dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Tidy + typo

Browse Source
This commit is contained in:
Xavier 2019-09-18 21:49:51 +02:00
parent fedea4abbd
commit cccd025dfc
5 changed files with 143 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm
View File

@ -98,7 +98,7 @@ sub portalConsts {
'92' => 'PE_GET_SERVICE_NOT_ALLOWED', '92' => 'PE_GET_SERVICE_NOT_ALLOWED',
'93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED', '93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED',
'94' => 'PE_ISSUERMISSINGREQATTR', '94' => 'PE_ISSUERMISSINGREQATTR',
'95' => 'PE_RESETCERTIFICATE_INVALIDE', '95' => 'PE_RESETCERTIFICATE_INVALID',
'96' => 'PE_RESETCERTIFICATE_FOREMPTY', '96' => 'PE_RESETCERTIFICATE_FOREMPTY',
'97' => 'PE_RESETCERTIFICATE_FIRSTACCESS' '97' => 'PE_RESETCERTIFICATE_FIRSTACCESS'
}; };

2
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/PortalConstants.pm
View File

@ -102,7 +102,7 @@ sub portalConstants {
PE_GET_SERVICE_NOT_ALLOWED => 92, PE_GET_SERVICE_NOT_ALLOWED => 92,
PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93, PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93,
PE_ISSUERMISSINGREQATTR => 94, PE_ISSUERMISSINGREQATTR => 94,
PE_RESETCERTIFICATE_INVALIDE => 95, PE_RESETCERTIFICATE_INVALID => 95,
PE_RESETCERTIFICATE_FOREMPTY => 96, PE_RESETCERTIFICATE_FOREMPTY => 96,
PE_RESETCERTIFICATE_FIRSTACCESS => 97, PE_RESETCERTIFICATE_FIRSTACCESS => 97,
}; };

6
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm
View File

@ -98,7 +98,7 @@ use constant {
PE_GET_SERVICE_NOT_ALLOWED => 92, PE_GET_SERVICE_NOT_ALLOWED => 92,
PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93, PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93,
PE_ISSUERMISSINGREQATTR => 94, PE_ISSUERMISSINGREQATTR => 94,
PE_RESETCERTIFICATE_INVALIDE => 95, PE_RESETCERTIFICATE_INVALID => 95,
PE_RESETCERTIFICATE_FOREMPTY => 96, PE_RESETCERTIFICATE_FOREMPTY => 96,
PE_RESETCERTIFICATE_FIRSTACCESS => 97, PE_RESETCERTIFICATE_FIRSTACCESS => 97,
}; };
@ -195,7 +195,7 @@ sub portalConsts {
'92' => 'PE_GET_SERVICE_NOT_ALLOWED', '92' => 'PE_GET_SERVICE_NOT_ALLOWED',
'93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED', '93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED',
'94' => 'PE_ISSUERMISSINGREQATTR', '94' => 'PE_ISSUERMISSINGREQATTR',
'95' => 'PE_RESETCERTIFICATE_INVALIDE', '95' => 'PE_RESETCERTIFICATE_INVALID',
'96' => 'PE_RESETCERTIFICATE_FOREMPTY', '96' => 'PE_RESETCERTIFICATE_FOREMPTY',
'97' => 'PE_RESETCERTIFICATE_FIRSTACCESS' '97' => 'PE_RESETCERTIFICATE_FIRSTACCESS'
}; };
@ -296,7 +296,7 @@ our @EXPORT_OK = (
'PE_GET_SERVICE_NOT_ALLOWED', 'PE_GET_SERVICE_NOT_ALLOWED',
'PE_IMPERSONATION_SERVICE_NOT_ALLOWED', 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED',
'PE_ISSUERMISSINGREQATTR', 'PE_ISSUERMISSINGREQATTR',
'PE_RESETCERTIFICATE_INVALIDE', 'PE_RESETCERTIFICATE_INVALID',
'PE_RESETCERTIFICATE_FOREMPTY', 'PE_RESETCERTIFICATE_FOREMPTY',
'PE_RESETCERTIFICATE_FIRSTACCESS' 'PE_RESETCERTIFICATE_FIRSTACCESS'
); );

10
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CertificateResetByMail.pm
View File

@ -29,7 +29,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_PASSWORD_OK PE_PASSWORD_OK
PE_TOKENEXPIRED PE_TOKENEXPIRED
PE_USERNOTFOUND PE_USERNOTFOUND
PE_RESETCERTIFICATE_INVALIDE PE_RESETCERTIFICATE_INVALID
PE_RESETCERTIFICATE_FOREMPTY PE_RESETCERTIFICATE_FOREMPTY
PE_RESETCERTIFICATE_FIRSTACCESS PE_RESETCERTIFICATE_FIRSTACCESS
); );
@ -481,8 +481,8 @@ sub modifyCertificate {
$self->userLogger->debug( "Unable to decode certificate for user " $self->userLogger->debug( "Unable to decode certificate for user "
. Net::SSLeay::ERR_error_string( Net::SSLeay::ERR_get_error() ) ); . Net::SSLeay::ERR_error_string( Net::SSLeay::ERR_get_error() ) );
#return PE_CERTIFICATE_INVALIDE; #return PE_CERTIFICATE_INVALID;
return PE_RESETCERTIFICATE_INVALIDE; return PE_RESETCERTIFICATE_INVALID;
} }
$self->userLogger->debug("Certificate decoded successfully"); $self->userLogger->debug("Certificate decoded successfully");
$notAfter = Net::SSLeay::P_ASN1_TIME_get_isotime( $notAfter = Net::SSLeay::P_ASN1_TIME_get_isotime(
@ -507,7 +507,7 @@ sub modifyCertificate {
$self->userLogger->debug( $self->userLogger->debug(
"Your cettificate is no longer valid in $self->conf->{certificateValidityDelay}" "Your cettificate is no longer valid in $self->conf->{certificateValidityDelay}"
); );
return PE_RESETCERTIFICATE_INVALIDE; return PE_RESETCERTIFICATE_INVALID;
#return PE_PASSWORD_MISMATCH; #return PE_PASSWORD_MISMATCH;
} }
@ -691,7 +691,7 @@ sub display {
# Display Certificate Reset form again if certificate invalid # Display Certificate Reset form again if certificate invalid
elsif ($req->error == PE_RESETCERTIFICATE_FOREMPTY elsif ($req->error == PE_RESETCERTIFICATE_FOREMPTY
|| $req->error == PE_RESETCERTIFICATE_INVALIDE ) || $req->error == PE_RESETCERTIFICATE_INVALID )
{ {
$self->logger->debug('Display Certificate Reset form'); $self->logger->debug('Display Certificate Reset form');
$tplPrm{DISPLAY_CERTIF_FORM} = 1; $tplPrm{DISPLAY_CERTIF_FORM} = 1;

240
lemonldap-ng-portal/t/44-CertificateResetByMail-LDAP.t
View File

@ -12,15 +12,14 @@ BEGIN {
}; };
} }
my ( $res, $user );
my ($res, $user);
my $maintests = 6; my $maintests = 6;
SKIP: { SKIP: {
eval eval
'require Email::Sender::Simple; use GD::SecurityImage;use Image::Magick;'; 'require Email::Sender::Simple; use GD::SecurityImage;use Image::Magick;';
if ($@) { if ($@) {
skip 'Missing dependencies '.$@ , $maintests; skip 'Missing dependencies ' . $@, $maintests;
} }
@ -29,33 +28,35 @@ SKIP: {
my $client = LLNG::Manager::Test->new( { my $client = LLNG::Manager::Test->new( {
ini => { ini => {
logLevel => 'debug', logLevel => 'debug',
useSafeJail => 1, useSafeJail => 1,
portalDisplayRegister => 1, portalDisplayRegister => 1,
authentication => 'SSL', authentication => 'SSL',
userDB => 'LDAP', userDB => 'LDAP',
passwordDB => 'LDAP', passwordDB => 'LDAP',
registerDB => 'LDAP', registerDB => 'LDAP',
ldapServer => 'ldap://127.0.0.1:19389/', ldapServer => 'ldap://127.0.0.1:19389/',
ldapBase => 'ou=users,dc=example,dc=com', ldapBase => 'ou=users,dc=example,dc=com',
managerDn => 'cn=admin,dc=example,dc=com', managerDn => 'cn=admin,dc=example,dc=com',
managerPassword => 'admin', managerPassword => 'admin',
captcha_mail_enabled => 0, captcha_mail_enabled => 0,
portalDisplayCertificateResetByMail => 1, portalDisplayCertificateResetByMail => 1,
certificateResetByMailCeaAttribute => 'description', certificateResetByMailCeaAttribute => 'description',
certificateResetByMailCertificateAttribute => 'userCertificate;binary', certificateResetByMailCertificateAttribute =>
certificateResetByMailStep1Body => 'Clique here <a href="$url"> to confirm your mail. It will expire $expMailDate', 'userCertificate;binary',
certificateResetByMailStep2Body => 'Certificate Reset sucessfully!', certificateResetByMailStep1Body =>
certificateValidityDelay => 30 'Click here <a href="$url"> to confirm your mail. It will expire $expMailDate',
certificateResetByMailStep2Body =>
'Certificate Reset sucessfully!',
certificateValidityDelay => 30
} }
} }
); );
# Test form # Test form
# ------------------------ # ------------------------
ok( $res = $client->_get('/certificateReset', accept => 'text/html' ), ok( $res = $client->_get( '/certificateReset', accept => 'text/html' ),
'Reset form', ); 'Reset form', );
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'mail' ); my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'mail' );
@ -69,28 +70,32 @@ SKIP: {
accept => 'text/html' accept => 'text/html'
), ),
'Post mail' 'Post mail'
) ; );
ok( mail() =~ m#a href="http://auth.example.com/certificateReset\?(.*?)"#, ok( mail() =~ m#a href="http://auth.example.com/certificateReset\?(.*?)"#,
'Found link in mail' ); 'Found link in mail' );
$query = $1; $query = $1;
my $querymail = $query; my $querymail = $query;
ok( ok(
$res = $res = $client->_get(
$client->_get( '/certificateReset', query => $query, accept => 'text/html' ), '/certificateReset',
query => $query,
accept => 'text/html'
),
'Post mail token received by mail' 'Post mail token received by mail'
); );
# print STDERR Dumper($res);
( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' ); # print STDERR Dumper($res);
ok( $res->[2]->[0] =~ /certif/s, ' Ask for a new certificate file' );
#print STDERR Dumper($query); ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
my %inputs = split( /[=&]/,$query ); ok( $res->[2]->[0] =~ /certif/s, ' Ask for a new certificate file' );
my %querytab = split( /[=&]/,$querymail );
# Create the certificate file #print STDERR Dumper($query);
my $cert = "-----BEGIN CERTIFICATE----- my %inputs = split( /[=&]/, $query );
my %querytab = split( /[=&]/, $querymail );
# Create the certificate file
my $cert = "-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIJAKGx8siw7lkRMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV MIIDdzCCAl+gAwIBAgIJAKGx8siw7lkRMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV
BAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxDjAMBgNVBAcMBVBBcmlzMREwDwYDVQQK BAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxDjAMBgNVBAcMBVBBcmlzMREwDwYDVQQK
DAhMaW5hZ29yYTEOMAwGA1UECwwFTElOSUQwIBcNMTkwNzA0MTcyNjI4WhgPMjEx DAhMaW5hZ29yYTEOMAwGA1UECwwFTElOSUQwIBcNMTkwNzA0MTcyNjI4WhgPMjEx
@ -112,83 +117,100 @@ u5i9b+lrWZeCtpVEPzSYpnBwGfepbZAzfVRKJm7wZPCe7KxqMGXQLVBkD8oN7vA1
lkRrWfQftwmLyNIu3HfSgXlgAZS30ymfbzBU lkRrWfQftwmLyNIu3HfSgXlgAZS30ymfbzBU
-----END CERTIFICATE-----"; -----END CERTIFICATE-----";
open my $FH2, '>', '/tmp/v296ZJQ_kG'; open my $FH2, '>', '/tmp/v296ZJQ_kG';
print {$FH2} "$cert"; print {$FH2} "$cert";
close $FH2; close $FH2;
$res = $client->app->( {
'plack.request.query' => bless( {
'skin' => $querytab{'skin'},
'mail_token' => $querytab{'mail_token'}
},
'Hash::MultiValue'
),
'PATH_INFO' => '/certificateReset',
'HTTP_ACCEPT' =>
'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3',
'REQUEST_METHOD' => 'POST',
'HTTP_ORIGIN' => 'http://auth.example.com',
'HTTP_ACCEPT_LANGUAGE' => 'fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3',
'REQUEST_SCHEME' => 'http',
'HTTP_CACHE_CONTROL' => 'max-age=0',
$res = $client->app->( { 'plack.request.merged' => bless( {
'plack.request.query' => bless( { 'skin' => $querytab{'skin'},
'skin' => $querytab{'skin'}, 'mail_token' => $querytab{'mail_token'},
'mail_token' => $querytab{'mail_token'} 'url' => '',
}, 'Hash::MultiValue' ), 'token' => $inputs{'token'}
'PATH_INFO' => '/certificateReset', },
'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3', 'Hash::MultiValue'
'REQUEST_METHOD' => 'POST', ),
'HTTP_ORIGIN' => 'http://auth.example.com', 'REMOTE_PORT' => '36674',
'HTTP_ACCEPT_LANGUAGE' => 'fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3', 'QUERY_STRING' => $querymail,
'REQUEST_SCHEME' => 'http', 'SERVER_SIGNATURE' => '',
'HTTP_CACHE_CONTROL' => 'max-age=0', 'psgix.input.buffered' => 1,
'HTTP_UPGRADE_INSECURE_REQUESTS' => '1',
'CONTENT_TYPE' =>
'plack.request.merged' => bless( { 'multipart/form-data; boundary=----WebKitFormBoundarybabRY9u6K9tERoLr',
'skin' => $querytab{'skin'}, 'plack.request.upload' => bless( {
'mail_token' => $querytab{'mail_token'}, 'certif' => bless( {
'url' => '', 'headers' => bless( {
'token' => $inputs{'token'} 'content-disposition' =>
}, 'Hash::MultiValue' ), 'form-data; name="certif"; filename="user.pem"',
'REMOTE_PORT' => '36674', 'content-type' =>
'QUERY_STRING' => $querymail, 'application/x-x509-ca-cert',
'SERVER_SIGNATURE' => '', '::std_case' => {
'psgix.input.buffered' => 1, 'content-disposition' =>
'HTTP_UPGRADE_INSECURE_REQUESTS' => '1', 'Content-Disposition'
'CONTENT_TYPE' => 'multipart/form-data; boundary=----WebKitFormBoundarybabRY9u6K9tERoLr', }
'plack.request.upload' => bless( { },
'certif' => bless( { 'HTTP::Headers'
'headers' => bless( { ),
'content-disposition' => 'form-data; name="certif"; filename="user.pem"', 'filename' => 'user.pem',
'content-type' => 'application/x-x509-ca-cert', 'tempname' => '/tmp/v296ZJQ_kG',
'::std_case' => { 'size' => 1261
'content-disposition' => 'Content-Disposition' },
} 'Plack::Request::Upload'
}, 'HTTP::Headers' ), )
'filename' => 'user.pem', },
'tempname' => '/tmp/v296ZJQ_kG', 'Hash::MultiValue'
'size' => 1261 ),
}, 'Plack::Request::Upload' ) 'psgi.streaming' => 1,
}, 'Hash::MultiValue' ), 'plack.request.body' => bless( {
'psgi.streaming' => 1, 'skin' => 'bootstrap',
'plack.request.body' => bless( { 'url' => '',
'skin' => 'bootstrap', 'token' => $inputs{'token'}
'url' => '', },
'token' => $inputs{'token'} 'Hash::MultiValue'
}, 'Hash::MultiValue' ), ),
'SCRIPT_URL' => '/certificateReset', 'SCRIPT_URL' => '/certificateReset',
'SERVER_NAME' => 'auth.example.com', 'SERVER_NAME' => 'auth.example.com',
'HTTP_REFERER' => 'http://auth.example.com/certificateReset?'.$querymail, 'HTTP_REFERER' => 'http://auth.example.com/certificateReset?'
'HTTP_CONNECTION' => 'close', . $querymail,
'CONTENT_LENGTH' => '1759', 'HTTP_CONNECTION' => 'close',
'SCRIPT_URI' => 'http://auth.example.com/certificateReset', 'CONTENT_LENGTH' => '1759',
'plack.cookie.parsed' => { 'SCRIPT_URI' => 'http://auth.example.com/certificateReset',
'llnglanguage' => 'fr' 'plack.cookie.parsed' => {
}, 'llnglanguage' => 'fr'
'SERVER_PORT' => '80', },
'SERVER_NAME' => 'auth.example.com', 'SERVER_PORT' => '80',
'SERVER_PROTOCOL' => 'HTTP/1.1', 'SERVER_NAME' => 'auth.example.com',
'SCRIPT_NAME' => '', 'SERVER_PROTOCOL' => 'HTTP/1.1',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (VAX-4000; rv:36.0) Gecko/20350101 Firefox', 'SCRIPT_NAME' => '',
'HTTP_COOKIE' => 'llnglanguage=fr', 'HTTP_USER_AGENT' =>
'REMOTE_ADDR' => '127.0.0.1', 'Mozilla/5.0 (VAX-4000; rv:36.0) Gecko/20350101 Firefox',
'REQUEST_URI' => '/certificateReset?'.$querymail, 'HTTP_COOKIE' => 'llnglanguage=fr',
'plack.cookie.string' => 'llnglanguage=fr', 'REMOTE_ADDR' => '127.0.0.1',
'SERVER_ADDR' => '127.0.0.1', 'REQUEST_URI' => '/certificateReset?' . $querymail,
'psgi.url_scheme' => 'http', 'plack.cookie.string' => 'llnglanguage=fr',
'psgix.harakiri' => '', 'SERVER_ADDR' => '127.0.0.1',
'HTTP_HOST' => 'auth.example.com' 'psgi.url_scheme' => 'http',
}); 'psgix.harakiri' => '',
'HTTP_HOST' => 'auth.example.com'
ok( mail() =~ /Certificate Reset sucessfully/, 'Certificate was changed'); }
);
ok( mail() =~ /Certificate Reset sucessfully/, 'Certificate was changed' );
} }
count($maintests); count($maintests);