Merge branch 'v2.0'
This commit is contained in:
Xavier
commit
e1fe12a94d
|
|
@ -1,3 +1,11 @@
|
|||
lemonldap-ng (2.0.6-1) unstable; urgency=medium
|
||||
|
||||
FastCGI / uWsgi servers require llng-lmlog.conf and llng-lua-headers.conf.
|
||||
Those configuration files are now provided by lemonldap-ng-handler package
|
||||
and installed in /etc/nginx/snippets directory.
|
||||
|
||||
-- maudoux <maudoux@localhost> Wed, 11 Sep 2019 22:47:57 +0200
|
||||
|
||||
lemonldap-ng (2.0.5-1) unstable; urgency=medium
|
||||
|
||||
This version adds some improvements in cryptographic functions. To take
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ use constant MANAGERSECTION => "manager";
|
|||
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
|
||||
use constant APPLYSECTION => "apply";
|
||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustomAddParam|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?)?|y(?:Deleted|Other))|AjaxHook)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|d(?:isablePersistentStorage|biDynamicHashEnabled|ontCompactConf)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|br(?:owsersDontStorePassword|uteForceProtection)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?)?|y(?:Deleted|Other))|AjaxHook)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|d(?:isablePersistentStorage|biDynamicHashEnabled|ontCompactConf)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|br(?:owsersDontStorePassword|uteForceProtection)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
|
||||
|
||||
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
|
||||
|
||||
|
|
|
|||
|
|
@ -210,29 +210,30 @@ sub defaultValues {
|
|||
'portalAntiFrame' => 1,
|
||||
'portalCheckLogins' => 1,
|
||||
'portalDisplayAppslist' => 1,
|
||||
'portalDisplayChangePassword' => '$_auth =~ /^(LDAP|DBI|Demo)$/',
|
||||
'portalDisplayFavApps' => 1,
|
||||
'portalDisplayLoginHistory' => 1,
|
||||
'portalDisplayLogout' => 1,
|
||||
'portalDisplayOidcConsents' => '$_oidcConnectedRP',
|
||||
'portalDisplayRegister' => 1,
|
||||
'portalErrorOnExpiredSession' => 1,
|
||||
'portalForceAuthnInterval' => 5,
|
||||
'portalMainLogo' => 'common/logos/logo_llng_400px.png',
|
||||
'portalPingInterval' => 60000,
|
||||
'portalRequireOldPassword' => 1,
|
||||
'portalSkin' => 'bootstrap',
|
||||
'portalUserAttr' => '_user',
|
||||
'proxyAuthnLevel' => 2,
|
||||
'radius2fActivation' => 0,
|
||||
'radius2fTimeout' => 20,
|
||||
'radiusAuthnLevel' => 3,
|
||||
'randomPasswordRegexp' => '[A-Z]{3}[a-z]{5}.\\d{2}',
|
||||
'redirectFormMethod' => 'get',
|
||||
'registerDB' => 'Null',
|
||||
'registerTimeout' => 0,
|
||||
'registerUrl' => 'http://auth.example.com/register',
|
||||
'reloadTimeout' => 5,
|
||||
'portalDisplayChangePassword' => '$_auth =~ /^(LDAP|DBI|Demo)$/',
|
||||
'portalDisplayFavApps' => 1,
|
||||
'portalDisplayGeneratePassword' => 1,
|
||||
'portalDisplayLoginHistory' => 1,
|
||||
'portalDisplayLogout' => 1,
|
||||
'portalDisplayOidcConsents' => '$_oidcConnectedRP',
|
||||
'portalDisplayRegister' => 1,
|
||||
'portalErrorOnExpiredSession' => 1,
|
||||
'portalForceAuthnInterval' => 5,
|
||||
'portalMainLogo' => 'common/logos/logo_llng_400px.png',
|
||||
'portalPingInterval' => 60000,
|
||||
'portalRequireOldPassword' => 1,
|
||||
'portalSkin' => 'bootstrap',
|
||||
'portalUserAttr' => '_user',
|
||||
'proxyAuthnLevel' => 2,
|
||||
'radius2fActivation' => 0,
|
||||
'radius2fTimeout' => 20,
|
||||
'radiusAuthnLevel' => 3,
|
||||
'randomPasswordRegexp' => '[A-Z]{3}[a-z]{5}.\\d{2}',
|
||||
'redirectFormMethod' => 'get',
|
||||
'registerDB' => 'Null',
|
||||
'registerTimeout' => 0,
|
||||
'registerUrl' => 'http://auth.example.com/register',
|
||||
'reloadTimeout' => 5,
|
||||
'remoteGlobalStorage' => 'Lemonldap::NG::Common::Apache::Session::SOAP',
|
||||
'remoteGlobalStorageOptions' => {
|
||||
'ns' =>
|
||||
|
|
|
|||
|
|
@ -423,7 +423,7 @@ sub fetchId {
|
|||
$value = $class->tsv->{cipher}->decrypt($value);
|
||||
unless ( $value =~ s/^(.*)? (.*)$/$1/ and $2 eq $vhost ) {
|
||||
$class->userLogger->error(
|
||||
"Bad CDA cookie: available for $2 instead od $vhost");
|
||||
"Bad CDA cookie: available for $2 instead of $vhost");
|
||||
return undef;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -54,13 +54,14 @@ sub _run {
|
|||
# auth_request_set $headervalue1 $upstream_http_headervalue1;
|
||||
# #proxy_set_header $headername1 $headervalue1;
|
||||
# # OR
|
||||
# #fastcgi_param $fheadername1 $headervalue1;
|
||||
# #fastcgi_param $headername1 $headervalue1;
|
||||
#
|
||||
# LLNG::Handler::Server::Main add also a header called Lm-Remote-User set to
|
||||
# whatToTrace value that can be used in Nginx virtualhost configuration to
|
||||
# insert user id in logs
|
||||
# LLNG::Handler::Server::Main add also headers called Lm-Remote-User set to
|
||||
# whatToTrace value and Lm-Remote-Custom that can be used in Nginx virtualhosts configuration to
|
||||
# insert user id and a custom value in logs
|
||||
#
|
||||
# auth_request_set $llremoteuser $upstream_http_lm_remote_user
|
||||
# auth_request_set $lmremote_user $upstream_http_lm_remote_user
|
||||
# auth_request_set $lmremote_custom $upstream_http_lm_remote_custom
|
||||
#
|
||||
#@param $req Lemonldap::NG::Common::PSGI::Request
|
||||
sub handler {
|
||||
|
|
|
|||
|
|
@ -2330,6 +2330,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'default' => 1,
|
||||
'type' => 'boolOrExpr'
|
||||
},
|
||||
'portalDisplayGeneratePassword' => {
|
||||
'default' => 1,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'portalDisplayLoginHistory' => {
|
||||
'default' => 1,
|
||||
'type' => 'boolOrExpr'
|
||||
|
|
|
|||
|
|
@ -978,6 +978,12 @@ sub attributes {
|
|||
default => '$_oidcConnectedRP',
|
||||
documentation => 'Display OIDC consent tab in portal',
|
||||
},
|
||||
portalDisplayGeneratePassword => {
|
||||
default => 1,
|
||||
type => 'bool',
|
||||
documentation =>
|
||||
'Display password generate box in reset password form',
|
||||
},
|
||||
|
||||
# Cookies
|
||||
cookieExpiration => {
|
||||
|
|
|
|||
|
|
@ -91,6 +91,7 @@ sub tree {
|
|||
'passwordPolicyMinUpper',
|
||||
'passwordPolicyMinDigit',
|
||||
'portalDisplayPasswordPolicy',
|
||||
'portalDisplayGeneratePassword',
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
@ -139,7 +140,10 @@ sub tree {
|
|||
{
|
||||
title => 'choiceParams',
|
||||
help => 'authchoice.html',
|
||||
nodes => [ 'authChoiceParam', 'authChoiceModules', 'authChoiceAuthBasic' ]
|
||||
nodes => [
|
||||
'authChoiceParam', 'authChoiceModules',
|
||||
'authChoiceAuthBasic'
|
||||
]
|
||||
},
|
||||
{
|
||||
title => 'apacheParams',
|
||||
|
|
|
|||
|
|
@ -653,6 +653,7 @@
|
|||
"portalDisplayAppslist":"قائمة التطبيقات",
|
||||
"portalDisplayFavApps":"Activation rule",
|
||||
"portalDisplayChangePassword":"تغيير كلمة المرور",
|
||||
"portalDisplayGeneratePassword":"Display generate password box",
|
||||
"portalDisplayLoginHistory":"سجل تسجيل الدخول",
|
||||
"portalDisplayLogout":"تسجيل الخروج",
|
||||
"portalDisplayPasswordPolicy":"Display policy in password form",
|
||||
|
|
@ -1063,4 +1064,4 @@
|
|||
"samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ",
|
||||
"samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين",
|
||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -652,6 +652,7 @@
|
|||
"portalDisplayAppslist":"Applications list",
|
||||
"portalDisplayFavApps":"Activation rule",
|
||||
"portalDisplayChangePassword":"Password change",
|
||||
"portalDisplayGeneratePassword":"Display generate password box",
|
||||
"portalDisplayLoginHistory":"Login History",
|
||||
"portalDisplayLogout":"Logout",
|
||||
"portalDisplayPasswordPolicy":"Display policy in password form",
|
||||
|
|
@ -1062,4 +1063,4 @@
|
|||
"samlRelayStateTimeout":"RelayState session timeout",
|
||||
"samlUseQueryStringSpecific":"Use specific query_string method",
|
||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -652,6 +652,7 @@
|
|||
"portalDisplayAppslist":"Applications list",
|
||||
"portalDisplayFavApps":"Activation rule",
|
||||
"portalDisplayChangePassword":"Password change",
|
||||
"portalDisplayGeneratePassword":"Display generate password box",
|
||||
"portalDisplayLoginHistory":"Login History",
|
||||
"portalDisplayLogout":"Logout",
|
||||
"portalDisplayPasswordPolicy": "Display policy in password form",
|
||||
|
|
|
|||
|
|
@ -652,6 +652,7 @@
|
|||
"portalDisplayAppslist":"Liste des applications",
|
||||
"portalDisplayFavApps":"Règle d'utilisation",
|
||||
"portalDisplayChangePassword":"Changement de mot de passe",
|
||||
"portalDisplayGeneratePassword":"Afficher la boite de génération du mot de passe",
|
||||
"portalDisplayLoginHistory":"Historique des connexions",
|
||||
"portalDisplayLogout":"Déconnexion",
|
||||
"portalDisplayPasswordPolicy": "Afficher la politique dans le formulaire de mot de passe",
|
||||
|
|
|
|||
|
|
@ -652,6 +652,7 @@
|
|||
"portalDisplayAppslist":"Lista delle applicazioni",
|
||||
"portalDisplayFavApps":"Activation rule",
|
||||
"portalDisplayChangePassword":"Cambio password",
|
||||
"portalDisplayGeneratePassword":"Display generate password box",
|
||||
"portalDisplayLoginHistory":"Cronologia login",
|
||||
"portalDisplayLogout":"Logout",
|
||||
"portalDisplayPasswordPolicy":"Display policy in password form",
|
||||
|
|
@ -1062,4 +1063,4 @@
|
|||
"samlRelayStateTimeout":"Timeout di sessione di RelayState",
|
||||
"samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string",
|
||||
"samlOverrideIDPEntityID":"Sostituisci l'ID entità quando agisce come IDP"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -652,6 +652,7 @@
|
|||
"portalDisplayAppslist":"Danh sách ứng dụng",
|
||||
"portalDisplayFavApps":"Activation rule",
|
||||
"portalDisplayChangePassword":"Thay đổi mật khẩu",
|
||||
"portalDisplayGeneratePassword":"Display generate password box",
|
||||
"portalDisplayLoginHistory":"Lịch sử đăng nhập",
|
||||
"portalDisplayLogout":"Đăng xuất",
|
||||
"portalDisplayPasswordPolicy":"Display policy in password form",
|
||||
|
|
@ -1062,4 +1063,4 @@
|
|||
"samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ",
|
||||
"samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể",
|
||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -652,6 +652,7 @@
|
|||
"portalDisplayAppslist":"Applications list",
|
||||
"portalDisplayFavApps":"Activation rule",
|
||||
"portalDisplayChangePassword":"Password change",
|
||||
"portalDisplayGeneratePassword":"Display generate password box",
|
||||
"portalDisplayLoginHistory":"Login History",
|
||||
"portalDisplayLogout":"Logout",
|
||||
"portalDisplayPasswordPolicy":"Display policy in password form",
|
||||
|
|
@ -1062,4 +1063,4 @@
|
|||
"samlRelayStateTimeout":"RelayState session timeout",
|
||||
"samlUseQueryStringSpecific":"Use specific query_string method",
|
||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -24,6 +24,10 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
PE_PASSWORDFORMEMPTY
|
||||
PE_PASSWORD_MISMATCH
|
||||
PE_PASSWORD_OK
|
||||
PE_PP_INSUFFICIENT_PASSWORD_QUALITY
|
||||
PE_PP_PASSWORD_TOO_SHORT
|
||||
PE_PP_PASSWORD_TOO_YOUNG
|
||||
PE_PP_PASSWORD_IN_HISTORY
|
||||
PE_TOKENEXPIRED
|
||||
PE_USERNOTFOUND
|
||||
);
|
||||
|
|
@ -441,7 +445,10 @@ sub changePwd {
|
|||
my $cpq =
|
||||
$self->Lemonldap::NG::Portal::Password::Base::checkPasswordQuality(
|
||||
$req->data->{newpassword} );
|
||||
return $cpq unless ( $cpq == PE_OK );
|
||||
unless ( $cpq == PE_OK ) {
|
||||
$self->ott->setToken( $req, $req->sessionInfo );
|
||||
return $cpq;
|
||||
}
|
||||
|
||||
# Modify the password TODO: change this
|
||||
# Populate $req->{user} for logging purpose
|
||||
|
|
@ -455,7 +462,10 @@ sub changePwd {
|
|||
$self->conf->{portalRequireOldPassword} = $tmp;
|
||||
|
||||
# Mail token can be used only one time, delete the session if all is ok
|
||||
return $result unless ( $result == PE_PASSWORD_OK or $result == PE_OK );
|
||||
unless ( $result == PE_PASSWORD_OK or $result == PE_OK ) {
|
||||
$self->ott->setToken( $req, $req->sessionInfo );
|
||||
return $result;
|
||||
}
|
||||
|
||||
# Send mail containing the new password
|
||||
$req->data->{mailAddress} ||=
|
||||
|
|
@ -545,6 +555,8 @@ sub display {
|
|||
PPOLICY_MINLOWER => $self->conf->{passwordPolicyMinLower},
|
||||
PPOLICY_MINUPPER => $self->conf->{passwordPolicyMinUpper},
|
||||
PPOLICY_MINDIGIT => $self->conf->{passwordPolicyMinDigit},
|
||||
DISPLAY_GENERATE_PASSWORD =>
|
||||
$self->conf->{portalDisplayGeneratePassword},
|
||||
);
|
||||
if ( $req->data->{mailToken}
|
||||
and
|
||||
|
|
@ -605,9 +617,15 @@ sub display {
|
|||
$tplPrm{DISPLAY_PASSWORD_FORM} = 1;
|
||||
}
|
||||
|
||||
# Display password change form again if passwords mismatch
|
||||
# Display password change form again
|
||||
# - if passwords mismatch
|
||||
# - if password quality check fail
|
||||
elsif ($req->error == PE_PASSWORDFORMEMPTY
|
||||
|| $req->error == PE_PASSWORD_MISMATCH )
|
||||
|| $req->error == PE_PASSWORD_MISMATCH
|
||||
|| $req->error == PE_PP_INSUFFICIENT_PASSWORD_QUALITY
|
||||
|| $req->error == PE_PP_PASSWORD_TOO_SHORT
|
||||
|| $req->error == PE_PP_PASSWORD_TOO_YOUNG
|
||||
|| $req->error == PE_PP_PASSWORD_IN_HISTORY )
|
||||
{
|
||||
$self->logger->debug('Display password form');
|
||||
$tplPrm{DISPLAY_PASSWORD_FORM} = $req->sessionInfo->{pwdAllowed};
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@
|
|||
"PE-7":"La sesión se ha desconectado",
|
||||
"PE-6":"La contraseña se ha modificado",
|
||||
"PE0":"Usuario autentificado",
|
||||
"PE1":"Su sesión ha expirado. Vuelva a autenticarse",
|
||||
"PE1":"Su sesión ha caducado. Vuelva a autenticarse de nuevo",
|
||||
"PE2":"Introduzca su identificante o contraseña",
|
||||
"PE3":"Cuenta o contraseña LDAP de la aplicación incorrecta",
|
||||
"PE3":"Error en la cuenta o contraseña LDAP de la aplicación",
|
||||
"PE4":"Usuario no reconocido",
|
||||
"PE5":"Contraseña o identificador incorrecto",
|
||||
"PE6":"Conexión fallida al servidor LDAP",
|
||||
|
|
@ -24,7 +24,7 @@
|
|||
"PE30":"Contraseña muy reciente",
|
||||
"PE31":"Contraseña utilizada muy recientemente",
|
||||
"PE32":" autenticaciones restantes, cambie de contraseña",
|
||||
"PE33":"Faltan %d días, %d horas, %d minutos y %d segundos para que su contraseña expire.",
|
||||
"PE33":"Faltan %d días, %d horas, %d minutos y %d segundos para que su contraseña caduque.",
|
||||
"PE34":"Las contraseñas no coinciden",
|
||||
"PE36":"Tiene un mensaje nuevo",
|
||||
"PE37":"URL incorrecta",
|
||||
|
|
@ -72,7 +72,7 @@
|
|||
"PE80":"Esta dirección ya está siendo utilizada",
|
||||
"PE81":"Intento de autenticación inválido",
|
||||
"PE82":"Tiempo de espera de autenticación exedido",
|
||||
"PE83":"La verificación U2F ha fallado. Reintente o contacte su administrador",
|
||||
"PE83":"La verificación U2F ha fallado. Reintente o póngase en contacto con su administrador",
|
||||
"PE84":"Usted no está autorizado a acceder a este servidor",
|
||||
"PE85":"El sitio remoto pide una nueva sesión (y el plugin UpgradeSession no está cargado). Desconéctese y reintente",
|
||||
"PE86":"Su cuenta está bloqueada. Espere 30s antes de autenticarse de nuevo",
|
||||
|
|
@ -83,7 +83,7 @@
|
|||
"PE91":"Acceso no autorizado al servicio OID",
|
||||
"PE92":"Acceso no autorizado al servicio GET",
|
||||
"PE93":"Acceso no concedido al servicio de SUPLANTACIÓN",
|
||||
"PE94":"A required attribute is not available",
|
||||
"PE94":"Un atributo obligatorio no está presente",
|
||||
"2fRegRequired":"Este servicio necesita la autenticación de dos factores. Registre un dispositivo ahora, luego reingrese al portal.",
|
||||
"accept":"Aceptar",
|
||||
"accessDenied":"No está autorizado a acceder a esta aplicación",
|
||||
|
|
@ -97,9 +97,9 @@
|
|||
"askToUpgrade":"Esta aplicación requiere de un nivel de autenticación más alto. ¿Desea reautenticar?",
|
||||
"attributes":"ATRIBUTOS",
|
||||
"authPortal":"Portal de autenticación",
|
||||
"authRemaining":"%s authentications remaining, change your password!",
|
||||
"authRemaining":"%s autenticaciones restantes, ¡cambie su contraseña!",
|
||||
"autoAccept":"Aceptar automáticamente en 30 segundos ",
|
||||
"back2CasUrl":"The application you just logged out of has provided a link it would like you to follow",
|
||||
"back2CasUrl":"La aplicación de la cual se acaba de desconectar le ha enviado un enlace y le gustaría que lo siguiese",
|
||||
"back2Portal":"Volver al portal",
|
||||
"badCode":"Código incorrecto",
|
||||
"badName":"Nombre incorrecto",
|
||||
|
|
@ -109,10 +109,10 @@
|
|||
"changePwd":"Cambie su contraseña",
|
||||
"checkLastLogins":"Verificar mis últimos accesos",
|
||||
"checkUser":"Verificar el perfil SSO del usuario ",
|
||||
"checkUserMerged":"Check user SSO profile. Some Real and Spoofed SSO groups are merged!",
|
||||
"checkUserComputeSession":"Computed session data!",
|
||||
"checkUserMerged":"Verifique el perfil SSO del usuario. ¡Algunos grupos SSO (reales y suplantados) están fusionados!",
|
||||
"checkUserComputeSession":"¡Datos de sesión calculados!",
|
||||
"choose2f":"Seleccione su segundo factor",
|
||||
"chooseApp":"Choose an application your are allowed to access to",
|
||||
"chooseApp":"Elija una aplicación a la cual se le está permitido acceder",
|
||||
"clickHere":"Por favor haga clic aquí",
|
||||
"clickOnYubikey":"Haga clic en su Yubikey",
|
||||
"closeSSO":"Cierre su sesión SSO",
|
||||
|
|
@ -129,13 +129,13 @@
|
|||
"enterCred":"Por favor ingrese sus credenciales",
|
||||
"enterExt2fCode":"Un código le ha sido enviado. Por favor ingréselo ",
|
||||
"enterMail2fCode":"Un código le ha sido enviado a dirección de e-mail. Por favor ingréselo",
|
||||
"enterOpenIDLogin":"Please enter your OpenID login",
|
||||
"enterOpenIDLogin":"Por favor ingrese su usuario OpenID",
|
||||
"enterRadius2fCode":"Por favor ingrese su código OTP",
|
||||
"enterRest2fCode":"Por favor ingrese su código OTP",
|
||||
"enterTotpCode":"Ingrese el código TOTP",
|
||||
"enterYubikey":"Por favor utilice su Yubikey",
|
||||
"errorMsg":"Mensaje de Error",
|
||||
"expired2Fremoved":"%s expired 2F devices have been removed!",
|
||||
"expired2Fremoved":"¡%s dispositivos 2F caducados han sido suprimidos!",
|
||||
"ext2f":"Código de verificación",
|
||||
"fillTheForm":"Llene el formulario",
|
||||
"firstName":"Nombre",
|
||||
|
|
@ -146,7 +146,7 @@
|
|||
"goToPortal":"Ir al portal",
|
||||
"gplSoft":"Software libre cubierto bajo licencia GPL",
|
||||
"groups_sso":"GRUPOS SSO",
|
||||
"headers":"HEADERS",
|
||||
"headers":"ENCABEZADOS",
|
||||
"id":"Id",
|
||||
"contextSwitching_ON":"Suplantar otro usuario",
|
||||
"contextSwitching_OFF":"Parar suplantación",
|
||||
|
|
@ -159,17 +159,17 @@
|
|||
"lastName":"Apellido(s)",
|
||||
"linkValidUntil":"Este mensaje contiene un enlace para reiniciar su contraseña, este enlace es válido hasta",
|
||||
"loginHistory":"Historial de conexión",
|
||||
"login":"Conexión",
|
||||
"login":"Usuario",
|
||||
"logout":"Desconexión ",
|
||||
"logoutConfirm":"¿Desea desconectarse?",
|
||||
"logoutFromOtherApp":"Logout from other applications ...",
|
||||
"logoutFromOtherApp":"Desconectarse de otras aplicaciones...",
|
||||
"logoutFromSP":"Desconectando proveedor de servicios...",
|
||||
"macros":"MACROS",
|
||||
"mail":"E-mail",
|
||||
"mail2f":"Código de e-mail",
|
||||
"mailSent2":"Un mensaje ha sido enviado a su dirección de e-mail",
|
||||
"maintenanceMode":"Aplicación en mantenimiento, por favor intente conectarse luego",
|
||||
"maxNumberof2FDevicesReached":"Maximum number of 2F devices reached!",
|
||||
"maxNumberof2FDevicesReached":"¡El límite de dispositivos 2F ha sido alcanzado!",
|
||||
"missingCode":"Código faltante",
|
||||
"name":"Nombre",
|
||||
"newMessages":"Nuevo(s) mensaje(s)",
|
||||
|
|
@ -177,33 +177,33 @@
|
|||
"newPwdSentTo":"Una confirmación ha sido enviada a su dirección de e-mail.",
|
||||
"noHistory":"Esta es su primera conexión, bienvenido.",
|
||||
"notAuthorized":"Usted no está autorizado a hacer esto",
|
||||
"notFound":"Not found: you try to access to an unavailable page",
|
||||
"notFound":"No encontrado: página no disponible",
|
||||
"noTOTPFound":"TOTP no encontrado",
|
||||
"noU2FKeyFound":"Llave U2F no encontrada",
|
||||
"oidcConsent":"The application %s would like to know:",
|
||||
"oidcConsents":"OIDC consents",
|
||||
"oidcConsentsFull":"OpenID Connect consents",
|
||||
"oneExpired2Fremoved":"An expired 2F device has been removed!",
|
||||
"openidAp":"Do you agree to provide the following parameters?",
|
||||
"oidcConsent":"La aplicación %s quisiera saber:",
|
||||
"oidcConsents":"Permisos OIDC",
|
||||
"oidcConsentsFull":"Permisos OpenID Connect",
|
||||
"oneExpired2Fremoved":"¡Un dispositivo 2F caducado ha sido suprimido!",
|
||||
"openidAp":"¿Está de acuerdo en proporcionar los siguientes parámetros?",
|
||||
"openIdExample":"por ejemplo:http://myopenid.org/juan",
|
||||
"openidExchange":"Do you want to authenticate yourself on %s ?",
|
||||
"openidPA":"Data usage policy is available at",
|
||||
"openidRpns":"Parameter %s requested for federation isn't available",
|
||||
"openidExchange":"¿Desea autenticarse en %s?",
|
||||
"openidPA":"La política de uso de datos está disponible en",
|
||||
"openidRpns":"El parámetro %s solicitado por la agrupación no está disponible",
|
||||
"openSessionSpace":"Este espacio le permite abrir una sesión SSO. Esto le ayudará a acceder de manera segura a todas las aplicaciones autorizadas por su perfil.",
|
||||
"openSSOSession":"Abra su sesión SSO",
|
||||
"otherSessions":"Otras sesiones activas",
|
||||
"password":"Contraseña",
|
||||
"passwordPolicy":"Please respect the following policy:",
|
||||
"passwordPolicyMinSize":"Minimal size:",
|
||||
"passwordPolicyMinLower":"Minimal lower characters:",
|
||||
"passwordPolicyMinUpper":"Minimal upper characters:",
|
||||
"passwordPolicyMinDigit":"Minimal digit characters:",
|
||||
"passwordPolicy":"Por favor respete la siguiente política de seguridad:",
|
||||
"passwordPolicyMinSize":"Tamaño mínimo:",
|
||||
"passwordPolicyMinLower":"Minúsculas, como mínimo:",
|
||||
"passwordPolicyMinUpper":"Mayúsculas, como mínimo:",
|
||||
"passwordPolicyMinDigit":"Dígitos, como mínimo:",
|
||||
"ppGrace":"autenticaciones restantes, ¡cambie su contraseña!.",
|
||||
"proxyError":"Bad gateway: unable to join remote server",
|
||||
"proxyError":"Puerta de enlace no válida: servidor remoto inalcanzable",
|
||||
"pwdChange":"Cambio de contraseña",
|
||||
"pwd":"Contraseña",
|
||||
"pwdResetAlreadyIssued":"A password reset request was already issued on ",
|
||||
"pwdWillExpire":"%s days, %s hours, %s minutes and %s seconds before password expiration, change it!",
|
||||
"pwdResetAlreadyIssued":"Ya fue expedida una solicitud de reinicio de contraseña",
|
||||
"pwdWillExpire":"Faltan %s días, %s horas, %s minutos y %s segundos para que su contraseña caduque.",
|
||||
"radius2f":"Radius",
|
||||
"redirectedFrom":"Ha sido redirigido desde",
|
||||
"redirectedIn":"Usted será redirigido en 30 segundos",
|
||||
|
|
@ -212,54 +212,60 @@
|
|||
"refreshrights":"Actualizar mis derechos",
|
||||
"refuse":"Rechazar",
|
||||
"register":"Registrar",
|
||||
"registerRequestAlreadyIssued":"A register request for this account was already issued on ",
|
||||
"registerRequestAlreadyIssued":"Ya fue expedida una solicitud de registro para esta cuenta",
|
||||
"rememberChoice":"Recordar mi elección",
|
||||
<<<<<<< HEAD
|
||||
"removeOtherSessions":"Remove other sessions",
|
||||
"resendConfirmMail":"Resend confirmation mail?",
|
||||
"resentConfirm":"Do you want the confirmation mail to be resent?",
|
||||
"resetFavApps":"Reset my favorite Apps.",
|
||||
=======
|
||||
"removeOtherSessions":"Suprimir las otras sesiones",
|
||||
"resendConfirmMail":"¿Reenviar e-mail de confirmación?",
|
||||
"resentConfirm":"¿Desea que el e-mail de confirmación sea reenviado?",
|
||||
>>>>>>> v2.0
|
||||
"resetPwd":"Reiniciar mi contraseña",
|
||||
"rest2f":"Código de verificación",
|
||||
"rightsReloadNeedsLogout":"La recarga de derechos necesita desconectarse y conectarse de nuevo",
|
||||
"scope":"Scope",
|
||||
"scope":"Alcance",
|
||||
"search":"Buscar",
|
||||
"selectIdP":"Seleccione su proveedor de identidad",
|
||||
"service":"Servicio",
|
||||
"sendPwd":"Enviarme un enlace",
|
||||
"serverError":"Error occurs on the server",
|
||||
"serverError":"Ocurrió un error en el servidor",
|
||||
"serviceProvidedBy":"Servicio proveído por",
|
||||
"sessionsDeleted":"The following sessions have been closed",
|
||||
"sfaManager":"2ndFA Manager",
|
||||
"spoofId":"Spoofed Id",
|
||||
"SSOSessionInactive":"SSO session inactive",
|
||||
"stayConnected":"Stay connected on this device",
|
||||
"submit":"Submit",
|
||||
"switchContext":"Switch context",
|
||||
"totp2f":"OTP App",
|
||||
"totpExistingKey":"A TOTP secret already exists",
|
||||
"touchU2fDevice":"Please touch the flashing U2F device now.",
|
||||
"touchU2fDeviceOrEnterTotp":"Please touch the flashing U2F device or enter TOTP code.",
|
||||
"type":"Type",
|
||||
"u2f":"U2F Key",
|
||||
"u2fFailed":"U2F verification failed. Retry or contact your administrator",
|
||||
"u2fPermission":"You may be prompted to allow the site permission to access your security keys. After granting permission, the device will start to blink.",
|
||||
"u2fWelcome":"U2F device management",
|
||||
"unableToGetKey":"Unable to access to your key. Retry or contact your administrator",
|
||||
"sessionsDeleted":"Las siguientes sesiones han sido cerradas",
|
||||
"sfaManager":"Administrador 2ndFA",
|
||||
"spoofId":"Identificador suplantado",
|
||||
"SSOSessionInactive":"Sesión SSO inactiva",
|
||||
"stayConnected":"Seguir conectado en este dispositivo",
|
||||
"submit":"Enviar",
|
||||
"switchContext":"Cambiar contexto",
|
||||
"totp2f":"Aplicación OTP",
|
||||
"totpExistingKey":"Un secreto TOTP ya existe",
|
||||
"touchU2fDevice":"Por favor toque el dispositivo U2F centelleante ahora.",
|
||||
"touchU2fDeviceOrEnterTotp":"Por favor toque el dispositivo U2F centelleante o ingrese el código TOTP.",
|
||||
"type":"Tipo",
|
||||
"u2f":"Llave U2F",
|
||||
"u2fFailed":"La verificación U2F ha fallado. Reintente o póngase en contacto con su administrador",
|
||||
"u2fPermission":"Es posible que se le pida su autorización para acceder a sus llaves de seguridad. Después de autorizar el acceso, el dispositivo comenzará a centellear.",
|
||||
"u2fWelcome":"Administración de dispositivos U2F",
|
||||
"unableToGetKey":"Imposible acceder a su llave. Reintente o póngase en contacto con su administrador",
|
||||
"unknownAction":"Acción desconocida",
|
||||
"unregister":"Unregister",
|
||||
"updateCdc":"Update Common Domain Cookie",
|
||||
"upgradeSession":"Upgrade session",
|
||||
"unregister":"Suprimir",
|
||||
"updateCdc":"Actualizar el cookie de dominio común",
|
||||
"upgradeSession":"Actualizar la sesión",
|
||||
"user":"Usuario",
|
||||
"useYubikey":"use your Yubikey",
|
||||
"utotp2f":"TOTP-or-U2F",
|
||||
"useYubikey":"utilice su Yubikey",
|
||||
"utotp2f":"TOTP-o-U2F",
|
||||
"value":"Valor",
|
||||
"verify":"Verificar",
|
||||
"VHnotFound":"Virtual Host no encontrado",
|
||||
"wait":"Esperar",
|
||||
"waitingmessage":"Authentication in progress, please wait",
|
||||
"waitingmessage":"Autenticación en progreso, espere por favor",
|
||||
"warning":"Precaución",
|
||||
"welcomeOnPortal":"Welcome on your secured authentication portal.",
|
||||
"yesResendMail":"Yes, resend the mail",
|
||||
"welcomeOnPortal":"Bienvenido a su portal de autenticación.",
|
||||
"yesResendMail":"Sí, reenviar el e-mail",
|
||||
"yourAddress":"Su dirección",
|
||||
"yourApps":"Sus aplicaciones",
|
||||
"yourEmail":"Su e-mail",
|
||||
|
|
@ -268,11 +274,11 @@
|
|||
"yourIdentityIs":"Su identidad es",
|
||||
"yourKeyIsRegistered":"Su llave está registrada",
|
||||
"yourKeyIsAlreadyRegistered":"¡Su llave YA FUE registrada!",
|
||||
"yourKeyIsUnregistered":"Your key has been unregistered",
|
||||
"yourKeyIsUnregistered":"Su llave ha sido suprimida",
|
||||
"yourKeyIsVerified":"Su llave está verificada",
|
||||
"yourNewTotpKey":"Your new TOTP key, please test it and enter the code",
|
||||
"yourPhone":"Your phone number",
|
||||
"yourProfile":"Your profile",
|
||||
"yourTotpKey":"Your TOTP key",
|
||||
"yourNewTotpKey":"Su nueva llave TOTP, por favor pruébela e ingrese el código",
|
||||
"yourPhone":"Su número telefónico",
|
||||
"yourProfile":"Su perfil",
|
||||
"yourTotpKey":"Su llave TOTP",
|
||||
"yubikey2f":"Yubikey"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -145,6 +145,7 @@
|
|||
<input name="confirmpassword" type="password" class="form-control" trplaceholder="confirmPwd" />
|
||||
</div>
|
||||
|
||||
<TMPL_IF NAME="DISPLAY_GENERATE_PASSWORD">
|
||||
<div class="input-group mb-3">
|
||||
<div class="input-group-prepend">
|
||||
<div class="input-group-text">
|
||||
|
|
@ -155,6 +156,7 @@
|
|||
<label for="reset" id="resetlabel" trspan="generatePwd">Generate the password automatically</label>
|
||||
</p>
|
||||
</div>
|
||||
</TMPL_IF>
|
||||
|
||||
<button type="submit" class="btn btn-success">
|
||||
<span class="fa fa-envelope-open"></span>
|
||||
|
|
|
|||
Loading…
Reference in New Issue