Merge branch 'v2.0'

2019-09-16 22:58:01 +02:00 · 2019-09-16 22:58:01 +02:00 · f9704e8982
parent 40215168c0 6b7c4bcfa4
commit f9704e8982
89 changed files with 446 additions and 208 deletions
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm
@ -400,18 +400,18 @@ sub getDBConf {
 sub _launch {
    my $self = shift;
    my $sub  = shift;
-    my $res;
+    my @res;
    eval {
        local $SIG{ALRM} = sub { die "TIMEOUT\n" };
        eval {
            alarm( $self->{confTimeout} || 10 );
-            $res = &{ $self->{type} . "::$sub" }( $self, @_ );
+            @res = &{ $self->{type} . "::$sub" }( $self, @_ );
        };
        alarm 0;
        die $@ if $@;
    };
    $msg .= $@ if $@;
-    return $res;
+    return wantarray ? (@res) : $res[0];
 }

 ## @method boolean prereq()
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
@ -24,7 +24,7 @@ use constant MANAGERSECTION  => "manager";
 use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
 use constant APPLYSECTION            => "apply";
 our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustomAddParam|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
-our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?)?|y(?:Deleted|Other))|AjaxHook)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|d(?:isablePersistentStorage|biDynamicHashEnabled|ontCompactConf)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|br(?:owsersDontStorePassword|uteForceProtection)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
+our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?)?|y(?:Deleted|Other))|AjaxHook)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|d(?:isablePersistentStorage|biDynamicHashEnabled|ontCompactConf)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|br(?:owsersDontStorePassword|uteForceProtection)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;

 our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );

--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
@ -54,7 +54,7 @@ our $authParameters = {
  radiusParams => [qw(radiusAuthnLevel radiusSecret radiusServer)],
  remoteParams => [qw(remotePortal remoteCookieName remoteGlobalStorage remoteGlobalStorageOptions)],
  restParams => [qw(restAuthnLevel restAuthUrl restUserDBUrl restPwdConfirmUrl restPwdModifyUrl)],
-  slaveParams => [qw(slaveAuthnLevel slaveExportedVars slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent)],
+  slaveParams => [qw(slaveAuthnLevel slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent slaveDisplayLogo slaveExportedVars)],
  sslParams => [qw(SSLAuthnLevel SSLVar SSLVarIf sslByAjax sslHost)],
  twitterParams => [qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName twitterUserField)],
  webidParams => [qw(webIDAuthnLevel webIDExportedVars webIDWhitelist)],
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm
@ -79,6 +79,7 @@ sub encrypt {
    my ( $self, $data, $low ) = @_;

    # pad $data so that its length be multiple of 16 bytes
+    $data //= '';
    my $l = bytes::length($data) % 16;
    $data .= "\0" x ( 16 - $l ) unless ( $l == 0 );

@ -93,6 +94,7 @@ sub encrypt {
            $iv . $self->_getCipher->set_iv($iv)->encrypt( $hmac . $data ),
            '' );
    };
+
    if ($@) {
        $msg = "Crypt::Rijndael error : $@";
        return undef;
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/JSON.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/JSON.pm
@ -73,7 +73,7 @@ sub deleteNotification {
    foreach my $ref ( keys %$user ) {
        my $json = from_json( $user->{$ref}, { allow_nonref => 1 } );
        $json = [$json] unless ( ref($json) eq 'ARRAY' );
-        
+
        # Browse notification in file
        foreach my $notif (@$json) {

--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm
@ -22,14 +22,12 @@ BEGIN {
 }

 has customFunctions => ( is => 'rw', isa => 'Maybe[Str]' );
-
-has useSafeJail => ( is => 'rw', isa => 'Maybe[Int]' );
-
-has jail => ( is => 'rw' );
-
-has error => ( is => 'rw' );
+has useSafeJail     => ( is => 'rw', isa => 'Maybe[Int]' );
+has jail            => ( is => 'rw' );
+has error           => ( is => 'rw' );

 our $VERSION = '2.1.0';
+our @builtCustomFunctions;

 ## @imethod protected build_jail()
 # Build and return the security jail used to compile rules and headers.
@ -59,9 +57,9 @@ sub build_jail {
        }
    }

-    my @t =
+    @builtCustomFunctions =
      $self->customFunctions ? split( /\s+/, $self->customFunctions ) : ();
-    foreach (@t) {
+    foreach (@builtCustomFunctions) {
        no warnings 'redefine';
        $api->logger->debug("Custom function : $_");
        my $sub = $_;
@ -90,7 +88,7 @@ sub build_jail {
    $self->jail->share_from( 'Lemonldap::NG::Common::Safelib',
        $Lemonldap::NG::Common::Safelib::functions );

-    $self->jail->share_from( __PACKAGE__, [ @t, '&encrypt', '&token' ] );
+    $self->jail->share_from( __PACKAGE__, [ @builtCustomFunctions, '&encrypt', '&token' ] );
    $self->jail->share_from( 'MIME::Base64', ['&encode_base64'] );

    #$self->jail->share_from( 'Lemonldap::NG::Handler::Main', ['$_v'] );
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Try.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Try.pm
@ -8,15 +8,17 @@ our $VERSION = '2.1.0';
 extends 'Lemonldap::NG::Handler::PSGI::Router';

 has 'authRoutes' => (
-    is      => 'rw',
-    isa     => 'HashRef',
-    default => sub { { GET => {}, POST => {}, PUT => {}, DELETE => {} } }
+    is  => 'rw',
+    isa => 'HashRef',
+    default =>
+      sub { { GET => {}, POST => {}, PUT => {}, DELETE => {}, OPTIONS => {} } }
 );

 has 'unAuthRoutes' => (
-    is      => 'rw',
-    isa     => 'HashRef',
-    default => sub { { GET => {}, POST => {}, PUT => {}, DELETE => {} } }
+    is  => 'rw',
+    isa => 'HashRef',
+    default =>
+      sub { { GET => {}, POST => {}, PUT => {}, DELETE => {}, OPTIONS => {} } }
 );

 sub addRoute {
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@ -7,8 +7,13 @@ sub perlExpr {
    my ( $val, $conf ) = @_;
    my $cpt = 'Safe'->new;
    $cpt->share_from( 'MIME::Base64', ['&encode_base64'] );
-    $cpt->share_from( 'Lemonldap::NG::Handler::Main::Jail',
-        [ '&encrypt', '&token' ] );
+    $cpt->share_from(
+        'Lemonldap::NG::Handler::Main::Jail',
+        [
+            '&encrypt', '&token',
+            @Lemonldap::NG::Handler::Main::Jail::builtCustomFunctions
+        ]
+    );
    $cpt->share_from( 'Lemonldap::NG::Common::Safelib',
        $Lemonldap::NG::Common::Safelib::functions );
    $cpt->reval("BEGIN { 'warnings'->unimport; } $val");
@ -3403,6 +3408,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
            'default' => 2,
            'type'    => 'int'
        },
+        'slaveDisplayLogo' => {
+            'default' => 0,
+            'type'    => 'bool'
+        },
        'slaveExportedVars' => {
            'default'    => {},
            'keyMsgFail' => '__badVariableName__',
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@ -14,8 +14,13 @@ sub perlExpr {
    my ( $val, $conf ) = @_;
    my $cpt = new Safe;
    $cpt->share_from( 'MIME::Base64', ['&encode_base64'] );
-    $cpt->share_from( 'Lemonldap::NG::Handler::Main::Jail',
-        [ '&encrypt', '&token' ] );
+    $cpt->share_from(
+        'Lemonldap::NG::Handler::Main::Jail',
+        [
+            '&encrypt', '&token',
+            @Lemonldap::NG::Handler::Main::Jail::builtCustomFunctions
+        ]
+    );
    $cpt->share_from( 'Lemonldap::NG::Common::Safelib',
        $Lemonldap::NG::Common::Safelib::functions );
    $cpt->reval("BEGIN { 'warnings'->unimport; } $val");
@ -3338,6 +3343,11 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
        },
        slaveHeaderName    => { type => 'text', },
        slaveHeaderContent => { type => 'text', },
+        slaveDisplayLogo   => {
+            type          => 'bool',
+            default       => 0,
+            documentation => 'Display Slave authentication logo',
+        },

        # Choice
        authChoiceParam => {
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
@ -398,9 +398,10 @@ sub tree {
                            title => 'slaveParams',
                            help  => 'authslave.html',
                            nodes => [
-                                'slaveAuthnLevel', 'slaveExportedVars',
-                                'slaveUserHeader', 'slaveMasterIP',
-                                'slaveHeaderName', 'slaveHeaderContent'
+                                'slaveAuthnLevel',    'slaveUserHeader',
+                                'slaveMasterIP',      'slaveHeaderName',
+                                'slaveHeaderContent', 'slaveDisplayLogo',
+                                'slaveExportedVars',
                            ]
                        },
                        {
--- a/lemonldap-ng-manager/site/htdocs/static/js/sessions.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/sessions.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8

 /*
 * Sessions explorer
--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@ -792,6 +792,7 @@
 "singleSessionUserByIP":"جلسة واحدة بواسطة عنوان الآي بي",
 "skipRenewConfirmation":"Skip re-auth confirmation",
 "slaveAuthnLevel":"مستوى إثبات الهوية",
+"slaveDisplayLogo":"Display authentication logo",
 "slaveExportedVars":"المتغيرات المصدرة",
 "slaveMasterIP":"عنوان آي بي  الماستر",
 "slaveParams":"معاييرالتابع",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json
@ -791,6 +791,7 @@
 "singleSessionUserByIP":"One session by IP address",
 "skipRenewConfirmation":"Skip re-auth confirmation",
 "slaveAuthnLevel":"Authentication level",
+"slaveDisplayLogo":"Display authentication logo",
 "slaveExportedVars":"Exported variables",
 "slaveMasterIP":"Master's IP address",
 "slaveParams":"Slave parameters",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@ -791,6 +791,7 @@
 "singleSessionUserByIP":"One session by IP address",
 "skipRenewConfirmation":"Skip re-auth confirmation",
 "slaveAuthnLevel":"Authentication level",
+"slaveDisplayLogo":"Display authentication logo",
 "slaveExportedVars":"Exported variables",
 "slaveMasterIP":"Master's IP address",
 "slaveParams":"Slave parameters",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@ -791,6 +791,7 @@
 "singleSessionUserByIP":"Une seule session par IP",
 "skipRenewConfirmation":"Éviter la confirmation de ré-authentification",
 "slaveAuthnLevel":"Niveau d'authentification",
+"slaveDisplayLogo":"Afficher le logo d'authentification",
 "slaveExportedVars":"Variables exportées",
 "slaveMasterIP":"IP accréditées",
 "slaveParams":"Paramètres Slave",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@ -791,6 +791,7 @@
 "singleSessionUserByIP":"Una sessione per indirizzo IP",
 "skipRenewConfirmation":"Salta la conferma di re-auth",
 "slaveAuthnLevel":"Livello di autenticazione",
+"slaveDisplayLogo":"Display authentication logo",
 "slaveExportedVars":"Variabili esportate",
 "slaveMasterIP":"Indirizzo IP del master",
 "slaveParams":"Parametri di slave",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@ -791,6 +791,7 @@
 "singleSessionUserByIP":"Một phiên theo địa chỉ IP",
 "skipRenewConfirmation":"Skip re-auth confirmation",
 "slaveAuthnLevel":"Mức xác thực",
+"slaveDisplayLogo":"Display authentication logo",
 "slaveExportedVars":"Biến đã được xuất",
 "slaveMasterIP":"Địa chỉ IP của Master",
 "slaveParams":"Tham số Slave",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
@ -791,6 +791,7 @@
 "singleSessionUserByIP":"One session by IP address",
 "skipRenewConfirmation":"Skip re-auth confirmation",
 "slaveAuthnLevel":"认证等级",
+"slaveDisplayLogo":"Display authentication logo",
 "slaveExportedVars":"Exported variables",
 "slaveMasterIP":"Master's IP address",
 "slaveParams":"Slave parameters",
--- a/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
+++ b/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
--- a/lemonldap-ng-manager/site/htdocs/static/struct.json
+++ b/lemonldap-ng-manager/site/htdocs/static/struct.json
--- a/lemonldap-ng-manager/t/11-save-changed-conf-with-confirmation.t
+++ b/lemonldap-ng-manager/t/11-save-changed-conf-with-confirmation.t
@ -76,24 +76,24 @@ while ( my $c = shift @{ $resBody->{details}->{__changes__} } ) {
    my $cmp1 = @changes;
    my $cmp2 = @cmsg;

-    my @d1 = grep { $_->{key} eq $c->{key} } @changes;
-    my @d2 = grep { $_->{key} eq $c->{key} } @cmsg;
-    @changes = grep { $_->{key} ne $c->{key} } @changes;
-    @cmsg    = grep { $_->{key} ne $c->{key} } @cmsg;
-    if ( $c->{key} eq 'applicationList' ) {
+    @changes = grep { ( $_->{key} || '' ) ne ( $c->{key} || '' ) } @changes;
+    @cmsg    = grep { ( $_->{key} || '' ) ne ( $c->{key} || '' ) } @cmsg;
+    if ( $c->{key} and $c->{key} eq 'applicationList' ) {
        pass qq("$c->{key}" found);
+        count(1);
    }
-    else {
+    elsif ( $c->{key} ) {
        ok( ( $cmp1 - @changes ) == ( $cmp2 - @cmsg ), qq("$c->{key}" found) )
          or print STDERR 'Expect: '
          . ( $cmp1 - @changes )
          . ', got: '
          . ( $cmp2 - @cmsg )
-          . "\nExpect: "
-          . Dumper( \@d1 ) . "Got: "
-          . Dumper( \@d2 );
+          . "\nChanges "
+          . Dumper( \@changes )
+          . "Cmsg: "
+          . Dumper( \@cmsg );
+        count(1);
    }
-    count(1);
 }
 ok( !@changes, 'All changes detected' ) or $bug = 1;

--- a/lemonldap-ng-manager/t/12-save-changed-conf.t
+++ b/lemonldap-ng-manager/t/12-save-changed-conf.t
@ -20,7 +20,7 @@ mkdir 't/sessions';
 my ( $res, $resBody );
 ok( $res = &client->_post( '/confs/', 'cfgNum=1', &body, 'application/json' ),
    "Request succeed" );
-ok( $res->[0] == 200, "Result code is 200" );
+ok( $res->[0] == 200,                       "Result code is 200" );
 ok( $resBody = from_json( $res->[2]->[0] ), "Result body contains JSON text" );
 ok( $resBody->{result} == 1, "JSON response contains \"result:1\"" )
  or print STDERR Dumper($resBody);
@ -54,24 +54,24 @@ while ( my $c = shift @{ $resBody->{details}->{__changes__} } ) {
    my $cmp1 = @changes;
    my $cmp2 = @cmsg;

-    my @d1 = grep { $_->{key} eq $c->{key} } @changes;
-    my @d2 = grep { $_->{key} eq $c->{key} } @cmsg;
-    @changes = grep { $_->{key} ne $c->{key} } @changes;
-    @cmsg    = grep { $_->{key} ne $c->{key} } @cmsg;
-    if ( $c->{key} eq 'applicationList' ) {
+    @changes = grep { ( $_->{key} || '' ) ne ( $c->{key} || '' ) } @changes;
+    @cmsg    = grep { ( $_->{key} || '' ) ne ( $c->{key} || '' ) } @cmsg;
+    if ( $c->{key} and $c->{key} eq 'applicationList' ) {
        pass qq("$c->{key}" found);
+        count(1);
    }
-    else {
+    elsif ( $c->{key} ) {
        ok( ( $cmp1 - @changes ) == ( $cmp2 - @cmsg ), qq("$c->{key}" found) )
          or print STDERR 'Expect: '
          . ( $cmp1 - @changes )
          . ', got: '
          . ( $cmp2 - @cmsg )
-          . "\nExpect: "
-          . Dumper( \@d1 ) . "Got: "
-          . Dumper( \@d2 );
+          . "\nChanges "
+          . Dumper( \@changes )
+          . "Cmsg: "
+          . Dumper( \@cmsg );
+        count(1);
    }
-    count(1);
 }
 ok( !@changes, 'All changes detected' ) or $bug = 1;

@ -82,8 +82,6 @@ if ($bug) {
      . Dumper( \@cmsg );
 }

-#print STDERR Dumper(\@changes,\@cmsg);
-
 count(6);

 # TODO: check result of this
@ -98,6 +96,11 @@ ok( @c2 == 14, '14 keys changed or created in conf 2' )

 count(5);

+ok( $res = &client->jsonResponse('/confs/latest'),
+    'Get last config metadata' );
+ok( $res->{prev} == 1, ' Get previous configuration' );
+count(2);
+
 unlink $confFiles->[1];

 #eval { rmdir 't/sessions'; };
@ -107,7 +110,8 @@ done_testing( count() );
 `rm -rf t/sessions`;

 sub changes {
-    return [ {
+    return [
+        {
            'key' => 'portal',
            'new' => 'http://auth2.example.com/',
            'old' => 'http://auth.example.com/'
@ -227,7 +231,7 @@ sub changes {
        },
        {
            'confCompacted' => '1',
-            'removedKeys' => 'some; keys'
+            'removedKeys'   => 'some; keys'
        }
    ];
 }
--- a/lemonldap-ng-manager/t/71-viewer-with-no-diff.t
+++ b/lemonldap-ng-manager/t/71-viewer-with-no-diff.t
@ -43,7 +43,7 @@ foreach my $i ( 0 .. 1 ) {
 count(2);

 # Test that Conf key value is sent
-my $res = $client2->jsonResponse('/view/2/portalDisplayOidcConsents');
+$res = $client2->jsonResponse('/view/2/portalDisplayOidcConsents');
 ok( $res->{value} eq '$_oidcConnectedRP', 'Key found' )
  or print STDERR Dumper($res);
 count(1);
@ -55,7 +55,7 @@ ok( $res->{value} eq '_Hidden_', 'Key is hidden' )
 count(1);

 # Browse confs is forbidden
-my $res = $client2->jsonResponse('/view/2');
+$res = $client2->jsonResponse('/view/2');
 ok( $res->{value} eq '_Hidden_', 'Key is hidden' )
  or print STDERR Dumper($res);
 count(1);
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@ -462,7 +462,8 @@ t/22-Auth-and-password-AD.t
 t/23-Auth-and-password-REST.t
 t/24-AuthApache.t
 t/24-AuthKerberos.t
-t/25-AuthSlave.t
+t/25-AuthSlave-with-Choice.t
+t/25-AuthSlave-with-Credentials.t
 t/26-AuthRemote.t
 t/27-AuthProxy.t
 t/28-AuthChoice-and-password.t
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
@ -83,6 +83,9 @@ sub extractFormInfo {
    # Local URL
    my $local_url = $self->p->fullUrl($req);

+    # Remove cancel parameter
+    $local_url =~ s/cancel=1&?//;
+
    # Catch proxy callback
    if ( $req->param('casProxy') ) {
        $self->logger->debug("CAS: Proxy callback detected");
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Slave.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Slave.pm
@ -23,6 +23,11 @@ sub extractFormInfo {
    return PE_FORBIDDENIP
      unless ( $self->checkIP($req) and $self->checkHeader($req) );

+    unless ( $self->conf->{slaveUserHeader} ) {
+        $self->logger->debug('slaveUserHeader is undefined');
+        return PE_USERNOTFOUND;
+    }
+
    my $user_header = $self->conf->{slaveUserHeader};
    $user_header = 'HTTP_' . uc($user_header);
    $user_header =~ s/\-/_/g;
@ -47,7 +52,8 @@ sub setAuthSessionInfo {
 }

 sub getDisplayType {
-    return "logo";
+    my ($self) = @_;
+    return ( $self->{conf}->{slaveDisplayLogo} ? "logo" : "_none_" );
 }

 sub authLogout {
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
@ -2216,6 +2216,7 @@ sub getNameIDFormat {
 sub getHttpMethod {
    my ( $self, $method ) = @_;

+    $method ||= '';
    return Lasso::Constants::HTTP_METHOD_POST
      if ( $method =~ /^(http)?[-_]?post$/i );
    return Lasso::Constants::HTTP_METHOD_REDIRECT
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Slave.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Slave.pm
@ -34,8 +34,15 @@ sub checkHeader {
    return 1
      unless ( $self->conf->{slaveHeaderName}
        and $self->conf->{slaveHeaderContent} );
-    my $headerContent = $req->{ $self->conf->{slaveHeaderName} };
-    return 1 if ( $self->conf->{slaveHeaderContent} =~ /\b$headerContent\b/ );
+
+    my $slave_header = 'HTTP_' . uc( $self->{conf}->{slaveHeaderName} );
+    $slave_header =~ s/\-/_/g;
+    my $headerContent = $req->env->{$slave_header};
+    $self->logger->debug("Required Slave header => $self->{conf}->{slaveHeaderName}");
+    $self->logger->debug("Received Slave header content => $headerContent");
+    return 1
+      if (  $headerContent
+        and $self->conf->{slaveHeaderContent} =~ /\b$headerContent\b/ );

    $self->userLogger->warn('Matching header not found for Slave module ');
    return 0;
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
@ -157,6 +157,9 @@ sub init {
      # Refresh session
      ->addAuthRoute( refresh => 'refresh', ['GET'] )

+      ->addAuthRoute( '*' => 'corsPreflight', ['OPTIONS'] )
+      ->addUnauthRoute( '*' => 'corsPreflight', ['OPTIONS'] )
+
      # Logout
      ->addAuthRoute( logout => 'logout', ['GET'] );

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@ -268,7 +268,12 @@ sub do {
                {
                    result => 1,
                    error  => $err,
-                    id     => $req->id
+                    id     => $req->id,
+                    (
+                        $req->sessionInfo->{_httpSession}
+                        ? ( id_http => $req->sessionInfo->{_httpSession} )
+                        : ()
+                    )
                }
            );
        }
@ -1007,7 +1012,7 @@ sub registerLogin {
    }

    my $history = $req->sessionInfo->{_loginHistory} ||= {};
-    my $type    = ( $req->authResult > 0 ? 'failed' : 'success' ) . 'Login';
+    my $type = ( $req->authResult > 0 ? 'failed' : 'success' ) . 'Login';
    $history->{$type} ||= [];
    $self->logger->debug("Current login saved into $type");

@ -1047,6 +1052,30 @@ sub _sumUpSession {
    return $res;
 }

+sub corsPreflight {
+    my ( $self, $req ) = @_;
+    my @headers;
+    if ( $self->conf->{corsEnabled} ) {
+        my @cors = split /;/, $self->cors;
+        push @headers, @cors;
+        $self->logger->debug('Apply following CORS policy :');
+        $self->logger->debug(" $_") for @cors;
+    }
+    return [ 204, \@headers, [] ];
+}
+
+sub sendJSONresponse {
+    my ( $self, $req, $j, %args ) = @_;
+    my $res = Lemonldap::NG::Common::PSGI::sendJSONresponse(@_);
+    if ( $self->conf->{corsEnabled} ) {
+        my @cors = split /;/, $self->cors;
+        push @{ $res->[1] }, @cors;
+        $self->logger->debug('Apply following CORS policy :');
+        $self->logger->debug(" $_") for @cors;
+    }
+    return $res;
+}
+
 # Temlate loader
 sub loadTemplate {
    my ( $self, $req, $name, %prm ) = @_;
--- a/lemonldap-ng-portal/site/coffee/portal.coffee
+++ b/lemonldap-ng-portal/site/coffee/portal.coffee
@ -223,7 +223,8 @@ setCookie = (name, value, exdays) ->

 # Initialization
 datas = {}
-$(document).ready ->
+#$(document).ready ->
+$(window).on 'load', () ->
 	# Get application/init variables
 	datas = getValues()
 	# Export datas for other scripts
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8

 /*
 LemonLDAP::NG 2F registration script
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.min.js
@ -1,2 +1 @@
-(function(){var e,r,t;t=function(e,r){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning alert-success alert-warning"),$("#color").addClass("message-"+r),"positive"===r&&(r="success"),$("#color").addClass("alert-"+r)},r=function(e,r,n){var o;if(console.log("Error",n),(o=JSON.parse(e.responseText))&&o.error)return o=o.error.replace(/.* /,""),console.log("Returned error",o),o.match(/module/)?t("notAuthorized","warning"):t(o,"warning")},e=function(e,n){return"U2F"===e?e="u":"UBK"===e?e="yubikey":"TOTP"===e?e="totp":t("u2fFailed","warning"),$.ajax({type:"POST",url:portal+"2fregisters/"+e+"/delete",data:{epoch:n},dataType:"json",error:r,success:function(e){return e.error?e.error.match(/notAuthorized/)?t("notAuthorized","warning"):t("unknownAction","warning"):e.result?($("#delete-"+n).hide(),t("yourKeyIsUnregistered","positive")):void 0},error:r})},$(document).ready(function(){return $("body").on("click",".btn-danger",function(){return e($(this).attr("device"),$(this).attr("epoch"))}),$("#goback").attr("href",portal),$(".data-epoch").each(function(){var e;return e=new Date(1e3*$(this).text()),$(this).text(e.toLocaleString())})})}).call(this);
-//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.min.js.map
+(function(){var e,t,o;o=function(e,r){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning alert-success alert-warning"),$("#color").addClass("message-"+r),"positive"===r&&(r="success"),$("#color").addClass("alert-"+r)},t=function(e,r,t){var n;if(console.log("Error",t),(n=JSON.parse(e.responseText))&&n.error)return n=n.error.replace(/.* /,""),console.log("Returned error",n),n.match(/module/)?o("notAuthorized","warning"):o(n,"warning")},e=function(e,r){return"U2F"===e?e="u":"UBK"===e?e="yubikey":"TOTP"===e?e="totp":o("u2fFailed","warning"),$.ajax({type:"POST",url:portal+"2fregisters/"+e+"/delete",data:{epoch:r},dataType:"json",error:t,success:function(e){return e.error?e.error.match(/notAuthorized/)?o("notAuthorized","warning"):o("unknownAction","warning"):e.result?($("#delete-"+r).hide(),o("yourKeyIsUnregistered","positive")):void 0},error:t})},$(document).ready(function(){return $("body").on("click",".btn-danger",function(){return e($(this).attr("device"),$(this).attr("epoch"))}),$("#goback").attr("href",portal),$(".data-epoch").each(function(){var e;return e=new Date(1e3*$(this).text()),$(this).text(e.toLocaleString())})})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.js"],"names":["delete2F","displayError","setMsg","msg","level","$","html","window","translate","removeClass","addClass","j","status","err","res","console","log","JSON","parse","responseText","error","replace","match","device","epoch","ajax","type","url","portal","data","dataType","success","resp","result","hide","document","ready","on","this","attr","each","myDate","Date","text","toLocaleString","call"],"mappings":"CAMA,WACE,GAAIA,GAAUC,EAAcC,CAE5BA,GAAS,SAASC,EAAKC,GAOrB,MANAC,GAAE,QAAQC,KAAKC,OAAOC,UAAUL,IAChCE,EAAE,UAAUI,YAAY,gEACxBJ,EAAE,UAAUK,SAAS,WAAaN,GACpB,aAAVA,IACFA,EAAQ,WAEHC,EAAE,UAAUK,SAAS,SAAWN,IAGzCH,EAAe,SAASU,EAAGC,EAAQC,GACjC,GAAIC,EAGJ,IAFAC,QAAQC,IAAI,QAASH,IACrBC,EAAMG,KAAKC,MAAMP,EAAEQ,gBACRL,EAAIM,MAGb,MAFAN,GAAMA,EAAIM,MAAMC,QAAQ,MAAO,IAC/BN,QAAQC,IAAI,iBAAkBF,GAC1BA,EAAIQ,MAAM,UACLpB,EAAO,gBAAiB,WAExBA,EAAOY,EAAK,YAKzBd,EAAW,SAASuB,EAAQC,GAU1B,MATe,QAAXD,EACFA,EAAS,IACW,QAAXA,EACTA,EAAS,UACW,SAAXA,EACTA,EAAS,OAETrB,EAAO,YAAa,WAEfG,EAAEoB,MACPC,KAAM,OACNC,IAAKC,OAAS,eAAiBL,EAAS,UACxCM,MACEL,MAAOA,GAETM,SAAU,OACVV,MAAOnB,EACP8B,QAAS,SAASC,GAChB,MAAIA,GAAKZ,MACHY,EAAKZ,MAAME,MAAM,iBACZpB,EAAO,gBAAiB,WAExBA,EAAO,gBAAiB,WAExB8B,EAAKC,QACd5B,EAAE,WAAamB,GAAOU,OACfhC,EAAO,wBAAyB,iBAFlC,IAKTkB,MAAOnB,KAIXI,EAAE8B,UAAUC,MAAM,WAKhB,MAJA/B,GAAE,QAAQgC,GAAG,QAAS,cAAe,WACnC,MAAOrC,GAASK,EAAEiC,MAAMC,KAAK,UAAWlC,EAAEiC,MAAMC,KAAK,YAEvDlC,EAAE,WAAWkC,KAAK,OAAQX,QACnBvB,EAAE,eAAemC,KAAK,WAC3B,GAAIC,EAEJ,OADAA,GAAS,GAAIC,MAAsB,IAAjBrC,EAAEiC,MAAMK,QACnBtC,EAAEiC,MAAMK,KAAKF,EAAOG,wBAI9BC,KAAKP","file":"lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.min.js"}
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/2fregistration.js"],"names":["delete2F","displayError","setMsg","msg","level","$","html","window","translate","removeClass","addClass","j","status","err","res","console","log","JSON","parse","responseText","error","replace","match","device","epoch","ajax","type","url","portal","data","dataType","success","resp","result","hide","document","ready","on","this","attr","each","myDate","Date","text","toLocaleString","call"],"mappings":"CAMA,WACE,IAAIA,EAAUC,EAAcC,EAE5BA,EAAS,SAASC,EAAKC,GAOrB,OANAC,EAAE,QAAQC,KAAKC,OAAOC,UAAUL,IAChCE,EAAE,UAAUI,YAAY,gEACxBJ,EAAE,UAAUK,SAAS,WAAaN,GACpB,aAAVA,IACFA,EAAQ,WAEHC,EAAE,UAAUK,SAAS,SAAWN,IAGzCH,EAAe,SAASU,EAAGC,EAAQC,GACjC,IAAIC,EAGJ,GAFAC,QAAQC,IAAI,QAASH,IACrBC,EAAMG,KAAKC,MAAMP,EAAEQ,gBACRL,EAAIM,MAGb,OAFAN,EAAMA,EAAIM,MAAMC,QAAQ,MAAO,IAC/BN,QAAQC,IAAI,iBAAkBF,GAC1BA,EAAIQ,MAAM,UACLpB,EAAO,gBAAiB,WAExBA,EAAOY,EAAK,YAKzBd,EAAW,SAASuB,EAAQC,GAU1B,MATe,QAAXD,EACFA,EAAS,IACW,QAAXA,EACTA,EAAS,UACW,SAAXA,EACTA,EAAS,OAETrB,EAAO,YAAa,WAEfG,EAAEoB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,eAAiBL,EAAS,UACxCM,KAAM,CACJL,MAAOA,GAETM,SAAU,OACVV,MAAOnB,EACP8B,QAAS,SAASC,GAChB,OAAIA,EAAKZ,MACHY,EAAKZ,MAAME,MAAM,iBACZpB,EAAO,gBAAiB,WAExBA,EAAO,gBAAiB,WAExB8B,EAAKC,QACd5B,EAAE,WAAamB,GAAOU,OACfhC,EAAO,wBAAyB,kBAFlC,GAKTkB,MAAOnB,KAIXI,EAAE8B,UAAUC,MAAM,WAKhB,OAJA/B,EAAE,QAAQgC,GAAG,QAAS,cAAe,WACnC,OAAOrC,EAASK,EAAEiC,MAAMC,KAAK,UAAWlC,EAAEiC,MAAMC,KAAK,YAEvDlC,EAAE,WAAWkC,KAAK,OAAQX,QACnBvB,EAAE,eAAemC,KAAK,WAC3B,IAAIC,EAEJ,OADAA,EAAS,IAAIC,KAAsB,IAAjBrC,EAAEiC,MAAMK,QACnBtC,EAAEiC,MAAMK,KAAKF,EAAOG,wBAI9BC,KAAKP"}
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8
 (function() {
  $(document).ready(function() {
    return $('#upgrd').submit();
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.min.js
@ -1,2 +1 @@
-(function(){$(document).ready(function(){return $("#upgrd").submit()})}).call(this);
-//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.min.js.map
+(function(){$(document).ready(function(){return $("#upgrd").submit()})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.js"],"names":["$","document","ready","submit","call","this"],"mappings":"CACA,WACEA,EAAEC,UAAUC,MAAM,WAChB,MAAOF,GAAE,UAAUG,aAGpBC,KAAKC","file":"lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.min.js"}
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.js"],"names":["$","document","ready","submit","call","this"],"mappings":"CACA,WACEA,EAAEC,UAAUC,MAAM,WAChB,OAAOF,EAAE,UAAUG,aAGpBC,KAAKC"}
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8
 (function() {
  var go, i, timer, timerIsEnabled;

--- a/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.min.js
@ -1,2 +1 @@
-(function(){var t,e,r,i;e=5,i=0,t=function(){if(i)return $("#form").submit()},r=function(){var t;if(t=$("#timer").html())return i=1,e>0&&e--,t=t.replace(/\d+/,e),$("#timer").html(t),setTimeout(r,1e3)},$(document).ready(function(){return setTimeout(t,3e4),setTimeout(r,1e3),$("#refuse").on("click",function(){return $("#confirm").attr("value",$(this).attr("val"))})})}).call(this);
-//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/confirm.min.js.map
+(function(){var t,e,r,i;e=5,i=0,t=function(){if(i)return $("#form").submit()},r=function(){var t;if(t=$("#timer").html())return i=1,0<e&&e--,t=t.replace(/\d+/,e),$("#timer").html(t),setTimeout(r,1e3)},$(document).ready(function(){return setTimeout(t,3e4),setTimeout(r,1e3),$("#refuse").on("click",function(){return $("#confirm").attr("value",$(this).attr("val"))})})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/confirm.js"],"names":["go","i","timer","timerIsEnabled","$","submit","h","html","replace","setTimeout","document","ready","on","attr","this","call"],"mappings":"CACA,WACE,GAAIA,GAAIC,EAAGC,EAAOC,CAElBF,GAAI,EAEJE,EAAiB,EAEjBH,EAAK,WACH,GAAIG,EACF,MAAOC,GAAE,SAASC,UAItBH,EAAQ,WACN,GAAII,EAEJ,IADAA,EAAIF,EAAE,UAAUG,OAQd,MANAJ,GAAiB,EACbF,EAAI,GACNA,IAEFK,EAAIA,EAAEE,QAAQ,MAAOP,GACrBG,EAAE,UAAUG,KAAKD,GACVG,WAAWP,EAAO,MAI7BE,EAAEM,UAAUC,MAAM,WAGhB,MAFAF,YAAWT,EAAI,KACfS,WAAWP,EAAO,KACXE,EAAE,WAAWQ,GAAG,QAAS,WAC9B,MAAOR,GAAE,YAAYS,KAAK,QAAST,EAAEU,MAAMD,KAAK,cAInDE,KAAKD","file":"lemonldap-ng-portal/site/htdocs/static/common/js/confirm.min.js"}
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/confirm.js"],"names":["go","i","timer","timerIsEnabled","$","submit","h","html","replace","setTimeout","document","ready","on","attr","this","call"],"mappings":"CACA,WACE,IAAIA,EAAIC,EAAGC,EAAOC,EAElBF,EAAI,EAEJE,EAAiB,EAEjBH,EAAK,WACH,GAAIG,EACF,OAAOC,EAAE,SAASC,UAItBH,EAAQ,WACN,IAAII,EAEJ,GADAA,EAAIF,EAAE,UAAUG,OAQd,OANAJ,EAAiB,EACT,EAAJF,GACFA,IAEFK,EAAIA,EAAEE,QAAQ,MAAOP,GACrBG,EAAE,UAAUG,KAAKD,GACVG,WAAWP,EAAO,MAI7BE,EAAEM,UAAUC,MAAM,WAGhB,OAFAF,WAAWT,EAAI,KACfS,WAAWP,EAAO,KACXE,EAAE,WAAWQ,GAAG,QAAS,WAC9B,OAAOR,EAAE,YAAYS,KAAK,QAAST,EAAEU,MAAMD,KAAK,cAInDE,KAAKD"}
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/favapps.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/favapps.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8

 /*
 LemonLDAP::NG Favorite Applications script
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/favapps.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/favapps.min.js
@ -1,2 +1 @@
-(function(){var r,o,t;r=function(r){return $.ajax({type:"POST",url:portal+"favapps",data:{id:r.attr("aid"),uri:r.attr("uri"),name:r.attr("name"),logo:r.attr("logo"),desc:r.attr("desc")},dataType:"json",success:function(o){return o.error?(console.log("Max number reached"),t(r,0)):0===o.error?(console.log("Not authorized"),t(r,0)):o.result?(console.log("App. registered"),t(r,1)):(console.log("App. unregistered"),t(r,0))},error:t(r,"0")})},o=function(){return $.ajax({type:"DELETE",url:portal+"favapps",success:function(r){return r.result?(console.log("Favorite Apps. reset"),window.location.reload()):console.log("Error")}})},t=function(r,o){return r.attr("src",window.staticPrefix+"common/icons/star"+o+".png")},$(document).ready(function(){return $("body").on("click",".star",function(){return r($(this))}),$("#reset").on("click",function(){return o()})})}).call(this);
-//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/favapps.min.js.map
+(function(){var r,o,t;r=function(o){return $.ajax({type:"POST",url:portal+"favapps",data:{id:o.attr("aid"),uri:o.attr("uri"),name:o.attr("name"),logo:o.attr("logo"),desc:o.attr("desc")},dataType:"json",success:function(r){return r.error?(console.log("Max number reached"),t(o,0)):0===r.error?(console.log("Not authorized"),t(o,0)):r.result?(console.log("App. registered"),t(o,1)):(console.log("App. unregistered"),t(o,0))},error:t(o,"0")})},o=function(){return $.ajax({type:"DELETE",url:portal+"favapps",success:function(r){return r.result?(console.log("Favorite Apps. reset"),window.location.reload()):console.log("Error")}})},t=function(r,o){return r.attr("src",window.staticPrefix+"common/icons/star"+o+".png")},$(document).ready(function(){return $("body").on("click",".star",function(){return r($(this))}),$("#reset").on("click",function(){return o()})})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/favapps.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/favapps.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/favapps.js"],"names":["FavApps","ResetFavApps","switchStar","star","$","ajax","type","url","portal","data","id","attr","uri","name","logo","desc","dataType","success","resp","error","console","log","result","window","location","reload","status","staticPrefix","document","ready","on","this","call"],"mappings":"CAMA,WACE,GAAIA,GAASC,EAAcC,CAE3BF,GAAU,SAASG,GACjB,MAAOC,GAAEC,MACPC,KAAM,OACNC,IAAKC,OAAS,UACdC,MACEC,GAAIP,EAAKQ,KAAK,OACdC,IAAKT,EAAKQ,KAAK,OACfE,KAAMV,EAAKQ,KAAK,QAChBG,KAAMX,EAAKQ,KAAK,QAChBI,KAAMZ,EAAKQ,KAAK,SAElBK,SAAU,OACVC,QAAS,SAASC,GAChB,MAAIA,GAAKC,OACPC,QAAQC,IAAI,sBACLnB,EAAWC,EAAM,IACA,IAAfe,EAAKC,OACdC,QAAQC,IAAI,kBACLnB,EAAWC,EAAM,IACfe,EAAKI,QACdF,QAAQC,IAAI,mBACLnB,EAAWC,EAAM,KAExBiB,QAAQC,IAAI,qBACLnB,EAAWC,EAAM,KAG5BgB,MAAOjB,EAAWC,EAAM,QAI5BF,EAAe,WACb,MAAOG,GAAEC,MACPC,KAAM,SACNC,IAAKC,OAAS,UACdS,QAAS,SAASC,GAChB,MAAIA,GAAKI,QACPF,QAAQC,IAAI,wBACLE,OAAOC,SAASC,UAEhBL,QAAQC,IAAI,aAM3BnB,EAAa,SAASC,EAAMuB,GAC1B,MAAOvB,GAAKQ,KAAK,MAAOY,OAAOI,aAAe,oBAAsBD,EAAS,SAG/EtB,EAAEwB,UAAUC,MAAM,WAIhB,MAHAzB,GAAE,QAAQ0B,GAAG,QAAS,QAAS,WAC7B,MAAO9B,GAAQI,EAAE2B,SAEZ3B,EAAE,UAAU0B,GAAG,QAAS,WAC7B,MAAO7B,WAIV+B,KAAKD","file":"lemonldap-ng-portal/site/htdocs/static/common/js/favapps.min.js"}
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/favapps.js"],"names":["FavApps","ResetFavApps","switchStar","star","$","ajax","type","url","portal","data","id","attr","uri","name","logo","desc","dataType","success","resp","error","console","log","result","window","location","reload","status","staticPrefix","document","ready","on","this","call"],"mappings":"CAMA,WACE,IAAIA,EAASC,EAAcC,EAE3BF,EAAU,SAASG,GACjB,OAAOC,EAAEC,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,UACdC,KAAM,CACJC,GAAIP,EAAKQ,KAAK,OACdC,IAAKT,EAAKQ,KAAK,OACfE,KAAMV,EAAKQ,KAAK,QAChBG,KAAMX,EAAKQ,KAAK,QAChBI,KAAMZ,EAAKQ,KAAK,SAElBK,SAAU,OACVC,QAAS,SAASC,GAChB,OAAIA,EAAKC,OACPC,QAAQC,IAAI,sBACLnB,EAAWC,EAAM,IACA,IAAfe,EAAKC,OACdC,QAAQC,IAAI,kBACLnB,EAAWC,EAAM,IACfe,EAAKI,QACdF,QAAQC,IAAI,mBACLnB,EAAWC,EAAM,KAExBiB,QAAQC,IAAI,qBACLnB,EAAWC,EAAM,KAG5BgB,MAAOjB,EAAWC,EAAM,QAI5BF,EAAe,WACb,OAAOG,EAAEC,KAAK,CACZC,KAAM,SACNC,IAAKC,OAAS,UACdS,QAAS,SAASC,GAChB,OAAIA,EAAKI,QACPF,QAAQC,IAAI,wBACLE,OAAOC,SAASC,UAEhBL,QAAQC,IAAI,aAM3BnB,EAAa,SAASC,EAAMuB,GAC1B,OAAOvB,EAAKQ,KAAK,MAAOY,OAAOI,aAAe,oBAAsBD,EAAS,SAG/EtB,EAAEwB,UAAUC,MAAM,WAIhB,OAHAzB,EAAE,QAAQ0B,GAAG,QAAS,QAAS,WAC7B,OAAO9B,EAAQI,EAAE2B,SAEZ3B,EAAE,UAAU0B,GAAG,QAAS,WAC7B,OAAO7B,UAIV+B,KAAKD"}
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8
 (function() {
  $(document).ready(function() {
    return $(".idploop").on('click', function() {
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.min.js
@ -1,2 +1 @@
-(function(){$(document).ready(function(){return $(".idploop").on("click",function(){return $("#idp").val($(this).attr("val"))})})}).call(this);
-//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.min.js.map
+(function(){$(document).ready(function(){return $(".idploop").on("click",function(){return $("#idp").val($(this).attr("val"))})})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.js"],"names":["$","document","ready","on","val","this","attr","call"],"mappings":"CACA,WACEA,EAAEC,UAAUC,MAAM,WAChB,MAAOF,GAAE,YAAYG,GAAG,QAAS,WAC/B,MAAOH,GAAE,QAAQI,IAAIJ,EAAEK,MAAMC,KAAK,cAIrCC,KAAKF","file":"lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.min.js"}
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.js"],"names":["$","document","ready","on","val","this","attr","call"],"mappings":"CACA,WACEA,EAAEC,UAAUC,MAAM,WAChB,OAAOF,EAAE,YAAYG,GAAG,QAAS,WAC/B,OAAOH,EAAE,QAAQI,IAAIJ,EAAEK,MAAMC,KAAK,cAIrCC,KAAKF"}
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/info.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/info.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8
 (function() {
  var _go, go, i, stop, timer;

--- a/lemonldap-ng-portal/site/htdocs/static/common/js/info.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/info.min.js
@ -1,2 +1 @@
-(function(){var t,i,e,n,r;e=30,t=1,n=function(){return t=0,$("#divToHide").hide()},i=function(){if(t)return $("#form").submit()},r=function(){var t;return t=$("#timer").html(),e>0&&e--,t=t.replace(/\d+/,e),$("#timer").html(t),window.setTimeout(r,1e3)},$(document).ready(function(){return window.datas.activeTimer&&(window.setTimeout(i,3e4),window.setTimeout(r,1e3)),$("#wait").on("click",function(){return n()})})}).call(this);
-//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/info.min.js.map
+(function(){var t,i,e,n,r;e=30,t=1,n=function(){return t=0,$("#divToHide").hide()},i=function(){if(t)return $("#form").submit()},r=function(){var t;return t=$("#timer").html(),0<e&&e--,t=t.replace(/\d+/,e),$("#timer").html(t),window.setTimeout(r,1e3)},$(document).ready(function(){return window.datas.activeTimer&&(window.setTimeout(i,3e4),window.setTimeout(r,1e3)),$("#wait").on("click",function(){return n()})})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/info.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/info.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/info.js"],"names":["_go","go","i","stop","timer","$","hide","submit","h","html","replace","window","setTimeout","document","ready","datas","on","call","this"],"mappings":"CACA,WACE,GAAIA,GAAKC,EAAIC,EAAGC,EAAMC,CAEtBF,GAAI,GAEJF,EAAM,EAENG,EAAO,WAEL,MADAH,GAAM,EACCK,EAAE,cAAcC,QAGzBL,EAAK,WACH,GAAID,EACF,MAAOK,GAAE,SAASE,UAItBH,EAAQ,WACN,GAAII,EAOJ,OANAA,GAAIH,EAAE,UAAUI,OACZP,EAAI,GACNA,IAEFM,EAAIA,EAAEE,QAAQ,MAAOR,GACrBG,EAAE,UAAUI,KAAKD,GACVG,OAAOC,WAAWR,EAAO,MAGlCC,EAAEQ,UAAUC,MAAM,WAOhB,MANIH,QAAOI,MAAmB,cAC5BJ,OAAOC,WAAWX,EAAI,KACtBU,OAAOC,WAAWR,EAAO,MAIpBC,EAAE,SAASW,GAAG,QAAS,WAC5B,MAAOb,WAIVc,KAAKC","file":"lemonldap-ng-portal/site/htdocs/static/common/js/info.min.js"}
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/info.js"],"names":["_go","go","i","stop","timer","$","hide","submit","h","html","replace","window","setTimeout","document","ready","datas","on","call","this"],"mappings":"CACA,WACE,IAAIA,EAAKC,EAAIC,EAAGC,EAAMC,EAEtBF,EAAI,GAEJF,EAAM,EAENG,EAAO,WAEL,OADAH,EAAM,EACCK,EAAE,cAAcC,QAGzBL,EAAK,WACH,GAAID,EACF,OAAOK,EAAE,SAASE,UAItBH,EAAQ,WACN,IAAII,EAOJ,OANAA,EAAIH,EAAE,UAAUI,OACR,EAAJP,GACFA,IAEFM,EAAIA,EAAEE,QAAQ,MAAOR,GACrBG,EAAE,UAAUI,KAAKD,GACVG,OAAOC,WAAWR,EAAO,MAGlCC,EAAEQ,UAAUC,MAAM,WAOhB,OANIH,OAAOI,MAAmB,cAC5BJ,OAAOC,WAAWX,EAAI,KACtBU,OAAOC,WAAWR,EAAO,MAIpBC,EAAE,SAASW,GAAG,QAAS,WAC5B,OAAOb,UAIVc,KAAKC"}
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8
 (function() {
  $(document).ready(function() {
    return $.ajax(portal + '?kerberos=1', {
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.min.js
@ -1,2 +1 @@
-(function(){$(document).ready(function(){return $.ajax(portal+"?kerberos=1",{dataType:"json",statusCode:{401:function(){return $("#lform").submit()}},success:function(r){return $("#lform").submit()},error:function(){return $("#lform").submit()}})})}).call(this);
-//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.min.js.map
+(function(){$(document).ready(function(){return $.ajax(portal+"?kerberos=1",{dataType:"json",statusCode:{401:function(){return $("#lform").submit()}},success:function(r){return $("#lform").submit()},error:function(){return $("#lform").submit()}})})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.js"],"names":["$","document","ready","ajax","portal","dataType","statusCode","401","submit","success","data","error","call","this"],"mappings":"CACA,WACEA,EAAEC,UAAUC,MAAM,WAChB,MAAOF,GAAEG,KAAKC,OAAS,eACrBC,SAAU,OACVC,YACEC,IAAK,WACH,MAAOP,GAAE,UAAUQ,WAGvBC,QAAS,SAASC,GAChB,MAAOV,GAAE,UAAUQ,UAErBG,MAAO,WACL,MAAOX,GAAE,UAAUQ,gBAKxBI,KAAKC","file":"lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.min.js"}
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.js"],"names":["$","document","ready","ajax","portal","dataType","statusCode","401","submit","success","data","error","call","this"],"mappings":"CACA,WACEA,EAAEC,UAAUC,MAAM,WAChB,OAAOF,EAAEG,KAAKC,OAAS,cAAe,CACpCC,SAAU,OACVC,WAAY,CACVC,IAAK,WACH,OAAOP,EAAE,UAAUQ,WAGvBC,QAAS,SAASC,GAChB,OAAOV,EAAE,UAAUQ,UAErBG,MAAO,WACL,OAAOX,EAAE,UAAUQ,gBAKxBI,KAAKC"}
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/kerberosChoice.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/kerberosChoice.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8
 (function() {
  var _krbJsAlreadySent;

--- a/lemonldap-ng-portal/site/htdocs/static/common/js/kerberosChoice.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/kerberosChoice.min.js
@ -1,2 +1 @@
-(function(){var r;null===r&&(r=!1),$(document).ready(function(){return r?console.log("Kerberos Ajax request already sent"):(r=1,console.log("Send Kerberos Ajax request"),$.ajax(portal+"?kerberos=1",{dataType:"json",statusCode:{401:function(){return $("#lformKerberos").submit()}},success:function(r){return $("#lformKerberos").submit()},error:function(){return $("#lformKerberos").submit()}}))})}).call(this);
-//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/kerberosChoice.min.js.map
+(function(){var r;null===r&&(r=!1),$(document).ready(function(){return r?console.log("Kerberos Ajax request already sent"):(r=1,console.log("Send Kerberos Ajax request"),$.ajax(portal+"?kerberos=1",{dataType:"json",statusCode:{401:function(){return $("#lformKerberos").submit()}},success:function(r){return $("#lformKerberos").submit()},error:function(){return $("#lformKerberos").submit()}}))})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/kerberosChoice.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/kerberosChoice.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/kerberosChoice.js"],"names":["_krbJsAlreadySent","$","document","ready","console","log","ajax","portal","dataType","statusCode","401","submit","success","data","error","call","this"],"mappings":"CACA,WACE,GAAIA,EAEsB,QAAtBA,IACFA,GAAoB,GAGtBC,EAAEC,UAAUC,MAAM,WAChB,MAAKH,GAkBII,QAAQC,IAAI,uCAjBnBL,EAAoB,EACpBI,QAAQC,IAAI,8BACLJ,EAAEK,KAAKC,OAAS,eACrBC,SAAU,OACVC,YACEC,IAAK,WACH,MAAOT,GAAE,kBAAkBU,WAG/BC,QAAS,SAASC,GAChB,MAAOZ,GAAE,kBAAkBU,UAE7BG,MAAO,WACL,MAAOb,GAAE,kBAAkBU,iBAQlCI,KAAKC","file":"lemonldap-ng-portal/site/htdocs/static/common/js/kerberosChoice.min.js"}
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/kerberosChoice.js"],"names":["_krbJsAlreadySent","$","document","ready","console","log","ajax","portal","dataType","statusCode","401","submit","success","data","error","call","this"],"mappings":"CACA,WACE,IAAIA,EAEsB,OAAtBA,IACFA,GAAoB,GAGtBC,EAAEC,UAAUC,MAAM,WAChB,OAAKH,EAkBII,QAAQC,IAAI,uCAjBnBL,EAAoB,EACpBI,QAAQC,IAAI,8BACLJ,EAAEK,KAAKC,OAAS,cAAe,CACpCC,SAAU,OACVC,WAAY,CACVC,IAAK,WACH,OAAOT,EAAE,kBAAkBU,WAG/BC,QAAS,SAASC,GAChB,OAAOZ,EAAE,kBAAkBU,UAE7BG,MAAO,WACL,OAAOb,EAAE,kBAAkBU,iBAQlCI,KAAKC"}
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8
 (function() {
  var values;

--- a/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.min.js
@ -1,2 +1 @@
-(function(){var e;e={},$(document).ready(function(){return $("script[type='application/init']").each(function(){var n,t,o,r;try{r=JSON.parse($(this).text()),o=[];for(t in r)o.push(e[t]=r[t]);return o}catch(e){return n=e,console.log("Parsing error",n)}}),window.addEventListener("message",function(e){var n,t,o,r,i,a;return t=e.data,console.log("message=",t),n=decodeURIComponent(t.split(" ")[0]),r=decodeURIComponent(t.split(" ")[1]),o=decodeURIComponent(r.split(".")[1]),i=btoa(n+" "+e.origin+" "+o)+"."+o,a=r===i?"unchanged":"changed",e.source.postMessage(a,e.origin)},!1)})}).call(this);
-//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.min.js.map
+(function(){var r;r={},$(document).ready(function(){return $("script[type='application/init']").each(function(){var n,e,t,o;try{for(e in o=JSON.parse($(this).text()),t=[],o)t.push(r[e]=o[e]);return t}catch(e){return n=e,console.log("Parsing error",n)}}),window.addEventListener("message",function(e){var n,t,o,r,i;return t=e.data,console.log("message=",t),n=decodeURIComponent(t.split(" ")[0]),r=decodeURIComponent(t.split(" ")[1]),o=decodeURIComponent(r.split(".")[1]),i=r===btoa(n+" "+e.origin+" "+o)+"."+o?"unchanged":"changed",e.source.postMessage(i,e.origin)},!1)})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.js"],"names":["values","$","document","ready","each","e","k","results","tmp","JSON","parse","this","text","push","error","console","log","window","addEventListener","client_id","message","salt","session_state","ss","stat","data","decodeURIComponent","split","btoa","origin","source","postMessage","call"],"mappings":"CACA,WACE,GAAIA,EAEJA,MAEAC,EAAEC,UAAUC,MAAM,WAehB,MAdAF,GAAE,mCAAmCG,KAAK,WACxC,GAAIC,GAAGC,EAAGC,EAASC,CACnB,KACEA,EAAMC,KAAKC,MAAMT,EAAEU,MAAMC,QACzBL,IACA,KAAKD,IAAKE,GACRD,EAAQM,KAAKb,EAAOM,GAAKE,EAAIF,GAE/B,OAAOC,GACP,MAAOO,GAEP,MADAT,GAAIS,EACGC,QAAQC,IAAI,gBAAiBX,MAGjCY,OAAOC,iBAAiB,UAAW,SAASb,GACjD,GAAIc,GAAWC,EAASC,EAAMC,EAAeC,EAAIC,CAYjD,OAXAJ,GAAUf,EAAEoB,KACZV,QAAQC,IAAI,WAAYI,GACxBD,EAAYO,mBAAmBN,EAAQO,MAAM,KAAK,IAClDL,EAAgBI,mBAAmBN,EAAQO,MAAM,KAAK,IACtDN,EAAOK,mBAAmBJ,EAAcK,MAAM,KAAK,IACnDJ,EAAKK,KAAKT,EAAY,IAAMd,EAAEwB,OAAS,IAAMR,GAAQ,IAAMA,EAEzDG,EADEF,IAAkBC,EACb,YAEA,UAEFlB,EAAEyB,OAAOC,YAAYP,EAAMnB,EAAEwB,UACnC,OAGJG,KAAKrB","file":"lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.min.js"}
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/oidcchecksession.js"],"names":["values","$","document","ready","each","e","k","results","tmp","JSON","parse","this","text","push","error","console","log","window","addEventListener","client_id","message","salt","session_state","stat","data","decodeURIComponent","split","btoa","origin","source","postMessage","call"],"mappings":"CACA,WACE,IAAIA,EAEJA,EAAS,GAETC,EAAEC,UAAUC,MAAM,WAehB,OAdAF,EAAE,mCAAmCG,KAAK,WACxC,IAAIC,EAAGC,EAAGC,EAASC,EACnB,IAGE,IAAKF,KAFLE,EAAMC,KAAKC,MAAMT,EAAEU,MAAMC,QACzBL,EAAU,GACAC,EACRD,EAAQM,KAAKb,EAAOM,GAAKE,EAAIF,IAE/B,OAAOC,EACP,MAAOO,GAEP,OADAT,EAAIS,EACGC,QAAQC,IAAI,gBAAiBX,MAGjCY,OAAOC,iBAAiB,UAAW,SAASb,GACjD,IAAIc,EAAWC,EAASC,EAAMC,EAAmBC,EAYjD,OAXAH,EAAUf,EAAEmB,KACZT,QAAQC,IAAI,WAAYI,GACxBD,EAAYM,mBAAmBL,EAAQM,MAAM,KAAK,IAClDJ,EAAgBG,mBAAmBL,EAAQM,MAAM,KAAK,IACtDL,EAAOI,mBAAmBH,EAAcI,MAAM,KAAK,IAGjDH,EADED,IADCK,KAAKR,EAAY,IAAMd,EAAEuB,OAAS,IAAMP,GAAQ,IAAMA,EAElD,YAEA,UAEFhB,EAAEwB,OAAOC,YAAYP,EAAMlB,EAAEuB,UACnC,OAGJG,KAAKpB"}
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8

 /*
 LemonLDAP::NG Portal jQuery scripts
@ -222,7 +222,7 @@ LemonLDAP::NG Portal jQuery scripts

  datas = {};

-  $(document).ready(function() {
+  $(window).on('load', function() {
    var action, al, authMenuTabs, back_url, i, l, lang, langdiv, langs, langs2, len, len1, len2, len3, link, m, menuIndex, menuTabs, method, n, nl, nlangs, re, ref, ref1, ref2;
    datas = getValues();
    window.datas = datas;
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js.map
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/redirect.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/redirect.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8
 (function() {
  document.onreadystatechange = function() {
    var redirect;
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/redirect.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/redirect.min.js
@ -1,2 +1 @@
-(function(){document.onreadystatechange=function(){var e;if("complete"===document.readyState)return e=document.getElementById("redirect").textContent.replace(/\s/g,""),e?"form"===e?document.getElementById("form").submit():document.location.href=e:console.log("No redirection !")}}).call(this);
-//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/redirect.min.js.map
+(function(){document.onreadystatechange=function(){var t;if("complete"===document.readyState){try{t=document.getElementById("redirect").textContent.replace(/\s/g,"")}catch(e){t=document.getElementById("redirect").innerHTML.replace(/\s/g,"")}return t?"form"===t?document.getElementById("form").submit():document.location.href=t:console.log("No redirection !")}}}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/redirect.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/redirect.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/redirect.js"],"names":["document","onreadystatechange","redirect","readyState","getElementById","textContent","replace","submit","location","href","console","log","call","this"],"mappings":"CACA,WACEA,SAASC,mBAAqB,WAC5B,GAAIC,EACJ,IAA4B,aAAxBF,SAASG,WAEX,MADAD,GAAWF,SAASI,eAAe,YAAYC,YAAYC,QAAQ,MAAO,IACtEJ,EACe,SAAbA,EACKF,SAASI,eAAe,QAAQG,SAEhCP,SAASQ,SAASC,KAAOP,EAG3BQ,QAAQC,IAAI,uBAKxBC,KAAKC","file":"lemonldap-ng-portal/site/htdocs/static/common/js/redirect.min.js"}
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/redirect.js"],"names":["document","onreadystatechange","redirect","readyState","getElementById","textContent","replace","error","innerHTML","submit","location","href","console","log","call","this"],"mappings":"CACA,WACEA,SAASC,mBAAqB,WAC5B,IAAIC,EACJ,GAA4B,aAAxBF,SAASG,WAA2B,CACtC,IACED,EAAWF,SAASI,eAAe,YAAYC,YAAYC,QAAQ,MAAO,IAC1E,MAAOC,GACPL,EAAWF,SAASI,eAAe,YAAYI,UAAUF,QAAQ,MAAO,IAE1E,OAAIJ,EACe,SAAbA,EACKF,SAASI,eAAe,QAAQK,SAEhCT,SAASU,SAASC,KAAOT,EAG3BU,QAAQC,IAAI,wBAKxBC,KAAKC"}
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8
 (function() {
  $(document).ready(function() {
    return new Fingerprint2().get(function(result, components) {
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.min.js
@ -1,2 +1 @@
-(function(){$(document).ready(function(){return(new Fingerprint2).get(function(n,t){return $("#fg").attr("value",n),$("#form").submit()})})}).call(this);
-//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.min.js.map
+(function(){$(document).ready(function(){return(new Fingerprint2).get(function(n,t){return $("#fg").attr("value",n),$("#form").submit()})})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.js"],"names":["$","document","ready","Fingerprint2","get","result","components","attr","submit","call","this"],"mappings":"CACA,WACEA,EAAEC,UAAUC,MAAM,WAChB,OAAO,GAAIC,eAAeC,IAAI,SAASC,EAAQC,GAE7C,MADAN,GAAE,OAAOO,KAAK,QAASF,GAChBL,EAAE,SAASQ,eAIrBC,KAAKC","file":"lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.min.js"}
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/registerbrowser.js"],"names":["$","document","ready","Fingerprint2","get","result","components","attr","submit","call","this"],"mappings":"CACA,WACEA,EAAEC,UAAUC,MAAM,WAChB,OAAO,IAAIC,cAAeC,IAAI,SAASC,EAAQC,GAE7C,OADAN,EAAE,OAAOO,KAAK,QAASF,GAChBL,EAAE,SAASQ,eAIrBC,KAAKC"}
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8
 (function() {
  var sendUrl, tryssl;

--- a/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.min.js
@ -1,2 +1 @@
-(function(){var o,n;n=function(){var n;return n=window.location.pathname,console.log("path -> ",n),console.log("Call URL -> ",window.datas.sslHost),$.ajax(window.datas.sslHost,{dataType:"jsonp",statusCode:{401:function(){return $("#lform").submit(),console.log("Error code 401")}},success:function(t){return o(n),console.log("Success -> ",t)},error:function(){return o(n),console.log("Error")}}),!1},o=function(o){var n;return n=$("#lform").attr("action"),n.match(/^#$/)?n=o:n+=o,console.log("form action URL -> ",n),$("#lform").attr("action",n),$("#lform").submit()},$(document).ready(function(){return $(".sslclick").on("click",n)})}).call(this);
-//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/ssl.min.js.map
+(function(){var t,o;o=function(){var n;return n=window.location.pathname,console.log("path -> ",n),console.log("Call URL -> ",window.datas.sslHost),$.ajax(window.datas.sslHost,{dataType:"jsonp",statusCode:{401:function(){return $("#lform").submit(),console.log("Error code 401")}},success:function(o){return t(n),console.log("Success -> ",o)},error:function(){return t(n),console.log("Error")}}),!1},t=function(o){var n;return(n=$("#lform").attr("action")).match(/^#$/)?n=o:n+=o,console.log("form action URL -> ",n),$("#lform").attr("action",n),$("#lform").submit()},$(document).ready(function(){return $(".sslclick").on("click",o)})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js"],"names":["sendUrl","tryssl","path","window","location","pathname","console","log","datas","sslHost","$","ajax","dataType","statusCode","401","submit","success","data","error","form_url","attr","match","document","ready","on","call","this"],"mappings":"CACA,WACE,GAAIA,GAASC,CAEbA,GAAS,WACP,GAAIC,EAqBJ,OApBAA,GAAOC,OAAOC,SAASC,SACvBC,QAAQC,IAAI,WAAYL,GACxBI,QAAQC,IAAI,eAAgBJ,OAAOK,MAAMC,SACzCC,EAAEC,KAAKR,OAAOK,MAAMC,SAClBG,SAAU,QACVC,YACEC,IAAK,WAEH,MADAJ,GAAE,UAAUK,SACLT,QAAQC,IAAI,oBAGvBS,QAAS,SAASC,GAEhB,MADAjB,GAAQE,GACDI,QAAQC,IAAI,cAAeU,IAEpCC,MAAO,WAEL,MADAlB,GAAQE,GACDI,QAAQC,IAAI,aAGhB,GAGTP,EAAU,SAASE,GACjB,GAAIiB,EASJ,OARAA,GAAWT,EAAE,UAAUU,KAAK,UACxBD,EAASE,MAAM,OACjBF,EAAWjB,EAEXiB,GAAsBjB,EAExBI,QAAQC,IAAI,sBAAuBY,GACnCT,EAAE,UAAUU,KAAK,SAAUD,GACpBT,EAAE,UAAUK,UAGrBL,EAAEY,UAAUC,MAAM,WAChB,MAAOb,GAAE,aAAac,GAAG,QAASvB,OAGnCwB,KAAKC","file":"lemonldap-ng-portal/site/htdocs/static/common/js/ssl.min.js"}
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js"],"names":["sendUrl","tryssl","path","window","location","pathname","console","log","datas","sslHost","$","ajax","dataType","statusCode","401","submit","success","data","error","form_url","attr","match","document","ready","on","call","this"],"mappings":"CACA,WACE,IAAIA,EAASC,EAEbA,EAAS,WACP,IAAIC,EAqBJ,OApBAA,EAAOC,OAAOC,SAASC,SACvBC,QAAQC,IAAI,WAAYL,GACxBI,QAAQC,IAAI,eAAgBJ,OAAOK,MAAMC,SACzCC,EAAEC,KAAKR,OAAOK,MAAMC,QAAS,CAC3BG,SAAU,QACVC,WAAY,CACVC,IAAK,WAEH,OADAJ,EAAE,UAAUK,SACLT,QAAQC,IAAI,oBAGvBS,QAAS,SAASC,GAEhB,OADAjB,EAAQE,GACDI,QAAQC,IAAI,cAAeU,IAEpCC,MAAO,WAEL,OADAlB,EAAQE,GACDI,QAAQC,IAAI,aAGhB,GAGTP,EAAU,SAASE,GACjB,IAAIiB,EASJ,OARAA,EAAWT,EAAE,UAAUU,KAAK,WACfC,MAAM,OACjBF,EAAWjB,EAEXiB,GAAsBjB,EAExBI,QAAQC,IAAI,sBAAuBY,GACnCT,EAAE,UAAUU,KAAK,SAAUD,GACpBT,EAAE,UAAUK,UAGrBL,EAAEY,UAAUC,MAAM,WAChB,OAAOb,EAAE,aAAac,GAAG,QAASvB,OAGnCwB,KAAKC"}
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8
 (function() {
  var sendUrl, tryssl;

--- a/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.min.js
@ -1,2 +1 @@
-(function(){var o,n;n=function(){var n;return n=window.location.pathname,console.log("path -> ",n),console.log("Call URL -> ",window.datas.sslHost),$.ajax(window.datas.sslHost,{dataType:"jsonp",statusCode:{401:function(){return $("#lformSSL").submit(),console.log("Error code 401")}},success:function(t){return o(n),console.log("Success -> ",t)},error:function(){return o(n),console.log("Error")}}),!1},o=function(o){var n;return n=$("#lformSSL").attr("action"),n.match(/^#$/)?n=o:n+=o,console.log("form action URL -> ",n),$("#lformSSL").attr("action",n),$("#lformSSL").submit()},$(document).ready(function(){return $(".sslclick").on("click",n)})}).call(this);
-//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.min.js.map
+(function(){var t,o;o=function(){var n;return n=window.location.pathname,console.log("path -> ",n),console.log("Call URL -> ",window.datas.sslHost),$.ajax(window.datas.sslHost,{dataType:"jsonp",statusCode:{401:function(){return $("#lformSSL").submit(),console.log("Error code 401")}},success:function(o){return t(n),console.log("Success -> ",o)},error:function(){return t(n),console.log("Error")}}),!1},t=function(o){var n;return(n=$("#lformSSL").attr("action")).match(/^#$/)?n=o:n+=o,console.log("form action URL -> ",n),$("#lformSSL").attr("action",n),$("#lformSSL").submit()},$(document).ready(function(){return $(".sslclick").on("click",o)})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js"],"names":["sendUrl","tryssl","path","window","location","pathname","console","log","datas","sslHost","$","ajax","dataType","statusCode","401","submit","success","data","error","form_url","attr","match","document","ready","on","call","this"],"mappings":"CACA,WACE,GAAIA,GAASC,CAEbA,GAAS,WACP,GAAIC,EAqBJ,OApBAA,GAAOC,OAAOC,SAASC,SACvBC,QAAQC,IAAI,WAAYL,GACxBI,QAAQC,IAAI,eAAgBJ,OAAOK,MAAMC,SACzCC,EAAEC,KAAKR,OAAOK,MAAMC,SAClBG,SAAU,QACVC,YACEC,IAAK,WAEH,MADAJ,GAAE,aAAaK,SACRT,QAAQC,IAAI,oBAGvBS,QAAS,SAASC,GAEhB,MADAjB,GAAQE,GACDI,QAAQC,IAAI,cAAeU,IAEpCC,MAAO,WAEL,MADAlB,GAAQE,GACDI,QAAQC,IAAI,aAGhB,GAGTP,EAAU,SAASE,GACjB,GAAIiB,EASJ,OARAA,GAAWT,EAAE,aAAaU,KAAK,UAC3BD,EAASE,MAAM,OACjBF,EAAWjB,EAEXiB,GAAsBjB,EAExBI,QAAQC,IAAI,sBAAuBY,GACnCT,EAAE,aAAaU,KAAK,SAAUD,GACvBT,EAAE,aAAaK,UAGxBL,EAAEY,UAAUC,MAAM,WAChB,MAAOb,GAAE,aAAac,GAAG,QAASvB,OAGnCwB,KAAKC","file":"lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.min.js"}
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js"],"names":["sendUrl","tryssl","path","window","location","pathname","console","log","datas","sslHost","$","ajax","dataType","statusCode","401","submit","success","data","error","form_url","attr","match","document","ready","on","call","this"],"mappings":"CACA,WACE,IAAIA,EAASC,EAEbA,EAAS,WACP,IAAIC,EAqBJ,OApBAA,EAAOC,OAAOC,SAASC,SACvBC,QAAQC,IAAI,WAAYL,GACxBI,QAAQC,IAAI,eAAgBJ,OAAOK,MAAMC,SACzCC,EAAEC,KAAKR,OAAOK,MAAMC,QAAS,CAC3BG,SAAU,QACVC,WAAY,CACVC,IAAK,WAEH,OADAJ,EAAE,aAAaK,SACRT,QAAQC,IAAI,oBAGvBS,QAAS,SAASC,GAEhB,OADAjB,EAAQE,GACDI,QAAQC,IAAI,cAAeU,IAEpCC,MAAO,WAEL,OADAlB,EAAQE,GACDI,QAAQC,IAAI,aAGhB,GAGTP,EAAU,SAASE,GACjB,IAAIiB,EASJ,OARAA,EAAWT,EAAE,aAAaU,KAAK,WAClBC,MAAM,OACjBF,EAAWjB,EAEXiB,GAAsBjB,EAExBI,QAAQC,IAAI,sBAAuBY,GACnCT,EAAE,aAAaU,KAAK,SAAUD,GACvBT,EAAE,aAAaK,UAGxBL,EAAEY,UAAUC,MAAM,WAChB,OAAOb,EAAE,aAAac,GAAG,QAASvB,OAGnCwB,KAAKC"}
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8

 /*
 LemonLDAP::NG TOTP registration script
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js
@ -1,2 +1 @@
-(function(){var e,r,t,o,n;t=function(e,r){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning message-danger alert-success alert-warning alert-danger"),$("#color").addClass("message-"+r),"positive"===r&&(r="success"),$("#color").addClass("alert-"+r)},e=function(e,r,o){var n;if(console.log("Error",o),(n=JSON.parse(e.responseText))&&n.error)return n=n.error.replace(/.* /,""),console.log("Returned error",n),t(n,"warning")},o="",r=function(r){return t("yourTotpKey","warning"),$.ajax({type:"POST",url:portal+"/2fregisters/totp/getkey",dataType:"json",data:{newkey:r},error:e,success:function(e){var r;return e.error?(e.error.match(/totpExistingKey/)&&$("#divToHide").hide(),t(e.error,"warning")):e.portal&&e.user&&e.secret?($("#divToHide").show(),r="otpauth://totp/"+escape(e.portal)+":"+escape(e.user)+"?secret="+e.secret+"&issuer="+escape(e.portal),6!==e.digits&&(r+="&digits="+e.digits),30!==e.interval&&(r+="&period="+e.interval),new QRious({element:document.getElementById("qr"),value:r,size:150}),$("#serialized").text(r),e.newkey?t("yourNewTotpKey","warning"):t("yourTotpKey","success"),o=e.token):t("PE24","danger")}})},n=function(){var r;return r=$("#code").val(),r?$.ajax({type:"POST",url:portal+"/2fregisters/totp/verify",dataType:"json",data:{token:o,code:r,TOTPName:$("#TOTPName").val()},error:e,success:function(e){return e.error?e.error.match(/bad(Code|Name)/)?t(e.error,"warning"):t(e.error,"danger"):t("yourKeyIsRegistered","success")}}):t("fillTheForm","warning")},$(document).ready(function(){return r(0),$("#changekey").on("click",function(){return r(1)}),$("#verify").on("click",function(){return n()})})}).call(this);
-//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js.map
+(function(){var r,e,n,t,o;n=function(e,r){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning message-danger alert-success alert-warning alert-danger"),$("#color").addClass("message-"+r),"positive"===r&&(r="success"),$("#color").addClass("alert-"+r)},r=function(e,r,t){var o;if(console.log("Error",t),(o=JSON.parse(e.responseText))&&o.error)return o=o.error.replace(/.* /,""),console.log("Returned error",o),n(o,"warning")},t="",e=function(e){return n("yourTotpKey","warning"),$.ajax({type:"POST",url:portal+"/2fregisters/totp/getkey",dataType:"json",data:{newkey:e},error:r,success:function(e){var r;return e.error?(e.error.match(/totpExistingKey/)&&$("#divToHide").hide(),n(e.error,"warning")):e.portal&&e.user&&e.secret?($("#divToHide").show(),r="otpauth://totp/"+escape(e.portal)+":"+escape(e.user)+"?secret="+e.secret+"&issuer="+escape(e.portal),6!==e.digits&&(r+="&digits="+e.digits),30!==e.interval&&(r+="&period="+e.interval),new QRious({element:document.getElementById("qr"),value:r,size:150}),$("#serialized").text(r),e.newkey?n("yourNewTotpKey","warning"):n("yourTotpKey","success"),t=e.token):n("PE24","danger")}})},o=function(){var e;return(e=$("#code").val())?$.ajax({type:"POST",url:portal+"/2fregisters/totp/verify",dataType:"json",data:{token:t,code:e,TOTPName:$("#TOTPName").val()},error:r,success:function(e){return e.error?e.error.match(/bad(Code|Name)/)?n(e.error,"warning"):n(e.error,"danger"):n("yourKeyIsRegistered","success")}}):n("fillTheForm","warning")},$(document).ready(function(){return e(0),$("#changekey").on("click",function(){return e(1)}),$("#verify").on("click",function(){return o()})})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.js"],"names":["displayError","getKey","setMsg","token","verify","msg","level","$","html","window","translate","removeClass","addClass","j","status","err","res","console","log","JSON","parse","responseText","error","replace","reset","ajax","type","url","portal","dataType","data","newkey","success","s","match","hide","user","secret","show","escape","digits","interval","QRious","element","document","getElementById","value","size","text","val","code","TOTPName","ready","on","call","this"],"mappings":"CAMA,WACE,GAAIA,GAAcC,EAAQC,EAAQC,EAAOC,CAEzCF,GAAS,SAASG,EAAKC,GAOrB,MANAC,GAAE,QAAQC,KAAKC,OAAOC,UAAUL,IAChCE,EAAE,UAAUI,YAAY,4FACxBJ,EAAE,UAAUK,SAAS,WAAaN,GACpB,aAAVA,IACFA,EAAQ,WAEHC,EAAE,UAAUK,SAAS,SAAWN,IAGzCN,EAAe,SAASa,EAAGC,EAAQC,GACjC,GAAIC,EAGJ,IAFAC,QAAQC,IAAI,QAASH,IACrBC,EAAMG,KAAKC,MAAMP,EAAEQ,gBACRL,EAAIM,MAGb,MAFAN,GAAMA,EAAIM,MAAMC,QAAQ,MAAO,IAC/BN,QAAQC,IAAI,iBAAkBF,GACvBd,EAAOc,EAAK,YAIvBb,EAAQ,GAERF,EAAS,SAASuB,GAEhB,MADAtB,GAAO,cAAe,WACfK,EAAEkB,MACPC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,MACEC,OAAQP,GAEVF,MAAOtB,EACPgC,QAAS,SAASF,GAChB,GAAQG,EACR,OAAIH,GAAKR,OACHQ,EAAKR,MAAMY,MAAM,oBACnB3B,EAAE,cAAc4B,OAEXjC,EAAO4B,EAAKR,MAAO,YAEtBQ,EAAKF,QAAUE,EAAKM,MAAQN,EAAKO,QAGvC9B,EAAE,cAAc+B,OAChBL,EAAI,kBAAqBM,OAAOT,EAAKF,QAAW,IAAOW,OAAOT,EAAKM,MAAS,WAAaN,EAAKO,OAAS,WAAcE,OAAOT,EAAKF,QAC7G,IAAhBE,EAAKU,SACPP,GAAK,WAAaH,EAAKU,QAEH,KAAlBV,EAAKW,WACPR,GAAK,WAAaH,EAAKW,UAEpB,GAAIC,SACPC,QAASC,SAASC,eAAe,MACjCC,MAAOb,EACPc,KAAM,MAERxC,EAAE,eAAeyC,KAAKf,GAClBH,EAAKC,OACP7B,EAAO,iBAAkB,WAEzBA,EAAO,cAAe,WAEjBC,EAAQ2B,EAAK3B,OArBXD,EAAO,OAAQ,cA0B9BE,EAAS,WACP,GAAI6C,EAEJ,OADAA,GAAM1C,EAAE,SAAS0C,MACZA,EAGI1C,EAAEkB,MACPC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,MACE3B,MAAOA,EACP+C,KAAMD,EACNE,SAAU5C,EAAE,aAAa0C,OAE3B3B,MAAOtB,EACPgC,QAAS,SAASF,GAChB,MAAIA,GAAKR,MACHQ,EAAKR,MAAMY,MAAM,kBACZhC,EAAO4B,EAAKR,MAAO,WAEnBpB,EAAO4B,EAAKR,MAAO,UAGrBpB,EAAO,sBAAuB,cApBpCA,EAAO,cAAe,YA2BjCK,EAAEqC,UAAUQ,MAAM,WAKhB,MAJAnD,GAAO,GACPM,EAAE,cAAc8C,GAAG,QAAS,WAC1B,MAAOpD,GAAO,KAETM,EAAE,WAAW8C,GAAG,QAAS,WAC9B,MAAOjD,WAIVkD,KAAKC","file":"lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js"}
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.js"],"names":["displayError","getKey","setMsg","token","verify","msg","level","$","html","window","translate","removeClass","addClass","j","status","err","res","console","log","JSON","parse","responseText","error","replace","reset","ajax","type","url","portal","dataType","data","newkey","success","s","match","hide","user","secret","show","escape","digits","interval","QRious","element","document","getElementById","value","size","text","val","code","TOTPName","ready","on","call","this"],"mappings":"CAMA,WACE,IAAIA,EAAcC,EAAQC,EAAQC,EAAOC,EAEzCF,EAAS,SAASG,EAAKC,GAOrB,OANAC,EAAE,QAAQC,KAAKC,OAAOC,UAAUL,IAChCE,EAAE,UAAUI,YAAY,4FACxBJ,EAAE,UAAUK,SAAS,WAAaN,GACpB,aAAVA,IACFA,EAAQ,WAEHC,EAAE,UAAUK,SAAS,SAAWN,IAGzCN,EAAe,SAASa,EAAGC,EAAQC,GACjC,IAAIC,EAGJ,GAFAC,QAAQC,IAAI,QAASH,IACrBC,EAAMG,KAAKC,MAAMP,EAAEQ,gBACRL,EAAIM,MAGb,OAFAN,EAAMA,EAAIM,MAAMC,QAAQ,MAAO,IAC/BN,QAAQC,IAAI,iBAAkBF,GACvBd,EAAOc,EAAK,YAIvBb,EAAQ,GAERF,EAAS,SAASuB,GAEhB,OADAtB,EAAO,cAAe,WACfK,EAAEkB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,KAAM,CACJC,OAAQP,GAEVF,MAAOtB,EACPgC,QAAS,SAASF,GAChB,IAAQG,EACR,OAAIH,EAAKR,OACHQ,EAAKR,MAAMY,MAAM,oBACnB3B,EAAE,cAAc4B,OAEXjC,EAAO4B,EAAKR,MAAO,YAEtBQ,EAAKF,QAAUE,EAAKM,MAAQN,EAAKO,QAGvC9B,EAAE,cAAc+B,OAChBL,EAAI,kBAAqBM,OAAOT,EAAKF,QAAW,IAAOW,OAAOT,EAAKM,MAAS,WAAaN,EAAKO,OAAS,WAAcE,OAAOT,EAAKF,QAC7G,IAAhBE,EAAKU,SACPP,GAAK,WAAaH,EAAKU,QAEH,KAAlBV,EAAKW,WACPR,GAAK,WAAaH,EAAKW,UAEpB,IAAIC,OAAO,CACdC,QAASC,SAASC,eAAe,MACjCC,MAAOb,EACPc,KAAM,MAERxC,EAAE,eAAeyC,KAAKf,GAClBH,EAAKC,OACP7B,EAAO,iBAAkB,WAEzBA,EAAO,cAAe,WAEjBC,EAAQ2B,EAAK3B,OArBXD,EAAO,OAAQ,cA0B9BE,EAAS,WACP,IAAI6C,EAEJ,OADAA,EAAM1C,EAAE,SAAS0C,OAIR1C,EAAEkB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,KAAM,CACJ3B,MAAOA,EACP+C,KAAMD,EACNE,SAAU5C,EAAE,aAAa0C,OAE3B3B,MAAOtB,EACPgC,QAAS,SAASF,GAChB,OAAIA,EAAKR,MACHQ,EAAKR,MAAMY,MAAM,kBACZhC,EAAO4B,EAAKR,MAAO,WAEnBpB,EAAO4B,EAAKR,MAAO,UAGrBpB,EAAO,sBAAuB,cApBpCA,EAAO,cAAe,YA2BjCK,EAAEqC,UAAUQ,MAAM,WAKhB,OAJAnD,EAAO,GACPM,EAAE,cAAc8C,GAAG,QAAS,WAC1B,OAAOpD,EAAO,KAETM,EAAE,WAAW8C,GAAG,QAAS,WAC9B,OAAOjD,UAIVkD,KAAKC"}
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/u2fcheck.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/u2fcheck.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8

 /*
 LemonLDAP::NG U2F verify script
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/u2fcheck.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/u2fcheck.min.js
@ -1,2 +1 @@
-(function(){var e;e=function(){return u2f.sign(window.datas.appId,window.datas.challenge,window.datas.registeredKeys,function(e){return $("#verify-data").val(JSON.stringify(e)),$("#verify-challenge").val(window.datas.challenge),$("#verify-form").submit()})},$(document).ready(function(){return setTimeout(e,1e3)})}).call(this);
-//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/u2fcheck.min.js.map
+(function(){var e;e=function(){return u2f.sign(window.datas.appId,window.datas.challenge,window.datas.registeredKeys,function(e){return $("#verify-data").val(JSON.stringify(e)),$("#verify-challenge").val(window.datas.challenge),$("#verify-form").submit()})},$(document).ready(function(){return setTimeout(e,1e3)})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/u2fcheck.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/u2fcheck.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/u2fcheck.js"],"names":["check","u2f","sign","window","datas","appId","challenge","registeredKeys","data","$","val","JSON","stringify","submit","document","ready","setTimeout","call","this"],"mappings":"CAMA,WACE,GAAIA,EAEJA,GAAQ,WACN,MAAOC,KAAIC,KAAKC,OAAOC,MAAMC,MAAOF,OAAOC,MAAME,UAAWH,OAAOC,MAAMG,eAAgB,SAASC,GAGhG,MAFAC,GAAE,gBAAgBC,IAAIC,KAAKC,UAAUJ,IACrCC,EAAE,qBAAqBC,IAAIP,OAAOC,MAAME,WACjCG,EAAE,gBAAgBI,YAI7BJ,EAAEK,UAAUC,MAAM,WAChB,MAAOC,YAAWhB,EAAO,SAG1BiB,KAAKC","file":"lemonldap-ng-portal/site/htdocs/static/common/js/u2fcheck.min.js"}
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/u2fcheck.js"],"names":["check","u2f","sign","window","datas","appId","challenge","registeredKeys","data","$","val","JSON","stringify","submit","document","ready","setTimeout","call","this"],"mappings":"CAMA,WACE,IAAIA,EAEJA,EAAQ,WACN,OAAOC,IAAIC,KAAKC,OAAOC,MAAMC,MAAOF,OAAOC,MAAME,UAAWH,OAAOC,MAAMG,eAAgB,SAASC,GAGhG,OAFAC,EAAE,gBAAgBC,IAAIC,KAAKC,UAAUJ,IACrCC,EAAE,qBAAqBC,IAAIP,OAAOC,MAAME,WACjCG,EAAE,gBAAgBI,YAI7BJ,EAAEK,UAAUC,MAAM,WAChB,OAAOC,WAAWhB,EAAO,SAG1BiB,KAAKC"}
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.js
@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8

 /*
 LemonLDAP::NG U2F registration script
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js
@ -1,2 +1 @@
-(function(){var e,r,n,s;n=function(e,r){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning message-danger alert-success alert-warning alert-danger"),$("#color").addClass("message-"+r),"positive"===r&&(r="success"),$("#color").addClass("alert-"+r)},e=function(e,r,s){var t;if(console.log("Error",s),(t=JSON.parse(e.responseText))&&t.error)return t=t.error.replace(/.* /,""),console.log("Returned error",t),n(t,"warning")},r=function(){return $.ajax({type:"POST",url:portal+"2fregisters/u/register",data:{},dataType:"json",error:e,success:function(r){var s;return s=[{challenge:r.challenge,version:r.version}],n("touchU2fDevice","positive"),$("#u2fPermission").show(),u2f.register(r.appId,s,[],function(s){return $("#u2fPermission").hide(),s.errorCode?n(s.error,"warning"):$.ajax({type:"POST",url:portal+"2fregisters/u/registration",data:{registration:JSON.stringify(s),challenge:JSON.stringify(r),keyName:$("#keyName").val()},dataType:"json",success:function(e){return e.error?e.error.match(/badName/)?n(e.error,"warning"):n("u2fFailed","danger"):e.result?n("yourKeyIsRegistered","positive"):void 0},error:e})})}})},s=function(){return $.ajax({type:"POST",url:portal+"2fregisters/u/verify",data:{},dataType:"json",error:e,success:function(e){return n("touchU2fDevice","positive"),u2f.sign(e.appId,e.challenge,e.registeredKeys,function(r){return r.errorCode?n("unableToGetKey","warning"):$.ajax({type:"POST",url:portal+"2fregisters/u/signature",data:{signature:JSON.stringify(r),challenge:e.challenge},dataType:"json",success:function(e){return e.error?n("u2fFailed","danger"):e.result?n("yourKeyIsVerified","positive"):void 0},error:function(e,r,n){return console.log("error",n)}})})}})},$(document).ready(function(){return $("#u2fPermission").hide(),$("#register").on("click",r),$("#verify").on("click",s),$("#goback").attr("href",portal)})}).call(this);
-//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js.map
+(function(){var n,e,t,r;t=function(e,r){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning message-danger alert-success alert-warning alert-danger"),$("#color").addClass("message-"+r),"positive"===r&&(r="success"),$("#color").addClass("alert-"+r)},n=function(e,r,n){var s;if(console.log("Error",n),(s=JSON.parse(e.responseText))&&s.error)return s=s.error.replace(/.* /,""),console.log("Returned error",s),t(s,"warning")},e=function(){return $.ajax({type:"POST",url:portal+"2fregisters/u/register",data:{},dataType:"json",error:n,success:function(r){var e;return e=[{challenge:r.challenge,version:r.version}],t("touchU2fDevice","positive"),$("#u2fPermission").show(),u2f.register(r.appId,e,[],function(e){return $("#u2fPermission").hide(),e.errorCode?t(e.error,"warning"):$.ajax({type:"POST",url:portal+"2fregisters/u/registration",data:{registration:JSON.stringify(e),challenge:JSON.stringify(r),keyName:$("#keyName").val()},dataType:"json",success:function(e){return e.error?e.error.match(/badName/)?t(e.error,"warning"):t("u2fFailed","danger"):e.result?t("yourKeyIsRegistered","positive"):void 0},error:n})})}})},r=function(){return $.ajax({type:"POST",url:portal+"2fregisters/u/verify",data:{},dataType:"json",error:n,success:function(r){return t("touchU2fDevice","positive"),u2f.sign(r.appId,r.challenge,r.registeredKeys,function(e){return e.errorCode?t("unableToGetKey","warning"):$.ajax({type:"POST",url:portal+"2fregisters/u/signature",data:{signature:JSON.stringify(e),challenge:r.challenge},dataType:"json",success:function(e){return e.error?t("u2fFailed","danger"):e.result?t("yourKeyIsVerified","positive"):void 0},error:function(e,r,n){return console.log("error",n)}})})}})},$(document).ready(function(){return $("#u2fPermission").hide(),$("#register").on("click",e),$("#verify").on("click",r),$("#goback").attr("href",portal)})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.js"],"names":["displayError","register","setMsg","verify","msg","level","$","html","window","translate","removeClass","addClass","j","status","err","res","console","log","JSON","parse","responseText","error","replace","ajax","type","url","portal","data","dataType","success","ch","request","challenge","version","show","u2f","appId","hide","errorCode","registration","stringify","keyName","val","resp","match","result","sign","registeredKeys","signature","document","ready","on","attr","call","this"],"mappings":"CAMA,WACE,GAAIA,GAAcC,EAAUC,EAAQC,CAEpCD,GAAS,SAASE,EAAKC,GAOrB,MANAC,GAAE,QAAQC,KAAKC,OAAOC,UAAUL,IAChCE,EAAE,UAAUI,YAAY,4FACxBJ,EAAE,UAAUK,SAAS,WAAaN,GACpB,aAAVA,IACFA,EAAQ,WAEHC,EAAE,UAAUK,SAAS,SAAWN,IAGzCL,EAAe,SAASY,EAAGC,EAAQC,GACjC,GAAIC,EAGJ,IAFAC,QAAQC,IAAI,QAASH,IACrBC,EAAMG,KAAKC,MAAMP,EAAEQ,gBACRL,EAAIM,MAGb,MAFAN,GAAMA,EAAIM,MAAMC,QAAQ,MAAO,IAC/BN,QAAQC,IAAI,iBAAkBF,GACvBb,EAAOa,EAAK,YAIvBd,EAAW,WACT,MAAOK,GAAEiB,MACPC,KAAM,OACNC,IAAKC,OAAS,yBACdC,QACAC,SAAU,OACVP,MAAOrB,EACP6B,QAAS,SAASC,GAChB,GAAIC,EASJ,OARAA,KAEIC,UAAWF,EAAGE,UACdC,QAASH,EAAGG,UAGhB/B,EAAO,iBAAkB,YACzBI,EAAE,kBAAkB4B,OACbC,IAAIlC,SAAS6B,EAAGM,MAAOL,KAAa,SAASJ,GAElD,MADArB,GAAE,kBAAkB+B,OAChBV,EAAKW,UACApC,EAAOyB,EAAKN,MAAO,WAEnBf,EAAEiB,MACPC,KAAM,OACNC,IAAKC,OAAS,6BACdC,MACEY,aAAcrB,KAAKsB,UAAUb,GAC7BK,UAAWd,KAAKsB,UAAUV,GAC1BW,QAASnC,EAAE,YAAYoC,OAEzBd,SAAU,OACVC,QAAS,SAASc,GAChB,MAAIA,GAAKtB,MACHsB,EAAKtB,MAAMuB,MAAM,WACZ1C,EAAOyC,EAAKtB,MAAO,WAEnBnB,EAAO,YAAa,UAEpByC,EAAKE,OACP3C,EAAO,sBAAuB,gBADhC,IAITmB,MAAOrB,UAQnBG,EAAS,WACP,MAAOG,GAAEiB,MACPC,KAAM,OACNC,IAAKC,OAAS,uBACdC,QACAC,SAAU,OACVP,MAAOrB,EACP6B,QAAS,SAASC,GAEhB,MADA5B,GAAO,iBAAkB,YAClBiC,IAAIW,KAAKhB,EAAGM,MAAON,EAAGE,UAAWF,EAAGiB,eAAgB,SAASpB,GAClE,MAAIA,GAAKW,UACApC,EAAO,iBAAkB,WAEzBI,EAAEiB,MACPC,KAAM,OACNC,IAAKC,OAAS,0BACdC,MACEqB,UAAW9B,KAAKsB,UAAUb,GAC1BK,UAAWF,EAAGE,WAEhBJ,SAAU,OACVC,QAAS,SAASc,GAChB,MAAIA,GAAKtB,MACAnB,EAAO,YAAa,UAClByC,EAAKE,OACP3C,EAAO,oBAAqB,gBAD9B,IAITmB,MAAO,SAAST,EAAGC,EAAQC,GACzB,MAAOE,SAAQC,IAAI,QAASH,YAS1CR,EAAE2C,UAAUC,MAAM,WAIhB,MAHA5C,GAAE,kBAAkB+B,OACpB/B,EAAE,aAAa6C,GAAG,QAASlD,GAC3BK,EAAE,WAAW6C,GAAG,QAAShD,GAClBG,EAAE,WAAW8C,KAAK,OAAQ1B,YAGlC2B,KAAKC","file":"lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js"}
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.js"],"names":["displayError","register","setMsg","verify","msg","level","$","html","window","translate","removeClass","addClass","j","status","err","res","console","log","JSON","parse","responseText","error","replace","ajax","type","url","portal","data","dataType","success","ch","request","challenge","version","show","u2f","appId","hide","errorCode","registration","stringify","keyName","val","resp","match","result","sign","registeredKeys","signature","document","ready","on","attr","call","this"],"mappings":"CAMA,WACE,IAAIA,EAAcC,EAAUC,EAAQC,EAEpCD,EAAS,SAASE,EAAKC,GAOrB,OANAC,EAAE,QAAQC,KAAKC,OAAOC,UAAUL,IAChCE,EAAE,UAAUI,YAAY,4FACxBJ,EAAE,UAAUK,SAAS,WAAaN,GACpB,aAAVA,IACFA,EAAQ,WAEHC,EAAE,UAAUK,SAAS,SAAWN,IAGzCL,EAAe,SAASY,EAAGC,EAAQC,GACjC,IAAIC,EAGJ,GAFAC,QAAQC,IAAI,QAASH,IACrBC,EAAMG,KAAKC,MAAMP,EAAEQ,gBACRL,EAAIM,MAGb,OAFAN,EAAMA,EAAIM,MAAMC,QAAQ,MAAO,IAC/BN,QAAQC,IAAI,iBAAkBF,GACvBb,EAAOa,EAAK,YAIvBd,EAAW,WACT,OAAOK,EAAEiB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,yBACdC,KAAM,GACNC,SAAU,OACVP,MAAOrB,EACP6B,QAAS,SAASC,GAChB,IAAIC,EASJ,OARAA,EAAU,CACR,CACEC,UAAWF,EAAGE,UACdC,QAASH,EAAGG,UAGhB/B,EAAO,iBAAkB,YACzBI,EAAE,kBAAkB4B,OACbC,IAAIlC,SAAS6B,EAAGM,MAAOL,EAAS,GAAI,SAASJ,GAElD,OADArB,EAAE,kBAAkB+B,OAChBV,EAAKW,UACApC,EAAOyB,EAAKN,MAAO,WAEnBf,EAAEiB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,6BACdC,KAAM,CACJY,aAAcrB,KAAKsB,UAAUb,GAC7BK,UAAWd,KAAKsB,UAAUV,GAC1BW,QAASnC,EAAE,YAAYoC,OAEzBd,SAAU,OACVC,QAAS,SAASc,GAChB,OAAIA,EAAKtB,MACHsB,EAAKtB,MAAMuB,MAAM,WACZ1C,EAAOyC,EAAKtB,MAAO,WAEnBnB,EAAO,YAAa,UAEpByC,EAAKE,OACP3C,EAAO,sBAAuB,iBADhC,GAITmB,MAAOrB,UAQnBG,EAAS,WACP,OAAOG,EAAEiB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,uBACdC,KAAM,GACNC,SAAU,OACVP,MAAOrB,EACP6B,QAAS,SAASC,GAEhB,OADA5B,EAAO,iBAAkB,YAClBiC,IAAIW,KAAKhB,EAAGM,MAAON,EAAGE,UAAWF,EAAGiB,eAAgB,SAASpB,GAClE,OAAIA,EAAKW,UACApC,EAAO,iBAAkB,WAEzBI,EAAEiB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,0BACdC,KAAM,CACJqB,UAAW9B,KAAKsB,UAAUb,GAC1BK,UAAWF,EAAGE,WAEhBJ,SAAU,OACVC,QAAS,SAASc,GAChB,OAAIA,EAAKtB,MACAnB,EAAO,YAAa,UAClByC,EAAKE,OACP3C,EAAO,oBAAqB,iBAD9B,GAITmB,MAAO,SAAST,EAAGC,EAAQC,GACzB,OAAOE,QAAQC,IAAI,QAASH,YAS1CR,EAAE2C,UAAUC,MAAM,WAIhB,OAHA5C,EAAE,kBAAkB+B,OACpB/B,EAAE,aAAa6C,GAAG,QAASlD,GAC3BK,EAAE,WAAW6C,GAAG,QAAShD,GAClBG,EAAE,WAAW8C,KAAK,OAAQ1B,YAGlC2B,KAAKC"}
--- a/lemonldap-ng-portal/site/templates/bootstrap/standardform.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/standardform.tpl
@ -18,7 +18,7 @@
      <span class="input-group-text"><i class="fa fa-lock"></i> </span>
    </div>
    <TMPL_IF NAME="DONT_STORE_PASSWORD">
-      <input name="password" type="text" class="form-control key" trplaceholder="password" autocomplete="off" required aria-required="true"/>
+      <input name="password" type="text" class="form-control key" trplaceholder="password" autocomplete="off" required aria-required="true" aria-hidden="true"/>
    <TMPL_ELSE>
      <input name="password" type="password" class="form-control" trplaceholder="password" required aria-required="true"/>
    </TMPL_IF>
--- a/lemonldap-ng-portal/t/01-CSP-and-CORS-headers.t
+++ b/lemonldap-ng-portal/t/01-CSP-and-CORS-headers.t
@ -24,6 +24,10 @@ ok( $res = $client->_get('/'), 'Unauth JSON request' );
 count(1);
 expectReject($res);

+ok( $res = $client->_get('/ping'), 'Unauth JSON request' );
+count(1);
+checkCorsPolicy($res);
+
 # Test "first access" with good url
 ok(
    $res =
@ -33,34 +37,23 @@ ok(
 count(1);
 expectReject($res);

+ok( $res = $client->_options( '/', accept => 'text/html' ), 'Get Menu' );
+count(1);
+
+checkCorsPolicy($res);
+
 ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu' );
 ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )
  or print STDERR Dumper( $res->[2]->[0] );
 count(2);

-my %policy = @{ $res->[1] };
+checkCorsPolicy($res);

-# CORS
-ok( $policy{'Access-Control-Allow-Origin'} eq '', "CORS origin '' found" )
-  or print STDERR Dumper( $res->[1] );
-ok( $policy{'Access-Control-Allow-Credentials'} eq 'true',
-    "CORS credentials 'true' found" )
-  or print STDERR Dumper( $res->[1] );
-ok( $policy{'Access-Control-Allow-Headers'} eq '*', "CORS headers '*' found" )
-  or print STDERR Dumper( $res->[1] );
-ok( $policy{'Access-Control-Allow-Methods'} eq 'POST',
-    "CORS methods 'POST' found" )
-  or print STDERR Dumper( $res->[1] );
-ok( $policy{'Access-Control-Expose-Headers'} eq '*',
-    "CORS expose-headers '*' found" )
-  or print STDERR Dumper( $res->[1] );
-ok( $policy{'Access-Control-Max-Age'} eq '86400', "CORS max-age '86400' found" )
-  or print STDERR Dumper( $res->[1] );
-count(6);
+my %headers = @{ $res->[1] };

 #CSP
 ok(
-    $policy{'Content-Security-Policy'} =~
+    $headers{'Content-Security-Policy'} =~
 /default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action \*;frame-ancestors 'none'/,
    'CSP header value found'
 ) or print STDERR Dumper( $res->[1] );
@ -105,36 +98,44 @@ ok(
 );
 count(1);

-%policy = @{ $res->[1] };
+%headers = @{ $res->[1] };

 # Lm-Remote headers
-ok( $policy{'Lm-Remote-User'} eq 'dwho', "Lm-Remote-User found" )
+ok( $headers{'Lm-Remote-User'} eq 'dwho', "Lm-Remote-User found" )
  or print STDERR Dumper( $res->[1] );
-ok( $policy{'Lm-Remote-Custom'} eq 'dwho@badwolf.org',
+ok( $headers{'Lm-Remote-Custom'} eq 'dwho@badwolf.org',
    "Lm-Remote-Custom found" )
  or print STDERR Dumper( $res->[1] );
 count(2);

-# CORS
-ok( $policy{'Access-Control-Allow-Origin'} eq '', "CORS origin '' found" )
-  or print STDERR Dumper( $res->[1] );
-ok( $policy{'Access-Control-Allow-Credentials'} eq 'true',
-    "CORS credentials 'true' found" )
-  or print STDERR Dumper( $res->[1] );
-ok( $policy{'Access-Control-Allow-Headers'} eq '*', "CORS headers '*' found" )
-  or print STDERR Dumper( $res->[1] );
-ok( $policy{'Access-Control-Allow-Methods'} eq 'POST',
-    "CORS methods 'POST' found" )
-  or print STDERR Dumper( $res->[1] );
-ok( $policy{'Access-Control-Expose-Headers'} eq '*',
-    "CORS expose-headers '*' found" )
-  or print STDERR Dumper( $res->[1] );
-ok( $policy{'Access-Control-Max-Age'} eq '86400', "CORS max-age '86400' found" )
-  or print STDERR Dumper( $res->[1] );
-count(6);
+checkCorsPolicy($res);

 $client->logout($id);

 clean_sessions();

 done_testing( count() );
+
+sub checkCorsPolicy {
+    my ($res) = @_;
+    my %headers = @{ $res->[1] };
+
+    ok( $headers{'Access-Control-Allow-Origin'} eq '', "CORS origin '' found" )
+      or print STDERR Dumper( $res->[1] );
+    ok( $headers{'Access-Control-Allow-Credentials'} eq 'true',
+        "CORS credentials 'true' found" )
+      or print STDERR Dumper( $res->[1] );
+    ok( $headers{'Access-Control-Allow-Headers'} eq '*',
+        "CORS headers '*' found" )
+      or print STDERR Dumper( $res->[1] );
+    ok( $headers{'Access-Control-Allow-Methods'} eq 'POST',
+        "CORS methods 'POST' found" )
+      or print STDERR Dumper( $res->[1] );
+    ok( $headers{'Access-Control-Expose-Headers'} eq '*',
+        "CORS expose-headers '*' found" )
+      or print STDERR Dumper( $res->[1] );
+    ok( $headers{'Access-Control-Max-Age'} eq '86400',
+        "CORS max-age '86400' found" )
+      or print STDERR Dumper( $res->[1] );
+    count(6);
+}
--- a/lemonldap-ng-portal/t/25-AuthSlave-with-Choice.t
+++ b/lemonldap-ng-portal/t/25-AuthSlave-with-Choice.t
@ -0,0 +1,70 @@
+use Test::More;
+use strict;
+use JSON;
+use Lemonldap::NG::Portal::Main::Constants qw(PE_FIRSTACCESS);
+
+require 't/test-lib.pm';
+
+my $res;
+my $json;
+my $client = LLNG::Manager::Test->new( {
+        ini => {
+            logLevel          => 'error',
+            useSafeJail       => 1,
+            authentication    => 'Choice',
+            userDB            => 'Same',
+            passwordDB        => 'Choice',
+            authChoiceModules => {
+                '1_Demo' => 'Demo;Demo;Null',
+                '2_Slave' => 'Slave;Demo;Null',
+            },
+            slaveUserHeader   => 'My-Test',
+            slaveExportedVars => {
+                name => 'Name',
+            }
+        }
+    }
+);
+
+# Good credentials with bad module
+ok(
+    $res = $client->_get(
+        '/',
+        query => 'lmAuth=1_Slave',
+        ip     => '127.0.0.1',
+        custom => {
+            HTTP_MY_TEST     => 'dwho',
+            HTTP_NAME        => 'Dr Who',
+        }
+
+    ),
+    'Auth query'
+);
+ok( $res->[0] == 401, 'Get 401' ) or explain( $res->[0], 401 );
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+  or print STDERR "$@\n" . Dumper($res);
+ok( $json->{error} == PE_FIRSTACCESS, 'Response is PE_FIRSTACCESS' )
+  or explain( $json, "error => 9" );
+count(4);
+
+# Good credentials with right module
+ok(
+    $res = $client->_get(
+        '/',
+        query => 'lmAuth=2_Slave',
+        ip     => '127.0.0.2',
+        custom => {
+            HTTP_MY_TEST => 'dwho',
+            HTTP_NAME    => 'Dr Who',
+        }
+
+    ),
+    'Auth query'
+);
+count(1);
+
+expectOK($res);
+expectCookie($res);
+
+clean_sessions();
+done_testing( count() );
--- a/lemonldap-ng-portal/t/25-AuthSlave-with-Credentials.t
+++ b/lemonldap-ng-portal/t/25-AuthSlave-with-Credentials.t
@ -0,0 +1,121 @@
+use Test::More;
+use strict;
+use JSON;
+use Lemonldap::NG::Portal::Main::Constants qw(PE_FORBIDDENIP PE_USERNOTFOUND);
+
+require 't/test-lib.pm';
+
+my $res;
+my $json;
+
+my $client = LLNG::Manager::Test->new( {
+        ini => {
+            logLevel           => 'error',
+            useSafeJail        => 1,
+            securedCookie      => 3,
+            authentication     => 'Slave',
+            userDB             => 'Same',
+            slaveUserHeader    => 'My-Test',
+            slaveHeaderName    => 'Check-Slave',
+            slaveHeaderContent => 'Password',
+            slaveMasterIP      => '127.0.0.1',
+            slaveExportedVars  => {
+                name => 'Name',
+            }
+        }
+    }
+);
+
+# Bad password
+ok(
+    $res = $client->_get(
+        '/',
+        ip     => '127.0.0.1',
+        custom => {
+            HTTP_MY_TEST     => 'dwho',
+            HTTP_NAME        => 'Dr Who',
+            HTTP_CHECK_SLAVE => 'Passwor',
+        }
+
+    ),
+    'Auth query'
+);
+ok( $res->[0] == 401, 'Get 401' ) or explain( $res->[0], 401 );
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+  or print STDERR "$@\n" . Dumper($res);
+ok( $json->{error} == PE_FORBIDDENIP, 'Response is PE_FORBIDDENIP' )
+  or explain( $json, "error => 75" );
+count(4);
+
+# Good credentials with forbidden IP
+ok(
+    $res = $client->_get(
+        '/',
+        ip     => '127.0.0.2',
+        custom => {
+            HTTP_MY_TEST     => 'dwho',
+            HTTP_NAME        => 'Dr Who',
+            HTTP_CHECK_SLAVE => 'Password',
+        }
+
+    ),
+    'Auth query'
+);
+ok( $res->[0] == 401, 'Get 401' ) or explain( $res->[0], 401 );
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+  or print STDERR "$@\n" . Dumper($res);
+ok( $json->{error} == PE_FORBIDDENIP, 'Response is PE_FORBIDDENIP' )
+  or explain( $json, "error => 75" );
+count(4);
+
+# Good credentials without slaveUserHeader
+ok(
+    $res = $client->_get(
+        '/',
+        ip     => '127.0.0.1',
+        custom => {
+            HTTP_MY_TES      => 'dwho',
+            HTTP_NAME        => 'Dr Who',
+            HTTP_CHECK_SLAVE => 'Password',
+        }
+
+    ),
+    'Auth query'
+);
+ok( $res->[0] == 401, 'Get 401' ) or explain( $res->[0], 401 );
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+  or print STDERR "$@\n" . Dumper($res);
+ok( $json->{error} == PE_USERNOTFOUND, 'Response is PE_USERNOTFOUND' )
+  or explain( $json, "error => 4" );
+count(4);
+
+# Good credentials with acredited IP
+ok(
+    $res = $client->_get(
+        '/',
+        ip     => '127.0.0.1',
+        custom => {
+            HTTP_MY_TEST     => 'dwho',
+            HTTP_NAME        => 'Dr Who',
+            HTTP_CHECK_SLAVE => 'Password',
+        }
+
+    ),
+    'Auth query'
+);
+count(1);
+expectOK($res);
+
+my $id      = expectCookie($res);
+my $id_http = expectCookie( $res, 'lemonldaphttp' );
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+  or print STDERR "$@\n" . Dumper($res);
+ok( $json->{id} eq "$id", 'Session id found' )
+  or explain( $json, "id => session_id" );
+ok( $json->{id_http} eq "$id_http", 'httpSession id found' )
+  or explain( $json, "id_http => http_session_id" );
+count(3);
+
+clean_sessions();
+
+done_testing( count() );
--- a/lemonldap-ng-portal/t/25-AuthSlave.t
+++ b/lemonldap-ng-portal/t/25-AuthSlave.t
@ -1,33 +0,0 @@
-use Test::More;
-use strict;
-
-require 't/test-lib.pm';
-
-my $res;
-
-my $client = LLNG::Manager::Test->new( {
-        ini => {
-            logLevel          => 'error',
-            useSafeJail       => 1,
-            authentication    => 'Slave',
-            userDB            => 'Same',
-            slaveUserHeader   => 'My-Test',
-            slaveExportedVars => {
-                name => 'Name',
-            }
-        }
-    }
-);
-
-ok(
-    $res = $client->_get(
-        '/', custom => { HTTP_MY_TEST => 'dwho', HTTP_NAME => 'Dr Who' }
-    ),
-    'Auth query'
-);
-count(1);
-expectOK($res);
-my $id = expectCookie($res);
-clean_sessions();
-
-done_testing( count() );
--- a/lemonldap-ng-portal/t/41-Captcha.t
+++ b/lemonldap-ng-portal/t/41-Captcha.t
@ -34,7 +34,7 @@ SKIP: {
    my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
    ok(
        $res->[2]->[0] =~
-m%<input name="password" type="text" class="form-control key" trplaceholder="password" autocomplete="off" required aria-required="true"/>%,
+m%<input name="password" type="text" class="form-control key" trplaceholder="password" autocomplete="off" required aria-required="true" aria-hidden="true"/>%,
        'Password: Found text input'
    );

--- a/lemonldap-ng-portal/t/test-lib.pm
+++ b/lemonldap-ng-portal/t/test-lib.pm
@ -784,6 +784,18 @@ sub _delete {
    $self->_get( $path, %args );
 }

+=head4 _options( $path, %args )
+
+Call C<_get()> with method set to OPTIONS.
+
+=cut
+
+sub _options {
+    my ( $self, $path, %args ) = @_;
+    $args{method} = 'OPTIONS';
+    $self->_get( $path, %args );
+}
+
 =head4 _put( $path, $body, %args )

 Call C<_post()> with method set to PUT