dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
10,269 Commits 3 Branches 0 Tags 75 MiB
768a7b0ecb
Commit Graph

446 Commits

Author SHA1 Message Date
Christophe Maudoux
146aca7c82 Remove trailing whitespaces 2019-09-16 20:30:35 +02:00
Christophe Maudoux
fcf05c5602 Avoid warning 2019-09-16 17:22:35 +02:00
Christophe Maudoux
9784e75ead Check Slave credential headers (#1935) 2019-09-13 22:21:09 +02:00
Xavier
e50e7d09d1 Update version of (really) modified files 2019-09-12 21:56:49 +02:00
Clément OUDOT
e54355ff9f Use conf as HASH key (#1619) 2019-09-05 17:16:55 +02:00
Clément OUDOT
5b7bb4b9cd Check error message from ITDS (#1619) 2019-09-05 17:14:44 +02:00
Maxime Besson
ff3d4e218c doc: suggest a better fix for #1864 
We can't do it yet because the issue isn't fixed in versions of Lasso
found in the wild. But someday it will be.
 2019-09-03 18:13:13 +02:00
Maxime Besson
d61935ab6e Implement introspection endpoint for access tokens (#1843) 2019-08-29 19:10:51 +02:00
Maxime Besson
fd7453b7a5 Refactor endpoint auth 2019-08-29 18:57:26 +02:00
Xavier Guimard
1660109e2f Security: use 3-form for open 2019-08-28 11:32:54 +02:00
Maxime Besson
810d2c7f94 Disable template cache to avoid translation issues in mail (#1897) 2019-08-27 23:13:36 +02:00
Maxime Besson
a04a376777 Make regular template variables available in mails 
SKIN, PORTAL_URL, env_*, session_* are now available in email templates

Preliminary work for #1861
 2019-08-27 23:13:36 +02:00
Xavier Guimard
323d92fa1b Don't load Data::Dumper unless debug 2019-08-27 10:10:11 +02:00
Xavier Guimard
0415370f2c More REST debug 2019-08-22 15:17:51 +02:00
Maxime Besson
661a007b4a Check OIDC access token expiration (#1879) 2019-08-21 12:18:55 +02:00
Christophe Maudoux
78a82dbee9 Override OTT conf. for Upgrade tokens (#1884) 2019-08-15 22:01:44 +02:00
Christophe Maudoux
9dac92064c Better fix & update unit tests (#1861) 2019-08-07 22:29:12 +02:00
Christophe Maudoux
7aad470586 Delete pdata cookie after XML notif validation & Improve unit test (#1861) 2019-08-06 22:29:48 +02:00
Christophe Maudoux
c630a90064 Delete pdata cookie after notif validation & Improve unit test (#1861) 2019-08-06 22:25:09 +02:00
Xavier
ea713a3169 Avoid conflict in $req->data between DBI and LDAP 
Closes: #1875
 2019-08-06 21:54:41 +02:00
Maxime Besson
68c8be333a Fix translation override in mails 2019-08-02 17:45:03 +02:00
Maxime Besson
c9dba5212e HTML-decode entityID from metadata (#1864) 2019-07-25 18:29:46 +02:00
Christophe Maudoux
3d6a7bd843 Sort notifications: JSON format (#1862) 2019-07-25 12:42:58 +02:00
Christophe Maudoux
bf5fe2246d Send specified parameters (#1851) 2019-07-25 12:00:37 +02:00
Christophe Maudoux
11f2d0f34a Improve notifications REST API & unit test (#1851) 2019-07-23 15:54:53 +02:00
Christophe Maudoux
fb7a222c9d Append notifications REST API (#1851) 2019-07-22 15:39:59 +02:00
Christophe Maudoux
81aa2fb37b Improve test-lib & unit test (#1851) 2019-07-21 23:23:20 +02:00
Christophe Maudoux
3972861ba4 WIP - Improve unit test & need to fix list notifications feature!!! (#1851) 2019-07-21 22:47:48 +02:00
Clément OUDOT
f15e8bd108 Possibility to list notifications (#1851) 2019-07-21 20:47:16 +02:00
Christophe Maudoux
ca7ebe09f7 WIP - REST service to remove notification (#1851) 2019-07-20 22:25:03 +02:00
Christophe Maudoux
21c1d83df3 Typo 2019-07-20 13:28:48 +02:00
Christophe Maudoux
4eecd90230 Typo (#1857) 2019-07-17 12:20:30 +02:00
Christophe Maudoux
b99b76e2d6 Improve code (#1857) 2019-07-17 12:18:15 +02:00
Christophe Maudoux
d8b3eb2a34 Remove cipher cookie if notification refused (#1857) 2019-07-16 13:51:01 +02:00
Clément OUDOT
e12cb3a905 Fix loop on notifications (#1856) 2019-07-15 10:55:33 +02:00
Xavier
64c587417b Improvement 2019-07-12 19:09:55 +02:00
Clément OUDOT
c024ed0fe6 Improve logging when a notification is added by REST (#1853) 2019-07-12 18:34:55 +02:00
Xavier
a104db2f2d Clean logs 2019-07-04 07:24:50 +02:00
Maxime Besson
6f058fb2fa Add manager manpages to deb 2019-07-03 15:17:16 +02:00
Xavier Guimard
c1137edba8 make tidy with perltidy-20181120 2019-07-02 20:03:40 +02:00
Clément OUDOT
e04a6f1983 Reject none algorithm when checking JWT signature (#1835) 2019-07-02 16:36:43 +02:00
Clément OUDOT
60c03010ce Use Base64URL for JWT generation (#1834) 2019-07-01 17:29:35 +02:00
Xavier
c921c295ed Use user skin in loadTemplate (Fixes: #1828) 2019-06-28 13:40:56 +02:00
Xavier Guimard
44a6e25851 Improve cryptographic functions (#1823) 2019-06-28 10:30:37 +02:00
Xavier Guimard
e15a41bc66 Fix typo: s/templatesDir/templateDir/g (#1819) 2019-06-26 11:59:13 +02:00
Xavier Guimard
45a0b68c3b Disable external entities in XML parsers (Fixes: #1818) 2019-06-26 11:32:10 +02:00
Xavier
8b488e4d51 Move LDAP::getUser() to Lib::LDAP (Fixes: #1805) 2019-06-17 21:15:38 +02:00
Xavier Guimard
5fbff01b27 Update versions 2019-06-14 17:27:54 +02:00
Xavier Guimard
2a021e37ea Don't require getDisplayType in Choice (#1800) 2019-06-13 17:51:36 +02:00
Xavier Guimard
946384272e Partial revert "Typo" 
This reverts commit f63a63eedb.
 2019-06-06 16:00:49 +02:00
Christophe Maudoux
f63a63eedb Typo 2019-06-05 11:25:50 +02:00
Christophe Maudoux
3dd4c52c65 Update version (#1766) 2019-05-26 10:33:39 +02:00
Christophe Maudoux
0e47cb4f5b Fix warning message 2019-05-23 15:52:11 +02:00
Clément OUDOT
c024952b8f Do not fail if no RP or no OP configured (#1759) 2019-05-17 16:00:33 +02:00
Xavier
b91d1d4b87 Tidy 2019-05-16 20:45:14 +02:00
Xavier
a2e78c88c3 Set versions 2019-05-16 20:42:31 +02:00
Christophe Maudoux
e46fac82b2 CheckUser with tokenGlobalStorage & Warn if SSO groups are merged 2019-05-15 23:45:06 +02:00
Clément OUDOT
05cd4d4a58 Fix update token with global storage (#1742) 2019-05-12 20:39:25 +02:00
Clément OUDOT
07de622e83 Fix getRegisterSession and getMailSession (#1743) 2019-05-12 17:36:14 +02:00
Xavier
f3c4ea0afb Tydy 2019-05-11 20:18:43 +02:00
Xavier Guimard
1cd50bb353 Fix Auth::Remote session kind (#1742) 2019-05-10 18:02:56 +02:00
Xavier Guimard
638a0de81a Don't use SSO session type for tokens (Fixes security part of #1742) 2019-05-10 17:35:10 +02:00
Christophe Maudoux
c8dd4554aa Test if required secret elements are set to sign JWT 2019-05-02 14:33:56 +02:00
Clément OUDOT
926262170b Implement PKCE in OIDC provider (#1722) 2019-04-29 17:18:16 +02:00
Clément OUDOT
8e6f678be7 Create a configuration option to allow a Relying Party to be a public client 
Allow unauthenticated requests on OAuth2 token endoint

#1725
 2019-04-29 10:02:16 +02:00
Antoine ROSIER
8875a4e985 perltidy 2019-04-10 17:21:33 +02:00
Antoine ROSIER
8636da45be Sorting SAML idp (#1704) 2019-04-10 17:06:41 +02:00
Clément OUDOT
ae3a728378 Manage template inclusion when file is not in configured portal theme (#1653) 2019-04-10 15:42:58 +02:00
maudoux
1bc519d11d Fix warning (#1694) 2019-04-06 14:09:58 +02:00
Christophe Maudoux
cf36b44162 Cleaning code (#1664) 2019-04-05 20:04:17 +02:00
Christophe Maudoux
2b818a9c02 Append specific ottRule dependency (#1694) 2019-04-05 17:23:09 +02:00
Xavier Guimard
2159957c34 Update versions 2019-04-05 09:54:43 +02:00
Xavier Guimard
ece9b21219 Remove trailing whitespaces 2019-04-03 14:15:16 +02:00
Maxime Besson
d44a042fd5 Revert 8f5fbb077e and change the way logout errors are handled 
Relating to issue #1668, the proposed fix works when there is only one
service provider to logout of.

Now that multiple service provider logout is starting to work again on
2.0, we cannot read the remote_ProviderID from the logout object because
it is only filled by lasso when actually building the response.

Instead, we ignore any error that could occur when building the
response, log a warning and show the portal instead. Still better than
an internal server error.
 2019-04-03 11:20:24 +02:00
Clément OUDOT
502a32e257 Add unit test and fix code for ppolicy grace (#1691) 2019-04-01 09:58:56 +02:00
Xavier
01ab88ba57 Fix for #1691 2019-04-01 06:52:21 +02:00
Clément OUDOT
d620ae2e8b Merge branch 'maxbes/lemonldap-ng-saml-issuer-entityid-override' into v2.0 2019-03-13 10:30:16 +01:00
Maxime Besson
8f5fbb077e When logout-initiating SP has no known SLO endpoint, fallback to portal 
In some federations, SLO endpoints are not published, yet SP are still
able to initiate logouts.

This used to cause an error on the portal, this commit changes the error
into a warning in logs. The user remains on the portal and sees a normal
logout message.
 2019-03-12 17:58:41 +01:00
Xavier Guimard
bc2bef4ff4 Please use our .perltidyrc 2019-03-07 18:22:58 +01:00
Maxime Besson
e290cd59d6 Fix undef warnings in metadata generation 
Fix some undef warnings introduced in
12d2db35a9
 2019-03-04 09:33:12 +01:00
dcoutadeur
3af15b139e fix id_token validity not correctly evaluated #1662 2019-02-28 09:56:21 +01:00
Maxime Besson
12d2db35a9 Add new URLs for SP-only or IDP-only SAML metadata 
This commit adds two new URLs:

/saml/metadata/idp : IDP-only metadata
/saml/metadata/sp : SP-only metadata

/saml/metadata keeps providing metadata for all SAML services
 2019-02-27 18:14:30 +01:00
Xavier Guimard
c7b4eb5051 tidy with new conf 2019-02-07 09:27:56 +01:00
Xavier Guimard
58fc9c2fad Update versions 2019-02-06 19:30:57 +01:00
Clément OUDOT
8b76218025 Fix error message for ppolicy (#1639) 2019-02-06 11:39:37 +01:00
Xavier Guimard
5886cbe2a0 Tidy 2019-02-05 23:12:17 +01:00
Xavier Guimard
e2b026b7c8 Fix versions 2019-02-05 23:06:18 +01:00
Christophe Maudoux
21206099ce Append display options for SAML IDP (#1637) 2019-02-05 22:39:09 +01:00
Clément OUDOT
c77783eb2f Merge branch 'v2.0' 2019-02-05 18:46:40 +01:00
Xavier Guimard
0ddcaa5dc9 Update versions 2019-02-05 18:44:38 +01:00
Christophe Maudoux
b39e6ce99f WIP - Append relative parameters (#1637) 2019-02-04 23:13:54 +01:00
Xavier Guimard
22a54210dd Merge branch 'fix-plaintext-email' into 'master' 
Fix plaintext email

See merge request lemonldap-ng/lemonldap-ng!53
 2019-02-01 15:37:00 +01:00
Xavier Guimard
c77317fef7 Update versions 2019-01-31 23:20:57 +01:00
Xavier Guimard
c60ba130b8 Replace rand() by Crypt::URandom::urandom() 2019-01-31 23:16:52 +01:00
Maxime Besson
6890b290b1 Fix plaintext email 
For the few of us who like plain text email better.

Before this commit, the mail body would not be correctly pulled from
config, and then the portal would error 500 due to MIME::Entity objects
not having an "attr" accessor, unlike the previously used MIME::Lite
objects
 2019-01-30 12:06:05 +01:00
Xavier Guimard
9ebc18ca5d Update version 2018-12-18 13:13:15 +01:00
Xavier Guimard
3cd14656f5 Add "all" trOver in mails (Fixes: #1586) 2018-12-17 21:09:24 +01:00
Xavier Guimard
dc0e173cf2 Fix #1588 2018-12-17 19:34:28 +01:00
Clément OUDOT
28208a5f2d Allow mail template message override (#1586) 2018-12-17 11:50:40 +01:00
Xavier Guimard
f6f1072ef6 Fix double init (#1550) 2018-11-29 21:19:39 +01:00