dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'v2.0'

This commit is contained in:
Xavier 2019-09-11 21:22:50 +02:00
parent 374cac7874 0b69baa5d8
commit d881605fed
63 changed files with 2166 additions and 1628 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
COPYING
View File

@ -133,6 +133,10 @@ License: CC-3
Comment: This work, "CustomAuth.png", is a derivative of
"Noun project 1162.svg" by Christopher T. Howlett, under CC-BY-3.0.
Files: lemonldap-ng-portal/site/htdocs/static/common/fonts/password.ttf
Copyright: 2007, the Tap2Play Team, https://git.tap2play.org.au/tap2play/web/tree/dev/fonts
License: Expat
Files: lemonldap-ng-portal/site/htdocs/static/common/backgrounds/*
Copyright: Various artists
License: CC-BY-NC-ND-3.0 or GFDL-1.3

2
_example/etc/nginx-lmlog.conf
View File

@ -3,4 +3,4 @@ log_format lm_combined '$remote_addr - $lmremote_user [$time_local] '
'"$http_referer" "$http_user_agent" $lmremote_custom';
log_format lm_app '$remote_addr - $upstream_http_lm_remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" $lmremote_custom';
'"$http_referer" "$http_user_agent" $upstream_http_lm_remote_custom';

2
_example/etc/portal-apache2.X.conf
View File

@ -116,7 +116,7 @@
</IfVersion>
</Location>
# Enabe compression
# Enable compression
<Location />
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css

2
_example/etc/portal-apache2.conf
View File

@ -87,7 +87,7 @@
Deny from all
</Location>
# Enabe compression
# Enable compression
<Location />
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css

147
lemonldap-ng-common/.prove
View File

@ -1,105 +1,116 @@
---
generation: 2
last_run_time: 1567071551.30841
generation: 3
last_run_time: 1568228253.60673
tests:
t/01-Common-Conf.t:
elapsed: 0.472490072250366
gen: 2
last_pass_time: 1567071550.71014
elapsed: 0.0860559940338135
gen: 3
last_pass_time: 1568228253.51096
last_result: 0
last_run_time: 1567071550.71014
last_run_time: 1568228253.51096
last_todo: 0
seq: 5
total_passes: 1
mtime: 1566161618
seq: 14
total_passes: 2
t/02-Common-Conf-File.t:
elapsed: 0.0793302059173584
gen: 2
last_pass_time: 1567071550.68052
elapsed: 0.0139250755310059
gen: 3
last_pass_time: 1568228253.60618
last_result: 0
last_run_time: 1567071550.68052
last_run_time: 1568228253.60618
last_todo: 0
seq: 4
total_passes: 1
mtime: 1566161618
seq: 22
total_passes: 2
t/03-Common-Conf-CDBI.t:
elapsed: 0.61043119430542
gen: 2
last_pass_time: 1567071550.95767
elapsed: 0.166121959686279
gen: 3
last_pass_time: 1568228253.58678
last_result: 0
last_run_time: 1567071550.95767
last_run_time: 1568228253.58678
last_todo: 0
seq: 6
total_passes: 1
mtime: 1567458069
seq: 19
total_passes: 2
t/03-Common-Conf-RDBI.t:
elapsed: 0.66497802734375
gen: 2
last_pass_time: 1567071551.00435
elapsed: 0.187541961669922
gen: 3
last_pass_time: 1568228253.60138
last_result: 0
last_run_time: 1567071551.00435
last_run_time: 1568228253.60138
last_todo: 0
seq: 7
total_passes: 1
mtime: 1567458069
seq: 21
total_passes: 2
t/05-Common-Conf-LDAP.t:
elapsed: 0.64878511428833
gen: 2
last_pass_time: 1567071551.07637
elapsed: 0.157251119613647
gen: 3
last_pass_time: 1568228253.57577
last_result: 0
last_run_time: 1567071551.07637
last_run_time: 1568228253.57577
last_todo: 0
seq: 8
total_passes: 1
mtime: 1566161616
seq: 16
total_passes: 2
t/30-Common-Safelib.t:
elapsed: 0.0283739566802979
gen: 2
last_pass_time: 1567071550.40529
elapsed: 0.0150928497314453
gen: 3
last_pass_time: 1568228253.58625
last_result: 0
last_run_time: 1567071550.40529
last_run_time: 1568228253.58625
last_todo: 0
seq: 1
total_passes: 1
mtime: 1566161617
seq: 18
total_passes: 2
t/35-Common-Crypto.t:
elapsed: 0.190783977508545
gen: 2
last_pass_time: 1567071550.63236
elapsed: 0.0329771041870117
gen: 3
last_pass_time: 1568228253.46102
last_result: 0
last_run_time: 1567071550.63236
last_run_time: 1568228253.46102
last_todo: 0
seq: 3
total_passes: 1
mtime: 1567541253
seq: 12
total_passes: 2
t/36-Common-Regexp.t:
elapsed: 0.0631709098815918
gen: 2
last_pass_time: 1567071550.50944
elapsed: 0.00531005859375
gen: 3
last_pass_time: 1568228253.59092
last_result: 0
last_run_time: 1567071550.50944
last_run_time: 1568228253.59092
last_todo: 0
seq: 2
total_passes: 1
mtime: 1566161618
seq: 20
total_passes: 2
t/40-Common-Session.t:
elapsed: 0.184284210205078
gen: 2
last_pass_time: 1567071551.11977
elapsed: 0.0833292007446289
gen: 3
last_pass_time: 1568228253.51475
last_result: 0
last_run_time: 1567071551.11977
last_run_time: 1568228253.51475
last_todo: 0
seq: 9
total_passes: 1
mtime: 1566161618
seq: 15
total_passes: 2
t/50-Combination-Parser.t:
elapsed: 0.108580827713013
gen: 2
last_pass_time: 1567071551.1593
elapsed: 0.0678761005401611
gen: 3
last_pass_time: 1568228253.50556
last_result: 0
last_run_time: 1567071551.1593
last_run_time: 1568228253.50556
last_todo: 0
seq: 10
total_passes: 1
mtime: 1566161617
seq: 13
total_passes: 2
t/99-pod.t:
elapsed: 0.128799915313721
gen: 2
last_pass_time: 1567071551.30716
elapsed: 0.100279092788696
gen: 3
last_pass_time: 1568228253.57739
last_result: 0
last_run_time: 1567071551.30716
last_run_time: 1568228253.57739
last_todo: 0
seq: 11
total_passes: 1
mtime: 1566161617
seq: 17
total_passes: 2
version: 1
...

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
View File

@ -24,7 +24,7 @@ use constant MANAGERSECTION => "manager";
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
use constant APPLYSECTION => "apply";
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustomAddParam|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|p(?:ortal(?:ErrorOn(?:ExpiredSession|MailNotFound)|DisplayRe(?:setPassword|gister)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?)?|y(?:Deleted|Other))|AjaxHook)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|d(?:isablePersistentStorage|biDynamicHashEnabled|ontCompactConf)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs)|bruteForceProtection)$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?)?|y(?:Deleted|Other))|AjaxHook)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|d(?:isablePersistentStorage|biDynamicHashEnabled|ontCompactConf)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|br(?:owsersDontStorePassword|uteForceProtection)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );

11
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
View File

@ -200,6 +200,10 @@ sub defaultValues {
'pamAuthnLevel' => 2,
'pamService' => 'login',
'passwordDB' => 'Demo',
'passwordPolicyMinDigit' => 0,
'passwordPolicyMinLower' => 0,
'passwordPolicyMinSize' => 0,
'passwordPolicyMinUpper' => 0,
'passwordResetAllowedRetries' => 3,
'port' => -1,
'portal' => 'http://auth.example.com/',
@ -235,9 +239,10 @@ sub defaultValues {
'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService',
'proxy' => 'http://auth.example.com/sessions'
},
'requireToken' => 1,
'rest2fActivation' => 0,
'restAuthnLevel' => 2,
'requireToken' => 1,
'rest2fActivation' => 0,
'restAuthnLevel' => 2,
'restClockTolerance' => 15,
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
'samlAuthnContextMapKerberos' => 4,

4
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
View File

@ -36,7 +36,7 @@ our $authParameters = {
adParams => [qw(ADPwdMaxAge ADPwdExpireWarning)],
apacheParams => [qw(apacheAuthnLevel)],
casParams => [qw(casAuthnLevel)],
choiceParams => [qw(authChoiceParam authChoiceModules)],
choiceParams => [qw(authChoiceParam authChoiceModules authChoiceAuthBasic)],
combinationParams => [qw(combination combModules combinationForms)],
customParams => [qw(customAuth customUserDB customPassword customRegister customAddParams)],
dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash dbiDynamicHashEnabled dbiDynamicHashValidSchemes dbiDynamicHashValidSaltedSchemes dbiDynamicHashNewPasswordScheme)],
@ -44,7 +44,7 @@ our $authParameters = {
facebookParams => [qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret facebookUserField)],
gpgParams => [qw(gpgAuthnLevel gpgDb)],
kerberosParams => [qw(krbAuthnLevel krbKeytab krbByJs krbRemoveDomain)],
ldapParams => [qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupDecodeSearchedValue ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue ldapAllowResetExpiredPassword)],
ldapParams => [qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupDecodeSearchedValue ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue ldapAllowResetExpiredPassword ldapITDS)],
linkedinParams => [qw(linkedInAuthnLevel linkedInClientID linkedInClientSecret linkedInUserField linkedInScope)],
nullParams => [qw(nullAuthnLevel)],
oidcParams => [qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)],

16
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/AuthBasic.pm
View File

@ -2,7 +2,7 @@ package Lemonldap::NG::Handler::Lib::AuthBasic;
use strict;
use Exporter;
use Digest::MD5;
use Digest::SHA;
use MIME::Base64;
use HTTP::Headers;
@ -29,7 +29,7 @@ sub fetchId {
$creds =~ s/^Basic\s+//;
my @date = localtime;
my $day = $date[5] * 366 + $date[7];
return Digest::MD5::md5_hex( $creds . $day );
return Digest::SHA::sha256_hex( $creds . $day );
}
else {
return 0;
@ -94,7 +94,13 @@ sub createSession {
build_urlencoded(
user => $user,
password => $pwd,
secret => $class->tsv->{cipher}->encrypt(time)
secret => $class->tsv->{cipher}->encrypt(time),
(
$class->tsv->{authChoiceAuthBasic}
? ( $class->tsv->{authChoiceParam} =>
$class->tsv->{authChoiceAuthBasic} )
: ()
)
)
);
my $resp = $class->ua->request($get);
@ -162,8 +168,8 @@ sub ua {
my ($class) = @_;
return $_ua if ($_ua);
$_ua = Lemonldap::NG::Common::UserAgent->new( {
lwpOpts => $class->localConfig->{lwpOpts},
lwpSslOpts => $class->localConfig->{lwpSslOpts}
lwpOpts => $class->tsv->{lwpOpts},
lwpSslOpts => $class->tsv->{lwpSslOpts}
}
);

3
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
View File

@ -197,7 +197,8 @@ sub defaultValuesInit {
securedCookie timeout timeoutActivity
timeoutActivityInterval useRedirectOnError useRedirectOnForbidden
useSafeJail whatToTrace handlerInternalCache
handlerServiceTokenTTL customToTrace
handlerServiceTokenTTL customToTrace lwpOpts lwpSslOpts
authChoiceParam authChoiceAuthBasic
)
);

35
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
View File

@ -278,6 +278,9 @@ sub attributes {
'keyTest' => qr/\w/,
'type' => 'catAndAppList'
},
'authChoiceAuthBasic' => {
'type' => 'text'
},
'authChoiceModules' => {
'keyMsgFail' => '__badChoiceKey__',
'keyTest' => qr/^(\d*)?[a-zA-Z0-9_]+$/,
@ -605,6 +608,10 @@ sub attributes {
'default' => 'TOTP,U2F,Yubikey',
'type' => 'text'
},
'browsersDontStorePassword' => {
'default' => 0,
'type' => 'bool'
},
'bruteForceProtection' => {
'default' => 0,
'type' => 'bool'
@ -1475,6 +1482,10 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
'default' => 0,
'type' => 'bool'
},
'ldapITDS' => {
'default' => 0,
'type' => 'bool'
},
'ldapPasswordResetAttribute' => {
'default' => 'pwdReset',
'type' => 'text'
@ -2255,6 +2266,22 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
],
'type' => 'select'
},
'passwordPolicyMinDigit' => {
'default' => 0,
'type' => 'int'
},
'passwordPolicyMinLower' => {
'default' => 0,
'type' => 'int'
},
'passwordPolicyMinSize' => {
'default' => 0,
'type' => 'int'
},
'passwordPolicyMinUpper' => {
'default' => 0,
'type' => 'int'
},
'passwordResetAllowedRetries' => {
'default' => 3,
'type' => 'int'
@ -2315,6 +2342,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => '$_oidcConnectedRP',
'type' => 'boolOrExpr'
},
'portalDisplayPasswordPolicy' => {
'default' => 0,
'type' => 'bool'
},
'portalDisplayRegister' => {
'default' => 1,
'type' => 'bool'
@ -2609,6 +2640,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'restAuthUrl' => {
'type' => 'url'
},
'restClockTolerance' => {
'default' => 15,
'type' => 'int'
},
'restConfigServer' => {
'default' => 0,
'type' => 'bool'

45
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
View File

@ -877,6 +877,11 @@ sub attributes {
default => '^[\w\.\-@]+$',
documentation => 'Regular expression to validate login',
},
browsersDontStorePassword => {
default => 0,
type => 'bool',
documentation => 'Avoid browsers to store users password',
},
useRedirectOnError => {
type => 'bool',
default => 1,
@ -1297,6 +1302,31 @@ sub attributes {
type => 'bool',
documentation => 'Hide old password in portal',
},
passwordPolicyMinSize => {
default => 0,
type => 'int',
documentation => 'Password policy: minimal size',
},
passwordPolicyMinLower => {
default => 0,
type => 'int',
documentation => 'Password policy: minimal lower characters',
},
passwordPolicyMinUpper => {
default => 0,
type => 'int',
documentation => 'Password policy: minimal upper characters',
},
passwordPolicyMinDigit => {
default => 0,
type => 'int',
documentation => 'Password policy: minimal digit characters',
},
portalDisplayPasswordPolicy => {
default => 0,
type => 'bool',
documentation => 'Display policy in password form',
},
# SMTP server
SMTPServer => {
@ -1798,6 +1828,12 @@ sub attributes {
documentation =>
'Allow to export secret keys in REST session server',
},
restClockTolerance => {
default => 15,
type => 'int',
documentation =>
'How tolerant the REST session server will be to clock dift',
},
restConfigServer => {
default => 0,
type => 'bool',
@ -2970,6 +3006,11 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
type => 'bool',
documentation => 'Allow a user to reset his expired password',
},
ldapITDS => {
default => 0,
type => 'bool',
documentation => 'Support for IBM Tivoli Directory Server',
},
# SSL
SSLAuthnLevel => {
@ -3298,6 +3339,10 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
default => 'lmAuth',
documentation => 'Applications list',
},
authChoiceAuthBasic => {
type => 'text',
documentation => 'Auth module used by AuthBasic handler',
},
authChoiceModules => {
type => 'authChoiceContainer',
keyTest => qr/^(\d*)?[a-zA-Z0-9_]+$/,

19
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
View File

@ -85,7 +85,12 @@ sub tree {
nodes => [
'portalRequireOldPassword',
'hideOldPassword',
'mailOnPasswordChange'
'mailOnPasswordChange',
'passwordPolicyMinSize',
'passwordPolicyMinLower',
'passwordPolicyMinUpper',
'passwordPolicyMinDigit',
'portalDisplayPasswordPolicy',
]
},
{
@ -134,7 +139,7 @@ sub tree {
{
title => 'choiceParams',
help => 'authchoice.html',
nodes => [ 'authChoiceParam', 'authChoiceModules' ]
nodes => [ 'authChoiceParam', 'authChoiceModules', 'authChoiceAuthBasic' ]
},
{
title => 'apacheParams',
@ -286,7 +291,8 @@ sub tree {
'ldapUsePasswordResetAttribute',
'ldapPasswordResetAttribute',
'ldapPasswordResetAttributeValue',
'ldapAllowResetExpiredPassword'
'ldapAllowResetExpiredPassword',
'ldapITDS'
]
},
]
@ -587,9 +593,9 @@ sub tree {
form => 'simpleInputContainer',
nodes => [
'wsdlServer', 'restSessionServer',
'restExportSecretKeys', 'restConfigServer',
'soapSessionServer', 'soapConfigServer',
'exportedAttr',
'restExportSecretKeys', 'restClockTolerance',
'restConfigServer', 'soapSessionServer',
'soapConfigServer', 'exportedAttr',
]
},
{
@ -868,6 +874,7 @@ sub tree {
help => 'security.html#configure_security_settings',
nodes => [
'userControl',
'browsersDontStorePassword',
'portalForceAuthn',
'portalForceAuthnInterval',
'key',

4
lemonldap-ng-manager/site/htdocs/static/forms/casSrvMetaDataNode.html
View File

@ -14,8 +14,8 @@
"title": "addSrvCasPartner",
"action": "addCasSrv",
"icon": "plus-sign"
}, {
},{
"title": "deleteEntry",
"icon": "plus-sign"
"icon": "minus-sign"
}]
</script>

6
lemonldap-ng-manager/site/htdocs/static/forms/menuApp.html
View File

@ -100,11 +100,11 @@
},{
"title": "down",
"icon": "arrow-down"
},{
"title": "deleteEntry",
"icon": "minus-sign"
},{
"title": "newApp",
"icon": "plus-sign"
},{
"title": "deleteEntry",
"icon": "minus-sign"
}]
</script>

12
lemonldap-ng-manager/site/htdocs/static/forms/menuCat.html
View File

@ -27,12 +27,12 @@
},{
"title": "down",
"icon": "arrow-down"
},{
"title": "deleteEntry",
"icon": "minus-sign"
},{
"title": "newApp",
"icon": "plus-sign"
},{
"title": "deleteEntry",
"icon": "minus-sign"
}]
</script>
<!-- Uncomment this snippet to enable sub categories
@ -43,15 +43,15 @@
},{
"title": "down",
"icon": "arrow-down"
},{
"title": "deleteEntry",
"icon": "minus-sign"
},{
"title": "newCat",
"icon": "plus-sign"
},{
"title": "newApp",
"icon": "plus-sign"
},{
"title": "deleteEntry",
"icon": "minus-sign"
}]
</script>
-->

6
lemonldap-ng-manager/site/htdocs/static/forms/samlAttribute.html
View File

@ -50,10 +50,10 @@
</div>
<script type="text/menu">
[{
"title": "deleteEntry",
"icon": "minus-sign"
},{
"title": "addSamlAttribute",
"icon": "plus-sign"
},{
"title": "deleteEntry",
"icon": "minus-sign"
}]
</script>

4
lemonldap-ng-manager/site/htdocs/static/forms/samlIDPMetaDataNode.html
View File

@ -14,8 +14,8 @@
"title": "addIDPSamlPartner",
"action": "addSamlIDP",
"icon": "plus-sign"
}, {
},{
"title": "deleteEntry",
"icon": "plus-sign"
"icon": "minus-sign"
}]
</script>

11
lemonldap-ng-manager/site/htdocs/static/languages/ar.json
View File

@ -54,6 +54,7 @@
"authAndUserdb":"الترخيص وقاعدة بيانات المستخدم",
"authChain":"سلسلة إثبات الهوية",
"authChoice":"اختيار إثبات الهوية",
"authChoiceAuthBasic":"AuthBasic handler parameter",
"authChoiceModules":"الوحدات المسموح بها",
"authChoiceParam":"معايير URL",
"authentication":"وحدة إثبات الهوية",
@ -94,6 +95,7 @@
"badVariableName":"اسم المتغيرة خاطئ",
"blackList":"القائمة السوداء",
"browse":"تصفح",
"browsersDontStorePassword":"Avoid browsers to store users password",
"browserIdAuthnLevel":"مستوى إثبات الهوية",
"browserIdAutoLogin":"تسجيل الدخول التلقائي",
"browserIdBackgroundColor":"لون الخلفية",
@ -385,6 +387,7 @@
"ldapGroupObjectClass":"أوبجكت كلاس",
"ldapGroupRecursive":"تكراري",
"ldapGroups":"المجموعات",
"ldapITDS":"IBM Tivoli DS support",
"ldapParams":"معايير إل‌داب",
"ldapPassword":"كلمة المرور",
"ldapPasswordResetAttribute":"إعادة تعيين السمة",
@ -630,6 +633,10 @@
"password":"كلمة المرور",
"passwordDB":"وحدة كلمة المرور",
"passwordManagement":"إدارة كلمة المرور",
"passwordPolicyMinSize":"Minimal size",
"passwordPolicyMinLower":"Minimal lower characters",
"passwordPolicyMinUpper":"Minimal upper characters",
"passwordPolicyMinDigit":"Minimal digit characters",
"passwordResetAllowedRetries":"Max reset password retries",
"persistent":"الثابتة",
"persistentSessions":"الجلسات الثابتة",
@ -648,6 +655,7 @@
"portalDisplayChangePassword":"تغيير كلمة المرور",
"portalDisplayLoginHistory":"سجل تسجيل الدخول",
"portalDisplayLogout":"تسجيل الخروج",
"portalDisplayPasswordPolicy":"Display policy in password form",
"portalDisplayOidcConsents":"OIDC Consents",
"portalDisplayRegister":"تسجيل حساب جديد",
"portalDisplayResetPassword":"إعادة تعيين كلمة المرور",
@ -738,6 +746,7 @@
"restPwdConfirmUrl":"عنوان اليو آر إل لتأكيد كلمة المرور",
"restPwdModifyUrl":"عنوان اليو آر إل لتغيير كلمة المرور",
"restSessionServer":"خادم جلسة ريست",
"restClockTolerance":"REST server clock tolerance",
"restUserDBUrl":"عنوان يو آر إل لبيانات المستخدم",
"returnUrl":"إرجاع اليو آر إل",
"rp":"Relying Party",
@ -1054,4 +1063,4 @@
"samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ",
"samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين",
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
}

11
lemonldap-ng-manager/site/htdocs/static/languages/de.json
View File

@ -54,6 +54,7 @@
"authAndUserdb":"Authz and user DB",
"authChain":"Authentication chain",
"authChoice":"Authentication choice",
"authChoiceAuthBasic":"AuthBasic handler parameter",
"authChoiceModules":"Allowed modules",
"authChoiceParam":"URL parameter",
"authentication":"Authentication module",
@ -94,6 +95,7 @@
"badVariableName":"Bad variable name",
"blackList":"Black list",
"browse":"Browse",
"browsersDontStorePassword":"Avoid browsers to store users password",
"browserIdAuthnLevel":"Authentication level",
"browserIdAutoLogin":"Automatic login",
"browserIdBackgroundColor":"Background color",
@ -384,6 +386,7 @@
"ldapGroupObjectClass":"Object class",
"ldapGroupRecursive":"Recursive",
"ldapGroups":"Groups",
"ldapITDS":"IBM Tivoli DS support",
"ldapParams":"LDAP parameters",
"ldapPassword":"Password",
"ldapPasswordResetAttribute":"Reset attribute",
@ -629,6 +632,10 @@
"password":"Password",
"passwordDB":"Password module",
"passwordManagement":"Password management",
"passwordPolicyMinSize":"Minimal size",
"passwordPolicyMinLower":"Minimal lower characters",
"passwordPolicyMinUpper":"Minimal upper characters",
"passwordPolicyMinDigit":"Minimal digit characters",
"passwordResetAllowedRetries":"Max reset password retries",
"persistent":"Persistent",
"persistentSessions":"Persistent sessions",
@ -647,6 +654,7 @@
"portalDisplayChangePassword":"Password change",
"portalDisplayLoginHistory":"Login History",
"portalDisplayLogout":"Logout",
"portalDisplayPasswordPolicy":"Display policy in password form",
"portalDisplayOidcConsents":"OIDC Consents",
"portalDisplayRegister":"Register new account",
"portalDisplayResetPassword":"Reset password",
@ -737,6 +745,7 @@
"restPwdConfirmUrl":"Password confirmation URL",
"restPwdModifyUrl":"Password change URL",
"restSessionServer":"REST session server",
"restClockTolerance":"REST server clock tolerance",
"restUserDBUrl":"User data URL",
"returnUrl":"Return URL",
"rp":"Relying Party",
@ -1053,4 +1062,4 @@
"samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method",
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
}

9
lemonldap-ng-manager/site/htdocs/static/languages/en.json
View File

@ -54,6 +54,7 @@
"authAndUserdb":"Authz and user DB",
"authChain":"Authentication chain",
"authChoice":"Authentication choice",
"authChoiceAuthBasic":"AuthBasic handler parameter",
"authChoiceModules":"Allowed modules",
"authChoiceParam":"URL parameter",
"authentication":"Authentication module",
@ -94,6 +95,7 @@
"badVariableName":"Bad variable name",
"blackList":"Black list",
"browse":"Browse",
"browsersDontStorePassword":"Avoid browsers to store users password",
"browserIdAuthnLevel":"Authentication level",
"browserIdAutoLogin":"Automatic login",
"browserIdBackgroundColor":"Background color",
@ -384,6 +386,7 @@
"ldapGroupObjectClass":"Object class",
"ldapGroupRecursive":"Recursive",
"ldapGroups":"Groups",
"ldapITDS":"IBM Tivoli DS support",
"ldapParams":"LDAP parameters",
"ldapPassword":"Password",
"ldapPasswordResetAttribute":"Reset attribute",
@ -629,6 +632,10 @@
"password":"Password",
"passwordDB":"Password module",
"passwordManagement":"Password management",
"passwordPolicyMinSize": "Minimal size",
"passwordPolicyMinLower": "Minimal lower characters",
"passwordPolicyMinUpper": "Minimal upper characters",
"passwordPolicyMinDigit": "Minimal digit characters",
"passwordResetAllowedRetries":"Max reset password retries",
"persistent":"Persistent",
"persistentSessions":"Persistent sessions",
@ -647,6 +654,7 @@
"portalDisplayChangePassword":"Password change",
"portalDisplayLoginHistory":"Login History",
"portalDisplayLogout":"Logout",
"portalDisplayPasswordPolicy": "Display policy in password form",
"portalDisplayOidcConsents":"OIDC Consents",
"portalDisplayRegister":"Register new account",
"portalDisplayResetPassword":"Reset password",
@ -737,6 +745,7 @@
"restPwdConfirmUrl":"Password confirmation URL",
"restPwdModifyUrl":"Password change URL",
"restSessionServer":"REST session server",
"restClockTolerance":"REST server clock tolerance",
"restUserDBUrl":"User data URL",
"returnUrl":"Return URL",
"rp":"Relying Party",

11
lemonldap-ng-manager/site/htdocs/static/languages/fr.json
View File

@ -54,6 +54,7 @@
"authAndUserdb":"Authent. et BD utilisateurs",
"authChain":"Chaîne d'authentification",
"authChoice":"Choix d'authentification",
"authChoiceAuthBasic":"Paramètre du handler AuthBasic",
"authChoiceModules":"Modules autorisés",
"authChoiceParam":"Paramètre de l'URL",
"authentication":"Module d'authentification",
@ -94,6 +95,7 @@
"badVariableName":"Mauvais nom de variable",
"blackList":"Liste noire",
"browse":"Naviguer",
"browsersDontStorePassword":"Interdire aux navigateurs de sauvegarder le mot de passe",
"browserIdAuthnLevel":"Niveau d'authentification",
"browserIdAutoLogin":"Authentification automatique",
"browserIdBackgroundColor":"Couleur d'arrière plan",
@ -384,6 +386,7 @@
"ldapGroupObjectClass":"Classe d'objet",
"ldapGroupRecursive":"Récursif",
"ldapGroups":"Groupes",
"ldapITDS":"Support IBM Tivoli DS",
"ldapParams":"Paramètres LDAP",
"ldapPassword":"Mot de passe",
"ldapPasswordResetAttribute":"Attribut de réinitialisation",
@ -629,6 +632,10 @@
"password":"Mot-de-passe",
"passwordDB":"Module de mot de passe",
"passwordManagement":"Gestion des mots de passe",
"passwordPolicyMinSize": "Taille minimale",
"passwordPolicyMinLower": "Minimum de minuscules",
"passwordPolicyMinUpper": "Minimum de majuscules",
"passwordPolicyMinDigit": "Minimum de chiffres",
"passwordResetAllowedRetries":"Nombre d'essais pour réinitialiser le mot de passe",
"persistent":"Persistantes",
"persistentSessions":"Sessions persistantes",
@ -647,6 +654,7 @@
"portalDisplayChangePassword":"Changement de mot de passe",
"portalDisplayLoginHistory":"Historique des connexions",
"portalDisplayLogout":"Déconnexion",
"portalDisplayPasswordPolicy": "Afficher la politique dans le formulaire de mot de passe",
"portalDisplayOidcConsents":"Accords OIDC",
"portalDisplayRegister":"Création d'un nouveau compte",
"portalDisplayResetPassword":"Réinitialisation de mot de passe",
@ -686,7 +694,7 @@
"radius2fActivation":"Activation",
"radius2fServer":"Nom d'hôte du serveur",
"radius2fSecret":"Secret partagé",
"radius2fUsernameSessionKey":"Clé de session contenant le login",
"radius2fUsernameSessionKey":"Clef de session contenant le login",
"radius2fTimeout":"Délai maximum d'authentification",
"radius2fAuthnLevel":"Niveau d'authentification",
"radius2fLogo":"Logo",
@ -737,6 +745,7 @@
"restPwdConfirmUrl":"URL de confirmation de mot-de-passe",
"restPwdModifyUrl":"URL de modification de mot-de-passe",
"restSessionServer":"Serveur de sessions REST",
"restClockTolerance":"Tolérance aux écarts d'horloge",
"restUserDBUrl":"URL de données utilisateurs",
"returnUrl":"URL de retour",
"rp":"Client",

13
lemonldap-ng-manager/site/htdocs/static/languages/it.json
View File

@ -54,6 +54,7 @@
"authAndUserdb":"Authz e utente DB",
"authChain":"Catena di autenticazione",
"authChoice":"Scelta di autenticazione",
"authChoiceAuthBasic":"AuthBasic handler parameter",
"authChoiceModules":"Moduli consentiti",
"authChoiceParam":"Parametri URL",
"authentication":"Modulo di autenticazione",
@ -94,6 +95,7 @@
"badVariableName":"Nome variabile errato",
"blackList":"Black list",
"browse":"Naviga",
"browsersDontStorePassword":"Avoid browsers to store users password",
"browserIdAuthnLevel":"Livello di autenticazione",
"browserIdAutoLogin":"Login automatico",
"browserIdBackgroundColor":"Colore di sfondo",
@ -384,6 +386,7 @@
"ldapGroupObjectClass":"Classe oggetto",
"ldapGroupRecursive":"Ricorsivo",
"ldapGroups":"Gruppi",
"ldapITDS":"IBM Tivoli DS support",
"ldapParams":"Parametri LDAP",
"ldapPassword":"Password",
"ldapPasswordResetAttribute":"Reset attributo",
@ -629,6 +632,10 @@
"password":"Password",
"passwordDB":"Modulo password",
"passwordManagement":"Gestione password",
"passwordPolicyMinSize":"Minimal size",
"passwordPolicyMinLower":"Minimal lower characters",
"passwordPolicyMinUpper":"Minimal upper characters",
"passwordPolicyMinDigit":"Minimal digit characters",
"passwordResetAllowedRetries":"Max tentativi di reimpostazione della password",
"persistent":"Persistente",
"persistentSessions":"Sessioni persistenti",
@ -647,6 +654,7 @@
"portalDisplayChangePassword":"Cambio password",
"portalDisplayLoginHistory":"Cronologia login",
"portalDisplayLogout":"Logout",
"portalDisplayPasswordPolicy":"Display policy in password form",
"portalDisplayOidcConsents":"Consensi OIDC",
"portalDisplayRegister":"Registra nuovo account",
"portalDisplayResetPassword":"Reimposta password",
@ -684,7 +692,7 @@
"purgeNotification":"Elimina definitivamente la notifica",
"radius2f":"Radius second factor",
"radius2fActivation":"Attivazione",
"radius2fServer":"Server hostname",
"radius2fServer":"Nome host del server",
"radius2fSecret":"Segreto condiviso",
"radius2fUsernameSessionKey":"Session key containing login",
"radius2fTimeout":"Authentication timeout",
@ -737,6 +745,7 @@
"restPwdConfirmUrl":"URL di conferma password",
"restPwdModifyUrl":"URL di modifica password",
"restSessionServer":"Server di sessione REST",
"restClockTolerance":"REST server clock tolerance",
"restUserDBUrl":"URL dei dati utente",
"returnUrl":"URL di ritorno",
"rp":"Parte facente affidamento",
@ -1053,4 +1062,4 @@
"samlRelayStateTimeout":"Timeout di sessione di RelayState",
"samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string",
"samlOverrideIDPEntityID":"Sostituisci l'ID entità quando agisce come IDP"
}
}

11
lemonldap-ng-manager/site/htdocs/static/languages/vi.json
View File

@ -54,6 +54,7 @@
"authAndUserdb":"Authz và user DB",
"authChain":"Chuỗi xác thực",
"authChoice":"Lựa chọn xác thực",
"authChoiceAuthBasic":"AuthBasic handler parameter",
"authChoiceModules":"Các mô-đun được phép",
"authChoiceParam":"Tham số URL",
"authentication":"Mô đun xác thực",
@ -94,6 +95,7 @@
"badVariableName":"Tên biến không hợp lệ",
"blackList":"Danh sách đen",
"browse":"Duyệt",
"browsersDontStorePassword":"Avoid browsers to store users password",
"browserIdAuthnLevel":"Mức xác thực",
"browserIdAutoLogin":"Đăng nhập tự động",
"browserIdBackgroundColor":"Màu nền",
@ -384,6 +386,7 @@
"ldapGroupObjectClass":"Lớp đối tượng",
"ldapGroupRecursive":"Đệ quy",
"ldapGroups":"Nhóm",
"ldapITDS":"IBM Tivoli DS support",
"ldapParams":"Thông số LDAP",
"ldapPassword":"Mật khẩu",
"ldapPasswordResetAttribute":"Đặt lại thuộc tính",
@ -629,6 +632,10 @@
"password":"Mật khẩu",
"passwordDB":"Mô-đun mật khẩu",
"passwordManagement":"Quản lý mật khẩu",
"passwordPolicyMinSize":"Minimal size",
"passwordPolicyMinLower":"Minimal lower characters",
"passwordPolicyMinUpper":"Minimal upper characters",
"passwordPolicyMinDigit":"Minimal digit characters",
"passwordResetAllowedRetries":"Max reset password retries",
"persistent":"Duy trì",
"persistentSessions":"Duy trì phiên",
@ -647,6 +654,7 @@
"portalDisplayChangePassword":"Thay đổi mật khẩu",
"portalDisplayLoginHistory":"Lịch sử đăng nhập",
"portalDisplayLogout":"Đăng xuất",
"portalDisplayPasswordPolicy":"Display policy in password form",
"portalDisplayOidcConsents":"OIDC Consents",
"portalDisplayRegister":"Đăng ký tài khoản mới",
"portalDisplayResetPassword":"Đặt lại mật khẩu",
@ -737,6 +745,7 @@
"restPwdConfirmUrl":"URL xác nhận mật khẩu",
"restPwdModifyUrl":"URL thay đổi mật khẩu",
"restSessionServer":"Máy chủ phiên REST",
"restClockTolerance":"REST server clock tolerance",
"restUserDBUrl":"URL dữ liệu người dùng",
"returnUrl":"Trả lại URL",
"rp":"Relying Party",
@ -1053,4 +1062,4 @@
"samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ",
"samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể",
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
}

11
lemonldap-ng-manager/site/htdocs/static/languages/zh.json
View File

@ -54,6 +54,7 @@
"authAndUserdb":"授权和用户数据库",
"authChain":"认证chain",
"authChoice":"认证方式选择",
"authChoiceAuthBasic":"AuthBasic handler parameter",
"authChoiceModules":"允许的模块",
"authChoiceParam":"URL 参数",
"authentication":"认证模块",
@ -94,6 +95,7 @@
"badVariableName":"无效的 variable 名称",
"blackList":"黑名单",
"browse":"浏览",
"browsersDontStorePassword":"Avoid browsers to store users password",
"browserIdAuthnLevel":"认证等级",
"browserIdAutoLogin":"自动登录",
"browserIdBackgroundColor":"背景颜色",
@ -384,6 +386,7 @@
"ldapGroupObjectClass":"Object class",
"ldapGroupRecursive":"Recursive",
"ldapGroups":"Groups",
"ldapITDS":"IBM Tivoli DS support",
"ldapParams":"LDAP parameters",
"ldapPassword":"密码",
"ldapPasswordResetAttribute":"Reset attribute",
@ -629,6 +632,10 @@
"password":"Password",
"passwordDB":"Password module",
"passwordManagement":"Password management",
"passwordPolicyMinSize":"Minimal size",
"passwordPolicyMinLower":"Minimal lower characters",
"passwordPolicyMinUpper":"Minimal upper characters",
"passwordPolicyMinDigit":"Minimal digit characters",
"passwordResetAllowedRetries":"Max reset password retries",
"persistent":"Persistent",
"persistentSessions":"Persistent sessions",
@ -647,6 +654,7 @@
"portalDisplayChangePassword":"Password change",
"portalDisplayLoginHistory":"Login History",
"portalDisplayLogout":"Logout",
"portalDisplayPasswordPolicy":"Display policy in password form",
"portalDisplayOidcConsents":"OIDC Consents",
"portalDisplayRegister":"Register new account",
"portalDisplayResetPassword":"Reset password",
@ -737,6 +745,7 @@
"restPwdConfirmUrl":"Password confirmation URL",
"restPwdModifyUrl":"Password change URL",
"restSessionServer":"REST session server",
"restClockTolerance":"REST server clock tolerance",
"restUserDBUrl":"User data URL",
"returnUrl":"Return URL",
"rp":"Relying Party",
@ -1053,4 +1062,4 @@
"samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method",
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
}

2
lemonldap-ng-manager/site/htdocs/static/reverseTree.json
View File

File diff suppressed because one or more lines are too long

2
lemonldap-ng-manager/site/htdocs/static/struct.json
View File

File diff suppressed because one or more lines are too long

2510
lemonldap-ng-portal/.prove
View File

File diff suppressed because it is too large Load Diff

3
lemonldap-ng-portal/MANIFEST
View File

@ -258,6 +258,7 @@ site/htdocs/static/common/en.png
site/htdocs/static/common/es.png
site/htdocs/static/common/favicon.ico
site/htdocs/static/common/fi.png
site/htdocs/static/common/fonts/password.ttf
site/htdocs/static/common/fr.png
site/htdocs/static/common/icons/application_cascade.png
site/htdocs/static/common/icons/arrow_refresh.png
@ -397,6 +398,7 @@ site/templates/bootstrap/openidform.tpl
site/templates/bootstrap/openIdPol.tpl
site/templates/bootstrap/openIdTrust.tpl
site/templates/bootstrap/password.tpl
site/templates/bootstrap/passwordpolicy.tpl
site/templates/bootstrap/public/test.tpl
site/templates/bootstrap/pwdWillExpire.tpl
site/templates/bootstrap/redirect.tpl
@ -554,6 +556,7 @@ t/42-Register-Demo.t
t/42-Register-LDAP.t
t/42-Register-Security.t
t/43-MailPasswordReset-Choice.t
t/43-MailPasswordReset-Combination-LDAP.t
t/43-MailPasswordReset-DBI.t
t/43-MailPasswordReset-LDAP.t
t/43-MailPasswordReset-with-captcha.t

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
View File

@ -25,7 +25,7 @@ sub init {
my $self = shift;
my $file;
unless ( $file = $self->conf->{krbKeytab} ) {
$self->error('Keytab not defined');
$self->logger->error('Keytab not defined');
return 0;
}
$self->keytab("FILE:$file");

6
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm
View File

@ -103,6 +103,12 @@ sub authLogout {
sub getForm {
my ( $self, $req ) = @_;
$req->tplParams->{DISPLAY_PPOLICY} =
$self->conf->{portalDisplayPasswordPolicy};
$req->tplParams->{PPOLICY_MINSIZE} = $self->conf->{passwordPolicyMinSize};
$req->tplParams->{PPOLICY_MINLOWER} = $self->conf->{passwordPolicyMinLower};
$req->tplParams->{PPOLICY_MINUPPER} = $self->conf->{passwordPolicyMinUpper};
$req->tplParams->{PPOLICY_MINDIGIT} = $self->conf->{passwordPolicyMinDigit};
if (
$req->{error} == PE_PP_CHANGE_AFTER_RESET
or $req->{error} == PE_PP_MUST_SUPPLY_OLD_PASSWORD

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
View File

@ -11,6 +11,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_SAML_SIGNATURE_ERROR
PE_SAML_SLO_ERROR
PE_SAML_SSO_ERROR
PE_ISSUERMISSINGREQATTR
PE_SAML_UNKNOWN_ENTITY
PE_SAML_SERVICE_NOT_ALLOWED
PE_UNAUTHORIZEDPARTNER
@ -612,7 +613,7 @@ sub run {
$self->logger->error(
"Session key $_ is required to set SAML $name attribute"
);
return PE_SAML_SSO_ERROR;
return PE_ISSUERMISSINGREQATTR;
}
else {
$self->logger->debug(

51
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm
View File

@ -379,14 +379,29 @@ sub userModifyPassword {
}
$self->{portal}
->logger->debug( 'Modification return code: ' . $mesg->code );
$self->{portal}
->logger->debug( 'Modification return error: ' . $mesg->error );
# Manage specific errors for IBM Tivoli DS
if ( $self->{conf}->{ldapITDS} ) {
my $itds_code = $self->getITDSError($mesg);
return $itds_code unless ( $itds_code == PE_PASSWORD_OK );
}
# Manage specific errors for Active Directory
if ($ad) {
return PE_PP_INSUFFICIENT_PASSWORD_QUALITY
if ( $mesg->code == 53 );
return PE_PP_PASSWORD_MOD_NOT_ALLOWED
if ( $mesg->code == 19 );
}
# Standard errors
return PE_WRONGMANAGERACCOUNT
if ( $mesg->code == 50 || $mesg->code == 8 );
return PE_PP_INSUFFICIENT_PASSWORD_QUALITY
if ( $mesg->code == 53 && $ad );
return PE_PP_PASSWORD_MOD_NOT_ALLOWED
if ( $mesg->code == 19 && $ad );
return PE_LDAPERROR unless ( $mesg->code == 0 );
$self->{portal}->userLogger->notice("Password changed $dn");
$self->{portal}->userLogger->notice("Password changed for $dn");
# Rebind as manager for next LDAP operations if we were bound as user
$self->bind() if $asUser;
@ -725,4 +740,30 @@ sub convertSec {
return ( $day, $hrs, $min, $sec );
}
## @method int getITDSError(Net::LDAP::Message mesg)
# Check error message to return according error code
# @param mesg Modification return message
# @return portal error code
sub getITDSError {
my ( $self, $mesg ) = @_;
return PE_PP_MUST_SUPPLY_OLD_PASSWORD
if ( $mesg->code == 53 && $mesg->error =~ /Must supply old password/i );
return PE_PP_CHANGE_AFTER_RESET
if ( $mesg->code == 53
&& $mesg->error =~ /Password must be changed after reset/i );
return PE_PP_PASSWORD_MOD_NOT_ALLOWED
if ( $mesg->code == 53
&& $mesg->error =~ /Password may not be modified/i );
return PE_PP_PASSWORD_TOO_YOUNG
if ( $mesg->code == 19 && $mesg->error =~ /Password too young/i );
return PE_PP_PASSWORD_TOO_SHORT
if ( $mesg->code == 19 && $mesg->error =~ /Password too short/i );
return PE_PP_PASSWORD_IN_HISTORY
if ( $mesg->code == 19 && $mesg->error =~ /Password in History/i );
return PE_PP_INSUFFICIENT_PASSWORD_QUALITY if ( $mesg->code == 19 );
return PE_PASSWORD_OK;
}
1;

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm
View File

@ -99,6 +99,7 @@ use constant {
PE_OID_SERVICE_NOT_ALLOWED => 91,
PE_GET_SERVICE_NOT_ALLOWED => 92,
PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93,
PE_ISSUERMISSINGREQATTR => 94,
};
# EXPORTER PARAMETERS
@ -127,6 +128,7 @@ our @EXPORT_OK = qw( PE_SENDRESPONSE PE_INFO PE_REDIRECT PE_DONE PE_OK
PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE PE_WAIT PE_MUSTAUTHN
PE_MUSTHAVEMAIL PE_SAML_SERVICE_NOT_ALLOWED PE_OIDC_SERVICE_NOT_ALLOWED
PE_OID_SERVICE_NOT_ALLOWED PE_GET_SERVICE_NOT_ALLOWED PE_IMPERSONATION_SERVICE_NOT_ALLOWED
PE_ISSUERMISSINGREQATTR
);
our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );

1
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
View File

@ -292,6 +292,7 @@ sub display {
AUTH_ERROR_TYPE => $req->error_type,
AUTH_URL => $req->{data}->{_url},
LOGIN => $login,
DONT_STORE_PASSWORD => $self->conf->{browsersDontStorePassword},
CHECK_LOGINS => $self->conf->{portalCheckLogins},
ASK_LOGINS => $req->param('checkLogins') || 0,
DISPLAY_RESETPASSWORD => $self->conf->{portalDisplayResetPassword},

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
View File

@ -77,7 +77,7 @@ sub controlUrl {
$req->set_param( 'confirm', $c );
}
else {
$self->logger->notice('Confirmation to old, refused');
$self->logger->notice('Confirmation too old, refused');
$req->set_param( 'confirm', 0 );
}
}
@ -93,7 +93,7 @@ sub controlUrl {
else {
if ( $url =~ m#[^A-Za-z0-9\+/=]# ) {
$self->userLogger->error(
"Value must be in BASE64 (param: url | value: $url)");
"Value must be BASE64 encoded (param: url | value: $url)");
return PE_BADURL;
}
$req->{urldc} = decode_base64($url);

84
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
View File

@ -54,44 +54,8 @@ sub _modifyPassword {
unless ( $self->confirm( $req, $req->data->{oldpassword} ) );
}
# Min size
if ( $self->conf->{passwordPolicyMinSize}
and length( $req->data->{newpassword} ) <
$self->conf->{passwordPolicyMinSize} )
{
$self->logger->error("Password too short");
return PE_PP_PASSWORD_TOO_SHORT;
}
# Min lower
if ( $self->conf->{passwordPolicyMinLower} ) {
my $lower = 0;
$lower++ while ( $req->data->{newpassword} =~ m/\p{lowercase}/g );
if ( $lower < $self->conf->{passwordPolicyMinLower} ) {
$self->logger->error("Password has not enough lower characters");
return PE_PP_INSUFFICIENT_PASSWORD_QUALITY;
}
}
# Min upper
if ( $self->conf->{passwordPolicyMinUpper} ) {
my $upper = 0;
$upper++ while ( $req->data->{newpassword} =~ m/\p{uppercase}/g );
if ( $upper < $self->conf->{passwordPolicyMinUpper} ) {
$self->logger->error("Password has not enough upper characters");
return PE_PP_INSUFFICIENT_PASSWORD_QUALITY;
}
}
# Min digit
if ( $self->conf->{passwordPolicyMinDigit} ) {
my $digit = 0;
$digit++ while ( $req->data->{newpassword} =~ m/\d/g );
if ( $digit < $self->conf->{passwordPolicyMinDigit} ) {
$self->logger->error("Password has not enough digit characters");
return PE_PP_INSUFFICIENT_PASSWORD_QUALITY;
}
}
my $cpq = $self->checkPasswordQuality( $req->data->{newpassword} );
return $cpq unless ( $cpq == PE_OK );
# Call password package
my $res = $self->modifyPassword( $req, $req->data->{newpassword} );
@ -126,4 +90,48 @@ sub _modifyPassword {
return $res;
}
sub checkPasswordQuality {
my ( $self, $password ) = @_;
# Min size
if ( $self->conf->{passwordPolicyMinSize}
and length($password) < $self->conf->{passwordPolicyMinSize} )
{
$self->logger->error("Password too short");
return PE_PP_PASSWORD_TOO_SHORT;
}
# Min lower
if ( $self->conf->{passwordPolicyMinLower} ) {
my $lower = 0;
$lower++ while ( $password =~ m/\p{lowercase}/g );
if ( $lower < $self->conf->{passwordPolicyMinLower} ) {
$self->logger->error("Password has not enough lower characters");
return PE_PP_INSUFFICIENT_PASSWORD_QUALITY;
}
}
# Min upper
if ( $self->conf->{passwordPolicyMinUpper} ) {
my $upper = 0;
$upper++ while ( $password =~ m/\p{uppercase}/g );
if ( $upper < $self->conf->{passwordPolicyMinUpper} ) {
$self->logger->error("Password has not enough upper characters");
return PE_PP_INSUFFICIENT_PASSWORD_QUALITY;
}
}
# Min digit
if ( $self->conf->{passwordPolicyMinDigit} ) {
my $digit = 0;
$digit++ while ( $password =~ m/\d/g );
if ( $digit < $self->conf->{passwordPolicyMinDigit} ) {
$self->logger->error("Password has not enough digit characters");
return PE_PP_INSUFFICIENT_PASSWORD_QUALITY;
}
}
return PE_OK;
}
1;

1
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
View File

@ -132,6 +132,7 @@ sub run {
my $separator = $self->{conf}->{multiValuesSeparator};
## GROUPS
$realSession->{$spg} ||= '';
my @spoofGrps = split /\Q$separator/, $spoofSession->{groups};
my @realGrps = split /\Q$separator/, $realSession->{$spg};

12
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm
View File

@ -436,6 +436,13 @@ sub changePwd {
}
}
# Check password quality
require Lemonldap::NG::Portal::Password::Base;
my $cpq =
$self->Lemonldap::NG::Portal::Password::Base::checkPasswordQuality(
$req->data->{newpassword} );
return $cpq unless ( $cpq == PE_OK );
# Modify the password TODO: change this
# Populate $req->{user} for logging purpose
my $tmp = $self->conf->{portalRequireOldPassword};
@ -533,6 +540,11 @@ sub display {
DISPLAY_CONFIRMMAILSENT => 0,
DISPLAY_MAILSENT => 0,
DISPLAY_PASSWORD_FORM => 0,
DISPLAY_PPOLICY => $self->conf->{portalDisplayPasswordPolicy},
PPOLICY_MINSIZE => $self->conf->{passwordPolicyMinSize},
PPOLICY_MINLOWER => $self->conf->{passwordPolicyMinLower},
PPOLICY_MINUPPER => $self->conf->{passwordPolicyMinUpper},
PPOLICY_MINDIGIT => $self->conf->{passwordPolicyMinDigit},
);
if ( $req->data->{mailToken}
and

10
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm
View File

@ -213,8 +213,8 @@ sub newSession {
my $t;
if ( $t =
$self->conf->{cipher}->decrypt($s)
and $t <= time
and $t > time - 15 )
and $t <= time + $self->conf->{restClockTolerance}
and $t > time - $self->conf->{restClockTolerance} )
{
$force = 1;
}
@ -273,7 +273,7 @@ sub newAuthSession {
$req->data->{password} = $req->param('password');
$req->steps( [
@{ $self->p->beforeAuth },
qw(getUser authenticate setAuthSessionInfo),
qw(getUser extractFormInfo authenticate setAuthSessionInfo),
@{ $self->p->betweenAuthAndData },
$self->p->sessionData,
@{ $self->p->afterData },
@ -308,8 +308,8 @@ sub updateSession {
my $t;
if ( $t =
$self->conf->{cipher}->decrypt($s)
and $t <= time
and $t > time - 30 )
and $t <= time + $self->conf->{restClockTolerance}
and $t > time - $self->conf->{restClockTolerance} )
{
$force = 1;
}

12
lemonldap-ng-portal/site/htdocs/static/bootstrap/css/styles.css
View File

@ -163,3 +163,15 @@ div.oidc_consent_message > ul {
.progress-bar-animated {
width: 100%;
}
input.key {
font-family: 'password';
width: 100px;
}
@font-face {
font-family: 'password';
/*font-style: normal;*/
/*font-weight: 400;*/
src: url(/static/common/fonts/password.ttf);
}

2
lemonldap-ng-portal/site/htdocs/static/bootstrap/css/styles.min.css vendored
View File

@ -1 +1 @@
html,body{height:100%;background:radial-gradient(circle at 50% 0,#fff 0,#ddd 100%) no-repeat scroll 0 0 #ddd}#wrap{min-height:100%;height:auto;margin:0 auto -80px;padding:20px 0 80px}#footer{height:80px;background-color:#fff;background-color:rgba(255,255,255,0.9);text-align:center;padding-top:10px;overflow:hidden}#header img{background-color:#fff;background-color:rgba(255,255,255,0.8);margin-bottom:20px}.card,.navbar-light{background-color:#fff;background-color:rgba(255,255,255,0.9);background-image:none}.login,.password{text-align:center;padding:20px}div.form{margin:0 auto;max-width:330px}div.actions{margin:10px 0 0 0}div.actions a{margin-top:10px}.buttons{text-align:center;margin:10px 0 0 0;cursor:pointer}.btn{white-space:normal}.btn span.fa{padding-right:8px}li.ui-state-active{background-color:#fafafa;background-color:rgba(250,250,250,0.9)}#appslist,#password,#loginHistory,#logout,#oidcConsents{margin-top:20px}div.category{margin:10px 0;cursor:grab}div.application{margin:5px 0;overflow:hidden}div.application a,div.application a:hover{text-decoration:none}p.notifCheck label{margin-left:5px;margin-top:3px;display:inline-block}img.langicon{cursor:pointer}button.idploop{max-width:300px}button.idploop img{max-height:30px}div.oidc_consent_message>ul{text-align:left;list-style:circle}@media(min-width:768px){div.application{height:80px}div.application h4.appname{margin:0}#wrap{margin:0 auto -60px}#footer{height:60px}}.hiddenFrame{border:0;display:hidden;margin:0}.noborder{border:0}.max{width:100%}.link{cursor:pointer}.nodecor:hover,.nodecor:active.nodecor:focus{text-decoration:none}.fa.icon-blue{color:blue}.progress-bar-animated{width:100%}
html,body{height:100%;background:radial-gradient(circle at 50% 0,#fff 0,#ddd 100%) no-repeat scroll 0 0 #ddd}#wrap{min-height:100%;height:auto;margin:0 auto -80px;padding:20px 0 80px}#footer{height:80px;background-color:#fff;background-color:rgba(255,255,255,0.9);text-align:center;padding-top:10px;overflow:hidden}#header img{background-color:#fff;background-color:rgba(255,255,255,0.8);margin-bottom:20px}.card,.navbar-light{background-color:#fff;background-color:rgba(255,255,255,0.9);background-image:none}.login,.password{text-align:center;padding:20px}div.form{margin:0 auto;max-width:330px}div.actions{margin:10px 0 0 0}div.actions a{margin-top:10px}.buttons{text-align:center;margin:10px 0 0 0;cursor:pointer}.btn{white-space:normal}.btn span.fa{padding-right:8px}li.ui-state-active{background-color:#fafafa;background-color:rgba(250,250,250,0.9)}#appslist,#password,#loginHistory,#logout,#oidcConsents{margin-top:20px}div.category{margin:10px 0;cursor:grab}div.application{margin:5px 0;overflow:hidden}div.application a,div.application a:hover{text-decoration:none}p.notifCheck label{margin-left:5px;margin-top:3px;display:inline-block}img.langicon{cursor:pointer}button.idploop{max-width:300px}button.idploop img{max-height:30px}div.oidc_consent_message>ul{text-align:left;list-style:circle}@media(min-width:768px){div.application{height:80px}div.application h4.appname{margin:0}#wrap{margin:0 auto -60px}#footer{height:60px}}.hiddenFrame{border:0;display:hidden;margin:0}.noborder{border:0}.max{width:100%}.link{cursor:pointer}.nodecor:hover,.nodecor:active.nodecor:focus{text-decoration:none}.fa.icon-blue{color:blue}.progress-bar-animated{width:100%}input.key{font-family:'password';width:100px}@font-face{font-family:'password';src:url(/static/common/fonts/password.ttf)}

BIN
lemonldap-ng-portal/site/htdocs/static/common/fonts/password.ttf Normal file
View File

Binary file not shown.

6
lemonldap-ng-portal/site/htdocs/static/languages/ar.json
View File

@ -83,6 +83,7 @@
"PE91":"Access not granted on OID service",
"PE92":"Access not granted on GET service",
"PE93":"Access not granted on IMPERSONATION service",
"PE94":"A required attribute is not available",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"قبول",
"accessDenied":"ليس لديك إذن بالدخول لهذا التطبيق",
@ -192,6 +193,11 @@
"openSSOSession":"افتح جلسة الدخول الموحد (سسو)",
"otherSessions":"جلسات نشطة أخرى",
"password":"كلمة المرور",
"passwordPolicy":"Please respect the following policy:",
"passwordPolicyMinSize":"Minimal size:",
"passwordPolicyMinLower":"Minimal lower characters:",
"passwordPolicyMinUpper":"Minimal upper characters:",
"passwordPolicyMinDigit":"Minimal digit characters:",
"ppGrace":"المصادقات المتبقية، غير كلمة المرور الخاصة بك!",
"proxyError":"بوابة سيئة: غير قادر على الانضمام لالخادم البعيد",
"pwdChange":"تغيير كلمة المرور",

6
lemonldap-ng-portal/site/htdocs/static/languages/de.json
View File

@ -83,6 +83,7 @@
"PE91":"Zugang zum OID-Service nicht genehmigt",
"PE92":"Zugang zum GET-Service nicht genehmigt",
"PE93":"Access not granted on IMPERSONATION service",
"PE94":"A required attribute is not available",
"2fRegRequired":"Dieser Dienst benötigt Zwei-Faktor-Authentifizierung. Bitte legen Sie ein Gerät an und gehen dann zum Portal zurück.",
"accept":"Akzeptieren",
"accessDenied":"Sie haben keine Zugriffsberechtigung für diese Anwendung",
@ -192,6 +193,11 @@
"openSSOSession":"Eine SSO Sitzung öffnen",
"otherSessions":"Andere aktive Sitzungen",
"password":"Passwort",
"passwordPolicy":"Please respect the following policy:",
"passwordPolicyMinSize":"Minimal size:",
"passwordPolicyMinLower":"Minimal lower characters:",
"passwordPolicyMinUpper":"Minimal upper characters:",
"passwordPolicyMinDigit":"Minimal digit characters:",
"ppGrace":"verbleibende Authentifizierungen, bitte Passwort ändern !",
"proxyError":"Bad gateway: Der Remote-Server kann nicht verbunden werden",
"pwdChange":"Passwortänderung",

6
lemonldap-ng-portal/site/htdocs/static/languages/en.json
View File

@ -83,6 +83,7 @@
"PE91":"Access not granted on OID service",
"PE92":"Access not granted on GET service",
"PE93":"Access not granted on IMPERSONATION service",
"PE94":"A required attribute is not available",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
@ -192,6 +193,11 @@
"openSSOSession":"Open your SSO session",
"otherSessions":"Other active sessions",
"password": "Password",
"passwordPolicy": "Please respect the following policy:",
"passwordPolicyMinSize": "Minimal size:",
"passwordPolicyMinLower": "Minimal lower characters:",
"passwordPolicyMinUpper": "Minimal upper characters:",
"passwordPolicyMinDigit": "Minimal digit characters:",
"ppGrace": "authentications remaining, change your password!",
"proxyError": "Bad gateway: unable to join remote server",
"pwdChange":"Password change",

292
lemonldap-ng-portal/site/htdocs/static/languages/es.json
View File

@ -20,13 +20,13 @@
"PE26":"Modificación de contraseña no autorizada",
"PE27":"Para modificarla, introduzca la antigua contraseña",
"PE28":"Calidad de contraseña insuficiente",
"PE29":"Contraseña demasiado corta",
"PE30":"Contraseña demasiado reciente",
"PE31":"Contraseña utilizada demasiado recientemente",
"PE29":"Contraseña muy corta",
"PE30":"Contraseña muy reciente",
"PE31":"Contraseña utilizada muy recientemente",
"PE32":" autenticaciones restantes, cambie de contraseña",
"PE33":"cambie su contraseña antes de %d días, %d horas, %d minutos y %d segundos antes de su expiración",
"PE33":"Faltan %d días, %d horas, %d minutos y %d segundos para que su contraseña expire.",
"PE34":"Las contraseñas no coinciden",
"PE36":"Tiene un nuevo mensaje",
"PE36":"Tiene un mensaje nuevo",
"PE37":"URL incorrecta",
"PE38":"Ningún esquema disponible",
"PE39":"Antigua contraseña inválida",
@ -41,7 +41,7 @@
"PE49":"No se puede cargar el servicio SAML",
"PE50":"Problema al cargar un proveedor de identidad",
"PE51":"Error de autenticación SAML",
"PE52":"Colaborador SAML no reconocido",
"PE52":"Colaborador SAML desconocido",
"PE53":"Dirección de destino SAML incorrecta",
"PE54":"Las condiciones del mensaje SAML no se respetan",
"PE55":"La autenticación iniciada por el proveedor de identidad no está autorizada",
@ -49,179 +49,185 @@
"PE57":"Error de gestión de la firma del mensaje SAML",
"PE58":"Error de utilización de un artefacto SAML",
"PE59":"Error de comunicación con las sesiones SAML",
"PE60":"Problema al cargar un proveedor de servicio",
"PE60":"Problema al cargar un proveedor de servicios",
"PE61":"Error de intercambio de atributos SAML",
"PE62":"Página destinada a los servidores OpenID",
"PE63":"La identidad OpenID que quiere utilizar no le pertenece",
"PE64":"Un atributo exigido no está disponible",
"PE65":"Agrupación prohibida por la política de seguridad",
"PE66":"E-mail de confirmación ya enviado",
"PE67":"Contraseña no registrada",
"PE67":"Contraseña no ingresada",
"PE68":"Acceso no autorizado al servicio CAS",
"PE69":"Introduzca su dirección e-mail",
"PE70":"Sin usuario correspondiente",
"PE70":"Ningún usuario coincide",
"PE71":"Introduzca su nueva contraseña",
"PE72":"Ha recibido un e-mail de confirmación",
"PE73":"La conexión al servidor Radius ha fracasado",
"PE74":"La antigua contraseña es obligatoria",
"PE75":"Dirección IP no acreditada",
"PE74":"La contraseña antigua es obligatoria",
"PE75":"Usted vino de una dirección IP no acreditada",
"PE76":"Error al registrar el captcha",
"PE77":"Introduzca el captcha",
"PE78":"Introduzca sus datos",
"PE79":"Faltan datos",
"PE80":"Esta dirección ya está utilizada",
"PE81":"Invalid authentication attempt",
"PE82":"Exceeded authentication timeout",
"PE83":"U2F verification failed. Retry or contact your administrator",
"PE84":"You're not authorized to access to this host",
"PE85":"The remote site ask for a newer session (and UpgradeSession plugin isn't loaded). Logout and retry",
"PE86":"Your account is locked. You must wait 30s before authenticate again",
"PE87":"You must authenticate again to access to Portal",
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
"PE80":"Esta dirección ya está siendo utilizada",
"PE81":"Intento de autenticación inválido",
"PE82":"Tiempo de espera de autenticación exedido",
"PE83":"La verificación U2F ha fallado. Reintente o contacte su administrador",
"PE84":"Usted no está autorizado a acceder a este servidor",
"PE85":"El sitio remoto pide una nueva sesión (y el plugin UpgradeSession no está cargado). Desconéctese y reintente",
"PE86":"Su cuenta está bloqueada. Espere 30s antes de autenticarse de nuevo",
"PE87":"Debe autenticarse de nuevo para acceder al Portal",
"PE88":"Su cuenta debe contar con una dirección de e-mail para poder utilizar la autenticación de dos factores",
"PE89":"Acceso no autorizado al servicio SAML",
"PE90":"Acceso no autorizado al servicio OIDC",
"PE91":"Acceso no autorizado al servicio OID",
"PE92":"Acceso no autorizado al servicio GET",
"PE93":"Access not granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
"accountCreated":"Your account has been created, your temporary password has been sent to your mail address.",
"accountCreationSuccess":"Your account was successfully created.",
"action":"Action",
"allowed":"Access ALLOWED",
"anotherInformation":"Another information:",
"areYouSure":"Are you sure?",
"askToRenew":"This application needs a more recent authentication. Do you want to reauthenticate?",
"askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate?",
"attributes":"ATTRIBUTES",
"authPortal":"Authentication portal",
"PE93":"Acceso no concedido al servicio de SUPLANTACIÓN",
"PE94":"A required attribute is not available",
"2fRegRequired":"Este servicio necesita la autenticación de dos factores. Registre un dispositivo ahora, luego reingrese al portal.",
"accept":"Aceptar",
"accessDenied":"No está autorizado a acceder a esta aplicación",
"accountCreated":"Su cuenta ha sido creada, su contraseña temporal ha sido enviada a su dirección de e-mail.",
"accountCreationSuccess":"Su cuenta fue creada con éxito.",
"action":"Acción",
"allowed":"Acceso PERMITIDO",
"anotherInformation":"Otra información:",
"areYouSure":"¿Está seguro?",
"askToRenew":"Esta aplicación necesita una autenticación más reciente. ¿Desea reautenticar?",
"askToUpgrade":"Esta aplicación requiere de un nivel de autenticación más alto. ¿Desea reautenticar?",
"attributes":"ATRIBUTOS",
"authPortal":"Portal de autenticación",
"authRemaining":"%s authentications remaining, change your password!",
"autoAccept":"Automatically accept in 30 seconds",
"autoAccept":"Aceptar automáticamente en 30 segundos ",
"back2CasUrl":"The application you just logged out of has provided a link it would like you to follow",
"back2Portal":"Go back to portal",
"badCode":"Bad code",
"badName":"Bad name",
"cancel":"Cancel",
"back2Portal":"Volver al portal",
"badCode":"Código incorrecto",
"badName":"Nombre incorrecto",
"cancel":"Cancelar",
"captcha":"Captcha",
"changeKey":"Generate new key",
"changePwd":"Change your password",
"checkLastLogins":"Check my last logins",
"checkUser":"Check user SSO profile",
"changeKey":"Generar nueva llave",
"changePwd":"Cambie su contraseña",
"checkLastLogins":"Verificar mis últimos accesos",
"checkUser":"Verificar el perfil SSO del usuario ",
"checkUserMerged":"Check user SSO profile. Some Real and Spoofed SSO groups are merged!",
"checkUserComputeSession":"Computed session data!",
"choose2f":"Choose your second factor",
"choose2f":"Seleccione su segundo factor",
"chooseApp":"Choose an application your are allowed to access to",
"clickHere":"Please click here",
"clickOnYubikey":"Click on your Yubikey",
"closeSSO":"Close your SSO session",
"code":"Code",
"confirmation":"Confirmation",
"confirmLinkSent":"A confirmation link has been sent. This link is valid until ",
"confirmPwd":"Confirm password",
"connect":"Connect",
"connectedAs":"Connected as",
"continue":"Continue",
"createAccount":"Create an account",
"currentPwd":"Current password",
"date":"Date",
"enterCred":"Please enter your credentials",
"enterExt2fCode":"A code has been sent to you. Please enter it",
"enterMail2fCode":"A code has been sent to your email address. Please enter it",
"clickHere":"Por favor haga clic aquí",
"clickOnYubikey":"Haga clic en su Yubikey",
"closeSSO":"Cierre su sesión SSO",
"code":"Código",
"confirmation":"Confirmación",
"confirmLinkSent":"Un enlace de confirmación ha sido enviado. Este enlace es válido hasta",
"confirmPwd":"Confirmar contraseña",
"connect":"Conectar",
"connectedAs":"Conectado como ",
"continue":"Continuar",
"createAccount":"Crear una cuenta",
"currentPwd":"Contraseña actual",
"date":"Fecha",
"enterCred":"Por favor ingrese sus credenciales",
"enterExt2fCode":"Un código le ha sido enviado. Por favor ingréselo ",
"enterMail2fCode":"Un código le ha sido enviado a dirección de e-mail. Por favor ingréselo",
"enterOpenIDLogin":"Please enter your OpenID login",
"enterRadius2fCode":"Please enter your OTP code",
"enterRest2fCode":"Please enter your OTP code",
"enterTotpCode":"Enter TOTP code",
"enterYubikey":"Please use your Yubikey",
"errorMsg":"Error Message",
"enterRadius2fCode":"Por favor ingrese su código OTP",
"enterRest2fCode":"Por favor ingrese su código OTP",
"enterTotpCode":"Ingrese el código TOTP",
"enterYubikey":"Por favor utilice su Yubikey",
"errorMsg":"Mensaje de Error",
"expired2Fremoved":"%s expired 2F devices have been removed!",
"ext2f":"Verification code",
"fillTheForm":"Fill the form",
"firstName":"First name",
"forbidden":"Access FORBIDDEN",
"forgotPwd":"Forgot your password?",
"generatePwd":"Generate the password automatically",
"gotNewMessages":"You have some new messages",
"goToPortal":"Go to portal",
"gplSoft":"free software covered by the GPL license",
"groups_sso":"SSO GROUPS",
"ext2f":"Código de verificación",
"fillTheForm":"Llene el formulario",
"firstName":"Nombre",
"forbidden":"Acceso DENEGADO",
"forgotPwd":"Contraseña olvidada?",
"generatePwd":"Generar la contraseña automáticamente",
"gotNewMessages":"Tiene mensajes nuevos",
"goToPortal":"Ir al portal",
"gplSoft":"Software libre cubierto bajo licencia GPL",
"groups_sso":"GRUPOS SSO",
"headers":"HEADERS",
"id":"Id",
"contextSwitching_ON":"Impersonate another user",
"contextSwitching_OFF":"Stop impersonation",
"imSure":"I'm sure",
"info":"Information",
"ipAddr":"IP address",
"key":"Key",
"lastFailedLogins":"Last failed logins",
"lastLogins":"Last logins",
"lastName":"Last name",
"linkValidUntil":"This message contains a link to reset your password, this link is valid until ",
"loginHistory":"Login history",
"login":"Login",
"logout":"Logout",
"logoutConfirm":"Do you want to logout?",
"contextSwitching_ON":"Suplantar otro usuario",
"contextSwitching_OFF":"Parar suplantación",
"imSure":"Estoy seguro",
"info":"Información",
"ipAddr":"Dirección IP",
"key":"Llave",
"lastFailedLogins":"Últimas conexiones fallidas",
"lastLogins":"Últimas conexiones",
"lastName":"Apellido(s)",
"linkValidUntil":"Este mensaje contiene un enlace para reiniciar su contraseña, este enlace es válido hasta",
"loginHistory":"Historial de conexión",
"login":"Conexión",
"logout":"Desconexión ",
"logoutConfirm":"¿Desea desconectarse?",
"logoutFromOtherApp":"Logout from other applications ...",
"logoutFromSP":"Logout from service providers ...",
"logoutFromSP":"Desconectando proveedor de servicios...",
"macros":"MACROS",
"mail":"Mail",
"mail2f":"Email code",
"mailSent2":"A message has been sent to your mail address.",
"maintenanceMode":"This application is in maintenance, please try to connect later",
"mail":"E-mail",
"mail2f":"Código de e-mail",
"mailSent2":"Un mensaje ha sido enviado a su dirección de e-mail",
"maintenanceMode":"Aplicación en mantenimiento, por favor intente conectarse luego",
"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!",
"missingCode":"Code is missing",
"name":"Name",
"newMessages":"New message(s)",
"newPassword":"New password",
"newPwdSentTo":"A confirmation has been sent to your mail address.",
"noHistory":"This is your first connection, welcome!",
"notAuthorized":"You're not authorized to do this",
"missingCode":"Código faltante",
"name":"Nombre",
"newMessages":"Nuevo(s) mensaje(s)",
"newPassword":"Contraseña nueva",
"newPwdSentTo":"Una confirmación ha sido enviada a su dirección de e-mail.",
"noHistory":"Esta es su primera conexión, bienvenido.",
"notAuthorized":"Usted no está autorizado a hacer esto",
"notFound":"Not found: you try to access to an unavailable page",
"noTOTPFound":"No TOTP found",
"noU2FKeyFound":"No U2F key found",
"noTOTPFound":"TOTP no encontrado",
"noU2FKeyFound":"Llave U2F no encontrada",
"oidcConsent":"The application %s would like to know:",
"oidcConsents":"OIDC consents",
"oidcConsentsFull":"OpenID Connect consents",
"oneExpired2Fremoved":"An expired 2F device has been removed!",
"openidAp":"Do you agree to provide the following parameters?",
"openIdExample":"for example:http://myopenid.org/toto",
"openIdExample":"por ejemplo:http://myopenid.org/juan",
"openidExchange":"Do you want to authenticate yourself on %s ?",
"openidPA":"Data usage policy is available at",
"openidRpns":"Parameter %s requested for federation isn't available",
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profile.",
"openSSOSession":"Open your SSO session",
"otherSessions":"Other active sessions",
"password":"Password",
"ppGrace":"authentications remaining, change your password!",
"openSessionSpace":"Este espacio le permite abrir una sesión SSO. Esto le ayudará a acceder de manera segura a todas las aplicaciones autorizadas por su perfil.",
"openSSOSession":"Abra su sesión SSO",
"otherSessions":"Otras sesiones activas",
"password":"Contraseña",
"passwordPolicy":"Please respect the following policy:",
"passwordPolicyMinSize":"Minimal size:",
"passwordPolicyMinLower":"Minimal lower characters:",
"passwordPolicyMinUpper":"Minimal upper characters:",
"passwordPolicyMinDigit":"Minimal digit characters:",
"ppGrace":"autenticaciones restantes, ¡cambie su contraseña!.",
"proxyError":"Bad gateway: unable to join remote server",
"pwdChange":"Password change",
"pwd":"Password",
"pwdChange":"Cambio de contraseña",
"pwd":"Contraseña",
"pwdResetAlreadyIssued":"A password reset request was already issued on ",
"pwdWillExpire":"%s days, %s hours, %s minutes and %s seconds before password expiration, change it!",
"radius2f":"Radius",
"redirectedFrom":"You were redirect from ",
"redirectedIn":"You'll be redirected in 30 seconds",
"redirectionInProgress":"Redirection in progress...",
"redirectionToIdp":"Redirection to your Identity Provider",
"refreshrights":"Refresh my rights",
"refuse":"Refuse",
"register":"Register",
"redirectedFrom":"Ha sido redirigido desde",
"redirectedIn":"Usted será redirigido en 30 segundos",
"redirectionInProgress":"Redirigiendo...",
"redirectionToIdp":"Redirigiendo hacia su proveedor de identidad",
"refreshrights":"Actualizar mis derechos",
"refuse":"Rechazar",
"register":"Registrar",
"registerRequestAlreadyIssued":"A register request for this account was already issued on ",
"rememberChoice":"Remember my choice",
"rememberChoice":"Recordar mi elección",
"removeOtherSessions":"Remove other sessions",
"resendConfirmMail":"Resend confirmation mail?",
"resentConfirm":"Do you want the confirmation mail to be resent?",
"resetFavApps":"Reset my favorite Apps.",
"resetPwd":"Reset my password",
"rest2f":"Verification code",
"rightsReloadNeedsLogout":"Rights reloads need to logout and login again",
"resetPwd":"Reiniciar mi contraseña",
"rest2f":"Código de verificación",
"rightsReloadNeedsLogout":"La recarga de derechos necesita desconectarse y conectarse de nuevo",
"scope":"Scope",
"search":"Search",
"selectIdP":"Select your Identity Provider",
"service":"Service",
"sendPwd":"Send me a link",
"search":"Buscar",
"selectIdP":"Seleccione su proveedor de identidad",
"service":"Servicio",
"sendPwd":"Enviarme un enlace",
"serverError":"Error occurs on the server",
"serviceProvidedBy":"Service provided by",
"serviceProvidedBy":"Servicio proveído por",
"sessionsDeleted":"The following sessions have been closed",
"sfaManager":"2ndFA Manager",
"spoofId":"Spoofed Id",
@ -239,34 +245,34 @@
"u2fPermission":"You may be prompted to allow the site permission to access your security keys. After granting permission, the device will start to blink.",
"u2fWelcome":"U2F device management",
"unableToGetKey":"Unable to access to your key. Retry or contact your administrator",
"unknownAction":"Unknown action",
"unknownAction":"Acción desconocida",
"unregister":"Unregister",
"updateCdc":"Update Common Domain Cookie",
"upgradeSession":"Upgrade session",
"user":"User",
"user":"Usuario",
"useYubikey":"use your Yubikey",
"utotp2f":"TOTP-or-U2F",
"value":"Value",
"verify":"Verify",
"VHnotFound":"Virtual Host not found",
"wait":"Wait",
"value":"Valor",
"verify":"Verificar",
"VHnotFound":"Virtual Host no encontrado",
"wait":"Esperar",
"waitingmessage":"Authentication in progress, please wait",
"warning":"Warning",
"warning":"Precaución",
"welcomeOnPortal":"Welcome on your secured authentication portal.",
"yesResendMail":"Yes, resend the mail",
"yourAddress":"Your address",
"yourApps":"Your applications",
"yourEmail":"Your email",
"yourAddress":"Su dirección",
"yourApps":"Sus aplicaciones",
"yourEmail":"Su e-mail",
"yourFavApps":"Favorite applications",
"yourIdentity":"Your identity",
"yourIdentityIs":"Your identity is",
"yourKeyIsRegistered":"Your key is registered",
"yourKeyIsAlreadyRegistered":"Your key is ALREADY registered!",
"yourIdentity":"Su identidad",
"yourIdentityIs":"Su identidad es",
"yourKeyIsRegistered":"Su llave está registrada",
"yourKeyIsAlreadyRegistered":"¡Su llave YA FUE registrada!",
"yourKeyIsUnregistered":"Your key has been unregistered",
"yourKeyIsVerified":"Your key is verified",
"yourKeyIsVerified":"Su llave está verificada",
"yourNewTotpKey":"Your new TOTP key, please test it and enter the code",
"yourPhone":"Your phone number",
"yourProfile":"Your profile",
"yourTotpKey":"Your TOTP key",
"yubikey2f":"Yubikey"
}
}

6
lemonldap-ng-portal/site/htdocs/static/languages/fi.json
View File

@ -83,6 +83,7 @@
"PE91":"Access not granted on OID service",
"PE92":"Access not granted on GET service",
"PE93":"Access not granted on IMPERSONATION service",
"PE94":"A required attribute is not available",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Hyväksy",
"accessDenied":"Sinulla ei ole käyttöoikeutta tähän sovellukseen",
@ -192,6 +193,11 @@
"openSSOSession":"Open your SSO session",
"otherSessions":"Other active sessions",
"password":"Salasana",
"passwordPolicy":"Please respect the following policy:",
"passwordPolicyMinSize":"Minimal size:",
"passwordPolicyMinLower":"Minimal lower characters:",
"passwordPolicyMinUpper":"Minimal upper characters:",
"passwordPolicyMinDigit":"Minimal digit characters:",
"ppGrace":"authentications remaining, change your password!",
"proxyError":"Bad gateway: unable to join remote server",
"pwdChange":"Password change",

6
lemonldap-ng-portal/site/htdocs/static/languages/fr.json
View File

@ -83,6 +83,7 @@
"PE91":"Accès non autorisé au service OID",
"PE92":"Accès non autorisé au service GET",
"PE93":"Accès non autorisé au service d'Usurpation d'Identité",
"PE94":"Un attribut exigé n'est pas disponible",
"2fRegRequired":"Ce service requiert une authentification à deux facteurs. Enregistrez un équipement ici et retournez au portail.",
"accept":"Accepter",
"accessDenied":"Vous n'avez pas les droits d'accès à cette application",
@ -192,6 +193,11 @@
"openSSOSession":"Ouvrir une session SSO",
"otherSessions":"Autres sessions ouvertes",
"password": "Mot-de-passe",
"passwordPolicy": "Merci de respecter la politique suivante :",
"passwordPolicyMinSize": "Taille minimale :",
"passwordPolicyMinLower": "Minimum de minuscules :",
"passwordPolicyMinUpper": "Minimum de majuscules :",
"passwordPolicyMinDigit": "Minimum de chiffres :",
"ppGrace": "authentifications restantes, changez votre mot de passe !",
"proxyError": "Mauvaise passerelle : impossible de joindre le serveur amont",
"pwdChange":"Changement de mot de passe",

6
lemonldap-ng-portal/site/htdocs/static/languages/it.json
View File

@ -83,6 +83,7 @@
"PE91":"Accesso non concesso sul servizio OID",
"PE92":"Accesso non concesso sul servizio GET",
"PE93":"Accesso non concesso sul servizio IMPERSONATION",
"PE94":"A required attribute is not available",
"2fRegRequired":"Questo servizio richiede un'autenticazione a doppio fattore. Registrare un dispositivo ora, quindi tornare al portale.",
"accept":"Accetta",
"accessDenied":"Non hai un'autorizzazione di accesso per questa applicazione",
@ -192,6 +193,11 @@
"openSSOSession":"Apri la sessione SSO",
"otherSessions":"Altre sessioni attive",
"password":"Password",
"passwordPolicy":"Please respect the following policy:",
"passwordPolicyMinSize":"Minimal size:",
"passwordPolicyMinLower":"Minimal lower characters:",
"passwordPolicyMinUpper":"Minimal upper characters:",
"passwordPolicyMinDigit":"Minimal digit characters:",
"ppGrace":"autenticazioni restanti, modifica la tua password!",
"proxyError":"Gateway errata: impossibile associarsi a un server remoto",
"pwdChange":"Cambio password",

6
lemonldap-ng-portal/site/htdocs/static/languages/nl.json
View File

@ -83,6 +83,7 @@
"PE91":"Onbevoegde toegang tot de OID-service",
"PE92":"Onbevoegde toegang tot de GET-service",
"PE93":"Access not granted on IMPERSONATION service",
"PE94":"A required attribute is not available",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
@ -192,6 +193,11 @@
"openSSOSession":"Open your SSO session",
"otherSessions":"Other active sessions",
"password":"Password",
"passwordPolicy":"Please respect the following policy:",
"passwordPolicyMinSize":"Minimal size:",
"passwordPolicyMinLower":"Minimal lower characters:",
"passwordPolicyMinUpper":"Minimal upper characters:",
"passwordPolicyMinDigit":"Minimal digit characters:",
"ppGrace":"authentications remaining, change your password!",
"proxyError":"Bad gateway: unable to join remote server",
"pwdChange":"Password change",

6
lemonldap-ng-portal/site/htdocs/static/languages/pt.json
View File

@ -83,6 +83,7 @@
"PE91":"Acesso não autorizado ao serviço OID",
"PE92":"Acesso não autorizado ao serviço GET",
"PE93":"Access not granted on IMPERSONATION service",
"PE94":"Um atributo exigido não está disponível",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
@ -192,6 +193,11 @@
"openSSOSession":"Open your SSO session",
"otherSessions":"Other active sessions",
"password":"Password",
"passwordPolicy":"Please respect the following policy:",
"passwordPolicyMinSize":"Minimal size:",
"passwordPolicyMinLower":"Minimal lower characters:",
"passwordPolicyMinUpper":"Minimal upper characters:",
"passwordPolicyMinDigit":"Minimal digit characters:",
"ppGrace":"authentications remaining, change your password!",
"proxyError":"Bad gateway: unable to join remote server",
"pwdChange":"Password change",

6
lemonldap-ng-portal/site/htdocs/static/languages/ro.json
View File

@ -83,6 +83,7 @@
"PE91":"Access not granted on OID service",
"PE92":"Access not granted on GET service",
"PE93":"Access not granted on IMPERSONATION service",
"PE94":"A required attribute is not available",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
@ -192,6 +193,11 @@
"openSSOSession":"Open your SSO session",
"otherSessions":"Other active sessions",
"password":"Password",
"passwordPolicy":"Please respect the following policy:",
"passwordPolicyMinSize":"Minimal size:",
"passwordPolicyMinLower":"Minimal lower characters:",
"passwordPolicyMinUpper":"Minimal upper characters:",
"passwordPolicyMinDigit":"Minimal digit characters:",
"ppGrace":"authentications remaining, change your password!",
"proxyError":"Bad gateway: unable to join remote server",
"pwdChange":"Password change",

6
lemonldap-ng-portal/site/htdocs/static/languages/vi.json
View File

@ -83,6 +83,7 @@
"PE91":"Truy cập không được cấp trên dịch vụ OID",
"PE92":"Truy cập không được cấp trên dịch vụ GET",
"PE93":"Access not granted on IMPERSONATION service",
"PE94":"Một thuộc tính bắt buộc không có sẵn",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Chấp nhận",
"accessDenied":"Bạn không có quyền truy cập vào ứng dụng này",
@ -192,6 +193,11 @@
"openSSOSession":"Mở phiên SSO của bạn",
"otherSessions":"Các phiên hoạt động khác",
"password":"Mật khẩu",
"passwordPolicy":"Please respect the following policy:",
"passwordPolicyMinSize":"Minimal size:",
"passwordPolicyMinLower":"Minimal lower characters:",
"passwordPolicyMinUpper":"Minimal upper characters:",
"passwordPolicyMinDigit":"Minimal digit characters:",
"ppGrace":"chứng thực vẫn còn, thay đổi mật khẩu của bạn!",
"proxyError":"Gateway không chính xác: không thể kết nối máy chủ từ xa",
"pwdChange":"Thay đổi mật khẩu",

6
lemonldap-ng-portal/site/htdocs/static/languages/zh.json
View File

@ -83,6 +83,7 @@
"PE91":"Access not granted on OID service",
"PE92":"Access not granted on GET service",
"PE93":"Access not granted on IMPERSONATION service",
"PE94":"A required attribute is not available",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept 方法",
"accessDenied":"您无权访问此应用",
@ -192,6 +193,11 @@
"openSSOSession":"Open your SSO session",
"otherSessions":"Other active sessions",
"password":"密码",
"passwordPolicy":"Please respect the following policy:",
"passwordPolicyMinSize":"Minimal size:",
"passwordPolicyMinLower":"Minimal lower characters:",
"passwordPolicyMinUpper":"Minimal upper characters:",
"passwordPolicyMinDigit":"Minimal digit characters:",
"ppGrace":"authentications remaining, change your password!",
"proxyError":"错误的网关:无法连接远程服务器",
"pwdChange":"更改密码",

2
lemonldap-ng-portal/site/templates/bootstrap/mail.tpl
View File

@ -129,6 +129,8 @@
<h3 trspan="changePwd">Change your password</h3>
<TMPL_IF NAME="DISPLAY_PPOLICY"><TMPL_INCLUDE NAME="passwordpolicy.tpl"></TMPL_IF>
<div class="input-group mb-3">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-lock"></i> </span>

2
lemonldap-ng-portal/site/templates/bootstrap/password.tpl
View File

@ -40,6 +40,8 @@
</TMPL_IF>
<TMPL_IF NAME="DISPLAY_PPOLICY"><TMPL_INCLUDE NAME="passwordpolicy.tpl"></TMPL_IF>
<div class="input-group mb-3">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-lock"></i></span>

17
lemonldap-ng-portal/site/templates/bootstrap/passwordpolicy.tpl Normal file
View File

@ -0,0 +1,17 @@
<div class="alert alert-info text-left mb-3 ppolicy">
<span trspan="passwordPolicy">Please respect the following password policy:</span>
<ul>
<TMPL_IF NAME="PPOLICY_MINSIZE">
<li><span trspan="passwordPolicyMinSize">Minimal size:</span> <TMPL_VAR NAME="PPOLICY_MINSIZE"></li>
</TMPL_IF>
<TMPL_IF NAME="PPOLICY_MINLOWER">
<li><span trspan="passwordPolicyMinLower">Minimal lower characters:</span> <TMPL_VAR NAME="PPOLICY_MINLOWER"></li>
</TMPL_IF>
<TMPL_IF NAME="PPOLICY_MINUPPER">
<li><span trspan="passwordPolicyMinUpper">Minimal upper characters:</span> <TMPL_VAR NAME="PPOLICY_MINUPPER"></li>
</TMPL_IF>
<TMPL_IF NAME="PPOLICY_MINDIGIT">
<li><span trspan="passwordPolicyMinDigit">Minimal digit characters:</span> <TMPL_VAR NAME="PPOLICY_MINUPPER"></li>
</TMPL_IF>
</ul>
</div>

6
lemonldap-ng-portal/site/templates/bootstrap/standardform.tpl
View File

@ -17,7 +17,11 @@
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-lock"></i> </span>
</div>
<input name="password" type="password" class="form-control" trplaceholder="password" required aria-required="true"/>
<TMPL_IF NAME="DONT_STORE_PASSWORD">
<input name="password" type="text" class="form-control key" trplaceholder="password" autocomplete="off" required aria-required="true"/>
<TMPL_ELSE>
<input name="password" type="password" class="form-control" trplaceholder="password" required aria-required="true"/>
</TMPL_IF>
</div>
<TMPL_IF NAME=CAPTCHA_SRC>

163
lemonldap-ng-portal/t/32-OIDC-Token-Security.t
View File

@ -15,72 +15,72 @@ my $debug = 'error';
# Initialization
my $op = LLNG::Manager::Test->new( {
ini => {
logLevel => $debug,
domain => 'idp.com',
portal => 'http://auth.op.com',
authentication => 'Demo',
userDB => 'Same',
issuerDBOpenIDConnectActivation => 1,
issuerDBOpenIDConnectRule => '$uid eq "french"',
oidcRPMetaDataExportedVars => {
rp => {
email => "mail",
family_name => "cn",
name => "cn"
},
rp2 => {
email => "mail",
family_name => "cn",
name => "cn"
}
ini => {
logLevel => $debug,
domain => 'idp.com',
portal => 'http://auth.op.com',
authentication => 'Demo',
userDB => 'Same',
issuerDBOpenIDConnectActivation => 1,
issuerDBOpenIDConnectRule => '$uid eq "french"',
oidcRPMetaDataExportedVars => {
rp => {
email => "mail",
family_name => "cn",
name => "cn"
},
oidcServiceMetaDataIssuer => "http://auth.op.com",
oidcServiceMetaDataAuthorizeURI => "authorize",
oidcServiceMetaDataCheckSessionURI => "checksession.html",
oidcServiceMetaDataJWKSURI => "jwks",
oidcServiceMetaDataEndSessionURI => "logout",
oidcServiceMetaDataRegistrationURI => "register",
oidcServiceMetaDataTokenURI => "token",
oidcServiceMetaDataUserInfoURI => "userinfo",
oidcServiceAllowHybridFlow => 1,
oidcServiceAllowImplicitFlow => 1,
oidcServiceAllowDynamicRegistration => 1,
oidcServiceAllowAuthorizationCodeFlow => 1,
oidcRPMetaDataOptions => {
rp => {
oidcRPMetaDataOptionsDisplayName => "RP",
oidcRPMetaDataOptionsIDTokenExpiration => 3600,
oidcRPMetaDataOptionsClientID => "rpid",
oidcRPMetaDataOptionsIDTokenSignAlg => "HS512",
oidcRPMetaDataOptionsClientSecret => "rpsecret",
oidcRPMetaDataOptionsUserIDAttr => "",
oidcRPMetaDataOptionsAccessTokenExpiration => 1,
oidcRPMetaDataOptionsBypassConsent => 1,
},
rp2 => {
oidcRPMetaDataOptionsDisplayName => "RP2",
oidcRPMetaDataOptionsIDTokenExpiration => 3600,
oidcRPMetaDataOptionsClientID => "rp2id",
oidcRPMetaDataOptionsIDTokenSignAlg => "HS512",
oidcRPMetaDataOptionsClientSecret => "rp2secret",
oidcRPMetaDataOptionsUserIDAttr => "",
oidcRPMetaDataOptionsAccessTokenExpiration => 1,
oidcRPMetaDataOptionsBypassConsent => 1,
oidcRPMetaDataOptionsRule => '$uid eq "dwho"',
}
rp2 => {
email => "mail",
family_name => "cn",
name => "cn"
}
},
oidcServiceMetaDataIssuer => "http://auth.op.com",
oidcServiceMetaDataAuthorizeURI => "authorize",
oidcServiceMetaDataCheckSessionURI => "checksession.html",
oidcServiceMetaDataJWKSURI => "jwks",
oidcServiceMetaDataEndSessionURI => "logout",
oidcServiceMetaDataRegistrationURI => "register",
oidcServiceMetaDataTokenURI => "token",
oidcServiceMetaDataUserInfoURI => "userinfo",
oidcServiceAllowHybridFlow => 1,
oidcServiceAllowImplicitFlow => 1,
oidcServiceAllowDynamicRegistration => 1,
oidcServiceAllowAuthorizationCodeFlow => 1,
oidcRPMetaDataOptions => {
rp => {
oidcRPMetaDataOptionsDisplayName => "RP",
oidcRPMetaDataOptionsIDTokenExpiration => 3600,
oidcRPMetaDataOptionsClientID => "rpid",
oidcRPMetaDataOptionsIDTokenSignAlg => "HS512",
oidcRPMetaDataOptionsClientSecret => "rpsecret",
oidcRPMetaDataOptionsUserIDAttr => "",
oidcRPMetaDataOptionsAccessTokenExpiration => 1,
oidcRPMetaDataOptionsBypassConsent => 1,
},
oidcOPMetaDataOptions => {},
oidcOPMetaDataJSON => {},
oidcOPMetaDataJWKS => {},
oidcServiceMetaDataAuthnContext => {
'loa-4' => 4,
'loa-1' => 1,
'loa-5' => 5,
'loa-2' => 2,
'loa-3' => 3
},
oidcServicePrivateKeySig => "-----BEGIN RSA PRIVATE KEY-----
rp2 => {
oidcRPMetaDataOptionsDisplayName => "RP2",
oidcRPMetaDataOptionsIDTokenExpiration => 3600,
oidcRPMetaDataOptionsClientID => "rp2id",
oidcRPMetaDataOptionsIDTokenSignAlg => "HS512",
oidcRPMetaDataOptionsClientSecret => "rp2secret",
oidcRPMetaDataOptionsUserIDAttr => "",
oidcRPMetaDataOptionsAccessTokenExpiration => 1,
oidcRPMetaDataOptionsBypassConsent => 1,
oidcRPMetaDataOptionsRule => '$uid eq "dwho"',
}
},
oidcOPMetaDataOptions => {},
oidcOPMetaDataJSON => {},
oidcOPMetaDataJWKS => {},
oidcServiceMetaDataAuthnContext => {
'loa-4' => 4,
'loa-1' => 1,
'loa-5' => 5,
'loa-2' => 2,
'loa-3' => 3
},
oidcServicePrivateKeySig => "-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAs2jsmIoFuWzMkilJaA8//5/T30cnuzX9GImXUrFR2k9EKTMt
GMHCdKlWOl3BV+BTAU9TLz7Jzd/iJ5GJ6B8TrH1PHFmHpy8/qE/S5OhinIpIi7eb
ABqnoVcwDdCa8ugzq8k8SWxhRNXfVIlwz4NH1caJ8lmiERFj7IvNKqEhzAk0pyDr
@ -108,7 +108,7 @@ EYqYAev/l82wi+OZ5O8U+qjFUpT1CVeUJdDs0o5u19v0UJjunU1cwh9jsxBZAWLy
PAGd6SWf4S3uQCTw6dLeMna25YIlPh5qPA6I/pAahe8e3nSu2ckl
-----END RSA PRIVATE KEY-----
",
oidcServicePublicKeySig => "-----BEGIN PUBLIC KEY-----
oidcServicePublicKeySig => "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2jsmIoFuWzMkilJaA8/
/5/T30cnuzX9GImXUrFR2k9EKTMtGMHCdKlWOl3BV+BTAU9TLz7Jzd/iJ5GJ6B8T
rH1PHFmHpy8/qE/S5OhinIpIi7ebABqnoVcwDdCa8ugzq8k8SWxhRNXfVIlwz4NH
@ -118,13 +118,13 @@ kX5rx0h5SslG3jVWYhZ/SOb2aIzOr0RMjhQmsYRwbpt3anjlBZ98aOzg7GAkbO80
GQIDAQAB
-----END PUBLIC KEY-----
",
}
}
);
}
);
my $res;
# Authenticate to LLNG
my $url = "/";
my $url = "/";
my $query = "user=french&password=french";
ok(
$res = $op->_post(
@ -139,11 +139,12 @@ count(1);
my $idpId = expectCookie($res);
# Get code for RP1
my $query="response_type=code&scope=openid%20profile%20email&client_id=rpid&state=af0ifjsldkj&redirect_uri=http%3A%2F%2Frp2.com%2F";
my $query =
"response_type=code&scope=openid%20profile%20email&client_id=rpid&state=af0ifjsldkj&redirect_uri=http%3A%2F%2Frp2.com%2F";
ok(
$res = $op->_get(
"/oauth2/authorize",
query => "$query",
query => "$query",
accept => 'text/html',
cookie => "lemonldap=$idpId",
),
@ -151,10 +152,11 @@ ok(
);
count(1);
my ( $code ) = expectRedirection( $res, qr#http://rp2\.com/.*code=([^\&]*)#);
my ($code) = expectRedirection( $res, qr#http://rp2\.com/.*code=([^\&]*)# );
# Play code on RP2
$query="grant_type=authorization_code&code=$code&redirect_uri=http%3A%2F%2Frp2.com%2F";
$query =
"grant_type=authorization_code&code=$code&redirect_uri=http%3A%2F%2Frp2.com%2F";
ok(
$res = $op->_post(
@ -163,7 +165,7 @@ ok(
accept => 'text/html',
length => length($query),
custom => {
HTTP_AUTHORIZATION => "Basic ". encode_base64("rp2id:rp2secret"),
HTTP_AUTHORIZATION => "Basic " . encode_base64("rp2id:rp2secret"),
},
),
"Post token"
@ -171,11 +173,12 @@ ok(
count(1);
# Expect an invalid request
ok ($res->[0] = 400);
is( $res->[0], 400 );
count(1);
# Play code on RP1
$query="grant_type=authorization_code&code=$code&redirect_uri=http%3A%2F%2Frp2.com%2F";
$query =
"grant_type=authorization_code&code=$code&redirect_uri=http%3A%2F%2Frp2.com%2F";
ok(
$res = $op->_post(
@ -184,15 +187,15 @@ ok(
accept => 'text/html',
length => length($query),
custom => {
HTTP_AUTHORIZATION => "Basic ". encode_base64("rpid:rpsecret"),
HTTP_AUTHORIZATION => "Basic " . encode_base64("rpid:rpsecret"),
},
),
"Post token"
);
count(1);
my $json = from_json($res->[2]->[0]);
my $json = from_json( $res->[2]->[0] );
my $token = $json->{access_token};
ok($token, 'Access token present');
ok( $token, 'Access token present' );
count(1);
sleep(2);
@ -203,13 +206,13 @@ ok(
accept => 'text/html',
length => 0,
custom => {
HTTP_AUTHORIZATION => "Bearer ". $token,
HTTP_AUTHORIZATION => "Bearer " . $token,
},
),
"Post userinfo"
);
count(1);
ok($res->[0] == 401, "Access denied with expired token");
is( $res->[0], 401, "Access denied with expired token" );
count(1);
clean_sessions();

19
lemonldap-ng-portal/t/41-Captcha.t
View File

@ -6,7 +6,7 @@ require 't/test-lib.pm';
my $res;
my $maintests = 16;
my $maintests = 17;
SKIP: {
eval 'use GD::SecurityImage;use Image::Magick;';
if ($@) {
@ -15,11 +15,12 @@ SKIP: {
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
useSafeJail => 1,
loginHistoryEnabled => 1,
captcha_login_enabled => 1,
portalMainLogo => 'common/logos/logo_llng_old.png',
logLevel => 'error',
useSafeJail => 1,
browsersDontStorePassword => 1,
loginHistoryEnabled => 1,
captcha_login_enabled => 1,
portalMainLogo => 'common/logos/logo_llng_old.png',
}
}
);
@ -31,6 +32,12 @@ SKIP: {
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Unauth request' );
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
ok(
$res->[2]->[0] =~
m%<input name="password" type="text" class="form-control key" trplaceholder="password" autocomplete="off" required aria-required="true"/>%,
'Password: Found text input'
);
$query =~ s/.*\btoken=([^&]+).*/token=$1/;
my $token;
ok( $token = $1, ' Token value is defined' );

7
lemonldap-ng-portal/t/41-Token.t
View File

@ -21,6 +21,13 @@ ok( $res = $client->_get( '/', accept => 'text/html' ), 'Unauth request' );
count(1);
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
ok(
$res->[2]->[0] =~
m%<input name="password" type="password" class="form-control" trplaceholder="password" required aria-required="true"/>%,
'Password: Found password input'
);
count(1);
$query =~ s/.*\b(token=[^&]+).*/$1/;
# Try to auth without token

112
lemonldap-ng-portal/t/43-MailPasswordReset-Combination-LDAP.t Normal file
View File

@ -0,0 +1,112 @@
use Test::More;
use strict;
use IO::String;
BEGIN {
eval {
require 't/test-lib.pm';
require 't/smtp.pm';
};
}
my ( $res, $user, $pwd );
my $maintests = 8;
my $mailSend = 0;
my $mail2 = 0;
SKIP: {
eval
'require Email::Sender::Simple;use GD::SecurityImage;use Image::Magick;';
if ($@) {
skip 'Missing dependencies', $maintests;
}
skip 'LLNGTESTLDAP is not set', $maintests unless ( $ENV{LLNGTESTLDAP} );
require 't/test-ldap.pm';
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
useSafeJail => 1,
portalDisplayRegister => 1,
authentication => 'Combination',
userDB => 'Same',
passwordDB => 'LDAP',
ldapServer => 'ldap://127.0.0.1:19389/',
ldapBase => 'ou=users,dc=example,dc=com',
managerDn => 'cn=admin,dc=example,dc=com',
managerPassword => 'admin',
captcha_mail_enabled => 0,
portalDisplayResetPassword => 1,
combModules => {
'LDAP' => { 'for' => 0, 'type' => 'LDAP' },
'Demo' => { 'for' => 0, 'type' => 'Demo' }
},
combination => '[LDAP, LDAP] or [Demo, Demo]',
}
}
);
# Test form
# ------------------------
ok( $res = $client->_get( '/resetpwd', accept => 'text/html' ),
'Reset form', );
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'mail' );
$query = 'mail=dwho%40badwolf.org';
# Post email
ok(
$res = $client->_post(
'/resetpwd', IO::String->new($query),
length => length($query),
accept => 'text/html'
),
'Post mail'
);
ok( mail() =~ m#a href="http://auth.example.com/resetpwd\?(.*?)"#,
'Found link in mail' );
$query = $1;
ok(
$res =
$client->_get( '/resetpwd', query => $query, accept => 'text/html' ),
'Post mail token received by mail'
);
( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
ok( $res->[2]->[0] =~ /newpassword/s, ' Ask for a new password' );
$query .= '&newpassword=zz&confirmpassword=zz';
# Post new password
ok(
$res = $client->_post(
'/resetpwd', IO::String->new($query),
length => length($query),
accept => 'text/html'
),
'Post new password'
);
ok( mail() =~ /Your password was changed/, 'Password was changed' );
ok(
$res = $client->_post(
'/',
IO::String->new('user=dwho&password=zz'),
length => 21
),
'Auth query'
);
expectOK($res);
my $id = expectCookie($res);
$client->logout($id);
#print STDERR Dumper($query);
}
count($maintests);
stopLdapServer() if $ENV{LLNGTESTLDAP};
done_testing( count() );