dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Append Impersonation unrestrictedUsers rule & Update langs (#2207)

Browse Source
This commit is contained in:
Christophe Maudoux 2020-05-19 23:33:07 +02:00
parent 9d7e5c61cc
commit eb65264d5d
15 changed files with 118 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
View File

@ -875,6 +875,12 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'checkUserSearchAttributes' => { 'checkUserSearchAttributes' => {
'type' => 'text' 'type' => 'text'
}, },
'checkUserUnrestrictedUsersRule' => {
'test' => sub {
return perlExpr(@_);
},
'type' => 'text'
},
'checkXSS' => { 'checkXSS' => {
'default' => 1, 'default' => 1,
'type' => 'bool' 'type' => 'bool'
@ -1029,6 +1035,12 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 1, 'default' => 1,
'type' => 'bool' 'type' => 'bool'
}, },
'contextSwitchingUnrestrictedUsersRule' => {
'test' => sub {
return perlExpr(@_);
},
'type' => 'text'
},
'cookieExpiration' => { 'cookieExpiration' => {
'type' => 'int' 'type' => 'int'
}, },
@ -1428,6 +1440,12 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-
'default' => 1, 'default' => 1,
'type' => 'bool' 'type' => 'bool'
}, },
'impersonationUnrestrictedUsersRule' => {
'test' => sub {
return perlExpr(@_);
},
'type' => 'text'
},
'infoFormMethod' => { 'infoFormMethod' => {
'default' => 'get', 'default' => 'get',
'select' => [ { 'select' => [ {

18
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
View File

@ -454,6 +454,12 @@ sub attributes {
default => 1, default => 1,
documentation => 'checkUser identities rule', documentation => 'checkUser identities rule',
}, },
checkUserUnrestrictedUsersRule => {
type => 'text',
test => sub { return perlExpr(@_) },
documentation => 'checkUser unrestricted users rule',
flags => 'p',
},
checkUserHiddenAttributes => { checkUserHiddenAttributes => {
type => 'text', type => 'text',
default => '_loginHistory _session_id hGroups', default => '_loginHistory _session_id hGroups',
@ -526,6 +532,12 @@ sub attributes {
documentation => 'Impersonation identities rule', documentation => 'Impersonation identities rule',
flags => 'p', flags => 'p',
}, },
impersonationUnrestrictedUsersRule => {
type => 'text',
test => sub { return perlExpr(@_) },
documentation => 'Impersonation unrestricted users rule',
flags => 'p',
},
impersonationHiddenAttributes => { impersonationHiddenAttributes => {
type => 'text', type => 'text',
default => '_2fDevices _loginHistory', default => '_2fDevices _loginHistory',
@ -551,6 +563,12 @@ sub attributes {
documentation => 'Context switching identities rule', documentation => 'Context switching identities rule',
flags => 'p', flags => 'p',
}, },
contextSwitchingUnrestrictedUsersRule => {
type => 'text',
test => sub { return perlExpr(@_) },
documentation => 'Context switching unrestricted users rule',
flags => 'p',
},
contextSwitchingStopWithLogout => { contextSwitchingStopWithLogout => {
type => 'bool', type => 'bool',
default => 1, default => 1,

3
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
View File

@ -739,6 +739,7 @@ sub tree {
nodes => [ nodes => [
'checkUser', 'checkUser',
'checkUserIdRule', 'checkUserIdRule',
'checkUserUnrestrictedUsersRule',
'checkUserHiddenAttributes', 'checkUserHiddenAttributes',
'checkUserSearchAttributes', 'checkUserSearchAttributes',
'checkUserDisplayEmptyHeaders', 'checkUserDisplayEmptyHeaders',
@ -753,6 +754,7 @@ sub tree {
nodes => [ nodes => [
'impersonationRule', 'impersonationRule',
'impersonationIdRule', 'impersonationIdRule',
'impersonationUnrestrictedUsersRule',
'impersonationHiddenAttributes', 'impersonationHiddenAttributes',
'impersonationSkipEmptyValues', 'impersonationSkipEmptyValues',
'impersonationMergeSSOgroups', 'impersonationMergeSSOgroups',
@ -765,6 +767,7 @@ sub tree {
nodes => [ nodes => [
'contextSwitchingRule', 'contextSwitchingRule',
'contextSwitchingIdRule', 'contextSwitchingIdRule',
'contextSwitchingUnrestrictedUsersRule',
'contextSwitchingStopWithLogout', 'contextSwitchingStopWithLogout',
] ]
}, },

3
lemonldap-ng-manager/site/htdocs/static/languages/ar.json
View File

@ -161,6 +161,7 @@
"contextSwitchingIdRule":"Identities use rule", "contextSwitchingIdRule":"Identities use rule",
"contextSwitchingRule":"استخدام القاعدة", "contextSwitchingRule":"استخدام القاعدة",
"contextSwitchingStopWithLogout":"Stop by logout", "contextSwitchingStopWithLogout":"Stop by logout",
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
"cspConnect":"وجهات أجاكس", "cspConnect":"وجهات أجاكس",
"cspDefault":"القيمة الاعتيادية ", "cspDefault":"القيمة الاعتيادية ",
"cspFont":" مصدر نوع الخط", "cspFont":" مصدر نوع الخط",
@ -186,6 +187,7 @@
"checkUsers":"SSO profile Check", "checkUsers":"SSO profile Check",
"checkUser":"تفعيل", "checkUser":"تفعيل",
"checkUserIdRule":"Identities use rule", "checkUserIdRule":"Identities use rule",
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
"checkUserHiddenAttributes":"السمات المخفية", "checkUserHiddenAttributes":"السمات المخفية",
"checkUserDisplayPersistentInfo":"Display persistent session", "checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyHeaders":"Display empty headers", "checkUserDisplayEmptyHeaders":"Display empty headers",
@ -351,6 +353,7 @@
"impersonationHiddenAttributes":"السمات المخفية", "impersonationHiddenAttributes":"السمات المخفية",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups", "impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationSkipEmptyValues":"Skip empty values", "impersonationSkipEmptyValues":"Skip empty values",
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
"incompleteForm":"الحقول المطلوبة مفقودة", "incompleteForm":"الحقول المطلوبة مفقودة",
"index":"فهرس", "index":"فهرس",
"infoFormMethod":"طريقة للحصول على معلومات الإستمارة", "infoFormMethod":"طريقة للحصول على معلومات الإستمارة",

3
lemonldap-ng-manager/site/htdocs/static/languages/de.json
View File

@ -161,6 +161,7 @@
"contextSwitchingIdRule":"Identities use rule", "contextSwitchingIdRule":"Identities use rule",
"contextSwitchingRule":"Use rule", "contextSwitchingRule":"Use rule",
"contextSwitchingStopWithLogout":"Stop by logout", "contextSwitchingStopWithLogout":"Stop by logout",
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
"cspConnect":"Ajax destinations", "cspConnect":"Ajax destinations",
"cspDefault":"Default value", "cspDefault":"Default value",
"cspFont":"Font source", "cspFont":"Font source",
@ -187,6 +188,7 @@
"checkUser":"Activation", "checkUser":"Activation",
"checkUserIdRule":"Identities use rule", "checkUserIdRule":"Identities use rule",
"checkUserHiddenAttributes":"Hidden attributes", "checkUserHiddenAttributes":"Hidden attributes",
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
"checkUserDisplayPersistentInfo":"Display persistent session", "checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyHeaders":"Display empty headers", "checkUserDisplayEmptyHeaders":"Display empty headers",
"checkUserDisplayEmptyValues":"Display empty values", "checkUserDisplayEmptyValues":"Display empty values",
@ -351,6 +353,7 @@
"impersonationHiddenAttributes":"Hidden attributes", "impersonationHiddenAttributes":"Hidden attributes",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups", "impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationSkipEmptyValues":"Skip empty values", "impersonationSkipEmptyValues":"Skip empty values",
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
"incompleteForm":"Required fields are missing", "incompleteForm":"Required fields are missing",
"index":"Index", "index":"Index",
"infoFormMethod":"Method for info form", "infoFormMethod":"Method for info form",

3
lemonldap-ng-manager/site/htdocs/static/languages/en.json
View File

@ -161,6 +161,7 @@
"contextSwitchingIdRule":"Identities use rule", "contextSwitchingIdRule":"Identities use rule",
"contextSwitchingRule":"Use rule", "contextSwitchingRule":"Use rule",
"contextSwitchingStopWithLogout":"Stop by logout", "contextSwitchingStopWithLogout":"Stop by logout",
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
"cspConnect":"Ajax destinations", "cspConnect":"Ajax destinations",
"cspDefault":"Default value", "cspDefault":"Default value",
"cspFont":"Font source", "cspFont":"Font source",
@ -187,6 +188,7 @@
"checkUser":"Activation", "checkUser":"Activation",
"checkUserIdRule":"Identities use rule", "checkUserIdRule":"Identities use rule",
"checkUserHiddenAttributes":"Hidden attributes", "checkUserHiddenAttributes":"Hidden attributes",
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
"checkUserDisplayPersistentInfo":"Display persistent session", "checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyHeaders":"Display empty headers", "checkUserDisplayEmptyHeaders":"Display empty headers",
"checkUserDisplayEmptyValues":"Display empty values", "checkUserDisplayEmptyValues":"Display empty values",
@ -351,6 +353,7 @@
"impersonationHiddenAttributes":"Hidden attributes", "impersonationHiddenAttributes":"Hidden attributes",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups", "impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationSkipEmptyValues":"Skip empty values", "impersonationSkipEmptyValues":"Skip empty values",
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
"incompleteForm":"Required fields are missing", "incompleteForm":"Required fields are missing",
"index":"Index", "index":"Index",
"infoFormMethod":"Method for info form", "infoFormMethod":"Method for info form",

3
lemonldap-ng-manager/site/htdocs/static/languages/fr.json
View File

@ -161,6 +161,7 @@
"contextSwitchingIdRule":"Règle d'utilisation des identités", "contextSwitchingIdRule":"Règle d'utilisation des identités",
"contextSwitchingRule":"Règle d'utilisation", "contextSwitchingRule":"Règle d'utilisation",
"contextSwitchingStopWithLogout":"Arrêt par déconnexion", "contextSwitchingStopWithLogout":"Arrêt par déconnexion",
"contextSwitchingUnrestrictedUsersRule":"Règle des utilisateurs non restreints",
"cspConnect":"Destinations des requêtes AJAX", "cspConnect":"Destinations des requêtes AJAX",
"cspDefault":"Valeur par défaut", "cspDefault":"Valeur par défaut",
"cspFont":"Sources des polices", "cspFont":"Sources des polices",
@ -187,6 +188,7 @@
"checkUser":"Activation", "checkUser":"Activation",
"checkUserIdRule":"Règle d'utilisation des identités", "checkUserIdRule":"Règle d'utilisation des identités",
"checkUserHiddenAttributes":"Attributs masqués", "checkUserHiddenAttributes":"Attributs masqués",
"checkUserUnrestrictedUsersRule":"Règle des utilisateurs non restreints",
"checkUserDisplayPersistentInfo":"Afficher les données de session persistante", "checkUserDisplayPersistentInfo":"Afficher les données de session persistante",
"checkUserDisplayEmptyHeaders":"Afficher les entêtes nuls", "checkUserDisplayEmptyHeaders":"Afficher les entêtes nuls",
"checkUserDisplayEmptyValues":"Afficher les valeurs nulles", "checkUserDisplayEmptyValues":"Afficher les valeurs nulles",
@ -351,6 +353,7 @@
"impersonationHiddenAttributes":"Attributs masqués", "impersonationHiddenAttributes":"Attributs masqués",
"impersonationMergeSSOgroups":"Fusionner les groupes SSO réels et usurpés", "impersonationMergeSSOgroups":"Fusionner les groupes SSO réels et usurpés",
"impersonationSkipEmptyValues":"Ignorer les valeurs nulles", "impersonationSkipEmptyValues":"Ignorer les valeurs nulles",
"impersonationUnrestrictedUsersRule":"Règle des utilisateurs non restreints",
"incompleteForm":"Des champs requis manquent", "incompleteForm":"Des champs requis manquent",
"index":"Index", "index":"Index",
"infoFormMethod":"Méthode du formulaire d'information", "infoFormMethod":"Méthode du formulaire d'information",

3
lemonldap-ng-manager/site/htdocs/static/languages/it.json
View File

@ -161,6 +161,7 @@
"contextSwitchingIdRule":"Le identità usano la regola", "contextSwitchingIdRule":"Le identità usano la regola",
"contextSwitchingRule":"Utilizza la regola", "contextSwitchingRule":"Utilizza la regola",
"contextSwitchingStopWithLogout":"Stop by logout", "contextSwitchingStopWithLogout":"Stop by logout",
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
"cspConnect":"Destinazioni Ajax", "cspConnect":"Destinazioni Ajax",
"cspDefault":"Valore di default", "cspDefault":"Valore di default",
"cspFont":"Origine carattere", "cspFont":"Origine carattere",
@ -187,6 +188,7 @@
"checkUser":"Attivazione", "checkUser":"Attivazione",
"checkUserIdRule":"Uso della regola delle identità", "checkUserIdRule":"Uso della regola delle identità",
"checkUserHiddenAttributes":"Attributi nascosti", "checkUserHiddenAttributes":"Attributi nascosti",
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
"checkUserDisplayPersistentInfo":"Mostra sessione persistente", "checkUserDisplayPersistentInfo":"Mostra sessione persistente",
"checkUserDisplayEmptyHeaders":"Display empty headers", "checkUserDisplayEmptyHeaders":"Display empty headers",
"checkUserDisplayEmptyValues":"Mostra valori vuoti", "checkUserDisplayEmptyValues":"Mostra valori vuoti",
@ -351,6 +353,7 @@
"impersonationHiddenAttributes":"Attributi nascosti", "impersonationHiddenAttributes":"Attributi nascosti",
"impersonationMergeSSOgroups":"Unisci gruppi SSO usurpati e reali", "impersonationMergeSSOgroups":"Unisci gruppi SSO usurpati e reali",
"impersonationSkipEmptyValues":"Salta valori vuoti", "impersonationSkipEmptyValues":"Salta valori vuoti",
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
"incompleteForm":"Mancano campi obbligatori", "incompleteForm":"Mancano campi obbligatori",
"index":"Indice", "index":"Indice",
"infoFormMethod":"Metodo per il modulo informazioni", "infoFormMethod":"Metodo per il modulo informazioni",

3
lemonldap-ng-manager/site/htdocs/static/languages/pl.json
View File

@ -161,6 +161,7 @@
"contextSwitchingIdRule":"Reguła korzystania z tożsamości", "contextSwitchingIdRule":"Reguła korzystania z tożsamości",
"contextSwitchingRule":"Użyj reguły", "contextSwitchingRule":"Użyj reguły",
"contextSwitchingStopWithLogout":"Zatrzymaj przez wylogowanie", "contextSwitchingStopWithLogout":"Zatrzymaj przez wylogowanie",
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
"cspConnect":"Miejsca docelowe Ajax", "cspConnect":"Miejsca docelowe Ajax",
"cspDefault":"Domyślna wartość", "cspDefault":"Domyślna wartość",
"cspFont":"Źródło czcionek", "cspFont":"Źródło czcionek",
@ -187,6 +188,7 @@
"checkUser":"Aktywacja", "checkUser":"Aktywacja",
"checkUserIdRule":"Reguła korzystania z tożsamości", "checkUserIdRule":"Reguła korzystania z tożsamości",
"checkUserHiddenAttributes":"Ukryte atrybuty", "checkUserHiddenAttributes":"Ukryte atrybuty",
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
"checkUserDisplayPersistentInfo":"Wyświetl trwałą sesję", "checkUserDisplayPersistentInfo":"Wyświetl trwałą sesję",
"checkUserDisplayEmptyHeaders":"Wyświetl puste nagłówki", "checkUserDisplayEmptyHeaders":"Wyświetl puste nagłówki",
"checkUserDisplayEmptyValues":"Wyświetl puste wartości", "checkUserDisplayEmptyValues":"Wyświetl puste wartości",
@ -351,6 +353,7 @@
"impersonationHiddenAttributes":"Ukryte atrybuty", "impersonationHiddenAttributes":"Ukryte atrybuty",
"impersonationMergeSSOgroups":"Scal sfałszowane i prawdziwe grupy jednokrotnego logowania", "impersonationMergeSSOgroups":"Scal sfałszowane i prawdziwe grupy jednokrotnego logowania",
"impersonationSkipEmptyValues":"Pomiń puste wartości", "impersonationSkipEmptyValues":"Pomiń puste wartości",
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
"incompleteForm":"Brak wymaganych pól", "incompleteForm":"Brak wymaganych pól",
"index":"Indeks", "index":"Indeks",
"infoFormMethod":"Metoda formularza informacyjnego", "infoFormMethod":"Metoda formularza informacyjnego",

3
lemonldap-ng-manager/site/htdocs/static/languages/tr.json
View File

@ -161,6 +161,7 @@
"contextSwitchingIdRule":"Kimlik kullanım kuralı", "contextSwitchingIdRule":"Kimlik kullanım kuralı",
"contextSwitchingRule":"Kuralı kullan", "contextSwitchingRule":"Kuralı kullan",
"contextSwitchingStopWithLogout":ıkış yapmayı durdur", "contextSwitchingStopWithLogout":ıkış yapmayı durdur",
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
"cspConnect":"Ajax hedefleri", "cspConnect":"Ajax hedefleri",
"cspDefault":"Varsayılan değer", "cspDefault":"Varsayılan değer",
"cspFont":"Font kaynağı", "cspFont":"Font kaynağı",
@ -187,6 +188,7 @@
"checkUser":"Aktivasyon", "checkUser":"Aktivasyon",
"checkUserIdRule":"Kimlik kullanım kuralı", "checkUserIdRule":"Kimlik kullanım kuralı",
"checkUserHiddenAttributes":"Gizli nitelikler", "checkUserHiddenAttributes":"Gizli nitelikler",
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
"checkUserDisplayPersistentInfo":"Kalıcı oturumu görüntüle", "checkUserDisplayPersistentInfo":"Kalıcı oturumu görüntüle",
"checkUserDisplayEmptyHeaders":"Display empty headers", "checkUserDisplayEmptyHeaders":"Display empty headers",
"checkUserDisplayEmptyValues":"Boş değerleri görüntüle", "checkUserDisplayEmptyValues":"Boş değerleri görüntüle",
@ -351,6 +353,7 @@
"impersonationHiddenAttributes":"Gizli nitelikler", "impersonationHiddenAttributes":"Gizli nitelikler",
"impersonationMergeSSOgroups":"Sahte ve gerçek TOA gruplarını birleştir", "impersonationMergeSSOgroups":"Sahte ve gerçek TOA gruplarını birleştir",
"impersonationSkipEmptyValues":"Boş değerleri geç", "impersonationSkipEmptyValues":"Boş değerleri geç",
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
"incompleteForm":"Gerekli alanlar eksik", "incompleteForm":"Gerekli alanlar eksik",
"index":"Dizin", "index":"Dizin",
"infoFormMethod":"Bilgi formu için metot", "infoFormMethod":"Bilgi formu için metot",

3
lemonldap-ng-manager/site/htdocs/static/languages/vi.json
View File

@ -161,6 +161,7 @@
"contextSwitchingIdRule":"Identities use rule", "contextSwitchingIdRule":"Identities use rule",
"contextSwitchingRule":"Quy tắc sử dụng", "contextSwitchingRule":"Quy tắc sử dụng",
"contextSwitchingStopWithLogout":"Stop by logout", "contextSwitchingStopWithLogout":"Stop by logout",
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
"cspConnect":"Đích cúa Ajax", "cspConnect":"Đích cúa Ajax",
"cspDefault":"Giá trị mặc định", "cspDefault":"Giá trị mặc định",
"cspFont":"Nguồn phông chữ", "cspFont":"Nguồn phông chữ",
@ -187,6 +188,7 @@
"checkUser":"Kích hoạt", "checkUser":"Kích hoạt",
"checkUserIdRule":"Identities use rule", "checkUserIdRule":"Identities use rule",
"checkUserHiddenAttributes":"Thuộc tính ẩn", "checkUserHiddenAttributes":"Thuộc tính ẩn",
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
"checkUserDisplayPersistentInfo":"Display persistent session", "checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyHeaders":"Display empty headers", "checkUserDisplayEmptyHeaders":"Display empty headers",
"checkUserDisplayEmptyValues":"Display empty values", "checkUserDisplayEmptyValues":"Display empty values",
@ -351,6 +353,7 @@
"impersonationHiddenAttributes":"Thuộc tính ẩn", "impersonationHiddenAttributes":"Thuộc tính ẩn",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups", "impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationSkipEmptyValues":"Skip empty values", "impersonationSkipEmptyValues":"Skip empty values",
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
"incompleteForm":"Các trường bắt buộc bị thiếu", "incompleteForm":"Các trường bắt buộc bị thiếu",
"index":"Chỉ mục", "index":"Chỉ mục",
"infoFormMethod":"Phương pháp cho mẫu thông tin", "infoFormMethod":"Phương pháp cho mẫu thông tin",

3
lemonldap-ng-manager/site/htdocs/static/languages/zh.json
View File

@ -161,6 +161,7 @@
"contextSwitchingIdRule":"Identities use rule", "contextSwitchingIdRule":"Identities use rule",
"contextSwitchingRule":"Use rule", "contextSwitchingRule":"Use rule",
"contextSwitchingStopWithLogout":"Stop by logout", "contextSwitchingStopWithLogout":"Stop by logout",
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
"cspConnect":"Ajax destinations", "cspConnect":"Ajax destinations",
"cspDefault":"Default value", "cspDefault":"Default value",
"cspFont":"字体源", "cspFont":"字体源",
@ -187,6 +188,7 @@
"checkUser":"激活", "checkUser":"激活",
"checkUserIdRule":"Identities use rule", "checkUserIdRule":"Identities use rule",
"checkUserHiddenAttributes":"Hidden attributes", "checkUserHiddenAttributes":"Hidden attributes",
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
"checkUserDisplayPersistentInfo":"Display persistent session", "checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyHeaders":"Display empty headers", "checkUserDisplayEmptyHeaders":"Display empty headers",
"checkUserDisplayEmptyValues":"Display empty values", "checkUserDisplayEmptyValues":"Display empty values",
@ -351,6 +353,7 @@
"impersonationHiddenAttributes":"Hidden attributes", "impersonationHiddenAttributes":"Hidden attributes",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups", "impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationSkipEmptyValues":"Skip empty values", "impersonationSkipEmptyValues":"Skip empty values",
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
"incompleteForm":"Required fields are missing", "incompleteForm":"Required fields are missing",
"index":"Index", "index":"Index",
"infoFormMethod":"Method for info form", "infoFormMethod":"Method for info form",

2
lemonldap-ng-manager/site/htdocs/static/reverseTree.json
View File

File diff suppressed because one or more lines are too long

2
lemonldap-ng-manager/site/htdocs/static/struct.json
View File

File diff suppressed because one or more lines are too long

59
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
View File

@ -5,16 +5,24 @@ use Mouse;
use Lemonldap::NG::Portal::Main::Constants use Lemonldap::NG::Portal::Main::Constants
qw( PE_OK PE_BADCREDENTIALS PE_IMPERSONATION_SERVICE_NOT_ALLOWED PE_MALFORMEDUSER ); qw( PE_OK PE_BADCREDENTIALS PE_IMPERSONATION_SERVICE_NOT_ALLOWED PE_MALFORMEDUSER );
our $VERSION = '2.0.8'; our $VERSION = '2.0.9';
extends 'Lemonldap::NG::Portal::Main::Plugin'; extends 'Lemonldap::NG::Portal::Main::Plugin',
'Lemonldap::NG::Portal::Lib::_tokenRule';
# INITIALIZATION # INITIALIZATION
use constant afterData => 'run'; use constant afterData => 'run';
has rule => ( is => 'rw', default => sub { 1 } ); has rule => ( is => 'rw', default => sub { 1 } );
has idRule => ( is => 'rw', default => sub { 1 } ); has idRule => ( is => 'rw', default => sub { 1 } );
has unrestrictedUsersRule => ( is => 'rw', default => sub { 0 } );
# Form timeout token generator (used if requireToken is set)
has ott => ( is => 'rw' );
# Captcha generator
has captcha => ( is => 'rw' );
sub hAttr { sub hAttr {
$_[0]->{conf}->{impersonationHiddenAttributes} . ' ' $_[0]->{conf}->{impersonationHiddenAttributes} . ' '
@ -40,6 +48,25 @@ sub init {
); );
return 0 unless $self->idRule; return 0 unless $self->idRule;
$self->unrestrictedUsersRule(
$self->p->buildRule(
$self->conf->{impersonationUnrestrictedUsersRule},
'impersonationUnrestrictedUsers'
)
);
return 0 unless $self->unrestrictedUsersRule;
# Initialize Captcha if needed
if ( $self->{conf}->{captcha_login_enabled} ) {
$self->captcha( $self->p->loadModule('::Lib::Captcha') ) or return 0;
}
# Initialize form token if needed (captcha provides also a token)
else {
$self->ott( $self->p->loadModule('::Lib::OneTimeToken') ) or return 0;
$self->ott->timeout( $self->conf->{formTimeout} );
}
return 1; return 1;
} }
@ -53,6 +80,7 @@ sub run {
PE_OK; # Skip Impersonation if error during Auth process PE_OK; # Skip Impersonation if error during Auth process
my $statut = PE_OK; my $statut = PE_OK;
my $unUser = 0;
my $loginHistory = my $loginHistory =
$req->{sessionInfo}->{_loginHistory}; # Store login history $req->{sessionInfo}->{_loginHistory}; # Store login history
$req->{user} ||= $req->{sessionInfo}->{_impUser}; # If 2FA is enabled $req->{user} ||= $req->{sessionInfo}->{_impUser}; # If 2FA is enabled
@ -70,7 +98,7 @@ sub run {
$statut = PE_MALFORMEDUSER; $statut = PE_MALFORMEDUSER;
} }
# Check activation rule # Check activation & unrestrictedUsers rules
if ( $spoofId ne $req->{user} ) { if ( $spoofId ne $req->{user} ) {
$self->logger->debug("Spoof Id: $spoofId / Real Id: $req->{user}"); $self->logger->debug("Spoof Id: $spoofId / Real Id: $req->{user}");
unless ( $self->rule->( $req, $req->sessionInfo ) ) { unless ( $self->rule->( $req, $req->sessionInfo ) ) {
@ -78,6 +106,7 @@ sub run {
$spoofId = $req->{user}; $spoofId = $req->{user};
$statut = PE_IMPERSONATION_SERVICE_NOT_ALLOWED; $statut = PE_IMPERSONATION_SERVICE_NOT_ALLOWED;
} }
$unUser = $self->unrestrictedUsersRule->( $req, $req->sessionInfo );
} }
# Fill spoof session # Fill spoof session
@ -98,8 +127,9 @@ sub run {
delete $req->{sessionInfo}->{$k}; delete $req->{sessionInfo}->{$k};
} }
$spoofSession = $self->_userData( $req, $spoofId, $realSession ); $spoofSession = $self->_userData( $req, $spoofId, $realSession, $unUser );
if ( $req->error ) { if ( $req->error ) {
$self->setSecurity($req);
if ( $req->error == PE_BADCREDENTIALS ) { if ( $req->error == PE_BADCREDENTIALS ) {
$statut = PE_BADCREDENTIALS; $statut = PE_BADCREDENTIALS;
} }
@ -168,8 +198,9 @@ sub run {
} }
sub _userData { sub _userData {
my ( $self, $req, $spoofId, $realSession ) = @_; my ( $self, $req, $spoofId, $realSession, $unUser ) = @_;
my $realId = $req->{user}; my $realId = $req->{user};
$self->logger->info("$realId is an unrestricted user!") if $unUser;
$req->{user} = $spoofId; $req->{user} = $spoofId;
my $raz = 0; my $raz = 0;
@ -195,7 +226,7 @@ sub _userData {
# Check identity rule if Impersonation required # Check identity rule if Impersonation required
if ( $realId ne $spoofId ) { if ( $realId ne $spoofId ) {
unless ( $self->idRule->( $req, $req->sessionInfo ) ) { unless ( $unUser || $self->idRule->( $req, $req->sessionInfo ) ) {
$self->userLogger->warn( $self->userLogger->warn(
'Impersonation requested for an unvalid user (' 'Impersonation requested for an unvalid user ('
. $req->{user} . $req->{user}
@ -215,7 +246,7 @@ sub _userData {
$self->p->groupsAndMacros, 'setLocalGroups' $self->p->groupsAndMacros, 'setLocalGroups'
] ]
); );
$self->logger->debug('Spoof session equal real session'); $self->logger->debug('Reset Impersonation process');
$req->error(PE_BADCREDENTIALS); $req->error(PE_BADCREDENTIALS);
if ( my $error = $self->p->process($req) ) { if ( my $error = $self->p->process($req) ) {
$self->logger->debug("Process returned error: $error"); $self->logger->debug("Process returned error: $error");
@ -238,4 +269,14 @@ sub _userData {
return $req->{sessionInfo}; return $req->{sessionInfo};
} }
sub setSecurity {
my ( $self, $req ) = @_;
if ( $self->captcha ) {
$self->captcha->setCaptcha($req);
}
elsif ( $self->ottRule->( $req, {} ) ) {
$self->ott->setToken($req);
}
}
1; 1;