Merge branch 'v2.0' into 1988

2019-10-26 22:58:37 +02:00 · 2019-10-26 22:58:37 +02:00 · ef08306906
commit ef08306906
parent 5eaf00601e eee9ab8305
14 changed files with 59 additions and 47 deletions
--- a/_example/conf/lmConf-1.json
+++ b/_example/conf/lmConf-1.json
@ -142,7 +142,7 @@
   "loginHistoryEnabled" : 1,
   "macros" : {
      "UA" : "$ENV{HTTP_USER_AGENT}",
-      "_whatToTrace" : "$_auth eq 'SAML' ? lc($_user.'@'.$_idpConfKey) : $_auth eq 'OpenIDConnect' ? lc($_user.'@'.$_oidcConnectedRP) : lc($_user)"
+      "_whatToTrace" : "$_auth eq 'SAML' ? lc($_user.'@'.$_idpConfKey) : $_auth eq 'OpenIDConnect' ? lc($_user.'@'.$_oidc_OP) : lc($_user)"
   },
   "mailUrl" : "http://auth.__DNSDOMAIN__/resetpwd",
   "notification" : 1,
--- a/e2e-tests/lmConf-1.json
+++ b/e2e-tests/lmConf-1.json
@ -167,7 +167,7 @@
  "loginHistoryEnabled": 1,
  "macros": {
      "UA" : "$ENV{HTTP_USER_AGENT}",
-    "_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : $_auth eq 'OpenIDConnect' ? \"$_user\\@$_oidcConnectedRP\" : \"$_user\""
+    "_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : $_auth eq 'OpenIDConnect' ? \"$_user\\@$_oidc_OP\" : \"$_user\""
  },
  "mailUrl": "http://auth.example.com:__port__/resetpwd",
  "notification": 1,
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
@ -277,7 +277,12 @@ sub locationRulesInit {

    foreach my $vhost ( keys %$orules ) {
        my $rules = $orules->{$vhost};
-        $class->tsv->{locationCount}->{$vhost} = 0;
+        $class->tsv->{locationCount}->{$vhost}         = 0;
+        $class->tsv->{locationCondition}->{$vhost}     = [];
+        $class->tsv->{locationProtection}->{$vhost}    = [];
+        $class->tsv->{locationRegexp}->{$vhost}        = [];
+        $class->tsv->{locationConditionText}->{$vhost} = [];
+
        foreach my $url ( sort keys %{$rules} ) {
            my ( $cond, $prot ) = $class->conditionSub( $rules->{$url} );
            $class->logger->debug("+++ " . $cond);
@ -365,7 +370,7 @@ sub sessionStorageInit {
            $class->tsv->{statusPipe}->print("RELOADCACHE $params\n");
        }
    }
-return 1;
+    return 1;
 }

 ## @imethod void headersInit(hashRef args)
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Parser.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Parser.pm
@ -849,10 +849,13 @@ sub _scanNodes {
                        # authChoiceModules
                        if ( $name eq 'authChoiceModules' ) {
                            hdebug('     authChoiceModules');
-                            $n->{data}->[5] ||= {};
-                            $n->{data}->[5] =
-                              to_json( { map { @$_ } @{ $n->{data}->[5] } } )
-                              if ref( $n->{data}->[5] ) eq 'ARRAY';
+                            if ( ref( $n->{data}->[5] ) eq 'ARRAY' ) {
+                                $n->{data}->[5] = to_json(
+                                    { map { @$_ } @{ $n->{data}->[5] } } );
+                            }
+                            else {
+                                $n->{data}->[5] = '{}';
+                            }
                        }

                        $n->{data} = join ';', @{ $n->{data} };
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Zero.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Zero.pm
@ -108,7 +108,7 @@ sub zeroConf {
        },
        'macros' => {
            '_whatToTrace' =>
-'$_auth eq \'SAML\' ? lc($_user.\'@\'.$_idpConfKey) : $_auth eq \'OpenIDConnect\' ? lc($_user.\'@\'.$_oidcConnectedRP) : lc($_user)',
+'$_auth eq \'SAML\' ? lc($_user.\'@\'.$_idpConfKey) : $_auth eq \'OpenIDConnect\' ? lc($_user.\'@\'.$_oidc_OP) : lc($_user)',
            'UA' => '$ENV{HTTP_USER_AGENT}'
        },
        'notificationStorageOptions' => {
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@ -265,7 +265,8 @@ sub display {
        # Avoid issue 1867
        or (    $self->conf->{authentication} eq 'Combination'
            and $req->{error} > PE_OK
-            and $req->{error} != PE_FIRSTACCESS )
+            and $req->{error} != PE_FIRSTACCESS
+            and $req->{error} != PE_PP_PASSWORD_EXPIRED )

       # and ( $req->{error} == PE_TOKENEXPIRED or $req->{error} == PE_NOTOKEN )
      )
--- a/lemonldap-ng-portal/t/20-Auth-DBI-utf8.t
+++ b/lemonldap-ng-portal/t/20-Auth-DBI-utf8.t
@ -5,7 +5,7 @@ use IO::String;
 require 't/test-lib.pm';

 my $res;
-my $maintests = 8;
+my $maintests = 7;

 my $userdb = tempdb();

@ -58,8 +58,7 @@ SKIP: {

    ok( $res = $client->_get("/sessions/global/$id"), 'Get UTF-8' );
    expectOK($res);
-    ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
-      or print STDERR $@;
+    $res = expectJSON($res);
    ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
      or explain( $res, 'cn => Frédéric Accents' );

--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t
@ -152,12 +152,10 @@ count(1);
 # Verify UTF-8
 switch ('rp');
 ok( $res = $rp->_get("/sessions/global/$spId"), 'Get UTF-8' );
-expectOK($res);
-ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
-  or print STDERR $@;
+$res = expectJSON($res);
 ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
  or explain( $res, 'cn => Frédéric Accents' );
-count(3);
+count(2);

 # Logout initiated by OP
 switch ('op');
--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t
@ -163,11 +163,10 @@ ok(
    ),
    'Get userinfo'
 );
-ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
-  or print STDERR $@;
+$res = expectJSON($res);
 ok( $res->{name} eq 'Frédéric Accents', 'UTF-8 values' )
  or explain( $res, 'name => Frédéric Accents' );
-count(3);
+count(2);

 ok( $res = $op->_get("/sessions/global/$spId"), 'Get UTF-8' );
 expectOK($res);
--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-none-alg.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-none-alg.t
@ -163,28 +163,23 @@ ok(
    ),
    'Get userinfo'
 );
-ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
-  or print STDERR $@;
+$res = expectJSON($res);
 ok( $res->{name} eq 'Frédéric Accents', 'UTF-8 values' )
  or explain( $res, 'name => Frédéric Accents' );
-count(3);
+count(2);

 ok( $res = $op->_get("/sessions/global/$spId"), 'Get UTF-8' );
-expectOK($res);
-ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
-  or print STDERR $@;
+$res = expectJSON($res);
 ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
  or explain( $res, 'cn => Frédéric Accents' );
-count(3);
+count(2);

 switch ('rp');
 ok( $res = $rp->_get("/sessions/global/$spId"), 'Get UTF-8' );
-expectOK($res);
-ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
-  or print STDERR $@;
+$res = expectJSON($res);
 ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
  or explain( $res, 'cn => Frédéric Accents' );
-count(3);
+count(2);

 # Logout initiated by RP
 ok(
--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t
@ -163,28 +163,23 @@ ok(
    ),
    'Get userinfo'
 );
-ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
-  or print STDERR $@;
+$res = expectJSON($res);
 ok( $res->{name} eq 'Frédéric Accents', 'UTF-8 values' )
  or explain( $res, 'name => Frédéric Accents' );
-count(3);
+count(2);

 ok( $res = $op->_get("/sessions/global/$spId"), 'Get UTF-8' );
-expectOK($res);
-ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
-  or print STDERR $@;
+$res = expectJSON($res);
 ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
  or explain( $res, 'cn => Frédéric Accents' );
-count(3);
+count(2);

 switch ('rp');
 ok( $res = $rp->_get("/sessions/global/$spId"), 'Get UTF-8' );
-expectOK($res);
-ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
-  or print STDERR $@;
+$res = expectJSON($res);
 ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
  or explain( $res, 'cn => Frédéric Accents' );
-count(3);
+count(2);

 # Logout initiated by RP
 ok(
--- a/lemonldap-ng-portal/t/32-OIDC-Token-Introspection.t
+++ b/lemonldap-ng-portal/t/32-OIDC-Token-Introspection.t
@ -203,9 +203,8 @@ ok(
    "Post introspection"
 );

-expectOK($res);
-$json = from_json( $res->[2]->[0] );
-ok( !$json->{active}, "Token is no longer valid" );
+$res = expectJSON($res);
+ok( !$res->{active}, "Token is no longer valid" );

 clean_sessions();
 done_testing();
--- a/lemonldap-ng-portal/t/32-OIDC-Token-Security.t
+++ b/lemonldap-ng-portal/t/32-OIDC-Token-Security.t
@ -193,8 +193,8 @@ ok(
    "Post token"
 );
 count(1);
-my $json  = from_json( $res->[2]->[0] );
-my $token = $json->{access_token};
+$res = expectJSON($res);
+my $token = $res->{access_token};
 ok( $token, 'Access token present' );
 count(1);
 sleep(2);
--- a/lemonldap-ng-portal/t/test-lib.pm
+++ b/lemonldap-ng-portal/t/test-lib.pm
@ -324,6 +324,24 @@ sub expectOK {
    count(1);
 }

+=head4 expectJSON($res)
+
+Verify that the HTTP response contains valid JSON and returns the corresponding object
+
+=cut
+
+sub expectJSON {
+    my ($res) = @_;
+    is( $res->[0], 200, ' HTTP code is 200' ) or explain( $res, 200 );
+    my %hdr = @{$res->[1]};
+    like( $hdr{'Content-Type'}, qr,^application/json,i , ' Content-Type is JSON' ) or explain( $res );
+    my $json;
+    eval { $json = JSON::from_json($res->[2]->[0]) };
+    ok( not($@), 'Content is valid JSON' );
+    count(3);
+    return $json;
+}
+
 =head4 expectBadRequest($res)

 Verify that returned code is 400. Note that it works only for Ajax request