if ($@);
|
||||
}
|
||||
|
||||
|
@ -470,7 +475,7 @@ sub tests {
|
|||
if ( $conf->{yubikey2fActivation} ) {
|
||||
eval "use Auth::Yubikey_WebClient";
|
||||
return ( 1,
|
||||
"Auth::Yubikey_WebClient module is required to enable Yubikey"
|
||||
"Auth::Yubikey_WebClient module is required to enable Yubikey"
|
||||
) if ($@);
|
||||
}
|
||||
|
||||
|
@ -484,7 +489,7 @@ sub tests {
|
|||
my $w = "";
|
||||
foreach ( 'totp', 'u' ) {
|
||||
$w .= uc($_) . "2F is activated twice \n"
|
||||
if ( $conf->{ $_ . '2fActivation' } eq '1' );
|
||||
if ( $conf->{ $_ . '2fActivation' } eq '1' );
|
||||
}
|
||||
return ( 1, ( $w ? $w : () ) );
|
||||
},
|
||||
|
@ -495,9 +500,9 @@ sub tests {
|
|||
return 1 unless ( defined $conf->{totp2fDigits} );
|
||||
return (
|
||||
1,
|
||||
(
|
||||
( $conf->{totp2fDigits} == 6
|
||||
or $conf->{totp2fDigits} == 8
|
||||
( (
|
||||
$conf->{totp2fDigits} == 6
|
||||
or $conf->{totp2fDigits} == 8
|
||||
)
|
||||
? ''
|
||||
: 'TOTP should be 6 or 8 digits long'
|
||||
|
@ -509,9 +514,9 @@ sub tests {
|
|||
totp2fParams => sub {
|
||||
return 1 unless ( $conf->{totp2fActivation} );
|
||||
return ( 0, 'TOTP range must be defined' )
|
||||
unless ( $conf->{totp2fRange} );
|
||||
unless ( $conf->{totp2fRange} );
|
||||
return ( 1, "TOTP interval should be higher than 10s" )
|
||||
unless ( $conf->{totp2fInterval} > 10 );
|
||||
unless ( $conf->{totp2fInterval} > 10 );
|
||||
|
||||
# Return
|
||||
return 1;
|
||||
|
@ -522,11 +527,12 @@ sub tests {
|
|||
yubikey2fParams => sub {
|
||||
return 1 unless ( $conf->{yubikey2fActivation} );
|
||||
return ( 0, "Yubikey client ID and secret key must be set" )
|
||||
unless ( defined $conf->{yubikey2fSecretKey}
|
||||
unless ( defined $conf->{yubikey2fSecretKey}
|
||||
&& defined $conf->{yubikey2fClientID} );
|
||||
return (
|
||||
1,
|
||||
( ( $conf->{yubikey2fPublicIDSize} == 12 )
|
||||
(
|
||||
( $conf->{yubikey2fPublicIDSize} == 12 )
|
||||
? ''
|
||||
: 'Yubikey public ID size should be 12 digits long'
|
||||
)
|
||||
|
@ -537,7 +543,7 @@ sub tests {
|
|||
rest2fVerifyUrl => sub {
|
||||
return 1 unless ( $conf->{rest2fActivation} );
|
||||
return ( 0, "REST 2F Verify URL must be set" )
|
||||
unless ( defined $conf->{rest2fVerifyUrl} );
|
||||
unless ( defined $conf->{rest2fVerifyUrl} );
|
||||
|
||||
# Return
|
||||
return 1;
|
||||
|
@ -551,16 +557,15 @@ sub tests {
|
|||
my $ok = 0;
|
||||
foreach (qw(u totp yubikey)) {
|
||||
$ok ||= $conf->{ $_ . '2fActivation' }
|
||||
&& $conf->{ $_ . '2fSelfRegistration' };
|
||||
&& $conf->{ $_ . '2fSelfRegistration' };
|
||||
last if ($ok);
|
||||
}
|
||||
|
||||
$ok ||= $conf->{'utotp2fActivation'}
|
||||
&& ( $conf->{'u2fSelfRegistration'}
|
||||
&& ( $conf->{'u2fSelfRegistration'}
|
||||
|| $conf->{'totp2fSelfRegistration'} );
|
||||
$msg
|
||||
= "A self registrable module should be enabled to require 2FA"
|
||||
unless ($ok);
|
||||
$msg = "A self registrable module should be enabled to require 2FA"
|
||||
unless ($ok);
|
||||
|
||||
return ( 1, $msg );
|
||||
},
|
||||
|
@ -569,10 +574,10 @@ sub tests {
|
|||
ext2fCommands => sub {
|
||||
return 1 unless ( $conf->{ext2fActivation} );
|
||||
return ( 0, "External 2F Send command must be set" )
|
||||
unless ( defined $conf->{ext2FSendCommand} );
|
||||
unless ( defined $conf->{ext2FSendCommand} );
|
||||
unless ( defined $conf->{ext2fCodeActivation} ) {
|
||||
return ( 0, "External 2F Validate command must be set" )
|
||||
unless ( defined $conf->{ext2FValidateCommand} );
|
||||
unless ( defined $conf->{ext2FValidateCommand} );
|
||||
}
|
||||
|
||||
# Return
|
||||
|
@ -583,9 +588,9 @@ sub tests {
|
|||
formTimeout => sub {
|
||||
return 1 unless ( defined $conf->{formTimeout} );
|
||||
return ( 0, "XSRF form token TTL must be higher than 30s" )
|
||||
unless ( $conf->{formTimeout} > 30 );
|
||||
unless ( $conf->{formTimeout} > 30 );
|
||||
return ( 1, "XSRF form token TTL should not be higher than 2mn" )
|
||||
if ( $conf->{formTimeout} > 120 );
|
||||
if ( $conf->{formTimeout} > 120 );
|
||||
|
||||
# Return
|
||||
return 1;
|
||||
|
@ -594,9 +599,8 @@ sub tests {
|
|||
# Warn if number of password reset retries is null
|
||||
passwordResetRetries => sub {
|
||||
return 1 unless ( $conf->{portalDisplayResetPassword} );
|
||||
return ( 1,
|
||||
"Number of reset password retries should not be null" )
|
||||
unless ( $conf->{passwordResetAllowedRetries} );
|
||||
return ( 1, "Number of reset password retries should not be null" )
|
||||
unless ( $conf->{passwordResetAllowedRetries} );
|
||||
|
||||
# Return
|
||||
return 1;
|
||||
|
@ -606,10 +610,10 @@ sub tests {
|
|||
bruteForceProtection => sub {
|
||||
return 1 unless ( $conf->{bruteForceProtection} );
|
||||
return ( 1,
|
||||
'"History" plugin is required to enable "BruteForceProtection" plugin'
|
||||
'"History" plugin is required to enable "BruteForceProtection" plugin'
|
||||
) unless ( $conf->{loginHistoryEnabled} );
|
||||
return ( 1,
|
||||
'Number of failed logins must be higher than 2 to enable "BruteForceProtection" plugin'
|
||||
'Number of failed logins must be higher than 2 to enable "BruteForceProtection" plugin'
|
||||
) unless ( $conf->{failedLoginNumber} > 2 );
|
||||
|
||||
# Return
|
||||
|
@ -620,9 +624,9 @@ sub tests {
|
|||
checkMailResetSecurity => sub {
|
||||
return 1 unless ( $conf->{portalDisplayResetPassword} );
|
||||
return ( -1,
|
||||
'"passwordMailReset" plugin is enabled without CSRF Token neither Captcha required !!!'
|
||||
)
|
||||
unless ( $conf->{requireToken}
|
||||
'"passwordMailReset" plugin is enabled without CSRF Token neither Captcha required !!!'
|
||||
)
|
||||
unless ( $conf->{requireToken}
|
||||
or $conf->{captcha_mail_enabled} );
|
||||
|
||||
# Return
|
||||
|
|
|
@ -4,11 +4,11 @@ use strict;
|
|||
use Mouse;
|
||||
use String::Random;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_BADCREDENTIALS
|
||||
PE_ERROR
|
||||
PE_FORMEMPTY
|
||||
PE_OK
|
||||
PE_SENDRESPONSE
|
||||
PE_BADCREDENTIALS
|
||||
PE_ERROR
|
||||
PE_FORMEMPTY
|
||||
PE_OK
|
||||
PE_SENDRESPONSE
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.3';
|
||||
|
@ -30,7 +30,7 @@ sub init {
|
|||
}
|
||||
}
|
||||
$self->logo( $self->conf->{ext2fLogo} )
|
||||
if ( $self->conf->{ext2fLogo} );
|
||||
if ( $self->conf->{ext2fLogo} );
|
||||
return $self->SUPER::init();
|
||||
}
|
||||
if ( $self->conf->{ext2fCodeActivation} ) {
|
||||
|
@ -40,7 +40,7 @@ sub init {
|
|||
}
|
||||
$self->random( String::Random->new );
|
||||
$self->logo( $self->conf->{ext2fLogo} )
|
||||
if ( $self->conf->{ext2fLogo} );
|
||||
if ( $self->conf->{ext2fLogo} );
|
||||
return $self->SUPER::init();
|
||||
}
|
||||
return 0;
|
||||
|
@ -57,22 +57,22 @@ sub run {
|
|||
# Generate Code to send
|
||||
my $code;
|
||||
if ( $self->conf->{ext2fCodeActivation} ) {
|
||||
$code
|
||||
= $self->random->randregex( $self->conf->{ext2fCodeActivation} );
|
||||
$code = $self->random->randregex( $self->conf->{ext2fCodeActivation} );
|
||||
$self->logger->debug("Generated ext2f code : $code");
|
||||
$self->ott->updateToken( $token, __ext2fcode => $code );
|
||||
}
|
||||
|
||||
# Prepare command and launch it
|
||||
$self->logger->debug( 'Launching "Send" external 2F command -> '
|
||||
. $self->conf->{ext2FSendCommand} );
|
||||
if (my $c = $self->launch(
|
||||
. $self->conf->{ext2FSendCommand} );
|
||||
if (
|
||||
my $c = $self->launch(
|
||||
$req->sessionInfo, $self->conf->{ext2FSendCommand}, $code
|
||||
)
|
||||
)
|
||||
)
|
||||
{
|
||||
$self->logger->error("External send command failed (code $c)");
|
||||
return $self->p->do( $req, [ sub {PE_ERROR} ] );
|
||||
return $self->p->do( $req, [ sub { PE_ERROR } ] );
|
||||
}
|
||||
|
||||
# Prepare form
|
||||
|
@ -104,15 +104,16 @@ sub verify {
|
|||
|
||||
# Prepare command and launch it
|
||||
$self->logger->debug( 'Launching "Validate" external 2F command -> '
|
||||
. $self->conf->{ext2FValidateCommand} );
|
||||
. $self->conf->{ext2FValidateCommand} );
|
||||
$self->logger->debug(" code -> $usercode");
|
||||
if (my $c = $self->launch(
|
||||
if (
|
||||
my $c = $self->launch(
|
||||
$session, $self->conf->{ext2FValidateCommand}, $usercode
|
||||
)
|
||||
)
|
||||
)
|
||||
{
|
||||
$self->userLogger->warn( 'Second factor failed for '
|
||||
. $session->{ $self->conf->{whatToTrace} } );
|
||||
. $session->{ $self->conf->{whatToTrace} } );
|
||||
$self->logger->error("External verify command failed (code $c)");
|
||||
return PE_BADCREDENTIALS;
|
||||
}
|
||||
|
@ -130,7 +131,7 @@ sub verify {
|
|||
return PE_OK if ( $usercode eq $savedcode );
|
||||
|
||||
$self->userLogger->warn( 'Second factor failed for '
|
||||
. $session->{ $self->conf->{whatToTrace} } );
|
||||
. $session->{ $self->conf->{whatToTrace} } );
|
||||
return PE_BADCREDENTIALS;
|
||||
}
|
||||
|
||||
|
|
|
@ -4,18 +4,18 @@ use strict;
|
|||
use Mouse;
|
||||
use String::Random;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_BADCREDENTIALS
|
||||
PE_ERROR
|
||||
PE_FORMEMPTY
|
||||
PE_OK
|
||||
PE_SENDRESPONSE
|
||||
PE_MUSTHAVEMAIL
|
||||
PE_BADCREDENTIALS
|
||||
PE_ERROR
|
||||
PE_FORMEMPTY
|
||||
PE_OK
|
||||
PE_SENDRESPONSE
|
||||
PE_MUSTHAVEMAIL
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.2';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::SecondFactor',
|
||||
'Lemonldap::NG::Portal::Lib::SMTP';
|
||||
'Lemonldap::NG::Portal::Lib::SMTP';
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
|
@ -31,10 +31,10 @@ has ott => (
|
|||
is => 'rw',
|
||||
lazy => 1,
|
||||
default => sub {
|
||||
my $ott = $_[0]->{p}
|
||||
->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
||||
my $ott =
|
||||
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
||||
$ott->timeout( $_[0]->{conf}->{mail2fTimeout}
|
||||
|| $_[0]->{conf}->{formTimeout} );
|
||||
|| $_[0]->{conf}->{formTimeout} );
|
||||
return $ott;
|
||||
}
|
||||
);
|
||||
|
@ -47,7 +47,7 @@ sub init {
|
|||
return 0;
|
||||
}
|
||||
$self->logo( $self->conf->{mail2fLogo} )
|
||||
if ( $self->conf->{mail2fLogo} );
|
||||
if ( $self->conf->{mail2fLogo} );
|
||||
return $self->SUPER::init();
|
||||
}
|
||||
|
||||
|
@ -63,7 +63,7 @@ sub run {
|
|||
my $dest = $req->{sessionInfo}->{ $self->conf->{mailSessionKey} };
|
||||
unless ($dest) {
|
||||
$self->logger->error( "Could not find mail attribute for login "
|
||||
. $req->{sessionInfo}->{_user} );
|
||||
. $req->{sessionInfo}->{_user} );
|
||||
return PE_MUSTHAVEMAIL;
|
||||
}
|
||||
|
||||
|
@ -141,7 +141,7 @@ sub verify {
|
|||
return PE_OK if ( $usercode eq $savedcode );
|
||||
|
||||
$self->userLogger->warn( 'Second factor failed for '
|
||||
. $session->{ $self->conf->{whatToTrace} } );
|
||||
. $session->{ $self->conf->{whatToTrace} } );
|
||||
return PE_BADCREDENTIALS;
|
||||
}
|
||||
|
||||
|
|
|
@ -49,7 +49,7 @@ sub authenticate {
|
|||
|
||||
unless ( $req->data->{password} ) {
|
||||
$self->p->{user} = $req->userData->{_dn} = $req->data->{dn};
|
||||
unless($self->p->{_passwordDB}) {
|
||||
unless ( $self->p->{_passwordDB} ) {
|
||||
$self->logger->error('No password database configured, aborting');
|
||||
return PE_ERROR;
|
||||
}
|
||||
|
|
|
@ -8,15 +8,15 @@ package Lemonldap::NG::Portal::Auth::_WebForm;
|
|||
use strict;
|
||||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_CAPTCHAEMPTY
|
||||
PE_CAPTCHAERROR
|
||||
PE_FIRSTACCESS
|
||||
PE_FORMEMPTY
|
||||
PE_NOTOKEN
|
||||
PE_OK
|
||||
PE_PASSWORDFORMEMPTY
|
||||
PE_TOKENEXPIRED
|
||||
PE_MALFORMEDUSER
|
||||
PE_CAPTCHAEMPTY
|
||||
PE_CAPTCHAERROR
|
||||
PE_FIRSTACCESS
|
||||
PE_FORMEMPTY
|
||||
PE_NOTOKEN
|
||||
PE_OK
|
||||
PE_PASSWORDFORMEMPTY
|
||||
PE_TOKENEXPIRED
|
||||
PE_MALFORMEDUSER
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.0';
|
||||
|
@ -53,7 +53,7 @@ sub init {
|
|||
# Read username and password from POST data
|
||||
sub extractFormInfo {
|
||||
my ( $self, $req ) = @_;
|
||||
|
||||
|
||||
if ( $req->param('user') ) {
|
||||
unless ( $req->param('user') =~ /$self->{conf}->{userControl}/o ) {
|
||||
$self->setSecurity($req);
|
||||
|
@ -75,20 +75,18 @@ sub extractFormInfo {
|
|||
# 2. If user and password defined -> login form
|
||||
elsif ( $defUser and $defPassword ) {
|
||||
$res = PE_FORMEMPTY
|
||||
unless ( ( $req->{user} = $req->param('user') )
|
||||
unless ( ( $req->{user} = $req->param('user') )
|
||||
&& ( $req->data->{password} = $req->param('password') ) );
|
||||
}
|
||||
|
||||
# 3. If user and oldpassword defined -> password form
|
||||
elsif ( $defUser and $defOldPassword ) {
|
||||
$res = PE_PASSWORDFORMEMPTY
|
||||
unless (
|
||||
( $req->{user} = $req->param('user') )
|
||||
unless ( ( $req->{user} = $req->param('user') )
|
||||
&& ( $req->data->{oldpassword} = $req->param('oldpassword') )
|
||||
&& ( $req->data->{newpassword} = $req->param('newpassword') )
|
||||
&& ( $req->data->{confirmpassword}
|
||||
= $req->param('confirmpassword') )
|
||||
);
|
||||
&& ( $req->data->{confirmpassword} =
|
||||
$req->param('confirmpassword') ) );
|
||||
}
|
||||
|
||||
# If form seems empty
|
||||
|
@ -148,7 +146,7 @@ sub setAuthSessionInfo {
|
|||
# WARNING: it can be a security hole
|
||||
if ( $self->conf->{storePassword} ) {
|
||||
$req->{sessionInfo}->{'_password'} = $req->data->{'newpassword'}
|
||||
|| $req->data->{'password'};
|
||||
|| $req->data->{'password'};
|
||||
}
|
||||
|
||||
# Store user timezone
|
||||
|
|
|
@ -4,7 +4,8 @@ use strict;
|
|||
use Mouse;
|
||||
use URI::Escape;
|
||||
use Lemonldap::NG::Common::FormEncode;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_BADURL PE_GET_SERVICE_NOT_ALLOWED);
|
||||
use Lemonldap::NG::Portal::Main::Constants
|
||||
qw(PE_OK PE_BADURL PE_GET_SERVICE_NOT_ALLOWED);
|
||||
|
||||
our $VERSION = '2.0.3';
|
||||
|
||||
|
@ -19,11 +20,9 @@ sub init {
|
|||
|
||||
# Parse activation rule
|
||||
my $hd = $self->p->HANDLER;
|
||||
$self->logger->debug(
|
||||
"GET rule -> " . $self->conf->{issuerDBGetRule} );
|
||||
$self->logger->debug( "GET rule -> " . $self->conf->{issuerDBGetRule} );
|
||||
my $rule =
|
||||
$hd->buildSub(
|
||||
$hd->substitute( $self->conf->{issuerDBGetRule} ) );
|
||||
$hd->buildSub( $hd->substitute( $self->conf->{issuerDBGetRule} ) );
|
||||
unless ($rule) {
|
||||
$self->error( "Bad GET rule -> " . $hd->tsv->{jail}->error );
|
||||
return 0;
|
||||
|
|
|
@ -62,8 +62,7 @@ sub init {
|
|||
$self->logger->debug(
|
||||
"OpenID rule -> " . $self->conf->{issuerDBOpenIDRule} );
|
||||
my $rule =
|
||||
$hd->buildSub(
|
||||
$hd->substitute( $self->conf->{issuerDBOpenIDRule} ) );
|
||||
$hd->buildSub( $hd->substitute( $self->conf->{issuerDBOpenIDRule} ) );
|
||||
unless ($rule) {
|
||||
$self->error( "Bad OpenID rule -> " . $hd->tsv->{jail}->error );
|
||||
return 0;
|
||||
|
|
|
@ -145,11 +145,13 @@ sub init {
|
|||
|
||||
return 0 unless ( $self->lassoServer( $self->loadService ) );
|
||||
$self->addUnauthRoute(
|
||||
( $self->{path} || 'saml' ) => { 'metadata' => { ':type' => 'metadata' }},
|
||||
( $self->{path} || 'saml' ) =>
|
||||
{ 'metadata' => { ':type' => 'metadata' } },
|
||||
['GET']
|
||||
);
|
||||
$self->addAuthRoute(
|
||||
( $self->{path} || 'saml' ) => { 'metadata' => { ':type' => 'metadata' }},
|
||||
( $self->{path} || 'saml' ) =>
|
||||
{ 'metadata' => { ':type' => 'metadata' } },
|
||||
['GET']
|
||||
);
|
||||
return 1;
|
||||
|
@ -3075,7 +3077,7 @@ sub metadata {
|
|||
my $type = $req->param('type');
|
||||
require Lemonldap::NG::Common::Conf::SAML::Metadata;
|
||||
if ( my $metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new() ) {
|
||||
my $s = $metadata->serviceToXML( $self->conf, $type);
|
||||
my $s = $metadata->serviceToXML( $self->conf, $type );
|
||||
return [
|
||||
200,
|
||||
[
|
||||
|
|
|
@ -10,95 +10,95 @@ use constant {
|
|||
|
||||
# Portal errors
|
||||
# Developers warning, do not use PE_INFO, it's reserved to autoRedirect.
|
||||
PE_IDPCHOICE => -5,
|
||||
PE_SENDRESPONSE => -4,
|
||||
PE_INFO => -3,
|
||||
PE_REDIRECT => -2,
|
||||
PE_DONE => -1,
|
||||
PE_OK => 0,
|
||||
PE_SESSIONEXPIRED => 1,
|
||||
PE_FORMEMPTY => 2,
|
||||
PE_WRONGMANAGERACCOUNT => 3,
|
||||
PE_USERNOTFOUND => 4,
|
||||
PE_BADCREDENTIALS => 5,
|
||||
PE_LDAPCONNECTFAILED => 6,
|
||||
PE_LDAPERROR => 7,
|
||||
PE_APACHESESSIONERROR => 8,
|
||||
PE_FIRSTACCESS => 9,
|
||||
PE_BADCERTIFICATE => 10,
|
||||
PE_PP_ACCOUNT_LOCKED => 21,
|
||||
PE_PP_PASSWORD_EXPIRED => 22,
|
||||
PE_CERTIFICATEREQUIRED => 23,
|
||||
PE_ERROR => 24,
|
||||
PE_PP_CHANGE_AFTER_RESET => 25,
|
||||
PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26,
|
||||
PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27,
|
||||
PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28,
|
||||
PE_PP_PASSWORD_TOO_SHORT => 29,
|
||||
PE_PP_PASSWORD_TOO_YOUNG => 30,
|
||||
PE_PP_PASSWORD_IN_HISTORY => 31,
|
||||
PE_PP_GRACE => 32,
|
||||
PE_PP_EXP_WARNING => 33,
|
||||
PE_PASSWORD_MISMATCH => 34,
|
||||
PE_PASSWORD_OK => 35,
|
||||
PE_NOTIFICATION => 36,
|
||||
PE_BADURL => 37,
|
||||
PE_NOSCHEME => 38,
|
||||
PE_BADOLDPASSWORD => 39,
|
||||
PE_MALFORMEDUSER => 40,
|
||||
PE_SESSIONNOTGRANTED => 41,
|
||||
PE_CONFIRM => 42,
|
||||
PE_MAILFORMEMPTY => 43,
|
||||
PE_BADMAILTOKEN => 44,
|
||||
PE_MAILERROR => 45,
|
||||
PE_MAILOK => 46,
|
||||
PE_LOGOUT_OK => 47,
|
||||
PE_SAML_ERROR => 48,
|
||||
PE_SAML_LOAD_SERVICE_ERROR => 49,
|
||||
PE_SAML_LOAD_IDP_ERROR => 50,
|
||||
PE_SAML_SSO_ERROR => 51,
|
||||
PE_SAML_UNKNOWN_ENTITY => 52,
|
||||
PE_SAML_DESTINATION_ERROR => 53,
|
||||
PE_SAML_CONDITIONS_ERROR => 54,
|
||||
PE_SAML_IDPSSOINITIATED_NOTALLOWED => 55,
|
||||
PE_SAML_SLO_ERROR => 56,
|
||||
PE_SAML_SIGNATURE_ERROR => 57,
|
||||
PE_SAML_ART_ERROR => 58,
|
||||
PE_SAML_SESSION_ERROR => 59,
|
||||
PE_SAML_LOAD_SP_ERROR => 60,
|
||||
PE_SAML_ATTR_ERROR => 61,
|
||||
PE_OPENID_EMPTY => 62,
|
||||
PE_OPENID_BADID => 63,
|
||||
PE_MISSINGREQATTR => 64,
|
||||
PE_BADPARTNER => 65,
|
||||
PE_MAILCONFIRMATION_ALREADY_SENT => 66,
|
||||
PE_PASSWORDFORMEMPTY => 67,
|
||||
PE_CAS_SERVICE_NOT_ALLOWED => 68,
|
||||
PE_MAILFIRSTACCESS => 69,
|
||||
PE_MAILNOTFOUND => 70,
|
||||
PE_PASSWORDFIRSTACCESS => 71,
|
||||
PE_MAILCONFIRMOK => 72,
|
||||
PE_RADIUSCONNECTFAILED => 73,
|
||||
PE_MUST_SUPPLY_OLD_PASSWORD => 74,
|
||||
PE_FORBIDDENIP => 75,
|
||||
PE_CAPTCHAERROR => 76,
|
||||
PE_CAPTCHAEMPTY => 77,
|
||||
PE_REGISTERFIRSTACCESS => 78,
|
||||
PE_REGISTERFORMEMPTY => 79,
|
||||
PE_REGISTERALREADYEXISTS => 80,
|
||||
PE_NOTOKEN => 81,
|
||||
PE_TOKENEXPIRED => 82,
|
||||
PE_U2FFAILED => 83,
|
||||
PE_UNAUTHORIZEDPARTNER => 84,
|
||||
PE_RENEWSESSION => 85,
|
||||
PE_WAIT => 86,
|
||||
PE_MUSTAUTHN => 87,
|
||||
PE_MUSTHAVEMAIL => 88,
|
||||
PE_SAML_SERVICE_NOT_ALLOWED => 89,
|
||||
PE_OIDC_SERVICE_NOT_ALLOWED => 90,
|
||||
PE_OID_SERVICE_NOT_ALLOWED => 91,
|
||||
PE_GET_SERVICE_NOT_ALLOWED => 92,
|
||||
PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93,
|
||||
PE_IDPCHOICE => -5,
|
||||
PE_SENDRESPONSE => -4,
|
||||
PE_INFO => -3,
|
||||
PE_REDIRECT => -2,
|
||||
PE_DONE => -1,
|
||||
PE_OK => 0,
|
||||
PE_SESSIONEXPIRED => 1,
|
||||
PE_FORMEMPTY => 2,
|
||||
PE_WRONGMANAGERACCOUNT => 3,
|
||||
PE_USERNOTFOUND => 4,
|
||||
PE_BADCREDENTIALS => 5,
|
||||
PE_LDAPCONNECTFAILED => 6,
|
||||
PE_LDAPERROR => 7,
|
||||
PE_APACHESESSIONERROR => 8,
|
||||
PE_FIRSTACCESS => 9,
|
||||
PE_BADCERTIFICATE => 10,
|
||||
PE_PP_ACCOUNT_LOCKED => 21,
|
||||
PE_PP_PASSWORD_EXPIRED => 22,
|
||||
PE_CERTIFICATEREQUIRED => 23,
|
||||
PE_ERROR => 24,
|
||||
PE_PP_CHANGE_AFTER_RESET => 25,
|
||||
PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26,
|
||||
PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27,
|
||||
PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28,
|
||||
PE_PP_PASSWORD_TOO_SHORT => 29,
|
||||
PE_PP_PASSWORD_TOO_YOUNG => 30,
|
||||
PE_PP_PASSWORD_IN_HISTORY => 31,
|
||||
PE_PP_GRACE => 32,
|
||||
PE_PP_EXP_WARNING => 33,
|
||||
PE_PASSWORD_MISMATCH => 34,
|
||||
PE_PASSWORD_OK => 35,
|
||||
PE_NOTIFICATION => 36,
|
||||
PE_BADURL => 37,
|
||||
PE_NOSCHEME => 38,
|
||||
PE_BADOLDPASSWORD => 39,
|
||||
PE_MALFORMEDUSER => 40,
|
||||
PE_SESSIONNOTGRANTED => 41,
|
||||
PE_CONFIRM => 42,
|
||||
PE_MAILFORMEMPTY => 43,
|
||||
PE_BADMAILTOKEN => 44,
|
||||
PE_MAILERROR => 45,
|
||||
PE_MAILOK => 46,
|
||||
PE_LOGOUT_OK => 47,
|
||||
PE_SAML_ERROR => 48,
|
||||
PE_SAML_LOAD_SERVICE_ERROR => 49,
|
||||
PE_SAML_LOAD_IDP_ERROR => 50,
|
||||
PE_SAML_SSO_ERROR => 51,
|
||||
PE_SAML_UNKNOWN_ENTITY => 52,
|
||||
PE_SAML_DESTINATION_ERROR => 53,
|
||||
PE_SAML_CONDITIONS_ERROR => 54,
|
||||
PE_SAML_IDPSSOINITIATED_NOTALLOWED => 55,
|
||||
PE_SAML_SLO_ERROR => 56,
|
||||
PE_SAML_SIGNATURE_ERROR => 57,
|
||||
PE_SAML_ART_ERROR => 58,
|
||||
PE_SAML_SESSION_ERROR => 59,
|
||||
PE_SAML_LOAD_SP_ERROR => 60,
|
||||
PE_SAML_ATTR_ERROR => 61,
|
||||
PE_OPENID_EMPTY => 62,
|
||||
PE_OPENID_BADID => 63,
|
||||
PE_MISSINGREQATTR => 64,
|
||||
PE_BADPARTNER => 65,
|
||||
PE_MAILCONFIRMATION_ALREADY_SENT => 66,
|
||||
PE_PASSWORDFORMEMPTY => 67,
|
||||
PE_CAS_SERVICE_NOT_ALLOWED => 68,
|
||||
PE_MAILFIRSTACCESS => 69,
|
||||
PE_MAILNOTFOUND => 70,
|
||||
PE_PASSWORDFIRSTACCESS => 71,
|
||||
PE_MAILCONFIRMOK => 72,
|
||||
PE_RADIUSCONNECTFAILED => 73,
|
||||
PE_MUST_SUPPLY_OLD_PASSWORD => 74,
|
||||
PE_FORBIDDENIP => 75,
|
||||
PE_CAPTCHAERROR => 76,
|
||||
PE_CAPTCHAEMPTY => 77,
|
||||
PE_REGISTERFIRSTACCESS => 78,
|
||||
PE_REGISTERFORMEMPTY => 79,
|
||||
PE_REGISTERALREADYEXISTS => 80,
|
||||
PE_NOTOKEN => 81,
|
||||
PE_TOKENEXPIRED => 82,
|
||||
PE_U2FFAILED => 83,
|
||||
PE_UNAUTHORIZEDPARTNER => 84,
|
||||
PE_RENEWSESSION => 85,
|
||||
PE_WAIT => 86,
|
||||
PE_MUSTAUTHN => 87,
|
||||
PE_MUSTHAVEMAIL => 88,
|
||||
PE_SAML_SERVICE_NOT_ALLOWED => 89,
|
||||
PE_OIDC_SERVICE_NOT_ALLOWED => 90,
|
||||
PE_OID_SERVICE_NOT_ALLOWED => 91,
|
||||
PE_GET_SERVICE_NOT_ALLOWED => 92,
|
||||
PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93,
|
||||
};
|
||||
|
||||
# EXPORTER PARAMETERS
|
||||
|
|
|
@ -352,7 +352,7 @@ sub reloadConf {
|
|||
};
|
||||
my $portal = $self->conf->{portal};
|
||||
$portal =~ s#^https?://(.*?)(?:/|$)/#$1#;
|
||||
HANDLER->tsv->{defaultCondition}->{$portal} ||= sub {1};
|
||||
HANDLER->tsv->{defaultCondition}->{$portal} ||= sub { 1 };
|
||||
|
||||
1;
|
||||
}
|
||||
|
|
|
@ -39,13 +39,13 @@ sub _addRoute {
|
|||
return sub {
|
||||
shift;
|
||||
return $sub->( $self, @_ );
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
return sub {
|
||||
shift;
|
||||
return $self->$sub(@_);
|
||||
}
|
||||
}
|
||||
}
|
||||
};
|
||||
$self->p->$type( $word, $subName, $methods, $transform );
|
||||
|
|
|
@ -3,10 +3,10 @@ package Lemonldap::NG::Portal::Plugins::CheckUser;
|
|||
use strict;
|
||||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_BADCREDENTIALS
|
||||
PE_TOKENEXPIRED
|
||||
PE_NOTOKEN
|
||||
PE_MALFORMEDUSER
|
||||
PE_BADCREDENTIALS
|
||||
PE_TOKENEXPIRED
|
||||
PE_NOTOKEN
|
||||
PE_MALFORMEDUSER
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.3';
|
||||
|
@ -19,8 +19,8 @@ has ott => (
|
|||
is => 'rw',
|
||||
lazy => 1,
|
||||
default => sub {
|
||||
my $ott = $_[0]->{p}
|
||||
->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
||||
my $ott =
|
||||
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
||||
$ott->timeout( $_[0]->{conf}->{formTimeout} );
|
||||
return $ott;
|
||||
}
|
||||
|
@ -28,7 +28,7 @@ has ott => (
|
|||
|
||||
sub hAttr {
|
||||
$_[0]->{conf}->{checkUserHiddenAttributes} . ' '
|
||||
. $_[0]->{conf}->{hiddenAttributes};
|
||||
. $_[0]->{conf}->{hiddenAttributes};
|
||||
}
|
||||
|
||||
sub init {
|
||||
|
@ -66,12 +66,10 @@ sub check {
|
|||
ALERTE => 'alert-warning',
|
||||
TOKEN => $token,
|
||||
};
|
||||
return $self->p->sendJSONresponse( $req, $params ) if ($req->wantJSON);
|
||||
return $self->p->sendHtml(
|
||||
$req,
|
||||
'checkuser',
|
||||
params => $params,
|
||||
) if $msg;
|
||||
return $self->p->sendJSONresponse( $req, $params )
|
||||
if ( $req->wantJSON );
|
||||
return $self->p->sendHtml( $req, 'checkuser', params => $params, )
|
||||
if $msg;
|
||||
}
|
||||
|
||||
## Check user session datas
|
||||
|
@ -79,10 +77,11 @@ sub check {
|
|||
my $url = $req->param('url') || '';
|
||||
my $user = $req->param('user') || '';
|
||||
|
||||
if ($user and $user !~ /$self->{conf}->{userControl}/o ) {
|
||||
if ( $user and $user !~ /$self->{conf}->{userControl}/o ) {
|
||||
$user = '';
|
||||
$attrs = {};
|
||||
return $self->p->sendError($req, 'Malformed user', 400) if ($req->wantJSON);
|
||||
return $self->p->sendError( $req, 'Malformed user', 400 )
|
||||
if ( $req->wantJSON );
|
||||
return $self->p->sendHtml(
|
||||
$req,
|
||||
'checkuser',
|
||||
|
@ -105,7 +104,7 @@ sub check {
|
|||
if ( $user eq $req->{user} or !$user ) {
|
||||
$self->userLogger->notice("Retrieve session from Sessions database");
|
||||
$self->userLogger->warn("Using spoofed SSO groups if exist!!!")
|
||||
if ( $self->conf->{impersonationRule} );
|
||||
if ( $self->conf->{impersonationRule} );
|
||||
$attrs = $req->userData;
|
||||
}
|
||||
else {
|
||||
|
@ -131,7 +130,7 @@ sub check {
|
|||
|
||||
# Ignore hidden attributes
|
||||
push @$array_attrs, { key => $k, value => $attrs->{$k} }
|
||||
unless ( $self->hAttr =~ /\b$k\b/ );
|
||||
unless ( $self->hAttr =~ /\b$k\b/ );
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
@ -139,7 +138,7 @@ sub check {
|
|||
|
||||
# Ignore hidden attributes and empty values
|
||||
push @$array_attrs, { key => $k, value => $attrs->{$k} }
|
||||
unless ( $self->hAttr =~ /\b$k\b/ or !$attrs->{$k} );
|
||||
unless ( $self->hAttr =~ /\b$k\b/ or !$attrs->{$k} );
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -159,8 +158,8 @@ sub check {
|
|||
|
||||
$auth = $auth ? "allowed" : "forbidden";
|
||||
$self->userLogger->notice( "checkUser -> $req->{user} is "
|
||||
. uc($auth)
|
||||
. " to access: $url" );
|
||||
. uc($auth)
|
||||
. " to access: $url" );
|
||||
|
||||
# Return VirtualHost headers
|
||||
$array_hdrs = $self->_headers( $req, $url );
|
||||
|
@ -182,9 +181,8 @@ sub check {
|
|||
MAIN_LOGO => $self->conf->{portalMainLogo},
|
||||
LANGS => $self->conf->{showLanguages},
|
||||
MSG => $msg,
|
||||
ALERTE =>
|
||||
( $msg eq 'checkUser' ? 'alert-info' : 'alert-warning' ),
|
||||
LOGIN => (
|
||||
ALERTE => ( $msg eq 'checkUser' ? 'alert-info' : 'alert-warning' ),
|
||||
LOGIN => (
|
||||
$self->p->checkXSSAttack( 'LOGIN', $req->{user} ) ? ""
|
||||
: $req->{user}
|
||||
),
|
||||
|
@ -204,13 +202,10 @@ sub check {
|
|||
: ''
|
||||
)
|
||||
};
|
||||
return $self->p->sendJSONresponse($req, $params) if ($req->wantJSON);
|
||||
return $self->p->sendJSONresponse( $req, $params ) if ( $req->wantJSON );
|
||||
|
||||
# Display form
|
||||
return $self->p->sendHtml(
|
||||
$req,
|
||||
'checkuser',
|
||||
params => $params,
|
||||
);
|
||||
return $self->p->sendHtml( $req, 'checkuser', params => $params, );
|
||||
}
|
||||
|
||||
sub display {
|
||||
|
@ -233,12 +228,8 @@ sub display {
|
|||
: ''
|
||||
)
|
||||
};
|
||||
return $self->sendJSONresponse( $req, $params ) if ($req->wantJSON);
|
||||
return $self->p->sendHtml(
|
||||
$req,
|
||||
'checkuser',
|
||||
params => $params,
|
||||
);
|
||||
return $self->sendJSONresponse( $req, $params ) if ( $req->wantJSON );
|
||||
return $self->p->sendHtml( $req, 'checkuser', params => $params, );
|
||||
}
|
||||
|
||||
sub _userDatas {
|
||||
|
@ -247,14 +238,13 @@ sub _userDatas {
|
|||
# Search user in database
|
||||
my $steps = [ 'getUser', 'setSessionInfo', 'setMacros', 'setGroups' ];
|
||||
$self->conf->{checkUserDisplayPersistentInfo}
|
||||
? push @$steps, 'setPersistentSessionInfo', 'setLocalGroups'
|
||||
: push @$steps, 'setLocalGroups';
|
||||
? push @$steps, 'setPersistentSessionInfo', 'setLocalGroups'
|
||||
: push @$steps, 'setLocalGroups';
|
||||
$req->steps($steps);
|
||||
if ( my $error = $self->p->process($req) ) {
|
||||
if ( $error == PE_BADCREDENTIALS ) {
|
||||
$self->userLogger->warn( 'Check requested for an unvalid user ('
|
||||
. $req->{user}
|
||||
. ")" );
|
||||
$self->userLogger->warn(
|
||||
'Check requested for an unvalid user (' . $req->{user} . ")" );
|
||||
}
|
||||
$self->logger->debug("Process returned error: $error");
|
||||
return $req->error($error);
|
||||
|
@ -277,9 +267,9 @@ sub _authorization {
|
|||
}
|
||||
}
|
||||
return $exist
|
||||
? $self->p->HANDLER->grant( $req, $req->{userData}, $appuri,
|
||||
? $self->p->HANDLER->grant( $req, $req->{userData}, $appuri,
|
||||
undef, $vhost )
|
||||
: -1;
|
||||
: -1;
|
||||
}
|
||||
|
||||
sub _headers {
|
||||
|
|
|
@ -3,7 +3,7 @@ package Lemonldap::NG::Portal::Plugins::Impersonation;
|
|||
use strict;
|
||||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Main::Constants
|
||||
qw( PE_OK PE_BADCREDENTIALS PE_IMPERSONATION_SERVICE_NOT_ALLOWED PE_MALFORMEDUSER );
|
||||
qw( PE_OK PE_BADCREDENTIALS PE_IMPERSONATION_SERVICE_NOT_ALLOWED PE_MALFORMEDUSER );
|
||||
|
||||
our $VERSION = '2.0.3';
|
||||
|
||||
|
@ -13,11 +13,11 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
|
|||
|
||||
use constant endAuth => 'run';
|
||||
|
||||
has rule => ( is => 'rw', default => sub {1} );
|
||||
has rule => ( is => 'rw', default => sub { 1 } );
|
||||
|
||||
sub hAttr {
|
||||
$_[0]->{conf}->{impersonationHiddenAttributes} . ' '
|
||||
. $_[0]->{conf}->{hiddenAttributes};
|
||||
. $_[0]->{conf}->{hiddenAttributes};
|
||||
}
|
||||
|
||||
sub init {
|
||||
|
@ -27,12 +27,10 @@ sub init {
|
|||
my $hd = $self->p->HANDLER;
|
||||
$self->logger->debug(
|
||||
"impersonation rule -> " . $self->conf->{impersonationRule} );
|
||||
my $rule
|
||||
= $hd->buildSub(
|
||||
$hd->substitute( $self->conf->{impersonationRule} ) );
|
||||
my $rule =
|
||||
$hd->buildSub( $hd->substitute( $self->conf->{impersonationRule} ) );
|
||||
unless ($rule) {
|
||||
$self->error(
|
||||
"Bad impersonation rule -> " . $hd->tsv->{jail}->error );
|
||||
$self->error( "Bad impersonation rule -> " . $hd->tsv->{jail}->error );
|
||||
return 0;
|
||||
}
|
||||
$self->{rule} = $rule;
|
||||
|
@ -45,7 +43,9 @@ sub run {
|
|||
my ( $self, $req ) = @_;
|
||||
|
||||
my $spoofId = $req->param('spoofId') || '';
|
||||
if ( $spoofId and $req->param('spoofId') !~ /$self->{conf}->{userControl}/o ) {
|
||||
if ( $spoofId
|
||||
and $req->param('spoofId') !~ /$self->{conf}->{userControl}/o )
|
||||
{
|
||||
return PE_MALFORMEDUSER;
|
||||
}
|
||||
|
||||
|
@ -97,8 +97,8 @@ sub run {
|
|||
$self->logger->debug("Processing hGroups...");
|
||||
$spoofSession->{hGroups} ||= {};
|
||||
$realSession->{$sphg} ||= {};
|
||||
$spoofSession->{hGroups}
|
||||
= { %{ $spoofSession->{hGroups} }, %{ $realSession->{$sphg} } };
|
||||
$spoofSession->{hGroups} =
|
||||
{ %{ $spoofSession->{hGroups} }, %{ $realSession->{$sphg} } };
|
||||
}
|
||||
|
||||
# Create spoofed session
|
||||
|
@ -119,8 +119,8 @@ sub _userDatas {
|
|||
$req->{sessionInfo} = {};
|
||||
|
||||
# Search user in database
|
||||
$req->steps(
|
||||
[ 'getUser', 'setSessionInfo',
|
||||
$req->steps( [
|
||||
'getUser', 'setSessionInfo',
|
||||
'setMacros', 'setGroups',
|
||||
'setLocalGroups'
|
||||
]
|
||||
|
@ -128,9 +128,9 @@ sub _userDatas {
|
|||
if ( my $error = $self->p->process($req) ) {
|
||||
if ( $error == PE_BADCREDENTIALS ) {
|
||||
$self->userLogger->warn(
|
||||
'Impersonation requested for an unvalid user ('
|
||||
. $req->{user}
|
||||
. ")" );
|
||||
'Impersonation requested for an unvalid user ('
|
||||
. $req->{user}
|
||||
. ")" );
|
||||
}
|
||||
$self->logger->debug("Process returned error: $error");
|
||||
return $req->error($error);
|
||||
|
|
|
@ -25,11 +25,9 @@ ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu' );
|
|||
ok( $res->[2]->[0] !~ m%<span id="languages"></span>%,
|
||||
' No language icon found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%"trOver"%,
|
||||
' trOver found' )
|
||||
ok( $res->[2]->[0] =~ m%"trOver"%, ' trOver found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%"all":\{\}%,
|
||||
' all found' )
|
||||
ok( $res->[2]->[0] =~ m%"all":\{\}%, ' all found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%"en":\{"PE9":"You are welcome! Please login..."\}%,
|
||||
' en found' )
|
||||
|
@ -40,15 +38,12 @@ ok( $res->[2]->[0] =~ m%"PE0":"Souriez, vous êtes surveillés !"%,
|
|||
ok( $res->[2]->[0] =~ m%"selectIdP":"Portail de Fédération des Identités"%,
|
||||
' selectIdP found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%"fr":\{%,
|
||||
' fr found' )
|
||||
ok( $res->[2]->[0] =~ m%"fr":\{%, ' fr found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%"PE85":"From lemonlap-ng.ini"%,
|
||||
' PE85 found' )
|
||||
ok( $res->[2]->[0] =~ m%"PE85":"From lemonlap-ng.ini"%, ' PE85 found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(9);
|
||||
|
||||
|
||||
# Try yo authenticate
|
||||
# -------------------
|
||||
ok(
|
||||
|
@ -60,8 +55,7 @@ ok(
|
|||
),
|
||||
'Auth query'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="40"></span>%,
|
||||
' PE40 found' )
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="40"></span>%, ' PE40 found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(2);
|
||||
|
||||
|
|
|
@ -13,8 +13,7 @@ SKIP: {
|
|||
skip( 'LLNGTESTLDAP is not set', $maintests ) unless ( $ENV{LLNGTESTLDAP} );
|
||||
require 't/test-ldap.pm';
|
||||
|
||||
my $client = LLNG::Manager::Test->new(
|
||||
{
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
useSafeJail => 1,
|
||||
|
|
|
@ -86,7 +86,8 @@ SKIP: {
|
|||
'Post authentication'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ /trmsg="89"/, 'Reject reason is 89' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
|
||||
# Simple SP access
|
||||
ok(
|
||||
$res = $sp->_get(
|
||||
|
|
|
@ -111,7 +111,7 @@ ok(
|
|||
);
|
||||
count(1);
|
||||
ok( $res->[2]->[0] =~ /trmsg="68"/, 'Reject reason is 68' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
|
||||
# Simple SP access
|
||||
|
@ -143,8 +143,7 @@ $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
|
|||
$body = $res->[2]->[0];
|
||||
$body =~ s/^.*?<form.*?>//s;
|
||||
$body =~ s#</form>.*$##s;
|
||||
%fields =
|
||||
( $body =~ /<input type="hidden".+?name="(.+?)".+?value="(.*?)"/sg );
|
||||
%fields = ( $body =~ /<input type="hidden".+?name="(.+?)".+?value="(.*?)"/sg );
|
||||
$fields{user} = $fields{password} = 'french';
|
||||
use URI::Escape;
|
||||
$s = join( '&', map { "$_=" . uri_escape( $fields{$_} ) } keys %fields );
|
||||
|
|
|
@ -114,7 +114,7 @@ ok(
|
|||
);
|
||||
count(1);
|
||||
ok( $res->[2]->[0] =~ /trmsg="90"/, 'Reject reason is 90' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
|
||||
# Initialization
|
||||
|
|
|
@ -106,7 +106,7 @@ SKIP: {
|
|||
'Try to authenticate'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ /trmsg="91"/, 'Reject reason is 91' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
|
||||
# Simple SP access
|
||||
|
|
|
@ -45,7 +45,7 @@ ok(
|
|||
);
|
||||
count(1);
|
||||
ok( $res->[2]->[0] =~ /trmsg="92"/, 'Reject reason is 92' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
|
||||
# Try to authenticate with an authorized user
|
||||
|
|
|
@ -8,34 +8,33 @@ BEGIN {
|
|||
|
||||
my $res;
|
||||
|
||||
my $client = LLNG::Manager::Test->new(
|
||||
{ ini => {
|
||||
logLevel => 'error',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
loginHistoryEnabled => 0,
|
||||
brutForceProtection => 0,
|
||||
portalMainLogo => 'common/logos/logo_llng_old.png',
|
||||
checkUser => 1,
|
||||
requireToken => 1,
|
||||
formTimeout => 2,
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
loginHistoryEnabled => 0,
|
||||
brutForceProtection => 0,
|
||||
portalMainLogo => 'common/logos/logo_llng_old.png',
|
||||
checkUser => 1,
|
||||
requireToken => 1,
|
||||
formTimeout => 2,
|
||||
checkUserDisplayPersistentInfo => 1,
|
||||
checkUserDisplayEmptyValues => 1,
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
|
||||
## Try to authenticate
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ),
|
||||
'Get Menu', );
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
|
||||
count(1);
|
||||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'password', 'token' );
|
||||
|
||||
$query =~ s/user=/user=dwho/;
|
||||
$query =~ s/password=/password=dwho/;
|
||||
ok( $res = $client->_post(
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new($query),
|
||||
length => length($query),
|
||||
|
@ -50,7 +49,8 @@ expectRedirection( $res, 'http://auth.example.com/' );
|
|||
|
||||
# CheckUser form
|
||||
# ------------------------
|
||||
ok( $res = $client->_get(
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/checkuser',
|
||||
cookie => "lemonldap=$id",
|
||||
accept => 'text/html'
|
||||
|
@ -58,11 +58,10 @@ ok( $res = $client->_get(
|
|||
'CheckUser form',
|
||||
);
|
||||
count(1);
|
||||
( $host, $url, $query )
|
||||
= expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%,
|
||||
'Found trspan="checkUser"' )
|
||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
|
||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||
count(1);
|
||||
|
||||
# Expired token
|
||||
|
@ -70,7 +69,8 @@ sleep 3;
|
|||
$query =~ s/user=dwho/user=rtyler/;
|
||||
$query =~ s/url=/url=http%3A%2F%2Ftest1.example.com/;
|
||||
|
||||
ok( $res = $client->_post(
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/checkuser',
|
||||
IO::String->new($query),
|
||||
cookie => "lemonldap=$id",
|
||||
|
@ -79,18 +79,18 @@ ok( $res = $client->_post(
|
|||
),
|
||||
'POST checkuser'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="PE82"></span>%,
|
||||
'Found PE_TOKENEXPIRED' )
|
||||
or explain( $res->[2]->[0], 'trspan="PE82"' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="PE82"></span>%, 'Found PE_TOKENEXPIRED' )
|
||||
or explain( $res->[2]->[0], 'trspan="PE82"' );
|
||||
count(2);
|
||||
( $host, $url, $query )
|
||||
= expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
|
||||
|
||||
# Valid token
|
||||
$query =~ s/user=/user=rtyler/;
|
||||
$query =~ s/url=/url=test1.example.com/;
|
||||
|
||||
ok( $res = $client->_post(
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/checkuser',
|
||||
IO::String->new($query),
|
||||
cookie => "lemonldap=$id",
|
||||
|
@ -101,45 +101,45 @@ ok( $res = $client->_post(
|
|||
);
|
||||
count(1);
|
||||
|
||||
( $host, $url, $query )
|
||||
= expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%,
|
||||
'Found trspan="checkUser"' )
|
||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||
ok( $res->[2]->[0]
|
||||
=~ m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
|
||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
|
||||
'Found trspan="allowed"'
|
||||
) or explain( $res->[2]->[0], 'trspan="allowed"' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="headers">%, 'Found trspan="headers"' )
|
||||
or explain( $res->[2]->[0], 'trspan="headers"' );
|
||||
or explain( $res->[2]->[0], 'trspan="headers"' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="groups_sso">%,
|
||||
'Found trspan="groups_sso"' )
|
||||
or explain( $res->[2]->[0], 'trspan="groups_sso"' );
|
||||
or explain( $res->[2]->[0], 'trspan="groups_sso"' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="macros">%, 'Found trspan="macros"' )
|
||||
or explain( $res->[2]->[0], 'trspan="macros"' );
|
||||
or explain( $res->[2]->[0], 'trspan="macros"' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="attributes">%,
|
||||
'Found trspan="attributes"' )
|
||||
or explain( $res->[2]->[0], 'trspan="attributes"' );
|
||||
or explain( $res->[2]->[0], 'trspan="attributes"' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="align-middle">Auth-User</td>%,
|
||||
'Found Auth-User' )
|
||||
or explain( $res->[2]->[0], 'Header Key: Auth-User' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="align-middle">rtyler</td>%,
|
||||
'Found rtyler' )
|
||||
or explain( $res->[2]->[0], 'Header Value: rtyler' );
|
||||
or explain( $res->[2]->[0], 'Header Key: Auth-User' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="align-middle">rtyler</td>%, 'Found rtyler' )
|
||||
or explain( $res->[2]->[0], 'Header Value: rtyler' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="align-middle">su</td>%, 'Found su' )
|
||||
or explain( $res->[2]->[0], 'SSO Groups: su' );
|
||||
or explain( $res->[2]->[0], 'SSO Groups: su' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="align-middle">_whatToTrace</td>%,
|
||||
'Found _whatToTrace' )
|
||||
or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
|
||||
or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">uid</td>%, 'Found uid' )
|
||||
or explain( $res->[2]->[0], 'Attribute Value uid' );
|
||||
or explain( $res->[2]->[0], 'Attribute Value uid' );
|
||||
count(11);
|
||||
|
||||
$query =~ s/user=dwho/user=msmith/;
|
||||
$query
|
||||
=~ s/url=http%3A%2F%2Ftest1.example.com/url=http%3A%2F%2Fmanager.example.com%2Fmanager.html/;
|
||||
$query =~
|
||||
s/url=http%3A%2F%2Ftest1.example.com/url=http%3A%2F%2Fmanager.example.com%2Fmanager.html/;
|
||||
|
||||
ok( $res = $client->_post(
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/checkuser',
|
||||
IO::String->new($query),
|
||||
cookie => "lemonldap=$id",
|
||||
|
@ -148,8 +148,9 @@ ok( $res = $client->_post(
|
|||
),
|
||||
'POST checkuser'
|
||||
);
|
||||
ok( $res->[2]->[0]
|
||||
=~ m%<div class="alert alert-danger"><b><span trspan="forbidden"></span></b></div>%,
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="alert alert-danger"><b><span trspan="forbidden"></span></b></div>%,
|
||||
'Found trspan="forbidden"'
|
||||
) or explain( $res->[2]->[0], 'trspan="forbidden"' );
|
||||
count(2);
|
||||
|
@ -157,4 +158,4 @@ count(2);
|
|||
$client->logout($id);
|
||||
clean_sessions();
|
||||
|
||||
done_testing( count() );
|
||||
done_testing( count() );
|
||||
|
|
|
@ -8,17 +8,17 @@ BEGIN {
|
|||
|
||||
my $res;
|
||||
|
||||
my $client = LLNG::Manager::Test->new(
|
||||
{ ini => {
|
||||
logLevel => 'error',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
loginHistoryEnabled => 0,
|
||||
brutForceProtection => 0,
|
||||
portalMainLogo => 'common/logos/logo_llng_old.png',
|
||||
requireToken => 0,
|
||||
checkUser => 1,
|
||||
impersonationRule => 1,
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
loginHistoryEnabled => 0,
|
||||
brutForceProtection => 0,
|
||||
portalMainLogo => 'common/logos/logo_llng_old.png',
|
||||
requireToken => 0,
|
||||
checkUser => 1,
|
||||
impersonationRule => 1,
|
||||
checkUserDisplayPersistentInfo => 0,
|
||||
checkUserDisplayEmptyValues => 0,
|
||||
impersonationMergeSSOgroups => 1,
|
||||
|
@ -26,10 +26,8 @@ my $client = LLNG::Manager::Test->new(
|
|||
}
|
||||
);
|
||||
|
||||
|
||||
## Try to authenticate
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ),
|
||||
'Get Menu', );
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
|
||||
count(1);
|
||||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
|
||||
|
@ -37,7 +35,8 @@ my ( $host, $url, $query ) =
|
|||
$query =~ s/user=/user=rtyler/;
|
||||
$query =~ s/password=/password=rtyler/;
|
||||
$query =~ s/spoofId=/spoofId=dwho/;
|
||||
ok( $res = $client->_post(
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new($query),
|
||||
length => length($query),
|
||||
|
@ -52,7 +51,8 @@ expectRedirection( $res, 'http://auth.example.com/' );
|
|||
|
||||
# CheckUser form
|
||||
# ------------------------
|
||||
ok( $res = $client->_get(
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/checkuser',
|
||||
cookie => "lemonldap=$id",
|
||||
accept => 'text/html'
|
||||
|
@ -60,16 +60,16 @@ ok( $res = $client->_get(
|
|||
'CheckUser form',
|
||||
);
|
||||
count(1);
|
||||
( $host, $url, $query )
|
||||
= expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%,
|
||||
'Found trspan="checkUser"' )
|
||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
|
||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||
count(1);
|
||||
|
||||
$query =~ s/url=/url=test1.example.com/;
|
||||
|
||||
ok( $res = $client->_post(
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/checkuser',
|
||||
IO::String->new($query),
|
||||
cookie => "lemonldap=$id",
|
||||
|
@ -80,45 +80,42 @@ ok( $res = $client->_post(
|
|||
);
|
||||
count(1);
|
||||
|
||||
( $host, $url, $query )
|
||||
= expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%,
|
||||
'Found trspan="checkUser"' )
|
||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||
ok( $res->[2]->[0]
|
||||
=~ m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
|
||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
|
||||
'Found trspan="allowed"'
|
||||
) or explain( $res->[2]->[0], 'trspan="allowed"' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="headers">%, 'Found trspan="headers"' )
|
||||
or explain( $res->[2]->[0], 'trspan="headers"' );
|
||||
or explain( $res->[2]->[0], 'trspan="headers"' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="groups_sso">%,
|
||||
'Found trspan="groups_sso"' )
|
||||
or explain( $res->[2]->[0], 'trspan="groups_sso"' );
|
||||
or explain( $res->[2]->[0], 'trspan="groups_sso"' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="macros">%, 'Found trspan="macros"' )
|
||||
or explain( $res->[2]->[0], 'trspan="macros"' );
|
||||
or explain( $res->[2]->[0], 'trspan="macros"' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="attributes">%,
|
||||
'Found trspan="attributes"' )
|
||||
or explain( $res->[2]->[0], 'trspan="attributes"' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">_userDB</td>%,
|
||||
'Found _userDB' )
|
||||
or explain( $res->[2]->[0], '_userDB' );
|
||||
or explain( $res->[2]->[0], 'trspan="attributes"' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">_userDB</td>%, 'Found _userDB' )
|
||||
or explain( $res->[2]->[0], '_userDB' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="align-middle">Auth-User</td>%,
|
||||
'Found Auth-User' )
|
||||
or explain( $res->[2]->[0], 'Header Key: Auth-User' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%,
|
||||
'Found dwho' )
|
||||
or explain( $res->[2]->[0], 'Header Value: dwho' );
|
||||
or explain( $res->[2]->[0], 'Header Key: Auth-User' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%, 'Found dwho' )
|
||||
or explain( $res->[2]->[0], 'Header Value: dwho' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="align-middle">su</td>%, 'Found su' )
|
||||
or explain( $res->[2]->[0], 'SSO Groups: su' );
|
||||
or explain( $res->[2]->[0], 'SSO Groups: su' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="align-middle">_whatToTrace</td>%,
|
||||
'Found _whatToTrace' )
|
||||
or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
|
||||
or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">uid</td>%, 'Found uid' )
|
||||
or explain( $res->[2]->[0], 'Attribute Value uid' );
|
||||
or explain( $res->[2]->[0], 'Attribute Value uid' );
|
||||
count(12);
|
||||
|
||||
|
||||
$client->logout($id);
|
||||
clean_sessions();
|
||||
|
||||
done_testing( count() );
|
||||
done_testing( count() );
|
||||
|
|
|
@ -8,17 +8,17 @@ BEGIN {
|
|||
|
||||
my $res;
|
||||
|
||||
my $client = LLNG::Manager::Test->new(
|
||||
{ ini => {
|
||||
logLevel => 'error',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
loginHistoryEnabled => 0,
|
||||
brutForceProtection => 0,
|
||||
portalMainLogo => 'common/logos/logo_llng_old.png',
|
||||
requireToken => 0,
|
||||
checkUser => 1,
|
||||
impersonationRule => 1,
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
loginHistoryEnabled => 0,
|
||||
brutForceProtection => 0,
|
||||
portalMainLogo => 'common/logos/logo_llng_old.png',
|
||||
requireToken => 0,
|
||||
checkUser => 1,
|
||||
impersonationRule => 1,
|
||||
checkUserDisplayPersistentInfo => 0,
|
||||
checkUserDisplayEmptyValues => 0,
|
||||
impersonationMergeSSOgroups => 0,
|
||||
|
@ -27,8 +27,7 @@ my $client = LLNG::Manager::Test->new(
|
|||
);
|
||||
|
||||
## Try to authenticate with bad spoofed user
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ),
|
||||
'Get Menu', );
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
|
||||
count(1);
|
||||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
|
||||
|
@ -36,7 +35,8 @@ my ( $host, $url, $query ) =
|
|||
$query =~ s/user=/user=rtyler/;
|
||||
$query =~ s/password=/password=rtyler/;
|
||||
$query =~ s/spoofId=/spoofId=dwho*/;
|
||||
ok( $res = $client->_post(
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new($query),
|
||||
length => length($query),
|
||||
|
@ -44,8 +44,7 @@ ok( $res = $client->_post(
|
|||
),
|
||||
'Auth query'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="40"></span>%,
|
||||
' PE40 found' )
|
||||
ok( $res->[2]->[0] =~ m%<span trmsg="40"></span>%, ' PE40 found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(2);
|
||||
|
||||
|
@ -53,8 +52,7 @@ my $id = expectCookie($res);
|
|||
$client->logout($id);
|
||||
|
||||
## Try to authenticate
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ),
|
||||
'Get Menu', );
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
|
||||
count(1);
|
||||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
|
||||
|
@ -62,7 +60,8 @@ my ( $host, $url, $query ) =
|
|||
$query =~ s/user=/user=rtyler/;
|
||||
$query =~ s/password=/password=rtyler/;
|
||||
$query =~ s/spoofId=/spoofId=dwho/;
|
||||
ok( $res = $client->_post(
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new($query),
|
||||
length => length($query),
|
||||
|
@ -77,7 +76,8 @@ expectRedirection( $res, 'http://auth.example.com/' );
|
|||
|
||||
# CheckUser form
|
||||
# ------------------------
|
||||
ok( $res = $client->_get(
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/checkuser',
|
||||
cookie => "lemonldap=$id",
|
||||
accept => 'text/html'
|
||||
|
@ -85,16 +85,16 @@ ok( $res = $client->_get(
|
|||
'CheckUser form',
|
||||
);
|
||||
count(1);
|
||||
( $host, $url, $query )
|
||||
= expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%,
|
||||
'Found trspan="checkUser"' )
|
||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
|
||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||
count(1);
|
||||
|
||||
$query =~ s/url=/url=test1.example.com/;
|
||||
|
||||
ok( $res = $client->_post(
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/checkuser',
|
||||
IO::String->new($query),
|
||||
cookie => "lemonldap=$id",
|
||||
|
@ -105,56 +105,50 @@ ok( $res = $client->_post(
|
|||
);
|
||||
count(1);
|
||||
|
||||
( $host, $url, $query )
|
||||
= expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%,
|
||||
'Found trspan="checkUser"' )
|
||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||
ok( $res->[2]->[0]
|
||||
=~ m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
|
||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
|
||||
'Found trspan="allowed"'
|
||||
) or explain( $res->[2]->[0], 'trspan="allowed"' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="headers">%, 'Found trspan="headers"' )
|
||||
or explain( $res->[2]->[0], 'trspan="headers"' );
|
||||
or explain( $res->[2]->[0], 'trspan="headers"' );
|
||||
|
||||
ok( $res->[2]->[0] !~ m%<span trspan="groups_sso">%,
|
||||
'trspan="groups_sso" NOT found' )
|
||||
or explain( $res->[2]->[0], 'trspan="groups_sso"' );
|
||||
or explain( $res->[2]->[0], 'trspan="groups_sso"' );
|
||||
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="macros">%, 'Found trspan="macros"' )
|
||||
or explain( $res->[2]->[0], 'trspan="macros"' );
|
||||
or explain( $res->[2]->[0], 'trspan="macros"' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="attributes">%,
|
||||
'Found trspan="attributes"' )
|
||||
or explain( $res->[2]->[0], 'trspan="attributes"' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">_userDB</td>%,
|
||||
'Found _userDB' )
|
||||
or explain( $res->[2]->[0], '_userDB' );
|
||||
or explain( $res->[2]->[0], 'trspan="attributes"' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">_userDB</td>%, 'Found _userDB' )
|
||||
or explain( $res->[2]->[0], '_userDB' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="align-middle">Auth-User</td>%,
|
||||
'Found Auth-User' )
|
||||
or explain( $res->[2]->[0], 'Header Key: Auth-User' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%,
|
||||
'Found dwho' )
|
||||
or explain( $res->[2]->[0], 'Header Value: dwho' );
|
||||
or explain( $res->[2]->[0], 'Header Key: Auth-User' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%, 'Found dwho' )
|
||||
or explain( $res->[2]->[0], 'Header Value: dwho' );
|
||||
|
||||
ok( $res->[2]->[0] =~ m%<td class="align-middle">_whatToTrace</td>%,
|
||||
'Found _whatToTrace' )
|
||||
or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
|
||||
or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">real_groups</td>%,
|
||||
'Found real_groups' )
|
||||
or explain( $res->[2]->[0], 'real_groups' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">su</td>%,
|
||||
'Found su' )
|
||||
or explain( $res->[2]->[0], 'su' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">real_uid</td>%,
|
||||
'Found real_uid' )
|
||||
or explain( $res->[2]->[0], 'real_groups' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">rtyler</td>%,
|
||||
'Found rtyler' )
|
||||
or explain( $res->[2]->[0], 'su' );
|
||||
or explain( $res->[2]->[0], 'real_groups' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">su</td>%, 'Found su' )
|
||||
or explain( $res->[2]->[0], 'su' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">real_uid</td>%, 'Found real_uid' )
|
||||
or explain( $res->[2]->[0], 'real_groups' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">rtyler</td>%, 'Found rtyler' )
|
||||
or explain( $res->[2]->[0], 'su' );
|
||||
count(14);
|
||||
|
||||
|
||||
$client->logout($id);
|
||||
clean_sessions();
|
||||
|
||||
done_testing( count() );
|
||||
done_testing( count() );
|
||||
|
|
|
@ -10,12 +10,12 @@ count(1);
|
|||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
ext2fActivation => 1,
|
||||
ext2fCodeActivation => 'A1b2C0',
|
||||
ext2FSendCommand => 't/sendCode.pl -uid $uid -code $code',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
logLevel => 'error',
|
||||
ext2fActivation => 1,
|
||||
ext2fCodeActivation => 'A1b2C0',
|
||||
ext2FSendCommand => 't/sendCode.pl -uid $uid -code $code',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
}
|
||||
}
|
||||
);
|
||||
|
|
|
@ -4,4 +4,7 @@ use warnings;
|
|||
|
||||
my ( $swt1, $user, $swt2, $code ) = @ARGV;
|
||||
|
||||
exit !( $swt1 eq '-uid' && $user eq 'dwho' && $swt2 eq '-code' && defined $code );
|
||||
exit !($swt1 eq '-uid'
|
||||
&& $user eq 'dwho'
|
||||
&& $swt2 eq '-code'
|
||||
&& defined $code );
|
||||
|
|
Loading…
Reference in New Issue