Change oidc content key for removal (#1431)
This commit is contained in:
Xavier Guimard
parent
31d3b1e77c
commit
ff0c8029db
|
|
@ -111,18 +111,20 @@ sub defaultValues {
|
|||
'locationRules' => {
|
||||
'default' => 'deny'
|
||||
},
|
||||
'logoutServices' => {},
|
||||
'macros' => {},
|
||||
'mailCharset' => 'utf-8',
|
||||
'mailFrom' => 'noreply@example.com',
|
||||
'mailSessionKey' => 'mail',
|
||||
'mailTimeout' => 0,
|
||||
'mailUrl' => 'http://auth.example.com/resetpwd',
|
||||
'managerDn' => '',
|
||||
'managerPassword' => '',
|
||||
'max2FDevices' => 10,
|
||||
'max2FDevicesNameLength' => 20,
|
||||
'multiValuesSeparator' => '; ',
|
||||
'logoutServices' => {},
|
||||
'macros' => {},
|
||||
'mailCharset' => 'utf-8',
|
||||
'mailFrom' => 'noreply@example.com',
|
||||
'mailSessionKey' => 'mail',
|
||||
'mailTimeout' => 0,
|
||||
'mailUrl' => 'http://auth.example.com/resetpwd',
|
||||
'managerDn' => '',
|
||||
'managerPassword' => '',
|
||||
'max2FDevices' => 10,
|
||||
'max2FDevicesNameLength' => 20,
|
||||
'multiValuesSeparator' => '; ',
|
||||
'mySessionAuthorizedRWKeys' =>
|
||||
[ '_appsListOrder', '_oidcConnectedRP', '_oidc_consent_*' ],
|
||||
'notificationStorage' => 'File',
|
||||
'notificationStorageOptions' => {
|
||||
'dirName' => '/var/lib/lemonldap-ng/notifications'
|
||||
|
|
|
|||
|
|
@ -123,8 +123,12 @@ sub BUILD {
|
|||
|
||||
if ( $self->{info} ) {
|
||||
foreach ( keys %{ $self->{info} } ) {
|
||||
$data->{$_} = $self->{info}->{$_}
|
||||
if ( defined $self->{info}->{$_} );
|
||||
if ( defined $self->{info}->{$_} ) {
|
||||
$data->{$_} = $self->{info}->{$_};
|
||||
}
|
||||
else {
|
||||
delete $data->{$_};
|
||||
}
|
||||
}
|
||||
delete $self->{info};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,6 +5,11 @@ our $VERSION = '2.0.0';
|
|||
|
||||
sub types {
|
||||
return {
|
||||
'array' => {
|
||||
'test' => sub {
|
||||
1;
|
||||
}
|
||||
},
|
||||
'authParamsText' => {
|
||||
'test' => sub {
|
||||
1;
|
||||
|
|
@ -1592,6 +1597,11 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
|||
'default' => '; ',
|
||||
'type' => 'authParamsText'
|
||||
},
|
||||
'mySessionAuthorizedRWKeys' => {
|
||||
'default' =>
|
||||
[ '_appsListOrder', '_oidcConnectedRP', '_oidc_consent_*' ],
|
||||
'type' => 'array'
|
||||
},
|
||||
'nginxCustomHandlers' => {
|
||||
'keyTest' => qr/^\w+$/,
|
||||
'msgFail' => '__badPerlPackageName__',
|
||||
|
|
|
|||
|
|
@ -208,6 +208,9 @@ sub types {
|
|||
samlService => {
|
||||
test => sub { 1 }
|
||||
},
|
||||
array => {
|
||||
test => sub { 1 }
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
|
|
@ -220,7 +223,13 @@ sub attributes {
|
|||
documentation =>
|
||||
'Timeout to check new configuration in local cache',
|
||||
default => 600,
|
||||
flags => 'hp',
|
||||
flags => 'hp',
|
||||
},
|
||||
mySessionAuthorizedRWKeys => {
|
||||
type => 'array',
|
||||
documentation => 'Alterable session keys by user itself',
|
||||
default =>
|
||||
[ '_appsListOrder', '_oidcConnectedRP', '_oidc_consent_*' ],
|
||||
},
|
||||
configStorage => {
|
||||
type => 'text',
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ sub init {
|
|||
my ($self) = @_;
|
||||
$self->conf->{remoteCookieName} ||= $self->conf->{cookieName};
|
||||
$self->conf->{proxySessionService} ||=
|
||||
$self->conf->{proxyAuthService} . '/mysession';
|
||||
$self->conf->{proxyAuthService} . '/session/my';
|
||||
$self->conf->{proxySessionService} =~ s#/*$##;
|
||||
$self->ua( Lemonldap::NG::Common::UserAgent->new( $self->conf ) );
|
||||
$self->ua->default_header( Accept => 'application/json' );
|
||||
|
|
|
|||
|
|
@ -10,9 +10,9 @@
|
|||
# * DELETE /sessions/<type>/<session-id> : delete a session
|
||||
#
|
||||
# - Sessions for connected users (if restSessionServer is on):
|
||||
# * GET /mysession/<type> : get session datas
|
||||
# * GET /mysession/<type>/key : get session key
|
||||
# * DELETE /mysession : ask for logout
|
||||
# * GET /session/my/<type> : get session datas
|
||||
# * GET /session/my/<type>/key : get session key
|
||||
# * DELETE /session/my : ask for logout
|
||||
#
|
||||
# - Authentication
|
||||
# * POST /sessions/<type>/<session-id>?auth : authenticate with a fixed
|
||||
|
|
@ -34,7 +34,9 @@
|
|||
# * GET /mysession/?authorizationfor=<base64-encoded-url>: ask if url is
|
||||
# authorizated
|
||||
# * PUT /mysession/<type> : update some
|
||||
# persistent datas
|
||||
# persistent data
|
||||
# (restricted)
|
||||
# * DELETE /mysession/<type>/key : delete key in data
|
||||
# (restricted)
|
||||
#
|
||||
# There is no conflict with SOAP server, they can be used together
|
||||
|
|
@ -148,11 +150,11 @@ sub init {
|
|||
sessions => { ':sessionType' => 'delSession' },
|
||||
['DELETE']
|
||||
);
|
||||
|
||||
$self->addAuthRoute(
|
||||
mysession => { ':sessionType' => 'getMyKey' },
|
||||
session => { my => { ':sessionType' => 'getMyKey' } },
|
||||
[ 'GET', 'POST' ]
|
||||
);
|
||||
$self->addAuthRoute( mysession => 'delMySession', ['DELETE'] );
|
||||
}
|
||||
|
||||
# Methods always available
|
||||
|
|
@ -160,6 +162,10 @@ sub init {
|
|||
mysession => { '*' => 'mysession' },
|
||||
[ 'GET', 'POST' ]
|
||||
);
|
||||
$self->addAuthRoute(
|
||||
mysession => { ':key' => 'delKeyInMySession', '*' => 'delMySession' },
|
||||
['DELETE']
|
||||
);
|
||||
$self->addAuthRoute(
|
||||
mysession => { ':sessionType' => 'updateMySession' },
|
||||
['PUT']
|
||||
|
|
@ -357,8 +363,17 @@ sub updateMySession {
|
|||
if ( my $token = $req->param('token') ) {
|
||||
if ( $self->ott->getToken($token) ) {
|
||||
if ( $req->param('sessionType') eq 'persistent' ) {
|
||||
foreach my $key (qw(_appsListOrder _oidcConnectedRP)) {
|
||||
my $v = $req->param($key);
|
||||
foreach my $key ( $self->conf->{mySessionAuthorizedRWKeys} ) {
|
||||
my $v;
|
||||
if ( $key =~ /\*/ ) {
|
||||
$key =~ s/\*/\.\*/g;
|
||||
if ( my ($k) = grep( /$key/, $req->params ) ) {
|
||||
$v = $req->param($k);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$v = $req->param($key);
|
||||
}
|
||||
if ( defined $v ) {
|
||||
$res++;
|
||||
push @$mKeys, $key;
|
||||
|
|
@ -382,4 +397,43 @@ sub updateMySession {
|
|||
{ result => 1, count => $res, modifiedKeys => $mKeys } );
|
||||
}
|
||||
|
||||
sub delKeyInMySession {
|
||||
my ( $self, $req ) = @_;
|
||||
my $res = 0;
|
||||
my $mKeys = [];
|
||||
my $dkey = $req->param('key');
|
||||
if ( my $token = $req->param('token') ) {
|
||||
if ( $self->ott->getToken($token) ) {
|
||||
if ( $req->param('sessionType') eq 'persistent' ) {
|
||||
foreach my $key ( $self->conf->{mySessionAuthorizedRWKeys} ) {
|
||||
if ( $key =~ /\*/ ) {
|
||||
$key =~ s/\*/\.\*/g;
|
||||
if ( $dkey =~ /$key/ ) {
|
||||
$res++;
|
||||
}
|
||||
}
|
||||
elsif ( $dkey eq $key ) {
|
||||
$res++;
|
||||
}
|
||||
}
|
||||
if ($res) {
|
||||
$self->p->updatePersistentSession( $req,
|
||||
{ $dkey => undef } );
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
$self->logger->error('Update session request with invalid token');
|
||||
}
|
||||
}
|
||||
else {
|
||||
$self->logger->error('Update session request without token');
|
||||
}
|
||||
unless ($res) {
|
||||
return $self->p->sendError( $req, 'Modification refused', 403 );
|
||||
}
|
||||
return $self->p->sendJSONresponse( $req,
|
||||
{ result => 1, count => $res, modifiedKeys => $dkey } );
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
|||
|
|
@ -60,15 +60,27 @@ setOrder = ->
|
|||
|
||||
# Function used to remove an OIDC consent
|
||||
removeOidcConsent = (partner) ->
|
||||
r = new RegExp "\b#{partner}\b,?", 'g'
|
||||
datas['oidcConsents'] = datas['oidcConsents'].replace(r,'').replace(/,$/,'')
|
||||
setKey '_oidcConnectedRP', datas['oidcConsents']
|
||||
#r = new RegExp "\b#{partner}\b,?", 'g'
|
||||
#datas['oidcConsents'] = datas['oidcConsents'].replace(r,'').replace(/,$/,'')
|
||||
#setKey '_oidcConnectedRP', datas['oidcConsents']
|
||||
# # Success
|
||||
# , () ->
|
||||
# $("[partner='#{partner}']").hide()
|
||||
# # Error
|
||||
# , (j,s,e) ->
|
||||
# alert "#{s} #{e}"
|
||||
e = (j,s,e) ->
|
||||
alert "#{s} #{e}"
|
||||
delKey "_oidc_consent_time_#{partner}"
|
||||
# Success
|
||||
, () ->
|
||||
$("[partner='#{partner}']").hide()
|
||||
# Error
|
||||
, (j,s,e) ->
|
||||
alert "#{s} #{e}"
|
||||
delKey "_oidc_consent_scope_#{partner}"
|
||||
# Success
|
||||
, () ->
|
||||
$("[partner='#{partner}']").hide()
|
||||
# Error
|
||||
, e
|
||||
, e
|
||||
|
||||
# Function used by setOrder() and removeOidcConsent() to push new values
|
||||
# For security reason, modification is rejected unless a valid token is given
|
||||
|
|
@ -92,6 +104,21 @@ setKey = (key,val,success,error) ->
|
|||
success: success
|
||||
error: error
|
||||
|
||||
delKey = (key,success,error) ->
|
||||
$.ajax
|
||||
type: "GET"
|
||||
url: datas['scriptname'] + '/mysession/?gettoken'
|
||||
dataType: 'json'
|
||||
error: error
|
||||
# On success, value is set
|
||||
success: (data) ->
|
||||
$.ajax
|
||||
type: "DELETE"
|
||||
url: "#{datas['scriptname']}/mysession/persistent/#{key}?token=#{data.token}"
|
||||
dataType: 'json'
|
||||
success: success
|
||||
error: error
|
||||
|
||||
# function that restores the list order from session
|
||||
restoreOrder = ->
|
||||
list = $(setSelector)
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ LemonLDAP::NG Portal jQuery scripts
|
|||
*/
|
||||
|
||||
(function() {
|
||||
var datas, getCookie, getValues, isHiddenFormValueSet, ping, removeOidcConsent, restoreOrder, setCookie, setKey, setOrder, setSelector, translate, translatePage, translationFields,
|
||||
var datas, delKey, getCookie, getValues, isHiddenFormValueSet, ping, removeOidcConsent, restoreOrder, setCookie, setKey, setOrder, setSelector, translate, translatePage, translationFields,
|
||||
indexOf = [].indexOf || function(item) { for (var i = 0, l = this.length; i < l; i++) { if (i in this && this[i] === item) return i; } return -1; };
|
||||
|
||||
translationFields = {};
|
||||
|
|
@ -75,14 +75,15 @@ LemonLDAP::NG Portal jQuery scripts
|
|||
};
|
||||
|
||||
removeOidcConsent = function(partner) {
|
||||
var r;
|
||||
r = new RegExp("\b" + partner + "\b,?", 'g');
|
||||
datas['oidcConsents'] = datas['oidcConsents'].replace(r, '').replace(/,$/, '');
|
||||
return setKey('_oidcConnectedRP', datas['oidcConsents'], function() {
|
||||
return $("[partner='" + partner + "']").hide();
|
||||
}, function(j, s, e) {
|
||||
var e;
|
||||
e = function(j, s, e) {
|
||||
return alert(s + " " + e);
|
||||
});
|
||||
};
|
||||
return delKey("_oidc_consent_time_" + partner, function() {
|
||||
return delKey("_oidc_consent_scope_" + partner, function() {
|
||||
return $("[partner='" + partner + "']").hide();
|
||||
}, e);
|
||||
}, e);
|
||||
};
|
||||
|
||||
setKey = function(key, val, success, error) {
|
||||
|
|
@ -109,6 +110,24 @@ LemonLDAP::NG Portal jQuery scripts
|
|||
});
|
||||
};
|
||||
|
||||
delKey = function(key, success, error) {
|
||||
return $.ajax({
|
||||
type: "GET",
|
||||
url: datas['scriptname'] + '/mysession/?gettoken',
|
||||
dataType: 'json',
|
||||
error: error,
|
||||
success: function(data) {
|
||||
return $.ajax({
|
||||
type: "DELETE",
|
||||
url: datas['scriptname'] + "/mysession/persistent/" + key + "?token=" + data.token,
|
||||
dataType: 'json',
|
||||
success: success,
|
||||
error: error
|
||||
});
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
restoreOrder = function() {
|
||||
var IDs, child, i, item, itemID, items, l, len, len1, list, rebuild, savedOrd, v;
|
||||
list = $(setSelector);
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue
Block a user