Clément OUDOT
b0a69d3473
Use skin rules in 2F plugins ( #1828 )
2019-06-28 15:56:57 +02:00
Xavier
c921c295ed
Use user skin in loadTemplate ( Fixes : #1828 )
2019-06-28 13:40:56 +02:00
Xavier Guimard
44a6e25851
Improve cryptographic functions ( #1823 )
2019-06-28 10:30:37 +02:00
Christophe Maudoux
bb39dca317
Append & update unit tests ( #1783 )
2019-06-27 21:54:14 +02:00
Christophe Maudoux
8ad895c3b8
Merge branch 'v2.0' into 1783
2019-06-27 21:11:56 +02:00
Xavier Guimard
264410409d
Move CAS service verification from main to Issuer::CAS ( #1795 )
2019-06-27 16:55:12 +02:00
Maxime Besson
e1f927a195
Check service= parameter on CAS logout ( #1795 )
...
service= redirect URL is not checked when logging out from CAS, to avoid
insecure redirect attacks. The verification is only made if CAS access
control is enabled.
In order for this to work in common cases (applications redirects to an
unprotected page after logout), we add CAS App domains to the list of
globally trusted domains.
If your application wants to redirect to a third-party domain, it needs
to be added to LLNG's trustedDomains
2019-06-27 12:40:40 +02:00
Maxime Besson
5f9c4c231d
Add authenticated routes to 2FA for session upgrade ( #1822 )
2019-06-26 23:33:00 +02:00
Xavier
3582cfb12b
Don't keep pdata on upgrade ( Fixes : #1821 )
2019-06-26 21:47:01 +02:00
Xavier Guimard
e15a41bc66
Fix typo: s/templatesDir/templateDir/g ( #1819 )
2019-06-26 11:59:13 +02:00
Xavier Guimard
45a0b68c3b
Disable external entities in XML parsers ( Fixes : #1818 )
2019-06-26 11:32:10 +02:00
Christophe Maudoux
f11c34e9cd
Cleaning code ( #1783 & #1658 )
2019-06-25 23:04:27 +02:00
Christophe Maudoux
f5587ac477
Improve code ( #1783 )
2019-06-25 22:01:20 +02:00
Christophe Maudoux
0b567d6c15
Merge branch 'v2.0' into 1783
2019-06-25 20:23:48 +02:00
Christophe Maudoux
b9af5d1adc
Use Id
2019-06-25 19:30:06 +02:00
Christophe Maudoux
7a97bc46c4
Improve code ( #1783 )
2019-06-25 19:28:05 +02:00
Xavier Guimard
93ccb9fd76
Set Content-Length in Apache::Session::REST requests ( #1813 )
2019-06-25 09:37:37 +02:00
Xavier Guimard
ddde26fa1c
Add searchOn() in Apache::Session::REST ( #1813 )
2019-06-25 09:18:58 +02:00
Christophe Maudoux
32cb9e3a8f
Delete session ( #1783 )
2019-06-24 23:52:39 +02:00
Christophe Maudoux
266f2fdf02
Merge branch 'v2.0' into 1783
2019-06-24 23:36:54 +02:00
Christophe Maudoux
786e136754
Create session with ContextSwitching plugin ( #1783 )
2019-06-24 23:36:23 +02:00
Christophe Maudoux
28fd7ea0b8
Change log level ( #1664 )
2019-06-24 23:35:33 +02:00
Xavier
c5d6bc42b6
Add get_key_from_all_sessions in Apache::Session::REST ( #1813 )
2019-06-24 23:07:34 +02:00
Xavier
9df3d57bc9
In REST, PE_LOGOUT_OK must return 200
2019-06-24 23:06:15 +02:00
Christophe Maudoux
5efa6c111a
Append log ( #1783 )
2019-06-23 22:56:05 +02:00
Christophe Maudoux
8d2367c6d7
Typo
2019-06-23 22:55:46 +02:00
Christophe Maudoux
e5f03f34d9
Append ContextSwitching plugin ( #1783 )
2019-06-23 22:19:40 +02:00
Christophe Maudoux
c24ff711a0
WIP - ContextSwitching ( #1783 )
2019-06-23 10:51:10 +02:00
Christophe Maudoux
bdc5007e43
Update sort condition ( #1658 )
2019-06-23 10:18:05 +02:00
Christophe Maudoux
dd94351f35
WIP - ContextSwitching ( #1783 )
2019-06-22 23:46:02 +02:00
Christophe Maudoux
8c47c913fe
WIP - ContextSwitching ( #1783 )
2019-06-21 16:24:50 +02:00
Christophe Maudoux
b69ffc0ff8
WIP - ContextSwitching ( #1783 )
2019-06-21 15:23:06 +02:00
Christophe Maudoux
a2ebaf31b1
WIP - AdminImpersonation skeleton ( #1783 )
2019-06-19 18:13:17 +02:00
Christophe Maudoux
c4d4b482a5
Provide to plugins message display functions ( #1796 )
2019-06-18 22:00:03 +02:00
Christophe Maudoux
86b305d19b
Typo ( #1664 )
2019-06-18 21:57:40 +02:00
Christophe Maudoux
9fa11709e6
Append options to use Notifications plugin & set notification reference ( #1796 )
2019-06-17 22:31:44 +02:00
Xavier
8b488e4d51
Move LDAP::getUser() to Lib::LDAP ( Fixes : #1805 )
2019-06-17 21:15:38 +02:00
Xavier
aff7527580
Fix bad call in LDAP ( #1805 )
2019-06-17 19:21:48 +02:00
Christophe Maudoux
1b4d1b5bdf
Avoid notification reference to be truncated ( #1796 )
2019-06-16 20:57:53 +02:00
Christophe Maudoux
d6f3dd459a
Display message ( #1796 )
2019-06-16 16:02:48 +02:00
Christophe Maudoux
ecf84e8a4d
WIP ( #1796 )
2019-06-14 23:09:32 +02:00
Christophe Maudoux
fde6ff2cc8
WIP ( #1796 )
2019-06-14 23:09:32 +02:00
Xavier Guimard
5fbff01b27
Update versions
2019-06-14 17:27:54 +02:00
Xavier Guimard
65eaefa75f
Tidy
2019-06-14 17:23:26 +02:00
Clément OUDOT
4e5c450b8b
Return error if no code provided on token endpoint ( #1802 )
2019-06-14 16:05:39 +02:00
Xavier Guimard
e7bc7b3f4e
Add restExportSecretKeys option ( #1799 )
2019-06-14 08:51:58 +02:00
Xavier
5dc5b88daa
Permit to show $_password in REST session server ( #1799 )
2019-06-14 07:09:55 +02:00
Xavier
4ad0da0315
Fix syntax error ( #1794 )
2019-06-14 06:33:27 +02:00
Christophe Maudoux
73f689eca4
Fix 2F types ( #1782 )
2019-06-13 23:28:57 +02:00
Christophe Maudoux
c8295b60b5
Fix 2F types ( #1782 )
2019-06-13 23:27:30 +02:00
Xavier
c7ef665bf9
Fix #1782
2019-06-13 22:23:20 +02:00
Xavier
8d642da8cb
Improve #1782
2019-06-13 22:10:30 +02:00
Xavier Guimard
2a021e37ea
Don't require getDisplayType in Choice ( #1800 )
2019-06-13 17:51:36 +02:00
Maxime Besson
1a66da30f9
Store portal language in _language user session key ( #1764 )
2019-06-13 09:26:19 +02:00
Xavier
a6aaf8a507
Add XSS test ( #1795 )
2019-06-11 21:30:15 +02:00
Xavier
1a8948894d
Check CAS "service" parameter ( Fixes : #1795 )
2019-06-11 21:02:43 +02:00
Maxime Besson
97d0bbf0aa
Fix CASv2 logout ( #1753 )
2019-06-11 16:18:15 +02:00
Xavier Guimard
9e932b525c
Merge branch 'issue1794-accentregister' into 'v2.0'
...
Register: better handling of special chars (#1794 )
See merge request lemonldap-ng/lemonldap-ng!78
2019-06-10 22:57:34 +02:00
Maxime Besson
f195db2a5a
Register: better handling of special chars ( #1794 )
2019-06-10 22:45:15 +02:00
Christophe Maudoux
7a3ded7efb
Improve code ( #1782 )
2019-06-10 20:56:38 +02:00
Christophe Maudoux
441519a542
Typo ( #1791 )
2019-06-10 10:37:43 +02:00
Christophe Maudoux
8a35584e26
Fix empty hGroups ( #1791 )
2019-06-09 19:54:00 +02:00
Christophe Maudoux
63798f71f9
Change message condition ( #1791 )
2019-06-08 22:10:13 +02:00
Christophe Maudoux
b71f678f80
Filter SSO groups to merge ( #1791 )
2019-06-08 22:08:58 +02:00
Christophe Maudoux
e3c2766809
Test 2F TTL ( #1782 )
2019-06-07 19:51:51 +02:00
Xavier
94c2a0bc3b
Add addAuthRouteWithRedirect() doc ( #1787 )
2019-06-06 23:02:46 +02:00
Xavier
f4bca7430a
Add addAuthRouteWithRedirect() method to Try ( #1787 )
2019-06-06 22:59:02 +02:00
Xavier Guimard
946384272e
Partial revert "Typo"
...
This reverts commit f63a63eedb
.
2019-06-06 16:00:49 +02:00
Christophe Maudoux
801e2a17d6
Better fix ( #1769 )
2019-06-05 15:27:58 +02:00
Christophe Maudoux
30c4a9c787
setSecurity if failed login ( #1769 )
2019-06-05 11:29:04 +02:00
Christophe Maudoux
f63a63eedb
Typo
2019-06-05 11:25:50 +02:00
Christophe Maudoux
c044ebc473
Fix functions parameter ( #1774 )
2019-06-04 23:18:06 +02:00
Christophe Maudoux
eab00052f3
Fix debug msg ( #1774 )
2019-06-04 20:42:54 +02:00
Christophe Maudoux
95b188ccfe
Fix grant parameter, append warning msg & debug logs ( #1774 )
2019-06-04 18:19:33 +02:00
Christophe Maudoux
18dd7c2c41
Append debug msg ( #1765 )
2019-06-04 16:19:01 +02:00
Christophe Maudoux
f69b829f6c
Restore loginHistory ( #1780 ) & Improve code
2019-06-02 22:40:00 +02:00
Christophe Maudoux
054fda9cfd
Fix warnings ( #1781 )
2019-06-01 23:22:20 +02:00
Christophe Maudoux
491c54a3ee
Fix Impersonation with 2FA ( #1781 )
2019-06-01 19:13:45 +02:00
Christophe Maudoux
e36ce98dda
SetSecurity with AuthChoice ( #1769 )
2019-06-01 11:47:49 +02:00
Christophe Maudoux
35f1677747
Append unit test and fix CORS headers ( #1765 )
2019-05-31 17:50:44 +02:00
Christophe Maudoux
132e57b4b3
Manage CORS headers ( #1765 )
2019-05-31 17:00:39 +02:00
Christophe Maudoux
432f2655bb
Fix if no userDB ( #1774 )
2019-05-30 12:26:50 +02:00
Christophe Maudoux
04603c0169
Fix warning ( #1774 )
2019-05-30 12:26:50 +02:00
Xavier Guimard
6b5677b4ce
Tidy ( #1774 )
2019-05-29 14:20:46 +02:00
Christophe Maudoux
224137462a
Tidy ( #1774 )
2019-05-29 00:08:48 +02:00
Christophe Maudoux
a89f83294b
Retrieve session from DB if exists & Improve unit test ( #1774 )
2019-05-28 23:55:54 +02:00
Xavier Guimard
8fd3f6be90
Merge branch 'issue1521-appmenu' into 'v2.0'
...
Preserve applicationList key names (#1521 )
See merge request lemonldap-ng/lemonldap-ng!76
2019-05-28 22:10:53 +02:00
Xavier
db2ee96bc8
Update versions ( #1777 )
2019-05-28 22:04:45 +02:00
Xavier
f0842569c2
Don't erase pdata on 404 errors ( #1778 )
2019-05-28 21:58:22 +02:00
Xavier
82171e9a90
Fix missing $req in SLO responses ( #1777 )
2019-05-28 21:45:54 +02:00
Xavier
acd6ba50e8
Fix some missing $req ( #1777 )
2019-05-28 19:52:08 +02:00
Christophe Maudoux
5126e9003b
Allow double sessions for double cookies with singleSession ( #1775 )
2019-05-28 17:32:06 +02:00
Maxime Besson
b12992755f
Preserve applicationList key names ( #1521 )
...
Previously, every configuration save from the manager would overwrite
applicationList key names to preserve their ordering.
This commit introduces a new "order" key in the JSON config instead.
2019-05-28 15:38:26 +02:00
Christophe Maudoux
dece7d8aa0
Allow double sessions for double cookies ( #1775 )
2019-05-27 22:42:02 +02:00
Christophe Maudoux
26233106a5
Set _updateTime session value ( #1771 )
2019-05-26 11:56:58 +02:00
Christophe Maudoux
3dd4c52c65
Update version ( #1766 )
2019-05-26 10:33:39 +02:00
Christophe Maudoux
0e47cb4f5b
Fix warning message
2019-05-23 15:52:11 +02:00
Maxime Besson
0babf4c6c3
Fix non-sso session removal in SoapServer
...
closes #1762
2019-05-21 17:30:37 +02:00
Christophe Maudoux
59f07b7b8f
Avoid to renew double cookie sessions for refresh request ( #1747 )
2019-05-20 23:03:10 +02:00
Christophe Maudoux
29b7341345
Change code order ( #1749 )
2019-05-19 13:40:46 +02:00
Christophe Maudoux
006f862a69
Cleaning code ( #1755 )
2019-05-17 22:18:09 +02:00
Clément OUDOT
c024952b8f
Do not fail if no RP or no OP configured ( #1759 )
2019-05-17 16:00:33 +02:00
Xavier
b91d1d4b87
Tidy
2019-05-16 20:45:14 +02:00
Xavier
a2e78c88c3
Set versions
2019-05-16 20:42:31 +02:00
Xavier
1186aba52b
lmError(): return JSON if wanted ( #1745 )
2019-05-16 06:50:13 +02:00
Christophe Maudoux
e46fac82b2
CheckUser with tokenGlobalStorage & Warn if SSO groups are merged
2019-05-15 23:45:06 +02:00
Maxime Besson
1f1eeab9c8
Do not log a warning when displaying form with Combination
...
When form-based authentication methods return PE_FIRSTLOGIN, do not log
a warning because it's normal behavior to show the form.
2019-05-14 19:47:28 +02:00
Christophe Maudoux
fc034ad4bf
Impersonation with doubleCookie ( #1746 )
2019-05-12 22:59:21 +02:00
Clément OUDOT
05cd4d4a58
Fix update token with global storage ( #1742 )
2019-05-12 20:39:25 +02:00
Clément OUDOT
682b193477
Use TOKEN kind for mail password reset sessions ( #1743 )
2019-05-12 20:04:38 +02:00
Clément OUDOT
07de622e83
Fix getRegisterSession and getMailSession ( #1743 )
2019-05-12 17:36:14 +02:00
Xavier
9a71709f44
Tidy
2019-05-11 23:03:48 +02:00
Christophe Maudoux
8737fc0808
Impersonation with doubleCookie & Append unit test ( #1746 )
2019-05-11 22:57:52 +02:00
Xavier
f3c4ea0afb
Tydy
2019-05-11 20:18:43 +02:00
Christophe Maudoux
aeead582d8
Restore _httpSession ( #1746 )
2019-05-11 19:07:07 +02:00
Xavier
000db1536b
Update versions
2019-05-11 17:37:56 +02:00
Xavier
2ce7396bf2
Don't filter on session_kind with SOAP ( #1742 )
2019-05-11 15:41:14 +02:00
Xavier
6235b303b3
#1742 in progress...
2019-05-11 09:31:17 +02:00
Xavier Guimard
1cd50bb353
Fix Auth::Remote session kind ( #1742 )
2019-05-10 18:02:56 +02:00
Xavier Guimard
638a0de81a
Don't use SSO session type for tokens (Fixes security part of #1742 )
2019-05-10 17:35:10 +02:00
Clément OUDOT
fce270408e
Improve log in plugin GrantSession ( #1739 )
2019-05-06 19:10:26 +02:00
Clément OUDOT
755b1ace78
Add some debug in Ext2F ( #1738 )
2019-05-06 14:28:28 +02:00
Clément OUDOT
a7c8b9d466
Fix error handling in Ext2F ( #1738 )
2019-05-06 14:07:42 +02:00
Christophe Maudoux
c8dd4554aa
Test if required secret elements are set to sign JWT
2019-05-02 14:33:56 +02:00
Christophe Maudoux
f4938f3489
Grant access only if required Impersonation succeeds ( #1664 )
2019-04-30 14:57:45 +02:00
Christophe Maudoux
321fe29c35
Update version
2019-04-29 22:33:11 +02:00
Christophe Maudoux
2e9092d2bd
Clean code
2019-04-29 22:33:11 +02:00
Christophe Maudoux
a89b92f265
Improve code ( #1386 )
2019-04-29 22:33:11 +02:00
Christophe Maudoux
2e3c2e1a16
Sort by spoofed and real attributes ( #1658 )
2019-04-29 22:33:11 +02:00
Clément OUDOT
926262170b
Implement PKCE in OIDC provider ( #1722 )
2019-04-29 17:18:16 +02:00
Clément OUDOT
8e6f678be7
Create a configuration option to allow a Relying Party to be a public client
...
Allow unauthenticated requests on OAuth2 token endoint
#1725
2019-04-29 10:02:16 +02:00
Maxime Besson
2f9e6aa623
Allow override of username attribute for CAS apps
...
Global CAS options allows the admistrator to set the session attribute
that gets exported to all CAS application as the main identifier
(cas:user)
This commit adds the ability to override this configuration for a
particular CAS application.
OIDC already allows this
Fixes #1713
2019-04-28 21:06:34 +02:00
Maxime Besson
62f16721ff
Send username when calling CAS1.0 validation
...
Fixes #1724
2019-04-28 19:29:54 +02:00
Maxime Besson
64cc4ea0e6
Do not sent Kerberos js twice when using Combination
...
Fixes #1720
2019-04-25 17:17:03 +02:00
Christophe Maudoux
c86b76cb9c
Init. rules by using accessors ( #1658 )
2019-04-21 11:56:29 +02:00
maudoux
9b711e6c81
Update version
2019-04-13 22:57:30 +02:00
maudoux
cfa98b2723
Fix logo display
2019-04-13 21:02:47 +02:00
Clément OUDOT
259f9d8d94
Use same JSON fields for failure and success ( #1711 )
2019-04-13 15:23:40 +02:00
Clément OUDOT
9256571f25
Return session id with successful REST authentication ( #1711 )
2019-04-12 16:57:22 +02:00
maudoux
026fcd9f76
Fix warnings ( #1704 )
2019-04-10 22:14:46 +02:00
maudoux
1d08372a8c
Sort CAS servers & update langs ( #1704 )
2019-04-10 21:58:37 +02:00
Xavier
4a21e96426
Fix warning
2019-04-10 21:54:03 +02:00
Xavier
1bcf828a89
Merge remote-tracking branch 'arosier/idpsort' into v2.0
2019-04-10 19:48:26 +02:00
Antoine ROSIER
8875a4e985
perltidy
2019-04-10 17:21:33 +02:00
Antoine ROSIER
f7b296b032
Sorting OIDc ( #1704 )
2019-04-10 17:06:41 +02:00
Antoine ROSIER
8636da45be
Sorting SAML idp ( #1704 )
2019-04-10 17:06:41 +02:00
Clément OUDOT
ae3a728378
Manage template inclusion when file is not in configured portal theme ( #1653 )
2019-04-10 15:42:58 +02:00
Christophe Maudoux
413cc98fba
perltidy
2019-04-10 09:21:55 +02:00
Antoine ROSIER
6352dc6ac8
Sort idp and op ( #1704 )
2019-04-10 09:01:55 +02:00
Xavier
af707c5b1f
Clear pdata on lmerror access
2019-04-10 07:14:36 +02:00