Maxime Besson
d82f776df8
Allow multi instanciation of 2F modules ( #1860 )
...
This commit adds a manager interface to declare multiple instances of a
single 2F module, in a manner similar to Combination.
An additional portal code reads the `sfExtra` variable to load the
declared modules.
An empty rules means the module will be always active.
2019-07-22 19:30:37 +02:00
Christophe Maudoux
fb7a222c9d
Append notifications REST API ( #1851 )
2019-07-22 15:39:59 +02:00
Christophe Maudoux
81aa2fb37b
Improve test-lib & unit test ( #1851 )
2019-07-21 23:23:20 +02:00
Christophe Maudoux
3972861ba4
WIP - Improve unit test & need to fix list notifications feature!!! ( #1851 )
2019-07-21 22:47:48 +02:00
Clément OUDOT
f15e8bd108
Possibility to list notifications ( #1851 )
2019-07-21 20:47:16 +02:00
Christophe Maudoux
ca7ebe09f7
WIP - REST service to remove notification ( #1851 )
2019-07-20 22:25:03 +02:00
Christophe Maudoux
21c1d83df3
Typo
2019-07-20 13:28:48 +02:00
Christophe Maudoux
4eecd90230
Typo ( #1857 )
2019-07-17 12:20:30 +02:00
Christophe Maudoux
b99b76e2d6
Improve code ( #1857 )
2019-07-17 12:18:15 +02:00
Christophe Maudoux
d8b3eb2a34
Remove cipher cookie if notification refused ( #1857 )
2019-07-16 13:51:01 +02:00
Clément OUDOT
e12cb3a905
Fix loop on notifications ( #1856 )
2019-07-15 10:55:33 +02:00
Xavier
64c587417b
Improvement
2019-07-12 19:09:55 +02:00
Clément OUDOT
c024ed0fe6
Improve logging when a notification is added by REST ( #1853 )
2019-07-12 18:34:55 +02:00
Xavier Guimard
3c6a301785
Keep original PATH_INFO during notification process ( Fixes : #1852 )
2019-07-12 10:33:36 +02:00
Clément OUDOT
c76dc52436
Adapt response_types_supported attribute in OpenID Connect metadata depending on configured flows ( #1846 )
2019-07-08 15:38:57 +02:00
Clément OUDOT
9b98893c44
Manage claims in ID token if no access token requested ( #1846 )
2019-07-08 15:15:13 +02:00
Christophe Maudoux
240617d8d8
Fix unit tests
2019-07-06 23:27:45 +02:00
Christophe Maudoux
d0da10b375
Improve code ( #1664 )
2019-07-06 23:00:35 +02:00
Christophe Maudoux
619ea8258f
Improve unit test & fix warning - Expired sessions ( #1783 )
2019-07-06 23:00:24 +02:00
Christophe Maudoux
2d6c46920e
Fix & improve unit test ( #1844 )
2019-07-05 22:53:48 +02:00
Xavier
88f75c42ed
Set pdata domain also when removing cookie ( #1829 )
2019-07-05 06:43:11 +02:00
Christophe Maudoux
6a579644f8
Fix warning ( #1842 )
2019-07-04 23:20:11 +02:00
Christophe Maudoux
f38a583967
Improve code
2019-07-04 22:50:46 +02:00
Christophe Maudoux
2016abd2ee
Send pdata cookie to cross domain ( #1829 )
2019-07-04 21:49:28 +02:00
Xavier
9cdfd4c9a6
Add notice when user is connected
2019-07-04 21:22:06 +02:00
Clément OUDOT
1ebbde9a50
Tidy code and add missing check on hash_level ( #1835 )
2019-07-04 09:49:01 +02:00
Xavier
a104db2f2d
Clean logs
2019-07-04 07:24:50 +02:00
Xavier
d4fedbdfcf
Duplicate log rules in Plugin manpage
2019-07-04 07:09:39 +02:00
Christophe Maudoux
6df12176de
Disable secondFactor ( #1783 )
2019-07-03 23:21:19 +02:00
Christophe Maudoux
2f541370a6
perltidy ( #1783 )
2019-07-03 23:12:15 +02:00
Christophe Maudoux
03f2d89d0c
ContextSwitching: Check (expiration) errors & Improve logs ( #1783 )
2019-07-03 23:08:50 +02:00
Christophe Maudoux
161d6cee0f
Fix unit test warning (Auth-and-issuer-OIDC-authorization_code-with-none-alg.t)
2019-07-03 22:17:22 +02:00
Maxime Besson
6f058fb2fa
Add manager manpages to deb
2019-07-03 15:17:16 +02:00
Xavier
78a4bb4987
ContextSwitching: Check (expiration) errors ( #1783 )
2019-07-03 06:47:33 +02:00
Christophe Maudoux
5a53fee2db
WIP - Improve log ( #1783 )
2019-07-03 00:09:14 +02:00
Christophe Maudoux
42bc5efdb3
Use skin rules in plugins ( #1828 )
2019-07-02 22:17:53 +02:00
Christophe Maudoux
9c62a04f22
Improve code ( #1783 )
2019-07-02 22:08:17 +02:00
Christophe Maudoux
12e0853b51
Improve log ( #1783 )
2019-07-02 21:33:32 +02:00
Xavier Guimard
c1137edba8
make tidy with perltidy-20181120
2019-07-02 20:03:40 +02:00
Clément OUDOT
e04a6f1983
Reject none algorithm when checking JWT signature ( #1835 )
2019-07-02 16:36:43 +02:00
Clément OUDOT
60c03010ce
Use Base64URL for JWT generation ( #1834 )
2019-07-01 17:29:35 +02:00
Christophe Maudoux
b94cbe0144
Fix default value ( #1825 )
2019-07-01 13:28:01 +02:00
Christophe Maudoux
69d2a2db0c
Fix default value ( #1825 )
2019-07-01 12:56:10 +02:00
Christophe Maudoux
a1f5791e06
Merge branch '1783' into v2.0
2019-06-30 19:00:41 +02:00
Christophe Maudoux
bcbea7bee0
Update version ( #1825 )
2019-06-29 21:48:52 +02:00
Christophe Maudoux
eda8151432
Don t mix && with and ( #1825 )
2019-06-29 21:35:13 +02:00
Christophe Maudoux
11d2909b0a
WIP - Disable persistent sessions storage ( #1825 )
2019-06-29 21:10:16 +02:00
Christophe Maudoux
d97c36a97e
Disable spoofed sessions ( #1783 )
2019-06-28 23:53:43 +02:00
Christophe Maudoux
897d04ac93
Merge branch 'v2.0' into 1783
2019-06-28 22:05:48 +02:00
Clément OUDOT
b0a69d3473
Use skin rules in 2F plugins ( #1828 )
2019-06-28 15:56:57 +02:00
Xavier
c921c295ed
Use user skin in loadTemplate ( Fixes : #1828 )
2019-06-28 13:40:56 +02:00
Xavier Guimard
44a6e25851
Improve cryptographic functions ( #1823 )
2019-06-28 10:30:37 +02:00
Christophe Maudoux
bb39dca317
Append & update unit tests ( #1783 )
2019-06-27 21:54:14 +02:00
Christophe Maudoux
8ad895c3b8
Merge branch 'v2.0' into 1783
2019-06-27 21:11:56 +02:00
Xavier Guimard
264410409d
Move CAS service verification from main to Issuer::CAS ( #1795 )
2019-06-27 16:55:12 +02:00
Maxime Besson
e1f927a195
Check service= parameter on CAS logout ( #1795 )
...
service= redirect URL is not checked when logging out from CAS, to avoid
insecure redirect attacks. The verification is only made if CAS access
control is enabled.
In order for this to work in common cases (applications redirects to an
unprotected page after logout), we add CAS App domains to the list of
globally trusted domains.
If your application wants to redirect to a third-party domain, it needs
to be added to LLNG's trustedDomains
2019-06-27 12:40:40 +02:00
Maxime Besson
5f9c4c231d
Add authenticated routes to 2FA for session upgrade ( #1822 )
2019-06-26 23:33:00 +02:00
Xavier
3582cfb12b
Don't keep pdata on upgrade ( Fixes : #1821 )
2019-06-26 21:47:01 +02:00
Xavier Guimard
e15a41bc66
Fix typo: s/templatesDir/templateDir/g ( #1819 )
2019-06-26 11:59:13 +02:00
Xavier Guimard
45a0b68c3b
Disable external entities in XML parsers ( Fixes : #1818 )
2019-06-26 11:32:10 +02:00
Christophe Maudoux
f11c34e9cd
Cleaning code ( #1783 & #1658 )
2019-06-25 23:04:27 +02:00
Christophe Maudoux
f5587ac477
Improve code ( #1783 )
2019-06-25 22:01:20 +02:00
Christophe Maudoux
0b567d6c15
Merge branch 'v2.0' into 1783
2019-06-25 20:23:48 +02:00
Christophe Maudoux
b9af5d1adc
Use Id
2019-06-25 19:30:06 +02:00
Christophe Maudoux
7a97bc46c4
Improve code ( #1783 )
2019-06-25 19:28:05 +02:00
Xavier Guimard
93ccb9fd76
Set Content-Length in Apache::Session::REST requests ( #1813 )
2019-06-25 09:37:37 +02:00
Xavier Guimard
ddde26fa1c
Add searchOn() in Apache::Session::REST ( #1813 )
2019-06-25 09:18:58 +02:00
Christophe Maudoux
32cb9e3a8f
Delete session ( #1783 )
2019-06-24 23:52:39 +02:00
Christophe Maudoux
266f2fdf02
Merge branch 'v2.0' into 1783
2019-06-24 23:36:54 +02:00
Christophe Maudoux
786e136754
Create session with ContextSwitching plugin ( #1783 )
2019-06-24 23:36:23 +02:00
Christophe Maudoux
28fd7ea0b8
Change log level ( #1664 )
2019-06-24 23:35:33 +02:00
Xavier
c5d6bc42b6
Add get_key_from_all_sessions in Apache::Session::REST ( #1813 )
2019-06-24 23:07:34 +02:00
Xavier
9df3d57bc9
In REST, PE_LOGOUT_OK must return 200
2019-06-24 23:06:15 +02:00
Christophe Maudoux
5efa6c111a
Append log ( #1783 )
2019-06-23 22:56:05 +02:00
Christophe Maudoux
8d2367c6d7
Typo
2019-06-23 22:55:46 +02:00
Christophe Maudoux
e5f03f34d9
Append ContextSwitching plugin ( #1783 )
2019-06-23 22:19:40 +02:00
Christophe Maudoux
c24ff711a0
WIP - ContextSwitching ( #1783 )
2019-06-23 10:51:10 +02:00
Christophe Maudoux
bdc5007e43
Update sort condition ( #1658 )
2019-06-23 10:18:05 +02:00
Christophe Maudoux
dd94351f35
WIP - ContextSwitching ( #1783 )
2019-06-22 23:46:02 +02:00
Christophe Maudoux
8c47c913fe
WIP - ContextSwitching ( #1783 )
2019-06-21 16:24:50 +02:00
Christophe Maudoux
b69ffc0ff8
WIP - ContextSwitching ( #1783 )
2019-06-21 15:23:06 +02:00
Christophe Maudoux
a2ebaf31b1
WIP - AdminImpersonation skeleton ( #1783 )
2019-06-19 18:13:17 +02:00
Christophe Maudoux
c4d4b482a5
Provide to plugins message display functions ( #1796 )
2019-06-18 22:00:03 +02:00
Christophe Maudoux
86b305d19b
Typo ( #1664 )
2019-06-18 21:57:40 +02:00
Christophe Maudoux
9fa11709e6
Append options to use Notifications plugin & set notification reference ( #1796 )
2019-06-17 22:31:44 +02:00
Xavier
8b488e4d51
Move LDAP::getUser() to Lib::LDAP ( Fixes : #1805 )
2019-06-17 21:15:38 +02:00
Xavier
aff7527580
Fix bad call in LDAP ( #1805 )
2019-06-17 19:21:48 +02:00
Christophe Maudoux
1b4d1b5bdf
Avoid notification reference to be truncated ( #1796 )
2019-06-16 20:57:53 +02:00
Christophe Maudoux
d6f3dd459a
Display message ( #1796 )
2019-06-16 16:02:48 +02:00
Christophe Maudoux
ecf84e8a4d
WIP ( #1796 )
2019-06-14 23:09:32 +02:00
Christophe Maudoux
fde6ff2cc8
WIP ( #1796 )
2019-06-14 23:09:32 +02:00
Xavier Guimard
5fbff01b27
Update versions
2019-06-14 17:27:54 +02:00
Xavier Guimard
65eaefa75f
Tidy
2019-06-14 17:23:26 +02:00
Clément OUDOT
4e5c450b8b
Return error if no code provided on token endpoint ( #1802 )
2019-06-14 16:05:39 +02:00
Xavier Guimard
e7bc7b3f4e
Add restExportSecretKeys option ( #1799 )
2019-06-14 08:51:58 +02:00
Xavier
5dc5b88daa
Permit to show $_password in REST session server ( #1799 )
2019-06-14 07:09:55 +02:00
Xavier
4ad0da0315
Fix syntax error ( #1794 )
2019-06-14 06:33:27 +02:00
Christophe Maudoux
73f689eca4
Fix 2F types ( #1782 )
2019-06-13 23:28:57 +02:00
Christophe Maudoux
c8295b60b5
Fix 2F types ( #1782 )
2019-06-13 23:27:30 +02:00
Xavier
c7ef665bf9
Fix #1782
2019-06-13 22:23:20 +02:00
Xavier
8d642da8cb
Improve #1782
2019-06-13 22:10:30 +02:00
Xavier Guimard
2a021e37ea
Don't require getDisplayType in Choice ( #1800 )
2019-06-13 17:51:36 +02:00
Maxime Besson
1a66da30f9
Store portal language in _language user session key ( #1764 )
2019-06-13 09:26:19 +02:00
Xavier
a6aaf8a507
Add XSS test ( #1795 )
2019-06-11 21:30:15 +02:00
Xavier
1a8948894d
Check CAS "service" parameter ( Fixes : #1795 )
2019-06-11 21:02:43 +02:00
Maxime Besson
97d0bbf0aa
Fix CASv2 logout ( #1753 )
2019-06-11 16:18:15 +02:00
Xavier Guimard
9e932b525c
Merge branch 'issue1794-accentregister' into 'v2.0'
...
Register: better handling of special chars (#1794 )
See merge request lemonldap-ng/lemonldap-ng!78
2019-06-10 22:57:34 +02:00
Maxime Besson
f195db2a5a
Register: better handling of special chars ( #1794 )
2019-06-10 22:45:15 +02:00
Christophe Maudoux
7a3ded7efb
Improve code ( #1782 )
2019-06-10 20:56:38 +02:00
Christophe Maudoux
441519a542
Typo ( #1791 )
2019-06-10 10:37:43 +02:00
Christophe Maudoux
8a35584e26
Fix empty hGroups ( #1791 )
2019-06-09 19:54:00 +02:00
Christophe Maudoux
63798f71f9
Change message condition ( #1791 )
2019-06-08 22:10:13 +02:00
Christophe Maudoux
b71f678f80
Filter SSO groups to merge ( #1791 )
2019-06-08 22:08:58 +02:00
Christophe Maudoux
e3c2766809
Test 2F TTL ( #1782 )
2019-06-07 19:51:51 +02:00
Xavier
94c2a0bc3b
Add addAuthRouteWithRedirect() doc ( #1787 )
2019-06-06 23:02:46 +02:00
Xavier
f4bca7430a
Add addAuthRouteWithRedirect() method to Try ( #1787 )
2019-06-06 22:59:02 +02:00
Xavier Guimard
946384272e
Partial revert "Typo"
...
This reverts commit f63a63eedb
.
2019-06-06 16:00:49 +02:00
Christophe Maudoux
801e2a17d6
Better fix ( #1769 )
2019-06-05 15:27:58 +02:00
Christophe Maudoux
30c4a9c787
setSecurity if failed login ( #1769 )
2019-06-05 11:29:04 +02:00
Christophe Maudoux
f63a63eedb
Typo
2019-06-05 11:25:50 +02:00
Christophe Maudoux
c044ebc473
Fix functions parameter ( #1774 )
2019-06-04 23:18:06 +02:00
Christophe Maudoux
eab00052f3
Fix debug msg ( #1774 )
2019-06-04 20:42:54 +02:00
Christophe Maudoux
95b188ccfe
Fix grant parameter, append warning msg & debug logs ( #1774 )
2019-06-04 18:19:33 +02:00
Christophe Maudoux
18dd7c2c41
Append debug msg ( #1765 )
2019-06-04 16:19:01 +02:00
Christophe Maudoux
f69b829f6c
Restore loginHistory ( #1780 ) & Improve code
2019-06-02 22:40:00 +02:00
Christophe Maudoux
054fda9cfd
Fix warnings ( #1781 )
2019-06-01 23:22:20 +02:00
Christophe Maudoux
491c54a3ee
Fix Impersonation with 2FA ( #1781 )
2019-06-01 19:13:45 +02:00
Christophe Maudoux
e36ce98dda
SetSecurity with AuthChoice ( #1769 )
2019-06-01 11:47:49 +02:00
Christophe Maudoux
35f1677747
Append unit test and fix CORS headers ( #1765 )
2019-05-31 17:50:44 +02:00
Christophe Maudoux
132e57b4b3
Manage CORS headers ( #1765 )
2019-05-31 17:00:39 +02:00
Christophe Maudoux
432f2655bb
Fix if no userDB ( #1774 )
2019-05-30 12:26:50 +02:00
Christophe Maudoux
04603c0169
Fix warning ( #1774 )
2019-05-30 12:26:50 +02:00
Xavier Guimard
6b5677b4ce
Tidy ( #1774 )
2019-05-29 14:20:46 +02:00
Christophe Maudoux
224137462a
Tidy ( #1774 )
2019-05-29 00:08:48 +02:00
Christophe Maudoux
a89f83294b
Retrieve session from DB if exists & Improve unit test ( #1774 )
2019-05-28 23:55:54 +02:00
Xavier Guimard
8fd3f6be90
Merge branch 'issue1521-appmenu' into 'v2.0'
...
Preserve applicationList key names (#1521 )
See merge request lemonldap-ng/lemonldap-ng!76
2019-05-28 22:10:53 +02:00
Xavier
db2ee96bc8
Update versions ( #1777 )
2019-05-28 22:04:45 +02:00
Xavier
f0842569c2
Don't erase pdata on 404 errors ( #1778 )
2019-05-28 21:58:22 +02:00
Xavier
82171e9a90
Fix missing $req in SLO responses ( #1777 )
2019-05-28 21:45:54 +02:00
Xavier
acd6ba50e8
Fix some missing $req ( #1777 )
2019-05-28 19:52:08 +02:00
Christophe Maudoux
5126e9003b
Allow double sessions for double cookies with singleSession ( #1775 )
2019-05-28 17:32:06 +02:00
Maxime Besson
b12992755f
Preserve applicationList key names ( #1521 )
...
Previously, every configuration save from the manager would overwrite
applicationList key names to preserve their ordering.
This commit introduces a new "order" key in the JSON config instead.
2019-05-28 15:38:26 +02:00
Christophe Maudoux
dece7d8aa0
Allow double sessions for double cookies ( #1775 )
2019-05-27 22:42:02 +02:00
Christophe Maudoux
26233106a5
Set _updateTime session value ( #1771 )
2019-05-26 11:56:58 +02:00
Christophe Maudoux
3dd4c52c65
Update version ( #1766 )
2019-05-26 10:33:39 +02:00
Christophe Maudoux
0e47cb4f5b
Fix warning message
2019-05-23 15:52:11 +02:00
Maxime Besson
0babf4c6c3
Fix non-sso session removal in SoapServer
...
closes #1762
2019-05-21 17:30:37 +02:00
Christophe Maudoux
59f07b7b8f
Avoid to renew double cookie sessions for refresh request ( #1747 )
2019-05-20 23:03:10 +02:00
Christophe Maudoux
29b7341345
Change code order ( #1749 )
2019-05-19 13:40:46 +02:00
Christophe Maudoux
006f862a69
Cleaning code ( #1755 )
2019-05-17 22:18:09 +02:00