Tydy
This commit is contained in:
parent
aeead582d8
commit
f3c4ea0afb
|
@ -113,8 +113,8 @@ sub load {
|
|||
$Lemonldap::NG::Common::Conf::msg .= "YAML fails to read file: $@ \n";
|
||||
return undef;
|
||||
}
|
||||
foreach (keys %$ret) {
|
||||
if($_ =~ $boolKeys) {
|
||||
foreach ( keys %$ret ) {
|
||||
if ( $_ =~ $boolKeys ) {
|
||||
$ret->{$_} = $ret->{$_} ? 1 : 0;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -53,7 +53,7 @@ sub serviceToXML {
|
|||
$template->param( $_, $self->getValue( $_, $conf ) );
|
||||
}
|
||||
|
||||
# When asked to provide only IDP metadata, take into account EntityID override
|
||||
# When asked to provide only IDP metadata, take into account EntityID override
|
||||
if ( $type eq "idp" and $conf->{samlOverrideIDPEntityID} ) {
|
||||
$template->param( 'samlEntityID', $conf->{samlOverrideIDPEntityID} );
|
||||
}
|
||||
|
|
|
@ -141,7 +141,9 @@ sub BUILD {
|
|||
if ($data) {
|
||||
if ( $self->kind and $data->{_session_kind} ) {
|
||||
unless ( $data->{_session_kind} eq $self->kind ) {
|
||||
$self->error("Session kind mismatch : $data->{_session_kind} is not ".$self->kind );
|
||||
$self->error(
|
||||
"Session kind mismatch : $data->{_session_kind} is not "
|
||||
. $self->kind );
|
||||
return undef;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -140,14 +140,15 @@ sub tplParams {
|
|||
|
||||
sub javascript {
|
||||
my ( $self, $req ) = @_;
|
||||
my $res = $self->diffRule->( $req, $req->{userData} ) || 0;
|
||||
my $res = $self->diffRule->( $req, $req->{userData} ) || 0;
|
||||
my $impPrefix = $self->{impersonationPrefix};
|
||||
my $ttl = $self->{timeout} || 72000;
|
||||
my $ttl = $self->{timeout} || 72000;
|
||||
|
||||
return
|
||||
'var formPrefix=staticPrefix+"forms/";var confPrefix=scriptname+"confs/";var viewPrefix=scriptname+"view/";'
|
||||
. 'var allowDiff=' . "$res;"
|
||||
. 'var impPrefix=' . "'" . $impPrefix . "'" . ';'
|
||||
. 'var impPrefix=' . "'"
|
||||
. $impPrefix . "'" . ';'
|
||||
. 'var sessionTTL=' . "$ttl;"
|
||||
. ( $self->links ? 'var links=' . to_json( $self->links ) . ';' : '' )
|
||||
. (
|
||||
|
|
|
@ -70,7 +70,7 @@ has confChanged => (
|
|||
);
|
||||
|
||||
# Properties required during build
|
||||
has refConf => ( is => 'ro', isa => 'HashRef', required => 1 );
|
||||
has refConf => ( is => 'ro', isa => 'HashRef', required => 1 );
|
||||
has req => ( is => 'ro', required => 1 );
|
||||
has newConf => ( is => 'rw', isa => 'HashRef' );
|
||||
has tree => ( is => 'rw', isa => 'ArrayRef' );
|
||||
|
@ -160,7 +160,7 @@ sub _scanNodes {
|
|||
hdebug("Looking to $name");
|
||||
|
||||
# subnode
|
||||
my $subNodes = $leaf->{nodes} // $leaf->{_nodes};
|
||||
my $subNodes = $leaf->{nodes} // $leaf->{_nodes};
|
||||
my $subNodesCond = $leaf->{nodes_cond} // $leaf->{_nodes_cond};
|
||||
|
||||
##################################
|
||||
|
@ -1070,14 +1070,14 @@ sub _unitTest {
|
|||
or $attr->{type} =~ /Container$/ )
|
||||
{
|
||||
my $keyMsg = $attr->{keyMsgFail} // $type->{keyMsgFail};
|
||||
my $msg = $attr->{msgFail} // $type->{msgFail};
|
||||
my $msg = $attr->{msgFail} // $type->{msgFail};
|
||||
$res = 0
|
||||
unless (
|
||||
$self->_execTest( {
|
||||
keyTest => $attr->{keyTest} // $type->{keyTest},
|
||||
keyTest => $attr->{keyTest} // $type->{keyTest},
|
||||
keyMsgFail => $attr->{keyMsgFail}
|
||||
// $type->{keyMsgFail},
|
||||
test => $attr->{test} // $type->{test},
|
||||
test => $attr->{test} // $type->{test},
|
||||
msgFail => $attr->{msgFail} // $type->{msgFail},
|
||||
},
|
||||
$conf->{$key},
|
||||
|
|
|
@ -646,7 +646,8 @@ sub tests {
|
|||
# Warn if Impersonation is enabled without prefix
|
||||
impersonationPrefix => sub {
|
||||
return 1 unless ( $conf->{impersonationRule} );
|
||||
return ( 1, "Impersonation is enabled without real attributes prefix" )
|
||||
return ( 1,
|
||||
"Impersonation is enabled without real attributes prefix" )
|
||||
unless ( $conf->{impersonationPrefix} );
|
||||
|
||||
# Return
|
||||
|
|
|
@ -149,8 +149,8 @@ sub zeroConf {
|
|||
'locationRules' => {
|
||||
"auth.$domain" => {
|
||||
'(?#checkUser)^/checkuser' => '$uid eq "dwho"',
|
||||
'(?#errors)^/lmerror/' => 'accept',
|
||||
'default' => 'accept'
|
||||
'(?#errors)^/lmerror/' => 'accept',
|
||||
'default' => 'accept'
|
||||
},
|
||||
"test1.$domain" => {
|
||||
'default' => 'accept',
|
||||
|
@ -162,7 +162,8 @@ sub zeroConf {
|
|||
},
|
||||
"manager.$domain" => {
|
||||
'default' => '$uid eq "dwho" or $uid eq "rtyler"',
|
||||
'(?#Configuration)^/(manager\.html|confs|$)' => '$uid eq "dwho"',
|
||||
'(?#Configuration)^/(manager\.html|confs|$)' =>
|
||||
'$uid eq "dwho"',
|
||||
'(?#Sessions)/sessions' => '$uid eq "dwho" or $uid eq "rtyler"',
|
||||
'(?#Notifications)/notifications' =>
|
||||
'$uid eq "dwho" or $uid eq "rtyler"',
|
||||
|
|
|
@ -53,7 +53,7 @@ sub addRoutes {
|
|||
|
||||
$self->{ipField} ||= 'ipAddr';
|
||||
$self->{multiValuesSeparator} ||= '; ';
|
||||
$self->{impersonationPrefix} = $conf->{impersonationPrefix} || 'real_';
|
||||
$self->{impersonationPrefix} = $conf->{impersonationPrefix} || 'real_';
|
||||
$self->{hiddenAttributes} //= "_password";
|
||||
}
|
||||
|
||||
|
|
|
@ -6,9 +6,8 @@ use strict;
|
|||
use JSON;
|
||||
require 't/test-lib.pm';
|
||||
|
||||
my @struct =
|
||||
qw[t/jsonfiles/03-base-tree-appCat-modifed.json];
|
||||
my @desc = ( 'Changed conf with deleted Category' );
|
||||
my @struct = qw[t/jsonfiles/03-base-tree-appCat-modifed.json];
|
||||
my @desc = ('Changed conf with deleted Category');
|
||||
my $confFiles = [ 't/conf/lmConf-1.json', 't/conf/lmConf-2.json' ];
|
||||
|
||||
sub body {
|
||||
|
@ -42,15 +41,21 @@ while ( my $body = &body() ) {
|
|||
ok( @{ $resBody->{details}->{__changes__} } eq 1,
|
||||
"$desc: conf has changed" )
|
||||
or print STDERR Dumper($resBody);
|
||||
ok( $resBody->{details}->{__changes__}->[0]->{new} eq 'categoryList, Administration, Documentation',
|
||||
"$desc: new key received" )
|
||||
or print STDERR Dumper($resBody);
|
||||
ok( $resBody->{details}->{__changes__}->[0]->{old} eq 'categoryList, Administration, Documentation, Sample applications',
|
||||
"$desc: old key received" )
|
||||
or print STDERR Dumper($resBody);
|
||||
ok( $resBody->{details}->{__changes__}->[0]->{key} eq 'Deletes in cat(s), Sample applications',
|
||||
"$desc: key received" )
|
||||
or print STDERR Dumper($resBody);
|
||||
ok(
|
||||
$resBody->{details}->{__changes__}->[0]->{new} eq
|
||||
'categoryList, Administration, Documentation',
|
||||
"$desc: new key received"
|
||||
) or print STDERR Dumper($resBody);
|
||||
ok(
|
||||
$resBody->{details}->{__changes__}->[0]->{old} eq
|
||||
'categoryList, Administration, Documentation, Sample applications',
|
||||
"$desc: old key received"
|
||||
) or print STDERR Dumper($resBody);
|
||||
ok(
|
||||
$resBody->{details}->{__changes__}->[0]->{key} eq
|
||||
'Deletes in cat(s), Sample applications',
|
||||
"$desc: key received"
|
||||
) or print STDERR Dumper($resBody);
|
||||
ok( -e $confFiles->[1], "$desc: file is created" );
|
||||
|
||||
#print STDERR Dumper($resBody);
|
||||
|
|
|
@ -64,7 +64,7 @@ count(2);
|
|||
# Try to display previous conf
|
||||
$res = &client->jsonResponse('/view/1');
|
||||
ok( $res->{cfgNum} eq '1', 'Browser is allowed' )
|
||||
or print STDERR Dumper($res);
|
||||
or print STDERR Dumper($res);
|
||||
count(1);
|
||||
|
||||
# Remove new conf
|
||||
|
|
|
@ -305,7 +305,7 @@ sub run {
|
|||
$self->logger->debug(
|
||||
"Delete 2F Device : { type => 'TOTP', epoch => $epoch }");
|
||||
$self->p->updatePersistentSession( $req,
|
||||
{ _2fDevices => to_json( $_2fDevices ) } );
|
||||
{ _2fDevices => to_json($_2fDevices) } );
|
||||
$self->userLogger->notice('TOTP deletion succeed');
|
||||
return [
|
||||
200,
|
||||
|
|
|
@ -292,7 +292,7 @@ sub run {
|
|||
$self->logger->debug(
|
||||
"Delete 2F Device : { type => 'U2F', epoch => $epoch }");
|
||||
$self->p->updatePersistentSession( $req,
|
||||
{ _2fDevices => to_json( $_2fDevices ) } );
|
||||
{ _2fDevices => to_json($_2fDevices) } );
|
||||
$self->userLogger->notice('U2F key unregistration succeed');
|
||||
return [
|
||||
200,
|
||||
|
|
|
@ -186,7 +186,7 @@ sub run {
|
|||
$self->logger->debug(
|
||||
"Delete 2F Device : { type => 'UBK', epoch => $epoch }");
|
||||
$self->p->updatePersistentSession( $req,
|
||||
{ _2fDevices => to_json( $_2fDevices ) } );
|
||||
{ _2fDevices => to_json($_2fDevices) } );
|
||||
$self->userLogger->notice('Yubikey deletion succeed');
|
||||
return [
|
||||
200,
|
||||
|
|
|
@ -142,7 +142,7 @@ sub authenticate {
|
|||
|
||||
sub setAuthSessionInfo {
|
||||
my ( $self, $req ) = @_;
|
||||
$req->sessionInfo->{gpgMail} = $req->data->{gpgMail};
|
||||
$req->sessionInfo->{gpgMail} = $req->data->{gpgMail};
|
||||
$req->sessionInfo->{authenticationLevel} = $self->conf->{gpgAuthnLevel};
|
||||
PE_OK;
|
||||
}
|
||||
|
|
|
@ -16,7 +16,7 @@ extends 'Lemonldap::NG::Portal::Main::Auth',
|
|||
|
||||
# INTERFACE
|
||||
|
||||
has opList => ( is => 'rw', default => sub { [] } );
|
||||
has opList => ( is => 'rw', default => sub { [] } );
|
||||
has opNumber => ( is => 'rw', default => 0 );
|
||||
has path => ( is => 'rw', default => 'oauth2' );
|
||||
|
||||
|
@ -34,7 +34,7 @@ sub init {
|
|||
return 0;
|
||||
}
|
||||
$self->opNumber( scalar @tab );
|
||||
my @list = ();
|
||||
my @list = ();
|
||||
my $portalPath = $self->conf->{portal};
|
||||
|
||||
foreach (@tab) {
|
||||
|
|
|
@ -184,7 +184,7 @@ sub send_mail {
|
|||
foreach ( keys %cid ) {
|
||||
$message->attach(
|
||||
Type => "image/" . ( $cid{$_} =~ m/\.(\w+)/ )[0],
|
||||
Id => $_,
|
||||
Id => $_,
|
||||
Path => $self->conf->{templateDir} . "/"
|
||||
. $self->conf->{portalSkin} . "/"
|
||||
. $cid{$_},
|
||||
|
|
|
@ -113,7 +113,7 @@ sub display {
|
|||
&& $req->data->{login},
|
||||
ASK_LOGINS => $req->param('checkLogins') || 0,
|
||||
CONFIRMKEY => $self->stamp(),
|
||||
LIST => $req->data->{list} || [],
|
||||
LIST => $req->data->{list} || [],
|
||||
REMEMBER => $req->data->{confirmRemember},
|
||||
(
|
||||
$req->data->{customScript}
|
||||
|
|
|
@ -113,7 +113,7 @@ sub _redirect {
|
|||
delete $req->pdata->{ $self->ipath };
|
||||
delete $req->pdata->{ $self->ipath . 'Path' };
|
||||
return $self->run( @_, @path );
|
||||
}
|
||||
}
|
||||
: ()
|
||||
)
|
||||
]
|
||||
|
|
|
@ -57,7 +57,8 @@ sub run {
|
|||
my ( $self, $req ) = @_;
|
||||
my $savedHttpSession = $req->{sessionInfo}->{_httpSession} //= '';
|
||||
my $spoofId = $req->param('spoofId') || $req->{user};
|
||||
$self->logger->debug("No impersonation required") if ( $spoofId eq $req->{user} );
|
||||
$self->logger->debug("No impersonation required")
|
||||
if ( $spoofId eq $req->{user} );
|
||||
my $statut = PE_OK;
|
||||
|
||||
if ( $spoofId !~ /$self->{conf}->{userControl}/o ) {
|
||||
|
@ -141,7 +142,8 @@ sub run {
|
|||
$req->steps( [ $self->p->validSession, @{ $self->p->endAuth } ] );
|
||||
|
||||
# Restore _httpSession for double Cookies
|
||||
$req->{sessionInfo}->{_httpSession} = $savedHttpSession if $savedHttpSession;
|
||||
$req->{sessionInfo}->{_httpSession} = $savedHttpSession
|
||||
if $savedHttpSession;
|
||||
return $statut;
|
||||
}
|
||||
|
||||
|
@ -207,4 +209,4 @@ sub _userDatas {
|
|||
return $req->{sessionInfo};
|
||||
}
|
||||
|
||||
1;
|
||||
1;
|
||||
|
|
|
@ -165,7 +165,7 @@ sub _register {
|
|||
and
|
||||
!$self->getRegisterSession( $req->data->{registerInfo}->{mail} ) )
|
||||
{
|
||||
|
||||
|
||||
# Check if token exists
|
||||
my $token;
|
||||
if ( $self->ottRule->( $req, {} ) or $self->captcha ) {
|
||||
|
|
|
@ -41,10 +41,9 @@ ok(
|
|||
'Auth query'
|
||||
);
|
||||
count(1);
|
||||
ok(
|
||||
$res->[2]->[0] =~ /<span trmsg="5"><\/span><\/div>/,
|
||||
'jdoe rejected with PE_BADCREDENTIALS'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ /<span trmsg="5"><\/span><\/div>/,
|
||||
'jdoe rejected with PE_BADCREDENTIALS' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="connect">Connect</span>%,
|
||||
'Found connect button' )
|
||||
|
@ -63,17 +62,15 @@ ok(
|
|||
'Auth query'
|
||||
);
|
||||
count(1);
|
||||
ok(
|
||||
$res->[2]->[0] =~ /<span trmsg="5"><\/span><\/div>/,
|
||||
'dwho rejected with PE_BADCREDENTIALS'
|
||||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
ok( $res->[2]->[0] =~ /<span trmsg="5"><\/span><\/div>/,
|
||||
'dwho rejected with PE_BADCREDENTIALS' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="connect">Connect</span>%,
|
||||
'Found connect button' )
|
||||
or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(1);
|
||||
|
||||
|
||||
# Try to authenticate with good password
|
||||
# --------------------------------------
|
||||
ok(
|
||||
|
|
|
@ -106,8 +106,7 @@ SKIP: {
|
|||
$dbh->do(
|
||||
"INSERT INTO users VALUES ('jsmith','{ssha512}wr0zU/I6f7U4bVoeOlJnNFbhF0a9np59LUeNnhokohVI/wiNzt8Y4JujfOfNQiGuiVgY+xrYggfmgpke6KdjxKS7W0GR1ZCe','John Smith')"
|
||||
);
|
||||
my $client = LLNG::Manager::Test->new(
|
||||
{
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
useSafeJail => 1,
|
||||
|
|
|
@ -7,7 +7,7 @@ require 't/test-lib.pm';
|
|||
my $mainTests = 5;
|
||||
|
||||
SKIP: {
|
||||
skip "Manual skip of GPG test", $mainTests if ($ENV{LLNG_SKIP_GPG_TEST});
|
||||
skip "Manual skip of GPG test", $mainTests if ( $ENV{LLNG_SKIP_GPG_TEST} );
|
||||
eval "use IPC::Run 'run',";
|
||||
skip "Missing dependency", $mainTests if ($@);
|
||||
my $gpg = `which gpg`;
|
||||
|
|
|
@ -67,10 +67,13 @@ SKIP: {
|
|||
|
||||
# IDP must be sorted
|
||||
my @idp = map /val="http:\/\/(.+?)\/saml\/metadata">/g, $res->[2]->[0];
|
||||
ok( $idp[0] eq 'auth.idp2.com', '1st = idp2' ) or print STDERR Dumper( \@idp );
|
||||
ok( $idp[1] eq 'auth.idp2_z.com', '2nd = idp2_z' ) or print STDERR Dumper( \@idp );
|
||||
ok( $idp[2] eq 'auth.idp3.com', '3rd = idp3' ) or print STDERR Dumper( \@idp );
|
||||
ok( $idp[3] eq 'auth.idp.com', '4th= idp' ) or print STDERR Dumper( \@idp );
|
||||
ok( $idp[0] eq 'auth.idp2.com', '1st = idp2' )
|
||||
or print STDERR Dumper( \@idp );
|
||||
ok( $idp[1] eq 'auth.idp2_z.com', '2nd = idp2_z' )
|
||||
or print STDERR Dumper( \@idp );
|
||||
ok( $idp[2] eq 'auth.idp3.com', '3rd = idp3' )
|
||||
or print STDERR Dumper( \@idp );
|
||||
ok( $idp[3] eq 'auth.idp.com', '4th= idp' ) or print STDERR Dumper( \@idp );
|
||||
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
|
|
|
@ -132,7 +132,7 @@ m#img src="http://auth.idp.com(/saml/relaySingleLogoutSOAP)\?(relay=.*?)"#s,
|
|||
),
|
||||
'Get image'
|
||||
);
|
||||
expectRedirection( $res, "http://auth.idp.com/static/common/icons/ok.png");
|
||||
expectRedirection( $res, "http://auth.idp.com/static/common/icons/ok.png" );
|
||||
|
||||
# Test if logout is done
|
||||
switch ('issuer');
|
||||
|
|
|
@ -27,12 +27,19 @@ SKIP: {
|
|||
|
||||
ok( $res = $issuer->_get('/saml/metadata/idp'), 'Get IDP metadata' );
|
||||
ok( $res->[2]->[0] =~ m#^<\?xml version="1.0"\?>#s, 'Metadata is XML' );
|
||||
ok( $res->[2]->[0] !~ m#<SPSSODescriptor#s, 'Metadata does not contain SP information' );
|
||||
ok( $res->[2]->[0] =~ m#entityID="urn:example\.com"#s, 'IDP EntityID is overriden' );
|
||||
ok(
|
||||
$res->[2]->[0] !~ m#<SPSSODescriptor#s,
|
||||
'Metadata does not contain SP information'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ m#entityID="urn:example\.com"#s,
|
||||
'IDP EntityID is overriden' );
|
||||
|
||||
ok( $res = $issuer->_get('/saml/metadata/sp'), 'Get SP metadata' );
|
||||
ok( $res->[2]->[0] =~ m#^<\?xml version="1.0"\?>#s, 'Metadata is XML' );
|
||||
ok( $res->[2]->[0] !~ m#<IDPSSODescriptor#s, 'Metadata does not contain IDP information' );
|
||||
ok(
|
||||
$res->[2]->[0] !~ m#<IDPSSODescriptor#s,
|
||||
'Metadata does not contain IDP information'
|
||||
);
|
||||
|
||||
#print STDERR Dumper($res);
|
||||
}
|
||||
|
@ -44,14 +51,14 @@ done_testing( count() );
|
|||
sub issuer {
|
||||
return LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => $debug,
|
||||
domain => 'idp.com',
|
||||
portal => 'http://auth.idp.com',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
issuerDBSAMLActivation => 1,
|
||||
logLevel => $debug,
|
||||
domain => 'idp.com',
|
||||
portal => 'http://auth.idp.com',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
issuerDBSAMLActivation => 1,
|
||||
samlOverrideIDPEntityID => 'urn:example.com',
|
||||
samlSPMetaDataOptions => {
|
||||
samlSPMetaDataOptions => {
|
||||
'sp.com' => {
|
||||
samlSPMetaDataOptionsEncryptionMode => 'none',
|
||||
samlSPMetaDataOptionsSignSSOMessage => 1,
|
||||
|
|
|
@ -141,7 +141,7 @@ m#iframe src="http://auth.sp.com(/saml/proxySingleLogout)\?(SAMLRequest=.*?)"#,
|
|||
switch ('issuer');
|
||||
ok( $res = $issuer->_get( $url, query => $query, accept => 'text/html' ),
|
||||
'Push SAML response to IdP' );
|
||||
expectRedirection($res, 'http://auth.idp.com/static/common/icons/ok.png');
|
||||
expectRedirection( $res, 'http://auth.idp.com/static/common/icons/ok.png' );
|
||||
ok( getHeader( $res, 'Content-Security-Policy' ) !~ /frame-ancestors/,
|
||||
' Frame can be embedded' )
|
||||
or explain( $res->[1],
|
||||
|
|
|
@ -341,13 +341,13 @@ sub op {
|
|||
oidcServiceAllowAuthorizationCodeFlow => 1,
|
||||
oidcRPMetaDataOptions => {
|
||||
rp => {
|
||||
oidcRPMetaDataOptionsDisplayName => "RP",
|
||||
oidcRPMetaDataOptionsIDTokenExpiration => 3600,
|
||||
oidcRPMetaDataOptionsClientID => "rpid",
|
||||
oidcRPMetaDataOptionsIDTokenSignAlg => "RS512",
|
||||
oidcRPMetaDataOptionsBypassConsent => 0,
|
||||
oidcRPMetaDataOptionsPublic => 1,
|
||||
oidcRPMetaDataOptionsUserIDAttr => "",
|
||||
oidcRPMetaDataOptionsDisplayName => "RP",
|
||||
oidcRPMetaDataOptionsIDTokenExpiration => 3600,
|
||||
oidcRPMetaDataOptionsClientID => "rpid",
|
||||
oidcRPMetaDataOptionsIDTokenSignAlg => "RS512",
|
||||
oidcRPMetaDataOptionsBypassConsent => 0,
|
||||
oidcRPMetaDataOptionsPublic => 1,
|
||||
oidcRPMetaDataOptionsUserIDAttr => "",
|
||||
oidcRPMetaDataOptionsAccessTokenExpiration => 3600,
|
||||
oidcRPMetaDataOptionsPostLogoutRedirectUris =>
|
||||
"http://auth.rp.com/?logout=1"
|
||||
|
|
|
@ -80,7 +80,7 @@ expectOK($res);
|
|||
my $metadata = $res->[2]->[0];
|
||||
count(3);
|
||||
|
||||
switch('rp');
|
||||
switch ('rp');
|
||||
&Lemonldap::NG::Handler::Main::cfgNum( 0, 0 );
|
||||
ok( $rp = rp( $jwks, $metadata ), 'RP portal' );
|
||||
count(1);
|
||||
|
|
|
@ -76,7 +76,7 @@ sub iniCmb {
|
|||
useSafeJail => 1,
|
||||
authentication => 'Combination',
|
||||
userDB => 'Same',
|
||||
|
||||
|
||||
combination => $expr,
|
||||
combModules => {
|
||||
DB => {
|
||||
|
|
|
@ -116,7 +116,7 @@ SKIP: {
|
|||
query => $query,
|
||||
accept => 'text/html',
|
||||
|
||||
# cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata'
|
||||
# cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata'
|
||||
),
|
||||
"Push request to OP, endpoint $url"
|
||||
);
|
||||
|
@ -129,7 +129,7 @@ SKIP: {
|
|||
ok(
|
||||
$res = $sp->_get(
|
||||
"/",
|
||||
query => "idp=".uri_escape("http://auth.idp.com/saml/metadata"),
|
||||
query => "idp=" . uri_escape("http://auth.idp.com/saml/metadata"),
|
||||
accept => 'text/html',
|
||||
cookie => $spPdata,
|
||||
),
|
||||
|
@ -138,9 +138,6 @@ SKIP: {
|
|||
|
||||
$spPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
|
||||
|
||||
|
||||
|
||||
|
||||
my ( $host, $tmp );
|
||||
( $url, $query ) = expectRedirection( $res,
|
||||
qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# );
|
||||
|
@ -433,10 +430,10 @@ sub sp {
|
|||
userDB => 'Same',
|
||||
issuerDBSAMLActivation => 0,
|
||||
issuerDBOpenIDConnectActivation => 1,
|
||||
samlDiscoveryProtocolURL => 'http://discovery.example.com/',
|
||||
samlDiscoveryProtocolURL => 'http://discovery.example.com/',
|
||||
samlDiscoveryProtocolActivation => 1,
|
||||
|
||||
oidcRPMetaDataExportedVars => {
|
||||
oidcRPMetaDataExportedVars => {
|
||||
rp => {
|
||||
email => "mail",
|
||||
family_name => "cn",
|
||||
|
|
|
@ -25,7 +25,8 @@ SKIP: {
|
|||
portalDisplayRegister => 1,
|
||||
registerDB => 'Demo',
|
||||
captcha_register_enabled => 0,
|
||||
requireToken => '!$env->{ipAddr} || $env->{ipAddr} ne "127.1.1.1"',
|
||||
requireToken =>
|
||||
'!$env->{ipAddr} || $env->{ipAddr} ne "127.1.1.1"',
|
||||
}
|
||||
}
|
||||
);
|
||||
|
|
|
@ -27,7 +27,7 @@ SKIP: {
|
|||
userDB => 'Same',
|
||||
registerDB => 'Demo',
|
||||
captcha_register_enabled => 0,
|
||||
tokenUseGlobalStorage => 1,
|
||||
tokenUseGlobalStorage => 1,
|
||||
}
|
||||
}
|
||||
);
|
||||
|
|
|
@ -24,14 +24,14 @@ SKIP: {
|
|||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
useSafeJail => 1,
|
||||
portalDisplayRegister => 1,
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
passwordDB => 'Demo',
|
||||
captcha_mail_enabled => 0,
|
||||
requireToken => '$env->{ipAddr} !~ /127\.0\.[1-3]\.1/',
|
||||
logLevel => 'error',
|
||||
useSafeJail => 1,
|
||||
portalDisplayRegister => 1,
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
passwordDB => 'Demo',
|
||||
captcha_mail_enabled => 0,
|
||||
requireToken => '$env->{ipAddr} !~ /127\.0\.[1-3]\.1/',
|
||||
portalDisplayResetPassword => 1,
|
||||
portalMainLogo => 'common/logos/logo_llng_old.png',
|
||||
}
|
||||
|
|
|
@ -95,8 +95,7 @@ count(1);
|
|||
ok( $res->[2]->[0] =~ m%<td class="text-left">_user</td>%,
|
||||
'Found attribute _user' )
|
||||
or explain( $res->[2]->[0], 'Attribute _user' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">dwho</td>%,
|
||||
'Found value dwho' )
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">dwho</td>%, 'Found value dwho' )
|
||||
or explain( $res->[2]->[0], 'Value dwho' );
|
||||
count(2);
|
||||
|
||||
|
@ -123,7 +122,7 @@ count(1);
|
|||
|
||||
# Request with good VH & user
|
||||
$query =~
|
||||
s#url=http%3A%2F%2Ftry.example.com#url=hTTp%3A%2F%2FTest1.exAmple.cOm/UriTesT#;
|
||||
s#url=http%3A%2F%2Ftry.example.com#url=hTTp%3A%2F%2FTest1.exAmple.cOm/UriTesT#;
|
||||
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
|
@ -141,7 +140,8 @@ count(1);
|
|||
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
|
||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||
ok( $res->[2]->[0] =~ m%value="http://test1.example.com/UriTesT"%, 'Found well formatted url' )
|
||||
ok( $res->[2]->[0] =~ m%value="http://test1.example.com/UriTesT"%,
|
||||
'Found well formatted url' )
|
||||
or explain( $res->[2]->[0], 'Well formatted url' );
|
||||
count(2);
|
||||
|
||||
|
@ -196,7 +196,8 @@ count(1);
|
|||
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
|
||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||
ok( $res->[2]->[0] =~ m%value="http://test1.example.com:1234"%, 'Found well formatted url' )
|
||||
ok( $res->[2]->[0] =~ m%value="http://test1.example.com:1234"%,
|
||||
'Found well formatted url' )
|
||||
or explain( $res->[2]->[0], 'Well formatted url' );
|
||||
count(2);
|
||||
|
||||
|
|
|
@ -269,7 +269,8 @@ ok( $res->[2]->[0] =~ m%<td class="text-left">testPrefix_groups</td>%,
|
|||
or explain( $res->[2]->[0], 'testPrefix_groups' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">su</td>%, 'Found su' )
|
||||
or explain( $res->[2]->[0], 'su' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">testPrefix_uid</td>%, 'Found testPrefix_uid' )
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">testPrefix_uid</td>%,
|
||||
'Found testPrefix_uid' )
|
||||
or explain( $res->[2]->[0], 'testPrefix_groups' );
|
||||
ok( $res->[2]->[0] =~ m%<td class="text-left">rtyler</td>%, 'Found rtyler' )
|
||||
or explain( $res->[2]->[0], 'su' );
|
||||
|
|
|
@ -269,11 +269,12 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
|
|||
or print STDERR Dumper($res);
|
||||
|
||||
# Two 2F devices must be registered
|
||||
my @sf = map m%<span device=\'(TOTP|U2F)\' epoch=\'\d{10}\'%g, $res->[2]->[0];
|
||||
my @sf = map m%<span device=\'(TOTP|U2F)\' epoch=\'\d{10}\'%g,
|
||||
$res->[2]->[0];
|
||||
ok( scalar @sf == 2, 'Two 2F devices found' )
|
||||
or print STDERR Dumper($res);
|
||||
ok( $sf[0] eq 'TOTP', 'TOTP device found' ) or print STDERR Dumper( \@sf );
|
||||
ok( $sf[1] eq 'U2F', 'U2F device found' ) or print STDERR Dumper( \@sf );
|
||||
ok( $sf[1] eq 'U2F', 'U2F device found' ) or print STDERR Dumper( \@sf );
|
||||
|
||||
# Unregister TOTP
|
||||
ok( $res->[2]->[0] =~ qr%TOTP.*epoch.*(\d{10})%m, "TOTP epoch $1 found" )
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
use IO::Pipe;
|
||||
use IO::Select;
|
||||
our ( $in, $out ) = ( IO::Pipe->new, IO::Pipe->new );
|
||||
our ( $in, $out ) = ( IO::Pipe->new, IO::Pipe->new );
|
||||
our ( $rin, $rout ) = ( IO::Pipe->new, IO::Pipe->new );
|
||||
my $pid = fork;
|
||||
|
||||
|
@ -38,20 +38,21 @@ $s->add($rin);
|
|||
sub handler {
|
||||
my (%args) = @_;
|
||||
print $in JSON::to_json( $args{req} ) . "\n";
|
||||
while(my @ready = $s->can_read) {
|
||||
while ( my @ready = $s->can_read ) {
|
||||
foreach $fh (@ready) {
|
||||
if($fh == $out) {
|
||||
if ( $fh == $out ) {
|
||||
my $res = <$out>;
|
||||
return JSON::from_json($res);
|
||||
}
|
||||
else {
|
||||
my $res = <$rin>;
|
||||
$res = $args{sub}->(JSON::from_json($res));
|
||||
print $rout JSON::to_json($res)."\n";
|
||||
$res = $args{sub}->( JSON::from_json($res) );
|
||||
print $rout JSON::to_json($res) . "\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
sub end_handler {
|
||||
print $in "END\n";
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue