Apply patch on Manager in trunk (#1087)

2016-09-29 19:24:58 +00:00 · 2016-09-29 19:24:58 +00:00 · fc878c0545
commit fc878c0545
parent 68c074b291
9 changed files with 30 additions and 11 deletions
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
@ -246,9 +246,10 @@ sub defaultValues {
        'samlIDPMetaDataOptionsAdaptSessionUtime' => 0,
        'samlIDPMetaDataOptionsAllowLoginFromIDP' => 0,
        'samlIDPMetaDataOptionsAllowProxiedAuthn' => 0,
-        'samlIDPMetaDataOptionsCheckConditions'   => 1,
+        'samlIDPMetaDataOptionsCheckAudience'     => 1,
        'samlIDPMetaDataOptionsCheckSLOMessageSignature' => 1,
        'samlIDPMetaDataOptionsCheckSSOMessageSignature' => 1,
+        'samlIDPMetaDataOptionsCheckTime'                => 1,
        'samlIDPMetaDataOptionsEncryptionMode'           => 'none',
        'samlIDPMetaDataOptionsForceAuthn'               => 0,
        'samlIDPMetaDataOptionsForceUTF8'                => 0,
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@ -2098,7 +2098,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
            'default' => 0,
            'type'    => 'bool'
        },
-        'samlIDPMetaDataOptionsCheckConditions' => {
+        'samlIDPMetaDataOptionsCheckAudience' => {
            'default' => 1,
            'type'    => 'bool'
        },
@ -2110,6 +2110,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
            'default' => 1,
            'type'    => 'bool'
        },
+        'samlIDPMetaDataOptionsCheckTime' => {
+            'default' => 1,
+            'type'    => 'bool'
+        },
        'samlIDPMetaDataOptionsEncryptionMode' => {
            'default' => 'none',
            'select'  => [
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@ -1514,7 +1514,11 @@ sub attributes {
            ],
            default => 'none',
        },
-        samlIDPMetaDataOptionsCheckConditions => {
+        samlIDPMetaDataOptionsCheckTime => {
+            type    => 'bool',
+            default => 1,
+        },
+        samlIDPMetaDataOptionsCheckAudience => {
            type    => 'bool',
            default => 1,
        },
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm
@ -78,7 +78,8 @@ sub cTrees {
                form  => 'simpleInputContainer',
                nodes => [
                    "samlIDPMetaDataOptionsEncryptionMode",
-                    "samlIDPMetaDataOptionsCheckConditions"
+                    "samlIDPMetaDataOptionsCheckTime",
+                    "samlIDPMetaDataOptionsCheckAudience"
                ]
            }
        ],
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Constants.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Constants.pm
@ -26,7 +26,7 @@ our $simpleHashKeys = '(?:(?:g(?:r(?:antSessionRule|oup)|lobalStorageOption|oogl
 our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s';
 our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
 our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|UserIDAttr)|ExportedVars)';
-our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Check(?:S[LS]OMessageSignature|Conditions)|Re(?:questedAuthnContext|solutionRule)|(?:EncryptionMod|IsPassiv)e|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
+our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Re(?:questedAuthnContext|solutionRule)|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
 our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
 our $virtualHostKeys = '(?:vhost(?:(?:Aliase|Http)s|Maintenance|Port)|(?:exportedHeader|locationRule)s|post)';

--- a/lemonldap-ng-manager/site/static/js/conftree.js
+++ b/lemonldap-ng-manager/site/static/js/conftree.js
@ -661,9 +661,16 @@ function templates(tpl,key) {
         },
         {
            "default" : 1,
-            "get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsCheckConditions",
-            "id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsCheckConditions",
-            "title" : "samlIDPMetaDataOptionsCheckConditions",
+            "get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsCheckTime",
+            "id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsCheckTime",
+            "title" : "samlIDPMetaDataOptionsCheckTime",
+            "type" : "bool"
+         },
+         {
+            "default" : 1,
+            "get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsCheckAudience",
+            "id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsCheckAudience",
+            "title" : "samlIDPMetaDataOptionsCheckAudience",
            "type" : "bool"
         }
      ],
--- a/lemonldap-ng-manager/site/static/js/conftree.min.js
+++ b/lemonldap-ng-manager/site/static/js/conftree.min.js
--- a/lemonldap-ng-manager/site/static/languages/en.json
+++ b/lemonldap-ng-manager/site/static/languages/en.json
@ -692,7 +692,8 @@
 "samlIDPMetaDataOptionsRequestedAuthnContext": "Requested authentication context",
 "samlIDPMetaDataOptionsForceUTF8": "Force UTF-8",
 "samlIDPMetaDataOptionsEncryptionMode": "Encryption mode",
-"samlIDPMetaDataOptionsCheckConditions": "Check conditions",
+"samlIDPMetaDataOptionsCheckTime": "Check time conditions",
+"samlIDPMetaDataOptionsCheckAudience": "Check audience conditions",
 "samlIDPMetaDataOptionsAuthnRequest": "Authentication request",
 "samlIDPMetaDataOptionsSession": "Session",
 "samlIDPMetaDataOptionsSignature": "Signature",
--- a/lemonldap-ng-manager/site/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/static/languages/fr.json
@ -692,7 +692,8 @@
 "samlIDPMetaDataOptionsRequestedAuthnContext": "Contexte d'authentification demandé",
 "samlIDPMetaDataOptionsForceUTF8": "Forcer l'UTF-8",
 "samlIDPMetaDataOptionsEncryptionMode": "Mode de chiffrement",
-"samlIDPMetaDataOptionsCheckConditions": "Vérifier les conditions",
+"samlIDPMetaDataOptionsCheckTime": "Vérifier les conditions de temps",
+"samlIDPMetaDataOptionsCheckAudience": "Vérifier les conditions d'audience",
 "samlIDPMetaDataOptionsAuthnRequest": "Requête d'authentification",
 "samlIDPMetaDataOptionsSession": "Session",
 "samlIDPMetaDataOptionsSignature": "Signature",