Merge branch 'v2.0' into fix-ssl-error-reporting-2110
This commit is contained in:
commit
c3f7755055
|
@ -1,5 +1,6 @@
|
|||
server {
|
||||
listen __PORT__;
|
||||
listen [::]:__PORT__;
|
||||
server_name manager-api.__DNSDOMAIN__;
|
||||
root __MANAGERAPIDIR__;
|
||||
# Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf)
|
||||
|
@ -38,6 +39,7 @@ server {
|
|||
|
||||
# Access control
|
||||
#allow 127.0.0.0/8;
|
||||
#allow ::1/128;
|
||||
deny all;
|
||||
}
|
||||
|
||||
|
|
|
@ -18,6 +18,7 @@ include __CONFDIR__/nginx-lmlog.conf;
|
|||
|
||||
server {
|
||||
listen __PORT__;
|
||||
listen [::]:__PORT__;
|
||||
server_name reload.__DNSDOMAIN__;
|
||||
root /var/www/html;
|
||||
|
||||
|
@ -31,7 +32,8 @@ server {
|
|||
#real_ip_header X-Forwarded-For;
|
||||
|
||||
location = /reload {
|
||||
allow 127.0.0.1;
|
||||
allow 127.0.0.1/8;
|
||||
allow ::1/128;
|
||||
deny all;
|
||||
|
||||
# FastCGI configuration
|
||||
|
@ -55,7 +57,8 @@ server {
|
|||
|
||||
# Uncomment this if status is enabled
|
||||
#location = /status {
|
||||
# allow 127.0.0.1;
|
||||
# allow 127.0.0.1/8;
|
||||
# allow ::1/128;
|
||||
# deny all;
|
||||
# # FastCGI configuration
|
||||
# include /etc/nginx/fastcgi_params;
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
server {
|
||||
listen __PORT__;
|
||||
listen [::]:__PORT__;
|
||||
server_name manager.__DNSDOMAIN__;
|
||||
root __MANAGERSITEDIR__;
|
||||
# Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf)
|
||||
|
@ -43,6 +44,7 @@ server {
|
|||
index manager.psgi;
|
||||
try_files $uri $uri/ =404;
|
||||
allow 127.0.0.0/8;
|
||||
allow ::1/128;
|
||||
deny all;
|
||||
}
|
||||
|
||||
|
|
|
@ -12,6 +12,7 @@ upstream llng_portal_upstream {
|
|||
|
||||
server {
|
||||
listen __PORT__;
|
||||
listen [::]:__PORT__;
|
||||
server_name auth.__DNSDOMAIN__;
|
||||
root __PORTALSITEDIR__;
|
||||
# Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf)
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
server {
|
||||
listen __PORT__;
|
||||
listen [::]:__PORT__;
|
||||
server_name test1.__DNSDOMAIN__ test2.__DNSDOMAIN__;
|
||||
root __TESTDIR__;
|
||||
|
||||
|
@ -113,7 +114,8 @@ server {
|
|||
}
|
||||
|
||||
#location = /status {
|
||||
# allow 127.0.0.1;
|
||||
# allow 127.0.0.1/8;
|
||||
# allow ::1/128;
|
||||
# deny all;
|
||||
# include /etc/nginx/fastcgi_params;
|
||||
# fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;
|
||||
|
|
|
@ -8,7 +8,7 @@ sub defaultValues {
|
|||
'activeTimer' => 1,
|
||||
'ADPwdExpireWarning' => 0,
|
||||
'ADPwdMaxAge' => 0,
|
||||
'apacheAuthnLevel' => 4,
|
||||
'apacheAuthnLevel' => 3,
|
||||
'applicationList' => {
|
||||
'default' => {
|
||||
'catname' => 'Default category',
|
||||
|
|
|
@ -2,13 +2,13 @@ package Lemonldap::NG::Handler::Lib::CDA;
|
|||
|
||||
use strict;
|
||||
|
||||
our $VERSION = '2.0.7';
|
||||
our $VERSION = '2.0.6';
|
||||
|
||||
sub run {
|
||||
my ( $class, $req, $rule, $protection ) = @_;
|
||||
my $uri = $req->{env}->{REQUEST_URI};
|
||||
my $cn = $class->tsv->{cookieName};
|
||||
my ( $id, $ret, $session );
|
||||
my ( $id, $session );
|
||||
if ( $uri =~ s/[\?&;]${cn}cda=(\w+)$//oi ) {
|
||||
if ( $id = $class->fetchId($req)
|
||||
and $session = $class->retrieveSession( $req, $id ) )
|
||||
|
@ -48,10 +48,8 @@ sub run {
|
|||
return $class->REDIRECT;
|
||||
}
|
||||
}
|
||||
( $ret, $session ) =
|
||||
$class->Lemonldap::NG::Handler::Main::run( $req, $rule, $protection );
|
||||
|
||||
return $ret;
|
||||
return $class->Lemonldap::NG::Handler::Main::run( $req, $rule,
|
||||
$protection );
|
||||
}
|
||||
|
||||
## @rmethod protected hash getCDAInfos(id)
|
||||
|
|
|
@ -271,7 +271,7 @@ sub attributes {
|
|||
'type' => 'int'
|
||||
},
|
||||
'apacheAuthnLevel' => {
|
||||
'default' => 4,
|
||||
'default' => 3,
|
||||
'type' => 'int'
|
||||
},
|
||||
'applicationList' => {
|
||||
|
|
|
@ -3477,7 +3477,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
# Apache
|
||||
apacheAuthnLevel => {
|
||||
type => 'int',
|
||||
default => 4,
|
||||
default => 3,
|
||||
documentation => 'Apache authentication level',
|
||||
},
|
||||
|
||||
|
|
|
@ -320,6 +320,9 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
|
|||
for key, value of l
|
||||
if !key.match /^(_utime|ipAddr|error)$/
|
||||
cv += ", #{key} : #{value}"
|
||||
tab = cv.split ', '
|
||||
tab.sort()
|
||||
cv = tab.join ', '
|
||||
tmp.push
|
||||
t: l._utime
|
||||
title: $scope.localeDate l._utime
|
||||
|
@ -331,6 +334,9 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
|
|||
for key, value of l
|
||||
if !key.match /^(_utime|ipAddr|error)$/
|
||||
cv += ", #{key} : #{value}"
|
||||
tab = cv.split ', '
|
||||
tab.sort()
|
||||
cv = tab.join ', '
|
||||
tmp.push
|
||||
t: l._utime
|
||||
title: $scope.localeDate l._utime
|
||||
|
|
|
@ -228,7 +228,7 @@
|
|||
$scope.displaySession = function(scope) {
|
||||
var sessionId, transformSession;
|
||||
transformSession = function(session) {
|
||||
var _insert, array, attr, attrs, category, cv, element, epoch, i, id, j, k, key, l, len, len1, len2, len3, len4, len5, m, name, o, oidcConsent, p, real, ref, ref1, res, sfDevice, spoof, subres, time, title, tmp, value;
|
||||
var _insert, array, attr, attrs, category, cv, element, epoch, i, id, j, k, key, l, len, len1, len2, len3, len4, len5, m, name, o, oidcConsent, p, real, ref, ref1, res, sfDevice, spoof, subres, tab, time, title, tmp, value;
|
||||
_insert = function(re, title) {
|
||||
var key, reg, tmp, value;
|
||||
tmp = [];
|
||||
|
@ -374,6 +374,9 @@
|
|||
cv += ", " + key + " : " + value;
|
||||
}
|
||||
}
|
||||
tab = cv.split(', ');
|
||||
tab.sort();
|
||||
cv = tab.join(', ');
|
||||
tmp.push({
|
||||
t: l._utime,
|
||||
title: $scope.localeDate(l._utime),
|
||||
|
@ -392,6 +395,9 @@
|
|||
cv += ", " + key + " : " + value;
|
||||
}
|
||||
}
|
||||
tab = cv.split(', ');
|
||||
tab.sort();
|
||||
cv = tab.join(', ');
|
||||
tmp.push({
|
||||
t: l._utime,
|
||||
title: $scope.localeDate(l._utime),
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -163,6 +163,8 @@ sub init {
|
|||
|
||||
# Enable REST request only if more than 1 2F module is enabled
|
||||
if ( @{ $self->{sfModules} } > 1 ) {
|
||||
$self->addAuthRoute( '2fchoice' => '_choice', ['POST'] );
|
||||
$self->addAuthRoute( '2fchoice' => '_redirect', ['GET'] );
|
||||
$self->addUnauthRoute( '2fchoice' => '_choice', ['POST'] );
|
||||
$self->addUnauthRoute( '2fchoice' => '_redirect', ['GET'] );
|
||||
}
|
||||
|
|
|
@ -74,13 +74,15 @@ sub init {
|
|||
|
||||
sub display {
|
||||
my ( $self, $req ) = @_;
|
||||
my $realSessionId =
|
||||
$req->userData->{"$self->{conf}->{contextSwitchingPrefix}_session_id"};
|
||||
my $realSession;
|
||||
unless ( $realSession = $self->p->getApacheSession($realSessionId) ) {
|
||||
$self->userLogger->info(
|
||||
"ContextSwitching: session $realSessionId expired");
|
||||
return $self->p->do( $req, [ sub { PE_SESSIONEXPIRED } ] );
|
||||
my ( $realSession, $realSessionId );
|
||||
if ( $realSessionId =
|
||||
$req->userData->{"$self->{conf}->{contextSwitchingPrefix}_session_id"} )
|
||||
{
|
||||
unless ( $realSession = $self->p->getApacheSession($realSessionId) ) {
|
||||
$self->userLogger->info(
|
||||
"ContextSwitching: session $realSessionId expired");
|
||||
return $self->p->do( $req, [ sub { PE_SESSIONEXPIRED } ] );
|
||||
}
|
||||
}
|
||||
|
||||
# Check access rules
|
||||
|
|
|
@ -343,11 +343,14 @@ $(window).on 'load', () ->
|
|||
console.log 'Get lang from window' if lang && !queryLang
|
||||
else if lang not in window.availableLanguages
|
||||
lang = window.availableLanguages[0]
|
||||
console.log 'Get default lang' if !queryLang
|
||||
console.log 'Lang not available -> Get default lang' if !queryLang
|
||||
if queryLang
|
||||
if queryLang not in window.availableLanguages
|
||||
console.log 'Lang not available -> Get default lang'
|
||||
queryLang = window.availableLanguages[0]
|
||||
console.log 'Selected lang ->', queryLang
|
||||
if setCookieLang
|
||||
console.log 'Set lang ->', queryLang
|
||||
console.log 'Set cookie lang ->', queryLang
|
||||
setCookie 'llnglanguage', queryLang
|
||||
translatePage(queryLang)
|
||||
else
|
||||
|
|
|
@ -349,13 +349,17 @@ LemonLDAP::NG Portal jQuery scripts
|
|||
} else if (indexOf.call(window.availableLanguages, lang) < 0) {
|
||||
lang = window.availableLanguages[0];
|
||||
if (!queryLang) {
|
||||
console.log('Get default lang');
|
||||
console.log('Lang not available -> Get default lang');
|
||||
}
|
||||
}
|
||||
if (queryLang) {
|
||||
if (indexOf.call(window.availableLanguages, queryLang) < 0) {
|
||||
console.log('Lang not available -> Get default lang');
|
||||
queryLang = window.availableLanguages[0];
|
||||
}
|
||||
console.log('Selected lang ->', queryLang);
|
||||
if (setCookieLang) {
|
||||
console.log('Set lang ->', queryLang);
|
||||
console.log('Set cookie lang ->', queryLang);
|
||||
setCookie('llnglanguage', queryLang);
|
||||
}
|
||||
translatePage(queryLang);
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
(function() {
|
||||
var sendUrl, tryssl;
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
(function() {
|
||||
var sendUrl, tryssl;
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
|
||||
/*
|
||||
LemonLDAP::NG TOTP registration script
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
|
||||
/*
|
||||
LemonLDAP::NG U2F registration script
|
||||
|
|
182
lemonldap-ng-portal/t/78-2F-Upgrade-Many.t
Normal file
182
lemonldap-ng-portal/t/78-2F-Upgrade-Many.t
Normal file
|
@ -0,0 +1,182 @@
|
|||
use Test::More;
|
||||
use strict;
|
||||
use IO::String;
|
||||
use Data::Dumper;
|
||||
|
||||
require 't/test-lib.pm';
|
||||
require 't/smtp.pm';
|
||||
|
||||
use_ok('Lemonldap::NG::Common::FormEncode');
|
||||
count(1);
|
||||
my $res;
|
||||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
upgradeSession => 1,
|
||||
mail2fActivation => '$_choice eq "strong"',
|
||||
mail2fCodeRegex => '\d{4}',
|
||||
mail2fAuthnLevel => 5,
|
||||
ext2fActivation => '$_choice eq "strong"',
|
||||
ext2fCodeActivation => 0,
|
||||
ext2FSendCommand => 't/sendOTP.pl -uid $uid',
|
||||
ext2FValidateCommand => 't/vrfyOTP.pl -uid $uid -code $code',
|
||||
authentication => 'Choice',
|
||||
userDB => 'Same',
|
||||
'authChoiceModules' => {
|
||||
'strong' => 'Demo;Demo;Null;;;{}',
|
||||
'weak' => 'Demo;Demo;Null;;;{}'
|
||||
},
|
||||
'vhostOptions' => {
|
||||
'test1.example.com' => {
|
||||
'vhostAuthnLevel' => 3
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
# Try to authenticate
|
||||
# -------------------
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new('user=dwho&password=dwho&lmAuth=weak'),
|
||||
length => 35,
|
||||
accept => 'text/html',
|
||||
),
|
||||
'Auth query'
|
||||
);
|
||||
count(1);
|
||||
|
||||
my $id = expectCookie($res);
|
||||
|
||||
# After attempting to access test1,
|
||||
# the handler sends up back to /upgradesession
|
||||
# --------------------------------------------
|
||||
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/upgradesession',
|
||||
query => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29t',
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$id",
|
||||
),
|
||||
'Upgrade session query'
|
||||
);
|
||||
|
||||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/upgradesession', 'confirm', 'url' );
|
||||
ok( $res->[2]->[0] =~ qq%<img src="/static/common/logos/logo_llng_400px.png"%,
|
||||
'Found custom Main Logo' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(3);
|
||||
|
||||
# Accept session upgrade
|
||||
# ----------------------
|
||||
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/upgradesession',
|
||||
IO::String->new($query),
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$id",
|
||||
),
|
||||
'Accept session upgrade query'
|
||||
);
|
||||
count(1);
|
||||
|
||||
my $pdata = expectCookie( $res, 'lemonldappdata' );
|
||||
|
||||
( $host, $url, $query ) = expectForm( $res, '#', undef, 'upgrading', 'url' );
|
||||
|
||||
$query = $query . "&user=dwho&password=dwho&lmAuth=strong";
|
||||
|
||||
# Attempt login with the "strong" auth choice
|
||||
# this should trigger 2FA
|
||||
# -------------------------------------------
|
||||
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/upgradesession',
|
||||
IO::String->new($query),
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$id;lemonldappdata=$pdata",
|
||||
),
|
||||
'Post login'
|
||||
);
|
||||
count(1);
|
||||
|
||||
$pdata = expectCookie( $res, 'lemonldappdata' );
|
||||
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/2fchoice', 'token', 'checkLogins' );
|
||||
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
qq%<button type="submit" name="sf" value="mail" class="mx-3 btn btn-light" role="button">%,
|
||||
'Found mail'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
|
||||
$query .= '&sf=mail';
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/2fchoice',
|
||||
IO::String->new($query),
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$id;lemonldappdata=$pdata",
|
||||
),
|
||||
'Post ext2f choice'
|
||||
);
|
||||
count(1);
|
||||
|
||||
$pdata = expectCookie( $res, 'lemonldappdata' );
|
||||
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/mail2fcheck?skin=bootstrap', 'token', 'code' );
|
||||
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
qr%<input name="code" value="" type="text" class="form-control" id="extcode" trplaceholder="code" autocomplete="off" />%,
|
||||
'Found EXTCODE input'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
|
||||
ok( mail() =~ m%<b>(\d{4})</b>%, 'Found 2F code in mail' )
|
||||
or print STDERR Dumper( mail() );
|
||||
count(1);
|
||||
|
||||
my $code = $1;
|
||||
|
||||
# Post 2F code
|
||||
# ------------
|
||||
|
||||
$query =~ s/code=/code=${code}/;
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/mail2fcheck',
|
||||
IO::String->new($query),
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$id;lemonldappdata=$pdata",
|
||||
),
|
||||
'Post code'
|
||||
);
|
||||
count(1);
|
||||
expectRedirection( $res, 'http://test1.example.com' );
|
||||
$id = expectCookie($res);
|
||||
|
||||
my $cookies = getCookies($res);
|
||||
ok( !$cookies->{lemonldappdata}, " Make sure no pdata is returned" );
|
||||
count(1);
|
||||
|
||||
clean_sessions();
|
||||
|
||||
done_testing( count() );
|
||||
|
Loading…
Reference in New Issue
Block a user