Merge branch 'v2.0'
This commit is contained in:
commit
f1f3929cf1
|
@ -67,4 +67,11 @@ sub data {
|
|||
return $self->{data} ||= {};
|
||||
}
|
||||
|
||||
sub wantJSON {
|
||||
return 1
|
||||
if ( defined $_[0]->accept
|
||||
and $_[0]->accept =~ m#(?:application|text)/json# );
|
||||
return 0;
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
@ -2,7 +2,7 @@ package Lemonldap::NG::Handler::Lib::OAuth2;
|
|||
|
||||
use strict;
|
||||
|
||||
our $VERSION = '2.0.4';
|
||||
our $VERSION = '2.1.0';
|
||||
|
||||
sub fetchId {
|
||||
my ( $class, $req ) = @_;
|
||||
|
|
|
@ -141,9 +141,12 @@ sub tplParams {
|
|||
sub javascript {
|
||||
my ( $self, $req ) = @_;
|
||||
my $res = $self->diffRule->( $req, $req->{userData} ) || 0;
|
||||
my $impPrefix = $self->{impersonationPrefix};
|
||||
|
||||
return
|
||||
'var formPrefix=staticPrefix+"forms/";var confPrefix=scriptname+"confs/";var viewPrefix=scriptname+"view/";'
|
||||
. 'var allowDiff=' . "$res;"
|
||||
. 'var impPrefix=' . "'" . $impPrefix . "'" . ';'
|
||||
. ( $self->links ? 'var links=' . to_json( $self->links ) . ';' : '' )
|
||||
. (
|
||||
$self->menuLinks
|
||||
|
|
|
@ -288,7 +288,7 @@ sub tests {
|
|||
return 1;
|
||||
},
|
||||
|
||||
# Error if session Activity Timeout is equal or lower than one minute
|
||||
# Error if activity timeout interval is higher than session activity timeout
|
||||
timeoutActivityInterval => sub {
|
||||
return 1 unless ( defined $conf->{timeoutActivityInterval} );
|
||||
return ( 0,
|
||||
|
@ -404,6 +404,16 @@ sub tests {
|
|||
return ( $res, join( ', ', @msg ) );
|
||||
},
|
||||
|
||||
# Test if SAML private and public keys signature keys are set
|
||||
samlSecretKeys => sub {
|
||||
return 1 unless ( $conf->{issuerDBSAMLActivation} );
|
||||
return ( 0,
|
||||
'SAML service private and public keys signature must be set' )
|
||||
unless ( $conf->{samlServicePrivateKeySig}
|
||||
&& $conf->{samlServicePublicKeySig} );
|
||||
return 1;
|
||||
},
|
||||
|
||||
# Try to parse combination with declared modules
|
||||
checkCombinations => sub {
|
||||
return 1 unless ( $conf->{authentication} eq 'Combination' );
|
||||
|
@ -632,17 +642,6 @@ sub tests {
|
|||
# Return
|
||||
return 1;
|
||||
},
|
||||
|
||||
## Warn if IdSpoofing plugin is enabled
|
||||
# checkIdSpoofing => sub {
|
||||
# return ( -1,
|
||||
# '"IdSpoofing" plugin is enabled!!!'
|
||||
# )
|
||||
# if ( $conf->{idSpoofingRule} );
|
||||
|
||||
# # Return
|
||||
# return 1;
|
||||
# },
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -53,6 +53,7 @@ sub addRoutes {
|
|||
|
||||
$self->{ipField} ||= 'ipAddr';
|
||||
$self->{multiValuesSeparator} ||= '; ';
|
||||
$self->{impersonationPrefix} = $conf->{impersonationPrefix} || 'real_';
|
||||
$self->{hiddenAttributes} //= "_password";
|
||||
}
|
||||
|
||||
|
|
|
@ -107,6 +107,7 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
|
|||
$scope.staticPrefix = staticPrefix
|
||||
$scope.scriptname = scriptname
|
||||
$scope.formPrefix = formPrefix
|
||||
$scope.impPrefix = impPrefix
|
||||
$scope.availableLanguages = availableLanguages
|
||||
$scope.waiting = true
|
||||
$scope.showM = false
|
||||
|
@ -320,6 +321,17 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
|
|||
if a.title > b.title then 1
|
||||
else if a.title < b.title then -1
|
||||
else 0
|
||||
# Sort by real and spoofed attributes
|
||||
real = []
|
||||
spoof = []
|
||||
for element in tmp
|
||||
if element.title.match(new RegExp('^' + $scope.impPrefix + '.+$'))
|
||||
console.log element, '-> real attribute'
|
||||
real.push element
|
||||
else
|
||||
console.log element, '-> spoofed attribute'
|
||||
spoof.push element
|
||||
tmp = spoof.concat real
|
||||
|
||||
res.push
|
||||
title: '__attributesAndMacros__'
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.8
|
||||
// Generated by CoffeeScript 1.12.7
|
||||
|
||||
/*
|
||||
* Sessions explorer
|
||||
|
@ -130,6 +130,7 @@
|
|||
$scope.staticPrefix = staticPrefix;
|
||||
$scope.scriptname = scriptname;
|
||||
$scope.formPrefix = formPrefix;
|
||||
$scope.impPrefix = impPrefix;
|
||||
$scope.availableLanguages = availableLanguages;
|
||||
$scope.waiting = true;
|
||||
$scope.showM = false;
|
||||
|
@ -199,7 +200,7 @@
|
|||
$scope.displaySession = function(scope) {
|
||||
var sessionId, transformSession;
|
||||
transformSession = function(session) {
|
||||
var _insert, array, attr, attrs, category, cv, epoch, i, id, j, k, key, l, len, len1, len2, len3, len4, m, name, o, oidcConsent, ref, ref1, res, sfDevice, subres, time, title, tmp, value;
|
||||
var _insert, array, attr, attrs, category, cv, element, epoch, i, id, j, k, key, l, len, len1, len2, len3, len4, len5, m, name, o, oidcConsent, p, real, ref, ref1, res, sfDevice, spoof, subres, time, title, tmp, value;
|
||||
_insert = function(re, title) {
|
||||
var key, reg, tmp, value;
|
||||
tmp = [];
|
||||
|
@ -396,6 +397,19 @@
|
|||
return 0;
|
||||
}
|
||||
});
|
||||
real = [];
|
||||
spoof = [];
|
||||
for (p = 0, len5 = tmp.length; p < len5; p++) {
|
||||
element = tmp[p];
|
||||
if (element.title.match(new RegExp('^' + $scope.impPrefix + '.+$'))) {
|
||||
console.log(element, '-> real attribute');
|
||||
real.push(element);
|
||||
} else {
|
||||
console.log(element, '-> spoofed attribute');
|
||||
spoof.push(element);
|
||||
}
|
||||
}
|
||||
tmp = spoof.concat(real);
|
||||
res.push({
|
||||
title: '__attributesAndMacros__',
|
||||
nodes: tmp
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -116,7 +116,7 @@
|
|||
"casAppMetaDataOptions":"Options",
|
||||
"casAppMetaDataOptionsService":"URL du service",
|
||||
"casAppMetaDataOptionsRule":"Règle",
|
||||
"casAppMetaDataOptionsUserAttribute":"Attribut de l'identifiant",
|
||||
"casAppMetaDataOptionsUserAttribute":"Attribut de l'utilisateur",
|
||||
"casAppName":"Nom de l'application CAS",
|
||||
"casAttr":"Identifiant CAS",
|
||||
"casAttributes":"Attributs CAS",
|
||||
|
@ -509,7 +509,7 @@
|
|||
"oidcRPMetaDataOptionsLogoutType":"Type",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"URL",
|
||||
"oidcOPMetaDataOptionsProtocol":"Protocole",
|
||||
"oidcRPMetaDataOptionsPublic":"Client publique",
|
||||
"oidcRPMetaDataOptionsPublic":"Client public",
|
||||
"oidcRPMetaDataOptionsRequirePKCE":"PKCE requis",
|
||||
"oidcRPMetaDataOptionsRule":"Règle d'accès",
|
||||
"oidcOPMetaDataOptionsScope":"Étendue",
|
||||
|
@ -531,7 +531,7 @@
|
|||
"oidcRPMetaDataOptionsIcon":"Logo",
|
||||
"oidcRPMetaDataOptionsIDTokenExpiration":"Expiration des jetons d'identité",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"Algorithme de signature des jetons d'identité",
|
||||
"oidcRPMetaDataOptionsUserIDAttr":"Attribut de l'identifiant",
|
||||
"oidcRPMetaDataOptionsUserIDAttr":"Attribut de l'utilisateur",
|
||||
"oidcRPName":"Nom du client OpenID Connect",
|
||||
"oidcRPStateTimeout":"Durée d'une session state",
|
||||
"oidcServiceMetaData":"Service OpenID Connect",
|
||||
|
|
|
@ -1165,6 +1165,11 @@ sub createJWT {
|
|||
my $client_secret =
|
||||
$self->conf->{oidcRPMetaDataOptions}->{$rp}
|
||||
->{oidcRPMetaDataOptionsClientSecret};
|
||||
unless ($client_secret) {
|
||||
$self->logger->error(
|
||||
"Algorithm $alg needs a Client Secret to sign JWT");
|
||||
return;
|
||||
}
|
||||
|
||||
my $digest;
|
||||
|
||||
|
@ -1194,6 +1199,12 @@ sub createJWT {
|
|||
|
||||
# Get signing private key
|
||||
my $priv_key = $self->conf->{oidcServicePrivateKeySig};
|
||||
unless ($priv_key) {
|
||||
$self->logger->error(
|
||||
"Algorithm $alg needs a Private Key to sign JWT");
|
||||
return;
|
||||
}
|
||||
|
||||
my $rsa_priv = Crypt::OpenSSL::RSA->new_private_key($priv_key);
|
||||
|
||||
if ( $alg eq "RS256" ) {
|
||||
|
|
|
@ -3,7 +3,7 @@ package Lemonldap::NG::Portal::Lib::_tokenRule;
|
|||
use strict;
|
||||
use Mouse;
|
||||
|
||||
our $VERSION = '2.0.3';
|
||||
our $VERSION = '2.1.0';
|
||||
|
||||
has ottRule => (
|
||||
is => 'rw',
|
||||
|
|
Loading…
Reference in New Issue