Append Impersonation unrestrictedUsers rule & Update langs (#2207)
This commit is contained in:
parent
9d7e5c61cc
commit
eb65264d5d
|
@ -875,6 +875,12 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
||||||
'checkUserSearchAttributes' => {
|
'checkUserSearchAttributes' => {
|
||||||
'type' => 'text'
|
'type' => 'text'
|
||||||
},
|
},
|
||||||
|
'checkUserUnrestrictedUsersRule' => {
|
||||||
|
'test' => sub {
|
||||||
|
return perlExpr(@_);
|
||||||
|
},
|
||||||
|
'type' => 'text'
|
||||||
|
},
|
||||||
'checkXSS' => {
|
'checkXSS' => {
|
||||||
'default' => 1,
|
'default' => 1,
|
||||||
'type' => 'bool'
|
'type' => 'bool'
|
||||||
|
@ -1029,6 +1035,12 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
||||||
'default' => 1,
|
'default' => 1,
|
||||||
'type' => 'bool'
|
'type' => 'bool'
|
||||||
},
|
},
|
||||||
|
'contextSwitchingUnrestrictedUsersRule' => {
|
||||||
|
'test' => sub {
|
||||||
|
return perlExpr(@_);
|
||||||
|
},
|
||||||
|
'type' => 'text'
|
||||||
|
},
|
||||||
'cookieExpiration' => {
|
'cookieExpiration' => {
|
||||||
'type' => 'int'
|
'type' => 'int'
|
||||||
},
|
},
|
||||||
|
@ -1428,6 +1440,12 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-
|
||||||
'default' => 1,
|
'default' => 1,
|
||||||
'type' => 'bool'
|
'type' => 'bool'
|
||||||
},
|
},
|
||||||
|
'impersonationUnrestrictedUsersRule' => {
|
||||||
|
'test' => sub {
|
||||||
|
return perlExpr(@_);
|
||||||
|
},
|
||||||
|
'type' => 'text'
|
||||||
|
},
|
||||||
'infoFormMethod' => {
|
'infoFormMethod' => {
|
||||||
'default' => 'get',
|
'default' => 'get',
|
||||||
'select' => [ {
|
'select' => [ {
|
||||||
|
|
|
@ -454,6 +454,12 @@ sub attributes {
|
||||||
default => 1,
|
default => 1,
|
||||||
documentation => 'checkUser identities rule',
|
documentation => 'checkUser identities rule',
|
||||||
},
|
},
|
||||||
|
checkUserUnrestrictedUsersRule => {
|
||||||
|
type => 'text',
|
||||||
|
test => sub { return perlExpr(@_) },
|
||||||
|
documentation => 'checkUser unrestricted users rule',
|
||||||
|
flags => 'p',
|
||||||
|
},
|
||||||
checkUserHiddenAttributes => {
|
checkUserHiddenAttributes => {
|
||||||
type => 'text',
|
type => 'text',
|
||||||
default => '_loginHistory _session_id hGroups',
|
default => '_loginHistory _session_id hGroups',
|
||||||
|
@ -526,6 +532,12 @@ sub attributes {
|
||||||
documentation => 'Impersonation identities rule',
|
documentation => 'Impersonation identities rule',
|
||||||
flags => 'p',
|
flags => 'p',
|
||||||
},
|
},
|
||||||
|
impersonationUnrestrictedUsersRule => {
|
||||||
|
type => 'text',
|
||||||
|
test => sub { return perlExpr(@_) },
|
||||||
|
documentation => 'Impersonation unrestricted users rule',
|
||||||
|
flags => 'p',
|
||||||
|
},
|
||||||
impersonationHiddenAttributes => {
|
impersonationHiddenAttributes => {
|
||||||
type => 'text',
|
type => 'text',
|
||||||
default => '_2fDevices _loginHistory',
|
default => '_2fDevices _loginHistory',
|
||||||
|
@ -551,6 +563,12 @@ sub attributes {
|
||||||
documentation => 'Context switching identities rule',
|
documentation => 'Context switching identities rule',
|
||||||
flags => 'p',
|
flags => 'p',
|
||||||
},
|
},
|
||||||
|
contextSwitchingUnrestrictedUsersRule => {
|
||||||
|
type => 'text',
|
||||||
|
test => sub { return perlExpr(@_) },
|
||||||
|
documentation => 'Context switching unrestricted users rule',
|
||||||
|
flags => 'p',
|
||||||
|
},
|
||||||
contextSwitchingStopWithLogout => {
|
contextSwitchingStopWithLogout => {
|
||||||
type => 'bool',
|
type => 'bool',
|
||||||
default => 1,
|
default => 1,
|
||||||
|
|
|
@ -739,6 +739,7 @@ sub tree {
|
||||||
nodes => [
|
nodes => [
|
||||||
'checkUser',
|
'checkUser',
|
||||||
'checkUserIdRule',
|
'checkUserIdRule',
|
||||||
|
'checkUserUnrestrictedUsersRule',
|
||||||
'checkUserHiddenAttributes',
|
'checkUserHiddenAttributes',
|
||||||
'checkUserSearchAttributes',
|
'checkUserSearchAttributes',
|
||||||
'checkUserDisplayEmptyHeaders',
|
'checkUserDisplayEmptyHeaders',
|
||||||
|
@ -753,6 +754,7 @@ sub tree {
|
||||||
nodes => [
|
nodes => [
|
||||||
'impersonationRule',
|
'impersonationRule',
|
||||||
'impersonationIdRule',
|
'impersonationIdRule',
|
||||||
|
'impersonationUnrestrictedUsersRule',
|
||||||
'impersonationHiddenAttributes',
|
'impersonationHiddenAttributes',
|
||||||
'impersonationSkipEmptyValues',
|
'impersonationSkipEmptyValues',
|
||||||
'impersonationMergeSSOgroups',
|
'impersonationMergeSSOgroups',
|
||||||
|
@ -765,6 +767,7 @@ sub tree {
|
||||||
nodes => [
|
nodes => [
|
||||||
'contextSwitchingRule',
|
'contextSwitchingRule',
|
||||||
'contextSwitchingIdRule',
|
'contextSwitchingIdRule',
|
||||||
|
'contextSwitchingUnrestrictedUsersRule',
|
||||||
'contextSwitchingStopWithLogout',
|
'contextSwitchingStopWithLogout',
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|
|
@ -161,6 +161,7 @@
|
||||||
"contextSwitchingIdRule":"Identities use rule",
|
"contextSwitchingIdRule":"Identities use rule",
|
||||||
"contextSwitchingRule":"استخدام القاعدة",
|
"contextSwitchingRule":"استخدام القاعدة",
|
||||||
"contextSwitchingStopWithLogout":"Stop by logout",
|
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||||
|
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"cspConnect":"وجهات أجاكس",
|
"cspConnect":"وجهات أجاكس",
|
||||||
"cspDefault":"القيمة الاعتيادية ",
|
"cspDefault":"القيمة الاعتيادية ",
|
||||||
"cspFont":" مصدر نوع الخط",
|
"cspFont":" مصدر نوع الخط",
|
||||||
|
@ -186,6 +187,7 @@
|
||||||
"checkUsers":"SSO profile Check",
|
"checkUsers":"SSO profile Check",
|
||||||
"checkUser":"تفعيل",
|
"checkUser":"تفعيل",
|
||||||
"checkUserIdRule":"Identities use rule",
|
"checkUserIdRule":"Identities use rule",
|
||||||
|
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"checkUserHiddenAttributes":"السمات المخفية",
|
"checkUserHiddenAttributes":"السمات المخفية",
|
||||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
"checkUserDisplayPersistentInfo":"Display persistent session",
|
||||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||||
|
@ -351,6 +353,7 @@
|
||||||
"impersonationHiddenAttributes":"السمات المخفية",
|
"impersonationHiddenAttributes":"السمات المخفية",
|
||||||
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
||||||
"impersonationSkipEmptyValues":"Skip empty values",
|
"impersonationSkipEmptyValues":"Skip empty values",
|
||||||
|
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"incompleteForm":"الحقول المطلوبة مفقودة",
|
"incompleteForm":"الحقول المطلوبة مفقودة",
|
||||||
"index":"فهرس",
|
"index":"فهرس",
|
||||||
"infoFormMethod":"طريقة للحصول على معلومات الإستمارة",
|
"infoFormMethod":"طريقة للحصول على معلومات الإستمارة",
|
||||||
|
|
|
@ -161,6 +161,7 @@
|
||||||
"contextSwitchingIdRule":"Identities use rule",
|
"contextSwitchingIdRule":"Identities use rule",
|
||||||
"contextSwitchingRule":"Use rule",
|
"contextSwitchingRule":"Use rule",
|
||||||
"contextSwitchingStopWithLogout":"Stop by logout",
|
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||||
|
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"cspConnect":"Ajax destinations",
|
"cspConnect":"Ajax destinations",
|
||||||
"cspDefault":"Default value",
|
"cspDefault":"Default value",
|
||||||
"cspFont":"Font source",
|
"cspFont":"Font source",
|
||||||
|
@ -187,6 +188,7 @@
|
||||||
"checkUser":"Activation",
|
"checkUser":"Activation",
|
||||||
"checkUserIdRule":"Identities use rule",
|
"checkUserIdRule":"Identities use rule",
|
||||||
"checkUserHiddenAttributes":"Hidden attributes",
|
"checkUserHiddenAttributes":"Hidden attributes",
|
||||||
|
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
"checkUserDisplayPersistentInfo":"Display persistent session",
|
||||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||||
"checkUserDisplayEmptyValues":"Display empty values",
|
"checkUserDisplayEmptyValues":"Display empty values",
|
||||||
|
@ -351,6 +353,7 @@
|
||||||
"impersonationHiddenAttributes":"Hidden attributes",
|
"impersonationHiddenAttributes":"Hidden attributes",
|
||||||
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
||||||
"impersonationSkipEmptyValues":"Skip empty values",
|
"impersonationSkipEmptyValues":"Skip empty values",
|
||||||
|
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"incompleteForm":"Required fields are missing",
|
"incompleteForm":"Required fields are missing",
|
||||||
"index":"Index",
|
"index":"Index",
|
||||||
"infoFormMethod":"Method for info form",
|
"infoFormMethod":"Method for info form",
|
||||||
|
|
|
@ -161,6 +161,7 @@
|
||||||
"contextSwitchingIdRule":"Identities use rule",
|
"contextSwitchingIdRule":"Identities use rule",
|
||||||
"contextSwitchingRule":"Use rule",
|
"contextSwitchingRule":"Use rule",
|
||||||
"contextSwitchingStopWithLogout":"Stop by logout",
|
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||||
|
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"cspConnect":"Ajax destinations",
|
"cspConnect":"Ajax destinations",
|
||||||
"cspDefault":"Default value",
|
"cspDefault":"Default value",
|
||||||
"cspFont":"Font source",
|
"cspFont":"Font source",
|
||||||
|
@ -187,6 +188,7 @@
|
||||||
"checkUser":"Activation",
|
"checkUser":"Activation",
|
||||||
"checkUserIdRule":"Identities use rule",
|
"checkUserIdRule":"Identities use rule",
|
||||||
"checkUserHiddenAttributes":"Hidden attributes",
|
"checkUserHiddenAttributes":"Hidden attributes",
|
||||||
|
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
"checkUserDisplayPersistentInfo":"Display persistent session",
|
||||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||||
"checkUserDisplayEmptyValues":"Display empty values",
|
"checkUserDisplayEmptyValues":"Display empty values",
|
||||||
|
@ -351,6 +353,7 @@
|
||||||
"impersonationHiddenAttributes":"Hidden attributes",
|
"impersonationHiddenAttributes":"Hidden attributes",
|
||||||
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
||||||
"impersonationSkipEmptyValues":"Skip empty values",
|
"impersonationSkipEmptyValues":"Skip empty values",
|
||||||
|
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"incompleteForm":"Required fields are missing",
|
"incompleteForm":"Required fields are missing",
|
||||||
"index":"Index",
|
"index":"Index",
|
||||||
"infoFormMethod":"Method for info form",
|
"infoFormMethod":"Method for info form",
|
||||||
|
|
|
@ -161,6 +161,7 @@
|
||||||
"contextSwitchingIdRule":"Règle d'utilisation des identités",
|
"contextSwitchingIdRule":"Règle d'utilisation des identités",
|
||||||
"contextSwitchingRule":"Règle d'utilisation",
|
"contextSwitchingRule":"Règle d'utilisation",
|
||||||
"contextSwitchingStopWithLogout":"Arrêt par déconnexion",
|
"contextSwitchingStopWithLogout":"Arrêt par déconnexion",
|
||||||
|
"contextSwitchingUnrestrictedUsersRule":"Règle des utilisateurs non restreints",
|
||||||
"cspConnect":"Destinations des requêtes AJAX",
|
"cspConnect":"Destinations des requêtes AJAX",
|
||||||
"cspDefault":"Valeur par défaut",
|
"cspDefault":"Valeur par défaut",
|
||||||
"cspFont":"Sources des polices",
|
"cspFont":"Sources des polices",
|
||||||
|
@ -187,6 +188,7 @@
|
||||||
"checkUser":"Activation",
|
"checkUser":"Activation",
|
||||||
"checkUserIdRule":"Règle d'utilisation des identités",
|
"checkUserIdRule":"Règle d'utilisation des identités",
|
||||||
"checkUserHiddenAttributes":"Attributs masqués",
|
"checkUserHiddenAttributes":"Attributs masqués",
|
||||||
|
"checkUserUnrestrictedUsersRule":"Règle des utilisateurs non restreints",
|
||||||
"checkUserDisplayPersistentInfo":"Afficher les données de session persistante",
|
"checkUserDisplayPersistentInfo":"Afficher les données de session persistante",
|
||||||
"checkUserDisplayEmptyHeaders":"Afficher les entêtes nuls",
|
"checkUserDisplayEmptyHeaders":"Afficher les entêtes nuls",
|
||||||
"checkUserDisplayEmptyValues":"Afficher les valeurs nulles",
|
"checkUserDisplayEmptyValues":"Afficher les valeurs nulles",
|
||||||
|
@ -351,6 +353,7 @@
|
||||||
"impersonationHiddenAttributes":"Attributs masqués",
|
"impersonationHiddenAttributes":"Attributs masqués",
|
||||||
"impersonationMergeSSOgroups":"Fusionner les groupes SSO réels et usurpés",
|
"impersonationMergeSSOgroups":"Fusionner les groupes SSO réels et usurpés",
|
||||||
"impersonationSkipEmptyValues":"Ignorer les valeurs nulles",
|
"impersonationSkipEmptyValues":"Ignorer les valeurs nulles",
|
||||||
|
"impersonationUnrestrictedUsersRule":"Règle des utilisateurs non restreints",
|
||||||
"incompleteForm":"Des champs requis manquent",
|
"incompleteForm":"Des champs requis manquent",
|
||||||
"index":"Index",
|
"index":"Index",
|
||||||
"infoFormMethod":"Méthode du formulaire d'information",
|
"infoFormMethod":"Méthode du formulaire d'information",
|
||||||
|
|
|
@ -161,6 +161,7 @@
|
||||||
"contextSwitchingIdRule":"Le identità usano la regola",
|
"contextSwitchingIdRule":"Le identità usano la regola",
|
||||||
"contextSwitchingRule":"Utilizza la regola",
|
"contextSwitchingRule":"Utilizza la regola",
|
||||||
"contextSwitchingStopWithLogout":"Stop by logout",
|
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||||
|
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"cspConnect":"Destinazioni Ajax",
|
"cspConnect":"Destinazioni Ajax",
|
||||||
"cspDefault":"Valore di default",
|
"cspDefault":"Valore di default",
|
||||||
"cspFont":"Origine carattere",
|
"cspFont":"Origine carattere",
|
||||||
|
@ -187,6 +188,7 @@
|
||||||
"checkUser":"Attivazione",
|
"checkUser":"Attivazione",
|
||||||
"checkUserIdRule":"Uso della regola delle identità",
|
"checkUserIdRule":"Uso della regola delle identità",
|
||||||
"checkUserHiddenAttributes":"Attributi nascosti",
|
"checkUserHiddenAttributes":"Attributi nascosti",
|
||||||
|
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"checkUserDisplayPersistentInfo":"Mostra sessione persistente",
|
"checkUserDisplayPersistentInfo":"Mostra sessione persistente",
|
||||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||||
"checkUserDisplayEmptyValues":"Mostra valori vuoti",
|
"checkUserDisplayEmptyValues":"Mostra valori vuoti",
|
||||||
|
@ -351,6 +353,7 @@
|
||||||
"impersonationHiddenAttributes":"Attributi nascosti",
|
"impersonationHiddenAttributes":"Attributi nascosti",
|
||||||
"impersonationMergeSSOgroups":"Unisci gruppi SSO usurpati e reali",
|
"impersonationMergeSSOgroups":"Unisci gruppi SSO usurpati e reali",
|
||||||
"impersonationSkipEmptyValues":"Salta valori vuoti",
|
"impersonationSkipEmptyValues":"Salta valori vuoti",
|
||||||
|
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"incompleteForm":"Mancano campi obbligatori",
|
"incompleteForm":"Mancano campi obbligatori",
|
||||||
"index":"Indice",
|
"index":"Indice",
|
||||||
"infoFormMethod":"Metodo per il modulo informazioni",
|
"infoFormMethod":"Metodo per il modulo informazioni",
|
||||||
|
|
|
@ -161,6 +161,7 @@
|
||||||
"contextSwitchingIdRule":"Reguła korzystania z tożsamości",
|
"contextSwitchingIdRule":"Reguła korzystania z tożsamości",
|
||||||
"contextSwitchingRule":"Użyj reguły",
|
"contextSwitchingRule":"Użyj reguły",
|
||||||
"contextSwitchingStopWithLogout":"Zatrzymaj przez wylogowanie",
|
"contextSwitchingStopWithLogout":"Zatrzymaj przez wylogowanie",
|
||||||
|
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"cspConnect":"Miejsca docelowe Ajax",
|
"cspConnect":"Miejsca docelowe Ajax",
|
||||||
"cspDefault":"Domyślna wartość",
|
"cspDefault":"Domyślna wartość",
|
||||||
"cspFont":"Źródło czcionek",
|
"cspFont":"Źródło czcionek",
|
||||||
|
@ -187,6 +188,7 @@
|
||||||
"checkUser":"Aktywacja",
|
"checkUser":"Aktywacja",
|
||||||
"checkUserIdRule":"Reguła korzystania z tożsamości",
|
"checkUserIdRule":"Reguła korzystania z tożsamości",
|
||||||
"checkUserHiddenAttributes":"Ukryte atrybuty",
|
"checkUserHiddenAttributes":"Ukryte atrybuty",
|
||||||
|
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"checkUserDisplayPersistentInfo":"Wyświetl trwałą sesję",
|
"checkUserDisplayPersistentInfo":"Wyświetl trwałą sesję",
|
||||||
"checkUserDisplayEmptyHeaders":"Wyświetl puste nagłówki",
|
"checkUserDisplayEmptyHeaders":"Wyświetl puste nagłówki",
|
||||||
"checkUserDisplayEmptyValues":"Wyświetl puste wartości",
|
"checkUserDisplayEmptyValues":"Wyświetl puste wartości",
|
||||||
|
@ -351,6 +353,7 @@
|
||||||
"impersonationHiddenAttributes":"Ukryte atrybuty",
|
"impersonationHiddenAttributes":"Ukryte atrybuty",
|
||||||
"impersonationMergeSSOgroups":"Scal sfałszowane i prawdziwe grupy jednokrotnego logowania",
|
"impersonationMergeSSOgroups":"Scal sfałszowane i prawdziwe grupy jednokrotnego logowania",
|
||||||
"impersonationSkipEmptyValues":"Pomiń puste wartości",
|
"impersonationSkipEmptyValues":"Pomiń puste wartości",
|
||||||
|
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"incompleteForm":"Brak wymaganych pól",
|
"incompleteForm":"Brak wymaganych pól",
|
||||||
"index":"Indeks",
|
"index":"Indeks",
|
||||||
"infoFormMethod":"Metoda formularza informacyjnego",
|
"infoFormMethod":"Metoda formularza informacyjnego",
|
||||||
|
|
|
@ -161,6 +161,7 @@
|
||||||
"contextSwitchingIdRule":"Kimlik kullanım kuralı",
|
"contextSwitchingIdRule":"Kimlik kullanım kuralı",
|
||||||
"contextSwitchingRule":"Kuralı kullan",
|
"contextSwitchingRule":"Kuralı kullan",
|
||||||
"contextSwitchingStopWithLogout":"Çıkış yapmayı durdur",
|
"contextSwitchingStopWithLogout":"Çıkış yapmayı durdur",
|
||||||
|
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"cspConnect":"Ajax hedefleri",
|
"cspConnect":"Ajax hedefleri",
|
||||||
"cspDefault":"Varsayılan değer",
|
"cspDefault":"Varsayılan değer",
|
||||||
"cspFont":"Font kaynağı",
|
"cspFont":"Font kaynağı",
|
||||||
|
@ -187,6 +188,7 @@
|
||||||
"checkUser":"Aktivasyon",
|
"checkUser":"Aktivasyon",
|
||||||
"checkUserIdRule":"Kimlik kullanım kuralı",
|
"checkUserIdRule":"Kimlik kullanım kuralı",
|
||||||
"checkUserHiddenAttributes":"Gizli nitelikler",
|
"checkUserHiddenAttributes":"Gizli nitelikler",
|
||||||
|
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"checkUserDisplayPersistentInfo":"Kalıcı oturumu görüntüle",
|
"checkUserDisplayPersistentInfo":"Kalıcı oturumu görüntüle",
|
||||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||||
"checkUserDisplayEmptyValues":"Boş değerleri görüntüle",
|
"checkUserDisplayEmptyValues":"Boş değerleri görüntüle",
|
||||||
|
@ -351,6 +353,7 @@
|
||||||
"impersonationHiddenAttributes":"Gizli nitelikler",
|
"impersonationHiddenAttributes":"Gizli nitelikler",
|
||||||
"impersonationMergeSSOgroups":"Sahte ve gerçek TOA gruplarını birleştir",
|
"impersonationMergeSSOgroups":"Sahte ve gerçek TOA gruplarını birleştir",
|
||||||
"impersonationSkipEmptyValues":"Boş değerleri geç",
|
"impersonationSkipEmptyValues":"Boş değerleri geç",
|
||||||
|
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"incompleteForm":"Gerekli alanlar eksik",
|
"incompleteForm":"Gerekli alanlar eksik",
|
||||||
"index":"Dizin",
|
"index":"Dizin",
|
||||||
"infoFormMethod":"Bilgi formu için metot",
|
"infoFormMethod":"Bilgi formu için metot",
|
||||||
|
|
|
@ -161,6 +161,7 @@
|
||||||
"contextSwitchingIdRule":"Identities use rule",
|
"contextSwitchingIdRule":"Identities use rule",
|
||||||
"contextSwitchingRule":"Quy tắc sử dụng",
|
"contextSwitchingRule":"Quy tắc sử dụng",
|
||||||
"contextSwitchingStopWithLogout":"Stop by logout",
|
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||||
|
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"cspConnect":"Đích cúa Ajax",
|
"cspConnect":"Đích cúa Ajax",
|
||||||
"cspDefault":"Giá trị mặc định",
|
"cspDefault":"Giá trị mặc định",
|
||||||
"cspFont":"Nguồn phông chữ",
|
"cspFont":"Nguồn phông chữ",
|
||||||
|
@ -187,6 +188,7 @@
|
||||||
"checkUser":"Kích hoạt",
|
"checkUser":"Kích hoạt",
|
||||||
"checkUserIdRule":"Identities use rule",
|
"checkUserIdRule":"Identities use rule",
|
||||||
"checkUserHiddenAttributes":"Thuộc tính ẩn",
|
"checkUserHiddenAttributes":"Thuộc tính ẩn",
|
||||||
|
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
"checkUserDisplayPersistentInfo":"Display persistent session",
|
||||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||||
"checkUserDisplayEmptyValues":"Display empty values",
|
"checkUserDisplayEmptyValues":"Display empty values",
|
||||||
|
@ -351,6 +353,7 @@
|
||||||
"impersonationHiddenAttributes":"Thuộc tính ẩn",
|
"impersonationHiddenAttributes":"Thuộc tính ẩn",
|
||||||
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
||||||
"impersonationSkipEmptyValues":"Skip empty values",
|
"impersonationSkipEmptyValues":"Skip empty values",
|
||||||
|
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"incompleteForm":"Các trường bắt buộc bị thiếu",
|
"incompleteForm":"Các trường bắt buộc bị thiếu",
|
||||||
"index":"Chỉ mục",
|
"index":"Chỉ mục",
|
||||||
"infoFormMethod":"Phương pháp cho mẫu thông tin",
|
"infoFormMethod":"Phương pháp cho mẫu thông tin",
|
||||||
|
|
|
@ -161,6 +161,7 @@
|
||||||
"contextSwitchingIdRule":"Identities use rule",
|
"contextSwitchingIdRule":"Identities use rule",
|
||||||
"contextSwitchingRule":"Use rule",
|
"contextSwitchingRule":"Use rule",
|
||||||
"contextSwitchingStopWithLogout":"Stop by logout",
|
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||||
|
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"cspConnect":"Ajax destinations",
|
"cspConnect":"Ajax destinations",
|
||||||
"cspDefault":"Default value",
|
"cspDefault":"Default value",
|
||||||
"cspFont":"字体源",
|
"cspFont":"字体源",
|
||||||
|
@ -187,6 +188,7 @@
|
||||||
"checkUser":"激活",
|
"checkUser":"激活",
|
||||||
"checkUserIdRule":"Identities use rule",
|
"checkUserIdRule":"Identities use rule",
|
||||||
"checkUserHiddenAttributes":"Hidden attributes",
|
"checkUserHiddenAttributes":"Hidden attributes",
|
||||||
|
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
"checkUserDisplayPersistentInfo":"Display persistent session",
|
||||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||||
"checkUserDisplayEmptyValues":"Display empty values",
|
"checkUserDisplayEmptyValues":"Display empty values",
|
||||||
|
@ -351,6 +353,7 @@
|
||||||
"impersonationHiddenAttributes":"Hidden attributes",
|
"impersonationHiddenAttributes":"Hidden attributes",
|
||||||
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
||||||
"impersonationSkipEmptyValues":"Skip empty values",
|
"impersonationSkipEmptyValues":"Skip empty values",
|
||||||
|
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
|
||||||
"incompleteForm":"Required fields are missing",
|
"incompleteForm":"Required fields are missing",
|
||||||
"index":"Index",
|
"index":"Index",
|
||||||
"infoFormMethod":"Method for info form",
|
"infoFormMethod":"Method for info form",
|
||||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -5,16 +5,24 @@ use Mouse;
|
||||||
use Lemonldap::NG::Portal::Main::Constants
|
use Lemonldap::NG::Portal::Main::Constants
|
||||||
qw( PE_OK PE_BADCREDENTIALS PE_IMPERSONATION_SERVICE_NOT_ALLOWED PE_MALFORMEDUSER );
|
qw( PE_OK PE_BADCREDENTIALS PE_IMPERSONATION_SERVICE_NOT_ALLOWED PE_MALFORMEDUSER );
|
||||||
|
|
||||||
our $VERSION = '2.0.8';
|
our $VERSION = '2.0.9';
|
||||||
|
|
||||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
extends 'Lemonldap::NG::Portal::Main::Plugin',
|
||||||
|
'Lemonldap::NG::Portal::Lib::_tokenRule';
|
||||||
|
|
||||||
# INITIALIZATION
|
# INITIALIZATION
|
||||||
|
|
||||||
use constant afterData => 'run';
|
use constant afterData => 'run';
|
||||||
|
|
||||||
has rule => ( is => 'rw', default => sub { 1 } );
|
has rule => ( is => 'rw', default => sub { 1 } );
|
||||||
has idRule => ( is => 'rw', default => sub { 1 } );
|
has idRule => ( is => 'rw', default => sub { 1 } );
|
||||||
|
has unrestrictedUsersRule => ( is => 'rw', default => sub { 0 } );
|
||||||
|
|
||||||
|
# Form timeout token generator (used if requireToken is set)
|
||||||
|
has ott => ( is => 'rw' );
|
||||||
|
|
||||||
|
# Captcha generator
|
||||||
|
has captcha => ( is => 'rw' );
|
||||||
|
|
||||||
sub hAttr {
|
sub hAttr {
|
||||||
$_[0]->{conf}->{impersonationHiddenAttributes} . ' '
|
$_[0]->{conf}->{impersonationHiddenAttributes} . ' '
|
||||||
|
@ -40,6 +48,25 @@ sub init {
|
||||||
);
|
);
|
||||||
return 0 unless $self->idRule;
|
return 0 unless $self->idRule;
|
||||||
|
|
||||||
|
$self->unrestrictedUsersRule(
|
||||||
|
$self->p->buildRule(
|
||||||
|
$self->conf->{impersonationUnrestrictedUsersRule},
|
||||||
|
'impersonationUnrestrictedUsers'
|
||||||
|
)
|
||||||
|
);
|
||||||
|
return 0 unless $self->unrestrictedUsersRule;
|
||||||
|
|
||||||
|
# Initialize Captcha if needed
|
||||||
|
if ( $self->{conf}->{captcha_login_enabled} ) {
|
||||||
|
$self->captcha( $self->p->loadModule('::Lib::Captcha') ) or return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Initialize form token if needed (captcha provides also a token)
|
||||||
|
else {
|
||||||
|
$self->ott( $self->p->loadModule('::Lib::OneTimeToken') ) or return 0;
|
||||||
|
$self->ott->timeout( $self->conf->{formTimeout} );
|
||||||
|
}
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -53,6 +80,7 @@ sub run {
|
||||||
PE_OK; # Skip Impersonation if error during Auth process
|
PE_OK; # Skip Impersonation if error during Auth process
|
||||||
|
|
||||||
my $statut = PE_OK;
|
my $statut = PE_OK;
|
||||||
|
my $unUser = 0;
|
||||||
my $loginHistory =
|
my $loginHistory =
|
||||||
$req->{sessionInfo}->{_loginHistory}; # Store login history
|
$req->{sessionInfo}->{_loginHistory}; # Store login history
|
||||||
$req->{user} ||= $req->{sessionInfo}->{_impUser}; # If 2FA is enabled
|
$req->{user} ||= $req->{sessionInfo}->{_impUser}; # If 2FA is enabled
|
||||||
|
@ -70,7 +98,7 @@ sub run {
|
||||||
$statut = PE_MALFORMEDUSER;
|
$statut = PE_MALFORMEDUSER;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check activation rule
|
# Check activation & unrestrictedUsers rules
|
||||||
if ( $spoofId ne $req->{user} ) {
|
if ( $spoofId ne $req->{user} ) {
|
||||||
$self->logger->debug("Spoof Id: $spoofId / Real Id: $req->{user}");
|
$self->logger->debug("Spoof Id: $spoofId / Real Id: $req->{user}");
|
||||||
unless ( $self->rule->( $req, $req->sessionInfo ) ) {
|
unless ( $self->rule->( $req, $req->sessionInfo ) ) {
|
||||||
|
@ -78,6 +106,7 @@ sub run {
|
||||||
$spoofId = $req->{user};
|
$spoofId = $req->{user};
|
||||||
$statut = PE_IMPERSONATION_SERVICE_NOT_ALLOWED;
|
$statut = PE_IMPERSONATION_SERVICE_NOT_ALLOWED;
|
||||||
}
|
}
|
||||||
|
$unUser = $self->unrestrictedUsersRule->( $req, $req->sessionInfo );
|
||||||
}
|
}
|
||||||
|
|
||||||
# Fill spoof session
|
# Fill spoof session
|
||||||
|
@ -98,8 +127,9 @@ sub run {
|
||||||
delete $req->{sessionInfo}->{$k};
|
delete $req->{sessionInfo}->{$k};
|
||||||
}
|
}
|
||||||
|
|
||||||
$spoofSession = $self->_userData( $req, $spoofId, $realSession );
|
$spoofSession = $self->_userData( $req, $spoofId, $realSession, $unUser );
|
||||||
if ( $req->error ) {
|
if ( $req->error ) {
|
||||||
|
$self->setSecurity($req);
|
||||||
if ( $req->error == PE_BADCREDENTIALS ) {
|
if ( $req->error == PE_BADCREDENTIALS ) {
|
||||||
$statut = PE_BADCREDENTIALS;
|
$statut = PE_BADCREDENTIALS;
|
||||||
}
|
}
|
||||||
|
@ -168,8 +198,9 @@ sub run {
|
||||||
}
|
}
|
||||||
|
|
||||||
sub _userData {
|
sub _userData {
|
||||||
my ( $self, $req, $spoofId, $realSession ) = @_;
|
my ( $self, $req, $spoofId, $realSession, $unUser ) = @_;
|
||||||
my $realId = $req->{user};
|
my $realId = $req->{user};
|
||||||
|
$self->logger->info("$realId is an unrestricted user!") if $unUser;
|
||||||
$req->{user} = $spoofId;
|
$req->{user} = $spoofId;
|
||||||
my $raz = 0;
|
my $raz = 0;
|
||||||
|
|
||||||
|
@ -195,7 +226,7 @@ sub _userData {
|
||||||
|
|
||||||
# Check identity rule if Impersonation required
|
# Check identity rule if Impersonation required
|
||||||
if ( $realId ne $spoofId ) {
|
if ( $realId ne $spoofId ) {
|
||||||
unless ( $self->idRule->( $req, $req->sessionInfo ) ) {
|
unless ( $unUser || $self->idRule->( $req, $req->sessionInfo ) ) {
|
||||||
$self->userLogger->warn(
|
$self->userLogger->warn(
|
||||||
'Impersonation requested for an unvalid user ('
|
'Impersonation requested for an unvalid user ('
|
||||||
. $req->{user}
|
. $req->{user}
|
||||||
|
@ -215,7 +246,7 @@ sub _userData {
|
||||||
$self->p->groupsAndMacros, 'setLocalGroups'
|
$self->p->groupsAndMacros, 'setLocalGroups'
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
$self->logger->debug('Spoof session equal real session');
|
$self->logger->debug('Reset Impersonation process');
|
||||||
$req->error(PE_BADCREDENTIALS);
|
$req->error(PE_BADCREDENTIALS);
|
||||||
if ( my $error = $self->p->process($req) ) {
|
if ( my $error = $self->p->process($req) ) {
|
||||||
$self->logger->debug("Process returned error: $error");
|
$self->logger->debug("Process returned error: $error");
|
||||||
|
@ -238,4 +269,14 @@ sub _userData {
|
||||||
return $req->{sessionInfo};
|
return $req->{sessionInfo};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub setSecurity {
|
||||||
|
my ( $self, $req ) = @_;
|
||||||
|
if ( $self->captcha ) {
|
||||||
|
$self->captcha->setCaptcha($req);
|
||||||
|
}
|
||||||
|
elsif ( $self->ottRule->( $req, {} ) ) {
|
||||||
|
$self->ott->setToken($req);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user