Append accessor to avoid modify conf (#2451)
This commit is contained in:
Christophe Maudoux
Yadd
parent
61c4150cb9
commit
ff36b81e73
|
|
@ -11,7 +11,7 @@ community-powered IP reputation system.
|
|||
LL::NG provides a **CrowdSec** bouncer that can reject Crowdsec banned-IP
|
||||
requests or just provide an environment variable that can be used in
|
||||
another plugin rule. For example, a second factor may be required if user's
|
||||
IP is CrowdSec bans it.
|
||||
IP is CrowdSec-banned.
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
|
|||
|
|
@ -276,21 +276,21 @@ Name Description
|
|||
:doc:`Check user<checkuser>` [6]_ |new| Check access rights, transmitted headers and session attibutes for a specific user and URL
|
||||
:doc:`Configuration viewer<viewer>` |new| Edit WebSSO configuration in Read Only mode
|
||||
:doc:`Context switching<contextswitching>` [7]_\ |new| Switch context other users
|
||||
:doc:`CrowdSec<crowdsec>` [16]_\ |new| CrowdSec bouncer
|
||||
:doc:`CrowdSec<crowdsec>` [8]_\ |new| CrowdSec bouncer
|
||||
:doc:`Custom<plugincustom>` Write a custom plugin
|
||||
:doc:`Decrypt value<decryptvalue>` [8]_\ |image35| Decrypt ciphered values
|
||||
:doc:`Decrypt value<decryptvalue>` [9]_\ |image35| Decrypt ciphered values
|
||||
:doc:`Display login history<loginhistory>` Display Success/Fails logins
|
||||
:doc:`Force Authentication<forcereauthn>` Force authentication to access to Portal
|
||||
:doc:`Global Logout<globallogout>` [9]_ Suggest to close all opened sessions at logout
|
||||
:doc:`Global Logout<globallogout>` [10]_ Suggest to close all opened sessions at logout
|
||||
:doc:`Grant Sessions<grantsession>` Rules to apply before allowing a user to open a session
|
||||
:doc:`Impersonation<impersonation>` [10]_\ |new| Allow users to use another identity
|
||||
:doc:`Find user<finduser>` [11]_\ |new| Search for user account
|
||||
:doc:`Impersonation<impersonation>` [11]_\ |new| Allow users to use another identity
|
||||
:doc:`Find user<finduser>` [12]_\ |new| Search for user account
|
||||
:doc:`Notifications system<notifications>` DIsplay a message during log in process
|
||||
:doc:`Portal Status<status>` Experimental portal status page
|
||||
:doc:`Public pages<public_pages>` Enable public pages system
|
||||
:doc:`Refresh session API<refreshsessionapi>` [12]_ Plugin that provides an API to refresh a user session
|
||||
:doc:`Refresh session API<refreshsessionapi>` [13]_ Plugin that provides an API to refresh a user session
|
||||
:doc:`Reset password by mail<resetpassword>` Send a mail to reset its password
|
||||
:doc:`Reset certificate by mail<resetcertificate>` [13]_\ |image37| Allow users to reset their certificate
|
||||
:doc:`Reset certificate by mail<resetcertificate>` [14]_\ |image37| Allow users to reset their certificate
|
||||
:doc:`REST services<restservices>` |new| REST server for :doc:`Proxy<authproxy>`
|
||||
:doc:`SOAP services<soapservices>` |deprecated| SOAP server for :doc:`Proxy<authproxy>`
|
||||
:doc:`Stay connected<stayconnected>` |new| Enable persistent connection on same browser
|
||||
|
|
@ -308,12 +308,12 @@ Handlers are software control agents to be installed on your web servers
|
|||
==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
|
||||
Handler type Apache LLNG FastCGI/uWSGI server (Nginx, or :doc:`SSOaaS<ssoaas>`) `Plack servers <https://plackperl.org>`__ Node.js ( `express apps <http://expressjs.com/>`__\ or :doc:`SSOaaS<ssoaas>`) :doc:`Self protected apps<selfmadeapplication>` Comment
|
||||
==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
|
||||
Main *(default handler)* ✔ ✔ ✔ :doc:`Partial<nodehandler>` ** [14]_ ** ✔
|
||||
Main *(default handler)* ✔ ✔ ✔ :doc:`Partial<nodehandler>` ** [15]_ ** ✔
|
||||
:doc:`AuthBasic<handlerauthbasic>` ✔ ✔ ✔ ✔ Designed for some server-to-server applications
|
||||
:doc:`CDA<cda>` ✔ ✔ ✔ ✔ For Cross Domain Authentication
|
||||
:doc:`DevOps<devopshandler>` (:doc:`SSOaaS<ssoaas>`) |new| ✔ ✔ ✔ ✔ Allows application developers to define their own rules and headers inside their applications
|
||||
:doc:`DevOpsST<devopssthandler>` (:doc:`SSOaaS<ssoaas>`) |new| ✔ ✔ ✔ ✔ Enables both :doc:`DevOps<devopshandler>` and :doc:`Service Token<servertoserver>`
|
||||
:doc:`OAuth2<oauth2handler>` [15]_\ |new| ✔ ✔ ✔ ✔ Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services
|
||||
:doc:`OAuth2<oauth2handler>` [16]_\ |new| ✔ ✔ ✔ ✔ Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services
|
||||
:doc:`Secure Token<securetoken>` ✔ ✔ ✔ Designed to secure exchanges between a LLNG reverse-proxy and a remote app
|
||||
:doc:`Service Token<servertoserver>` |new| *(Server-to-Server)* ✔ ✔ ✔ ✔ ✔ Designed to permit underlying requests *(API-Based Infrastructure)*
|
||||
:doc:`Zimbra PreAuth<applications/zimbra>` ✔ ✔ ✔
|
||||
|
|
@ -579,38 +579,38 @@ by your language code):
|
|||
LLNG ≥ 2.0.6
|
||||
|
||||
.. [8]
|
||||
:doc:`CrowdSec bouncer <crowdsec>` is available with LLNG ≥ 2.0.12
|
||||
|
||||
.. [9]
|
||||
:doc:`Decrypt value plugin<decryptvalue>` is available with LLNG ≥
|
||||
2.0.7
|
||||
|
||||
.. [9]
|
||||
.. [10]
|
||||
:doc:`Global Logout plugin<globallogout>` is available with LLNG ≥
|
||||
2.0.7
|
||||
|
||||
.. [10]
|
||||
.. [11]
|
||||
:doc:`Impersonation plugin<impersonation>` is available with LLNG ≥
|
||||
2.0.3
|
||||
|
||||
.. [11]
|
||||
.. [12]
|
||||
:doc:`Find user plugin<finduser>` is available with LLNG ≥
|
||||
2.0.11
|
||||
|
||||
.. [12]
|
||||
.. [13]
|
||||
:doc:`Refresh session API plugin<refreshsessionapi>` is available
|
||||
with LLNG ≥ 2.0.7
|
||||
|
||||
.. [13]
|
||||
.. [14]
|
||||
:doc:`Reset certificate by mail plugin<resetcertificate>` is
|
||||
available with LLNG ≥ 2.0.7
|
||||
|
||||
.. [14]
|
||||
.. [15]
|
||||
:doc:`Node.js handler<nodehandler>` has not yet reached the same
|
||||
level of functionalities
|
||||
|
||||
.. [15]
|
||||
:doc:`OAuth2 Handler<oauth2handler>` is available with LLNG ≥ 2.0.4
|
||||
|
||||
.. [16]
|
||||
:doc:`CrowdSec bouncer <crowdsec>` is available with LLNG ≥ 2.0.12
|
||||
:doc:`OAuth2 Handler<oauth2handler>` is available with LLNG ≥ 2.0.4
|
||||
|
||||
.. |image0| image:: /icons/kthememgr.png
|
||||
.. |image1| image:: /icons/warehause.png
|
||||
|
|
|
|||
|
|
@ -5,12 +5,12 @@ use Mouse;
|
|||
use JSON qw(from_json);
|
||||
use Lemonldap::NG::Common::UserAgent;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_ERROR
|
||||
PE_OK
|
||||
PE_ERROR
|
||||
PE_SESSIONNOTGRANTED
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
our $VERSION = '2.0.12';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||
|
||||
|
|
@ -28,18 +28,19 @@ has ua => (
|
|||
return $ua;
|
||||
}
|
||||
);
|
||||
has crowdsecUrl => ( is => 'rw' );
|
||||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
if ( $self->conf->{crowdsecUrl} ) {
|
||||
$self->conf->{crowdsecUrl} =~ s#/+$##;
|
||||
$self->crowdsecUrl( $self->conf->{crowdsecUrl} =~ s#/+$## );
|
||||
}
|
||||
else {
|
||||
$self->logger->warn(
|
||||
"crowdsecUrl isn't set, fallback to http://localhost:8080");
|
||||
$self->conf->{crowdsecUrl} = 'http://localhost:8080';
|
||||
$self->crowdsecUrl('http://localhost:8080');
|
||||
}
|
||||
$self->logger->notice( "CrowdSec policy is: "
|
||||
$self->logger->notice( 'CrowdSec policy is: '
|
||||
. ( $self->conf->{crowdsecAction} ? 'reject' : 'warn' ) );
|
||||
return 1;
|
||||
}
|
||||
|
|
@ -48,12 +49,12 @@ sub check {
|
|||
my ( $self, $req ) = @_;
|
||||
my $ip = $req->address;
|
||||
my $resp = $self->ua->get(
|
||||
$self->conf->{crowdsecUrl} . "/v1/decisions?ip=$ip",
|
||||
$self->crowdsecUrl . "/v1/decisions?ip=$ip",
|
||||
'Accept' => 'application/json',
|
||||
'X-Api-Key' => $self->conf->{crowdsecKey},
|
||||
);
|
||||
if ( $resp->is_error ) {
|
||||
$self->logger->error( "Bad CrowdSec response: " . $resp->message );
|
||||
$self->logger->error( 'Bad CrowdSec response: ' . $resp->message );
|
||||
$self->logger->debug( $resp->content );
|
||||
return PE_ERROR;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -588,11 +588,11 @@ LemonLDAP::NG Portal jQuery scripts
|
|||
}
|
||||
});
|
||||
$('#resetfinduserform').on('click', function() {
|
||||
console.log('Clear form');
|
||||
console.log('Reset form');
|
||||
return $('#finduserForm').trigger('reset');
|
||||
});
|
||||
$('#finduserModal').on('hidden.bs.modal', function() {
|
||||
console.log('Reset modal');
|
||||
console.log('Clear modal');
|
||||
return $('#finduserForm').trigger('reset');
|
||||
});
|
||||
return $('#finduserbutton').on('click', function(event) {
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -32,7 +32,7 @@ my $res;
|
|||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'debug',
|
||||
logLevel => 'error',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
crowdsec => 1,
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ my $res;
|
|||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'debug',
|
||||
logLevel => 'error',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
crowdsec => 1,
|
||||
|
|
|
|||
Loading…
Reference in New Issue