dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
12,065 Commits 3 Branches 0 Tags 75 MiB
78bd430057
Commit Graph

3158 Commits

Author SHA1 Message Date
Maxime Besson
a1ed57c035 Add typ header to access token jwt (#2419) 2021-02-03 09:43:35 +01:00
Christophe Maudoux
635e75c1b6 Perl critic 2021-02-01 22:30:37 +01:00
Maxime Besson
1cd7dd3d2c Add hook for access token JWT payload (#2419) 2021-02-01 18:20:32 +01:00
Maxime Besson
d86e8ce0df Refactor: remove extractJWT 2021-02-01 18:20:32 +01:00
Maxime Besson
cb04670003 Refactor checksignature 2021-02-01 18:20:32 +01:00
Maxime Besson
09dda56cb8 Refactor: rename method in issuer 2021-02-01 18:20:32 +01:00
Maxime Besson
d63017cffc Refactor: use new functions in Auth 2021-02-01 18:20:32 +01:00
Maxime Besson
cd3c2678db Refactor: rename variable 2021-02-01 18:20:32 +01:00
Maxime Besson
435ba82144 Refactor: rename and move getJWTJSONData 2021-02-01 18:20:32 +01:00
Maxime Besson
6aef1a6317 Refactor: getUserInfo now returns a hash 2021-02-01 18:20:32 +01:00
Maxime Besson
f3c97c22dc Refactor access token id lookup into Common::JWT 2021-02-01 18:20:32 +01:00
Maxime Besson
aa877cf0a3 Let newAccessToken emit JWT (#2419) 2021-02-01 18:15:55 +01:00
Maxime Besson
dc0bacd6f0 Accept Access Tokens in JWT format (#2419) 2021-02-01 18:15:55 +01:00
Maxime Besson
acaaf1c749 Refactor buildUserInfo (#2419) 2021-02-01 18:15:55 +01:00
Maxime Besson
dbddddfba1 Refactor newAccessToken (#2419) 2021-02-01 18:15:55 +01:00
Maxime Besson
5303b4fc3e Fix error format when sending an expired refresh token 2021-02-01 18:15:55 +01:00
Maxime Besson
090fad7475 Add warning when hook stack encounters error 2021-02-01 18:15:55 +01:00
Maxime Besson
4c1f49a90f Use dynamic scope in issuer (#2424) 2021-02-01 16:25:35 +01:00
Maxime Besson
5562d8b1dd Add a function to resolve allowed scopes from rules (#2424) 2021-02-01 16:25:35 +01:00
Maxime Besson
c30b452aa3 Load dynamic scopes from config (#2424) 2021-02-01 16:25:35 +01:00
Christophe Maudoux
8017725caa Code refactoring 2021-01-31 00:07:34 +01:00
Christophe Maudoux
ea80b4df0e Use Ajax request (#1976) 2021-01-30 23:22:03 +01:00
Clément OUDOT
d4ae146fd6 Update version in main modules 2021-01-30 18:32:52 +01:00
Christophe Maudoux
01721d5793 Append warning in log & code refactoring ("1976) 2021-01-30 18:22:13 +01:00
Maxime Besson
c844cc25b0 Fix SAML logout propagation with Redirect binding (#2449) 2021-01-29 09:45:50 +01:00
Maxime Besson
84684b3b5b Avoid loading plugins when their config is an empty hash (#2448) 2021-01-28 11:42:36 +01:00
Xavier Guimard
39518079d5 Clean "afterSub" and "aroundSub" during reload (#2448) 2021-01-27 17:30:54 +01:00
Xavier Guimard
4455f13976 Clean "afterSub" and "aroundSub" during init (#2448) 2021-01-27 15:28:34 +01:00
Christophe Maudoux
d2e35df987 Test required select values & Append unit test (#1976) 2021-01-24 19:07:58 +01:00
Christophe Maudoux
54f41f10ea Test allowed select values (#19786) 2021-01-24 18:17:36 +01:00
Christophe Maudoux
24cec1e08f Fix warning 2021-01-23 23:27:46 +01:00
Christophe Maudoux
54b9e0d87b Sort values (#1976) 2021-01-23 23:20:50 +01:00
Christophe Maudoux
377fe4796c Update version (#1976) 2021-01-23 23:11:57 +01:00
Christophe Maudoux
1a3ea8685e Improve code (#1976) 2021-01-23 23:07:21 +01:00
Christophe Maudoux
7c3955b2aa Allow input type select with FindUser (#1976) 2021-01-23 23:00:23 +01:00
Christophe Maudoux
5d56a88ff3 Use strict & Typo 2021-01-23 18:57:24 +01:00
Christophe Maudoux
7d232b43fd Append unit Combination unit test (#1976) 2021-01-23 18:56:19 +01:00
Christophe Maudoux
d6e351ab90 Tidy 2021-01-19 22:45:05 +01:00
Christophe Maudoux
a8174d58a7 Typo 2021-01-19 22:24:17 +01:00
Maxime Besson
5b4e533f44 Add _scope and _clientID to portal (#1987) 2021-01-19 17:06:21 +01:00
Maxime Besson
25fb8ca0f0 Implement client credentials grant (#1987) 2021-01-19 17:06:21 +01:00
Maxime Besson
5e439b2f24 Advertise client credentials grant (#1987) 2021-01-19 16:47:21 +01:00
Maxime Besson
dd5e9ec156 Tidy 2021-01-19 16:44:06 +01:00
Christophe Maudoux
aad6244997 Merge branch 'v2.0' into findUser 2021-01-18 12:05:04 +01:00
Clément OUDOT
8663c0104c Update version in main modules for 2.0.10 2021-01-17 16:56:51 +01:00
Christophe Maudoux
cd37ccc35c Merge branch 'v2.0' into findUser 2021-01-14 22:39:02 +01:00
Christophe Maudoux
f426064093 Comment no strict refs pragma (#2436) 2021-01-14 22:37:17 +01:00
Christophe Maudoux
f4ea214056 No strict refs (#2436) 2021-01-08 20:31:33 +01:00
Christophe Maudoux
7ebca3633c No strict refs (#2436) 2021-01-08 20:09:00 +01:00
Christophe Maudoux
e4444c907f Append CheckUser normalized headers option & Improve unit test (#2436) 2021-01-08 18:38:05 +01:00
Maxime Besson
6517718f26 Add an option to force getUser before LDAP password change (#714) 2021-01-08 15:09:19 +01:00
Maxime Besson
9d24e5f0d5 Fix logging (#714) 2021-01-07 18:49:58 +01:00
Christophe Maudoux
a93a85435d Improve debug msg 2021-01-07 10:04:15 +01:00
Christophe Maudoux
bd1a0bf6da Fix regex (#1976) 2021-01-07 09:54:00 +01:00
Christophe Maudoux
d14fae87ce Append conf test & REST init test & set default values (#2176) 2021-01-06 23:10:09 +01:00
Christophe Maudoux
a76bf37c29 Tidy (#1976) 2021-01-05 22:52:21 +01:00
Christophe Maudoux
39528ef1c3 Control parameters (#1976) & Improve unit tests 2021-01-05 22:46:35 +01:00
Christophe Maudoux
1c45e8a8c0 Merge branch 'v2.0' into findUser 2021-01-05 22:14:28 +01:00
Christophe Maudoux
846d6a3655 Allow wildcard with searching parameters (#1976) & Improve unit tests 2021-01-05 22:08:48 +01:00
Maxime Besson
127aa91a8f Merge branch 'feature-cas-service-url-2321' into 'v2.0' 
Feature cas service url 2321

See merge request lemonldap-ng/lemonldap-ng!175
 2021-01-05 18:49:24 +01:00
Maxime Besson
402a39a176 Merge branch 'feature-password-change-combination-714' into 'v2.0' 
Add Password::Combination

See merge request lemonldap-ng/lemonldap-ng!174
 2021-01-05 18:35:57 +01:00
Maxime Besson
7ffaa3f9ff Fix Twitter authentication when coming from Issuers (#2426) 2021-01-05 18:33:09 +01:00
Maxime Besson
2a805e06b9 Match CAS service via prefix (#2331) 2021-01-05 17:34:57 +01:00
Maxime Besson
e78f8a2270 Refactor CAS code (#2321) 2021-01-05 17:34:57 +01:00
Maxime Besson
6b24492e33 Allow override of userDB in Password::Combination (#714,#716) 2021-01-04 21:31:34 +01:00
Maxime Besson
fa3129465b New Password::Combination module (#714,#716) 2021-01-04 21:31:34 +01:00
Maxime Besson
5ed0677d35 Fix password update in session (#2430) 2021-01-04 21:16:52 +01:00
Christophe Maudoux
554daba5fe Allow multi-valued excluding parameters (#1976) 2021-01-04 20:23:42 +01:00
Christophe Maudoux
fc6ea96954 FindUser with combination (#1976) 2021-01-03 19:00:20 +01:00
Christophe Maudoux
e1de8e34c2 Merge branch 'v2.0' into findUser 2021-01-02 22:55:45 +01:00
Christophe Maudoux
c2c02b4c86 Append REST UserDB unit test (#1976) 2021-01-02 22:50:56 +01:00
Christophe Maudoux
994ccfae30 Append REST findUser URL parameter (#1986) 2021-01-02 20:22:33 +01:00
Christophe Maudoux
de1be30176 Fix other Backend (#1976) 2021-01-02 19:21:16 +01:00
Christophe Maudoux
b075082970 REST Backend (#1976) 2021-01-02 18:59:30 +01:00
Maxime Besson
49905d4759 Remove debug log 2020-12-30 16:34:40 +01:00
Christophe Maudoux
a1700369c5 Merge branch 'v2.0' into findUser 2020-12-29 14:59:36 +01:00
Maxime Besson
4eeef91588 Add SAML ACS to environment (#2427) 2020-12-29 14:17:06 +01:00
Christophe Maudoux
c2342336c2 Merge branch 'v2.0' into findUser 2020-12-27 23:39:54 +01:00
Christophe Maudoux
597455dfcf FindUser with LDAP & AD & Append unit test (#1976) 2020-12-27 23:37:40 +01:00
Christophe Maudoux
072f68004a Improve debug log & unit tests (#1976) 2020-12-27 18:03:08 +01:00
Christophe Maudoux
0b750fb6cc Append Choice unit tests (#1976) 2020-12-27 14:24:15 +01:00
Christophe Maudoux
c0f71ee0f1 Fix FindUSer with Choice (#1976) 2020-12-27 13:29:10 +01:00
Christophe Maudoux
406fdbc54b Append unit test if Impersonation is missing (#1976) 2020-12-26 15:27:25 +01:00
Christophe Maudoux
3219673375 Append unit test with token & Fix error code (#1976) 2020-12-26 14:30:38 +01:00
Christophe Maudoux
23e52fcec2 Append Demo UserDB unit test & Fix code (#1976) 2020-12-26 14:30:38 +01:00
Christophe Maudoux
f956810e48 Redirect to Portal (#1976) 2020-12-23 22:47:08 +01:00
Christophe Maudoux
0236dc00d6 Removing workaround with MailPasswordReset 2020-12-23 14:57:55 +01:00
Christophe Maudoux
60ce68ce23 Use OTT (#1976) 2020-12-23 14:50:36 +01:00
Christophe Maudoux
77c25b98cf FindUser DBI & Append unit test (#1976) 2020-12-22 22:51:37 +01:00
Christophe Maudoux
510a1dc1c2 WIP: UserDB findUser (#1976) 2020-12-22 17:02:51 +01:00
Christophe Maudoux
9dcf70a5ef Code cleaning 2020-12-22 14:05:22 +01:00
Christophe Maudoux
e7baa348ba Update lang & conf test (#1976) 2020-12-21 22:31:29 +01:00
Christophe Maudoux
fc4024f024 Return parameters (#1976) 2020-12-21 21:35:44 +01:00
Christophe Maudoux
bfcdd370df Merge branch 'v2.0' into findUser 2020-12-21 21:11:55 +01:00
Maxime Besson
ed0be42c93 Merge branch 'WIP-plugin-hooks-2359' into 'v2.0' 
Plugin hook system to extend issuers (and maybe more)

See merge request lemonldap-ng/lemonldap-ng!166
 2020-12-21 16:35:03 +01:00
Maxime Besson
e05a167937 Handle missing nameid (#2420) 2020-12-21 11:05:00 +01:00
Christophe Maudoux
a259566eb1 Excluding parameters (#1976) 2020-12-20 23:49:46 +01:00
Christophe Maudoux
86bbb70b89 Skip empty values (#1976) 2020-12-20 23:04:07 +01:00
Christophe Maudoux
4d04672c20 WIP: FindUser skeleton (#1976) 2020-12-20 22:54:35 +01:00
Christophe Maudoux
512045c528 Fix conf test (#2243) 2020-12-20 17:29:13 +01:00
Christophe Maudoux
7be0240389 Update default values & Tidy (#2243) 2020-12-16 22:58:01 +01:00
Christophe Maudoux
652d8ba9bc Prevent authentication on backend if account is locked (#2243) 2020-12-16 22:49:41 +01:00
Christophe Maudoux
2dde8672d5 Fix unit tests warning (#2406) 2020-12-11 00:10:22 +01:00
Maxime Besson
442203685f checkState: fix perl error when testing a user account (#2413) 2020-12-09 18:01:02 +01:00
Maxime Besson
8793a5b6a1 Fix storage of LDAP attributes with a value of 0 (#2403) 2020-12-07 17:49:21 +01:00
Maxime Besson
c6d20ca8b3 Fix init of ::Portal::Password::LDAP (#2410) 2020-12-07 16:59:48 +01:00
Maxime Besson
9ba6938e90 Show a friendlier error message when a module fails init (#2410) 2020-12-07 16:59:48 +01:00
Christophe Maudoux
c2266720f9 Unauthenticated logout request with route & improve unit test (#2342) 2020-12-06 11:21:11 +01:00
Christophe Maudoux
41889e5ee2 Append unit test (#2342) 2020-12-05 20:37:50 +01:00
Christophe Maudoux
b2306cc8ad Unauthenticated logout (#2342) 2020-12-05 19:31:23 +01:00
Clément OUDOT
426555effe Use a specific parameter for mail 2F session key (#2406) 2020-12-03 19:59:36 +01:00
Christophe Maudoux
421929d081 Hide valued headers only (#2398) 2020-12-01 20:49:42 +01:00
Clément OUDOT
8211850be7 Better userLogger messages for password change (#2393) 2020-11-29 18:02:13 +01:00
Christophe Maudoux
32d52b96d8 Append an option to obfuscate some headers value (#2398) 2020-11-27 23:09:18 +01:00
Maxime Besson
699679a8e0 Documentation for #2359 2020-11-27 14:00:58 +01:00
Maxime Besson
f49c1adf17 add oidcGenerateIDToken hook (#2359) 2020-11-27 14:00:58 +01:00
Maxime Besson
daef0cf776 add oidcGenerateUserInfoResponse hook (#2359) 2020-11-27 14:00:58 +01:00
Maxime Besson
faadb3f059 add oidcGotRequest hook (#2359) 2020-11-27 14:00:58 +01:00
Maxime Besson
c19be1d501 Tidy SAML issuer (#2359) 2020-11-27 14:00:58 +01:00
Maxime Besson
a706f8a470 add samlBuildLogoutResponse hook (#2359) 2020-11-27 14:00:58 +01:00
Maxime Besson
ddc43f7c9c add samlGotLogoutRequest hook (#2359) 2020-11-27 14:00:58 +01:00
Maxime Besson
2dba11e6b3 Add samlBuildAuthnResponse hook (#2359) 2020-11-27 14:00:58 +01:00
Maxime Besson
de1d6e205b Add samlGotAuthnRequest hook (#2359) 2020-11-27 14:00:58 +01:00
Maxime Besson
f0dbb28866 Add Hook system for plugins (#2359) 2020-11-27 14:00:58 +01:00
Christophe Maudoux
7a7751e569 Code refactoring & typos (#2334) 2020-11-25 21:59:49 +01:00
Christophe Maudoux
b04bb6ab84 Test if Vhost is HTTP or HTTPS & improve unit test (#2386) 2020-11-25 19:09:33 +01:00
Christophe Maudoux
f963afd812 Logs more explicit (#2334) 2020-11-25 17:17:36 +01:00
Christophe Maudoux
0a4fabb4e4 Use strict & fix warnings 2020-11-21 19:24:04 +01:00
Christophe Maudoux
6060a54536 Use whatToTrace in log (#2393) 2020-11-19 21:51:58 +01:00
Christophe Maudoux
a19d229cd3 Use whatToTrace in log (#2393) 2020-11-19 21:28:52 +01:00
Christophe Maudoux
0294df1cc8 URI are case sensitive (#2386) 2020-11-17 22:03:55 +01:00
Christophe Maudoux
df99148b68 Fix wildcarded VHost & improve unit test (#2386) 2020-11-17 22:03:55 +01:00
Christophe Maudoux
dfc68f9f98 Use Mouse instead of Exporter 2020-11-16 21:54:54 +01:00
Maxime Besson
8f1b30b6d0 Return an error if http session could not be found (#2382) 2020-11-16 18:38:53 +01:00
Maxime Besson
0263865faa Add CORS headers to error pages (#2380) 2020-11-12 14:34:16 +01:00
Christophe Maudoux
231ec50d63 Fix protocol in log 2020-11-10 10:47:14 +01:00
Christophe Maudoux
91907eba90 Improve & fix AD backend (#2377) 2020-11-09 17:50:15 +01:00
Christophe Maudoux
c742d8320e Set user and oldpassword fields into reset password form & Improve unit tests (#2377) 2020-11-09 13:27:16 +01:00
Maxime Besson
fa2301ab0e Force OIDC claim types according to config (#2330) 2020-11-06 19:00:52 +01:00
Xavier Guimard
893385d007 Replace application/javascript by application/json (Fixes #2376) 2020-11-06 17:58:41 +01:00
Clément OUDOT
fa0f043f18 Check internal refresh result (#2375) 2020-11-05 12:26:35 +01:00
Maxime Besson
d63a55d619 Check Kerberos domain against optional whitelist (#2372) 2020-11-05 10:38:47 +01:00
Clément OUDOT
18c1a753ad Remove space from generated login in register process (#2373) 2020-11-04 21:10:09 +01:00
Christophe Maudoux
31ff8484bb Tidy 2020-11-04 17:02:07 +01:00
Christophe Maudoux
20f5f467dd Typos (#2368) 2020-11-04 16:12:04 +01:00
Christophe Maudoux
50f01e2cbe Remove cookie & code refactoring (#2368) 2020-11-04 13:49:51 +01:00
Maxime Besson
1de41224f8 Avoid memory leaks in $req->steps (#2369) 2020-11-02 23:22:04 +01:00
Clément OUDOT
8c1f5c6d50 Launch adaptative authentication plugin just before storing session values (#2336) 2020-11-02 15:56:19 +01:00
Xavier Guimard
6990a4a0c0 Set "secure" to StayConnected cookie 2020-11-01 08:15:09 +01:00
Christophe Maudoux
0469d36aec Update version & tidy (#2366) 2020-10-31 23:55:41 +01:00
Christophe Maudoux
d8114e0e16 Submit 2FA with StayConnected plugin (#2366) 2020-10-31 23:20:18 +01:00
Christophe Maudoux
7ac2a0da80 Allow to check last logins with stayConnected plugin & improve unit test (#2365) 2020-10-31 22:10:14 +01:00
Christophe Maudoux
b869b59da7 Avoid assignment (#2360) 2020-10-30 12:55:39 +01:00
Maxime Besson
367f1bc5ad Add LDAP IO timeout (#2267) 2020-10-27 16:01:39 +01:00
Christophe Maudoux
e704fe24ea Fix warning if no path given & code refactoring 2020-10-26 19:21:54 +01:00
Christophe Maudoux
90c8c2ba86 Improve messages (#2332) 2020-10-16 23:27:06 +02:00
Christophe Maudoux
da9dc04657 redirect user to 2fregisters after reAuthn process (#2332) 2020-10-14 22:02:57 +02:00
Christophe Maudoux
a86bf488c4 Test if a skip option is enabled (#2352) 2020-10-13 22:30:06 +02:00
Christophe Maudoux
929e00e91a Display button only if upgradeSession plugin is enabled (#2332) 2020-10-12 22:32:05 +02:00
Christophe Maudoux
f6eb9e5c1a Improve unit test (#2332) 2020-10-12 22:16:36 +02:00
Christophe Maudoux
605d724453 Improve GUI & unit tests (#2332) 2020-10-12 19:24:52 +02:00
Christophe Maudoux
d76438b1e8 Update langs & error code (#2238) 2020-10-12 15:16:55 +02:00
Christophe Maudoux
9245fc4ee1 Append unit test (#2338) 2020-10-12 14:55:46 +02:00
Christophe Maudoux
01031d8c4f Code refactoring (#2339) 2020-10-10 19:47:55 +02:00
Maxime Besson
fcb8e6b3c5 Use keepalive for LDAP connections (#2344) 2020-10-09 12:22:28 +02:00
Maxime Besson
5606d0ed6f Add support for SHA384 and SHA512 (#2322) 2020-10-07 15:31:57 +02:00
Maxime Besson
1234d5294f Let users override default SAML signature method (#2319) 2020-10-07 15:31:27 +02:00
Christophe Maudoux
cd02b8023e Fix warning (#2332) 2020-10-05 20:45:05 +02:00
Christophe Maudoux
352b97f681 Append option to modify 2FA during context switching (#2338) 2020-10-04 21:18:09 +02:00
Christophe Maudoux
da91097969 Improve fix (#2332) 2020-10-04 19:32:10 +02:00
Christophe Maudoux
a8343ac7be Test authLevel before removing 2F device (#2332) 2020-10-04 19:29:31 +02:00
Clément OUDOT
16211e5573 Remove unused sort rule (#2336) 2020-10-04 17:05:16 +02:00
Clément OUDOT
2c9ef41c2c Use whatToTrace (#2336) 2020-10-04 17:02:55 +02:00
Clément OUDOT
fd5170c945 Use buildRule (#2336) 2020-10-04 16:59:21 +02:00
Christophe Maudoux
b573dbb789 Better fix and improve unit test (#2337) 2020-10-04 11:35:26 +02:00
Christophe Maudoux
452594dbb5 Revert "Avoid to create persistentSession during switching process" 
This reverts commit 5707f40c5a.
 2020-10-03 13:05:51 +02:00
Christophe Maudoux
cb0fed8e13 Prevent to update SFA if impersonation is in progress (#2337) 2020-10-03 11:58:49 +02:00
Christophe Maudoux
5707f40c5a Avoid to create persistentSession during switching process 2020-10-02 21:41:07 +02:00
Christophe Maudoux
055ec69b92 Code cleaning & refactoring 2020-10-02 20:40:41 +02:00
Clément OUDOT
6cccea0e46 First version of adaptative authentication level plugin (#2336) 2020-10-02 15:05:15 +02:00
Christophe Maudoux
4ecce4726b Remove corrupted sessions (#2334) 2020-09-30 21:39:09 +02:00
Maxime Besson
89ec2b09b1 Improve SMTP error reporting (#2293) 2020-09-16 17:29:49 +02:00
Maxime Besson
1db67d735a Put mail transport code in Common so the manager can use it (#2293,#2304) 2020-09-16 17:27:00 +02:00
Christophe Maudoux
6d5ff2468b Typo 2020-09-16 11:17:14 +02:00
Christophe Maudoux
d57c314abe Code refactoring (#2314) 2020-09-15 22:24:21 +02:00
Christophe Maudoux
1a73f7ab7f Append rule & fix userData (#2314 & #2315) 2020-09-15 14:13:34 +02:00
Xavier Guimard
5b22310eab Log IP address in auth combination failures 
Fixes: #2317
 2020-09-15 11:22:13 +02:00
Xavier Guimard
e110517942 Fix misspelled parameter in call to ldap->search() (Fixes: #2310) 2020-09-10 08:40:23 +02:00
Maxime Besson
d31a14c303 Avoid accidentally creating an empty session (#2262) 2020-09-09 12:05:09 +02:00
Maxime Besson
277e0872fa Fix missing session timeouts (#2262) 2020-09-09 12:04:17 +02:00
Maxime Besson
d598513504 Fix warning when resolving cas target authlevel (#2309) 2020-09-09 10:37:00 +02:00
Maxime Besson
f9c7d0bdf7 saml proxy logout: Delay info until we return from idp (#2262) 2020-09-08 17:25:11 +02:00
Maxime Besson
683b5a7861 Resume logout when returning from Auth::SAML IDP (#2262) 2020-09-08 15:47:58 +02:00
Maxime Besson
24297aa942 Redirect to external provider for logout (#2262) 2020-09-08 14:16:49 +02:00
Maxime Besson
8b5ddf6e43 Perform authLogout step during SAML SLO (#2262) 2020-09-08 14:16:49 +02:00
Maxime Besson
3816fac9b6 Allow user to disable sig validation during SOAP SLO (#2262) 2020-09-08 14:16:27 +02:00
Christophe Maudoux
059b2b13f1 Merge branch 'v2.0' into 2266 2020-09-07 18:56:37 +02:00
Clément OUDOT
f835f3d36f Update version in modules 2020-09-06 19:58:58 +02:00
Maxime Besson
3771ead3db Make LDAP auth/userdb/pass modules use ldapVerify (#2250) 2020-09-05 12:21:37 +02:00
Xavier Guimard
c8df084247 Update versions 2020-09-04 17:59:00 +02:00
Maxime Besson
66c68f6056 Merge branch 'feature-delayed-2fa-2124' into 'v2.0' 
Delay 2FA until required by an application

See merge request lemonldap-ng/lemonldap-ng!147
 2020-09-04 17:40:46 +02:00
Maxime Besson
f9cdb5497a Only clean _url part of pdata when redirecting to issuer (#1878,#2124) 2020-09-04 17:17:04 +02:00
Maxime Besson
b2bfa38d5a Handle errors when no 2FA is available during upgrade (#2124) 2020-09-04 17:17:04 +02:00
Maxime Besson
eb191be72e Add error message when no sf available during upgrade (#2124) 2020-09-04 17:17:02 +02:00
Maxime Besson
f69babadef Differentiate renew and upgrade in Upgrade plugin (#2124) 2020-09-04 17:16:11 +02:00
Maxime Besson
1cf1990fe2 Add portal code for session upgrade 2020-09-04 17:15:34 +02:00
Maxime Besson
bd110e7de6 cas issuer: check auth level and reauth if insufficient (#2124) 2020-09-04 17:15:34 +02:00
Maxime Besson
ce5c19e3f4 saml issuer: check auth level and reauth if insufficient (#2124) 2020-09-04 17:15:34 +02:00
Maxime Besson
7a36489b73 oidc issuer: check auth level and reauth if insufficient (#2124) 2020-09-04 17:15:34 +02:00
Maxime Besson
e811ea3b2d Skip 2FA if target level is enough (#2124) 2020-09-04 17:15:34 +02:00
Maxime Besson
ef6b8587ee Remember target authlevel in handler (#2124) 2020-09-04 17:14:05 +02:00
Maxime Besson
8bfa5179cc Issuers: Store required auth level in pdata (#2124) 2020-09-04 17:14:04 +02:00
Clément OUDOT
e86293e165 Merge branch 'v2.0' of gitlab.ow2.org:lemonldap-ng/lemonldap-ng into v2.0 2020-09-04 16:14:37 +02:00
Clément OUDOT
828ecd7bfb Show password form with change password after reset (#2307) 2020-09-04 16:14:17 +02:00
Maxime Besson
ffb7c7430d Fix encoding workaround in recursive group search (#2306) 2020-09-03 15:59:18 +02:00
Christophe Maudoux
05096327c0 Re-order menu & Update langs (#2266) 2020-08-29 22:50:29 +02:00
Christophe Maudoux
01beb5d48b Allow all special chars (#2266) 2020-08-29 22:12:09 +02:00
Christophe Maudoux
7a9020ff25 Modify type (#2266) 2020-08-29 20:13:11 +02:00
Christophe Maudoux
0a4812203c Allowed all special chars and rule to disable local password policy (#2266) 2020-08-29 19:08:47 +02:00
Christophe Maudoux
b4222b50f3 Tidy & Update doc 2020-08-28 23:50:57 +02:00
Christophe Maudoux
779fd983e5 Typo (#2302) 2020-08-28 21:56:54 +02:00
Christophe Maudoux
317172c8ac Fix unit tests (#2276) 2020-08-28 14:44:03 +02:00
Christophe Maudoux
525eab006d Improve unit test (#2276) 2020-08-28 10:41:40 +02:00
Christophe Maudoux
8b6ab584cf WIP: Update langs & append conf test (#2276) 2020-08-27 14:38:11 +02:00
Christophe Maudoux
4d52fedfe5 WIP - Incremental tempo 2020-08-25 22:58:47 +02:00
Maxime Besson
c5900ece14 Kerberos: fail with an explicit message on NTLM ticket (#2295) 2020-08-25 20:01:28 +02:00
Clément OUDOT
f158961fa6 Fix bad reference usage on hash 2020-08-25 00:27:06 +02:00
Christophe Maudoux
e84b29aca4 Display special chars password policy with expired password form (#2289) 2020-08-24 22:43:15 +02:00
Maxime Besson
a7b09f8dbb Auth::SAML: fix warning on empty session index (#2291) 2020-08-24 17:24:55 +02:00
Maxime Besson
5e78464d7f Resolve nameid session attribute from local macros (#2280) 2020-08-17 22:06:09 +02:00
Maxime Besson
9ac49b881a Lookup casAppMetaDataOptionsUserAttribute in per-app macros (#2280) 2020-08-17 22:06:09 +02:00
Maxime Besson
52c6edb453 Lookup oidcRPMetaDataOptionsUserIDAttr in per-RP macros (#2280) 2020-08-17 22:06:09 +02:00
Maxime Besson
4497f39efe Factor psession id calculation into Common 2020-08-17 18:43:29 +02:00
Maxime Besson
26cd1945fb Try to compute the correct value of SameSite by default (#2281) 2020-08-17 18:05:09 +02:00
Maxime Besson
7a02fdf8e5 rollback caa346d075 (#2179) 
No longer needed since #2261
 2020-08-12 09:49:14 +02:00
Maxime Besson
9d9e16e3f9 Remove setAuthSessionInfo from refresh process (#2261) 2020-08-12 09:49:14 +02:00
Christophe Maudoux
ca514f69e5 Fix version (#2274) 2020-08-11 22:43:32 +02:00
Christophe Maudoux
08ad68824e Fix 500 error (#2274) 2020-08-11 22:03:32 +02:00
Maxime Besson
b2a2575896 Fix incorrect SOAP content type in SAML issuer (#2263) 2020-08-10 15:06:00 +02:00
Maxime Besson
9aa3b9b03f Add correct secure flag to pdata cookie (#2272) 2020-08-10 12:10:33 +02:00
Maxime Besson
a96820d6f6 Set secure flag when removing cookie (#2272) 2020-08-10 12:10:33 +02:00
Christophe Maudoux
a1ebb0ee02 Fix ContextSwitching redirect & update unit tests (#2273) 2020-08-08 20:00:41 +02:00
dcoutadeur
0045daa592 fix increase log level for mail sending and password reset (#2265) 2020-07-28 15:04:55 +02:00
Clément OUDOT
d1418952eb Convert mutli-valued attributes into arrays for OIDC UserInfo (#2256) 2020-07-16 20:19:41 +02:00
Clément OUDOT
c5db3bc8bd Add country to address claim (#2257) 2020-07-16 19:58:53 +02:00
Baptiste Pecatte
5fbf7ae533 Remove useless variable 2020-07-05 13:11:28 +02:00
Baptiste Pecatte
2816bed66e Add host to logs for use with fail2ban 2020-07-05 13:11:28 +02:00
Maxime Besson
5df1850847 Add cache-control headers to sendJSONresponse (#2234) 2020-06-24 15:49:50 +02:00
Clément OUDOT
e544ee7778 Adapt user log in SAML issuer (#2244) 2020-06-18 18:40:13 +02:00
Clément OUDOT
5d5eda9799 Adapt user log in CAS issuer (#2244) 2020-06-18 18:39:53 +02:00
Clément OUDOT
0b3908e6dc Add user log in GET issuer (#2244) 2020-06-18 18:01:33 +02:00
Clément OUDOT
2da914cc90 Publish support for refresh_token grant_type (#2242) 2020-06-18 09:43:56 +02:00
Clément OUDOT
7d327f0e2e Do not remove mail token before form has been submitted (#2239) 2020-06-17 16:29:31 +02:00
Christophe Maudoux
b86c3431c2 Append setSession info step (#2172) 2020-06-07 13:25:07 +02:00
Christophe Maudoux
b04b2076de Preserve real_hGroups (#2229) 2020-06-06 23:27:37 +02:00
Maxime Besson
568c28d707 Fix REST clock tolerance (#2225) 
plus a bit of refactoring
 2020-06-03 10:47:37 +02:00
Maxime Besson
33a5496e55 Fix regression in #2085 (#2224) 
Clearing all hidden form values was a mistake as it breaks SAML when the
redirection URL contains a query string. We should keep existing hidden
fields. In the context of OIDC request, we clear them before redirection
to avoid #2085
 2020-05-29 15:51:51 +02:00
Maxime Besson
e9c05a63b2 Yubikey: use userdb-provisionned session field (#2189) 2020-05-25 18:57:07 +02:00
Christophe Maudoux
bb9e03d1e5 Tidy 2020-05-24 00:04:33 +02:00
Christophe Maudoux
53e16eca8c Append unit tests (#2207) 2020-05-23 23:02:37 +02:00
Clément OUDOT
39d7344f75 Add userLogger message in Demo backend (#2216) 2020-05-22 14:52:58 +02:00
Clément OUDOT
4b5670a723 Fetch Public keys and GPG keys from GitHub (#2203) 2020-05-21 22:55:42 +02:00
Christophe Maudoux
1113fab014 Append ContextSwitching unrestrictedUsers rule (#2207) 2020-05-20 21:53:13 +02:00
Christophe Maudoux
312445d543 Append checkUser unrestrictedUsers rule & Fix idRule (#2207 & #2215) 2020-05-20 21:23:31 +02:00
Christophe Maudoux
eb65264d5d Append Impersonation unrestrictedUsers rule & Update langs (#2207) 2020-05-19 23:33:07 +02:00
Maxime Besson
9d7e5c61cc handle empty string value for yubikey parameters (#2211) 2020-05-18 12:34:34 +02:00
Christophe Maudoux
2ecd0b18a8 Skip bad GrantSession rules & Improve unit test (#2201) 2020-05-10 14:26:08 +02:00
Maxime Besson
db9e862843 Merge branch 'feature-userdb-password-restserver' into v2.0 2020-05-09 20:07:24 +02:00
Christophe Maudoux
9bf915b5dc Fix unit tests & Version 2020-05-08 23:03:16 +02:00
Clément OUDOT
7efaf9d5cd User not always known in try subroutine (#2165) 2020-05-04 22:20:17 +02:00
Clément OUDOT
0bf1bfb7dd Do not stop logout process on error in Combination (#2165) 2020-05-04 21:53:14 +02:00
Clément OUDOT
7ed251ce3f Better log messages (#2165) 2020-05-04 21:48:06 +02:00
Xavier Guimard
6caf88a174 Better warning fix 2020-05-04 16:42:41 +02:00
Xavier Guimard
5d10695a79 Fix warning 2020-05-04 16:40:57 +02:00
Xavier Guimard
0f4ed9ecbe Add a test in combination to catch error when combination rule is unstable (#2165) 2020-05-04 16:37:15 +02:00
Maxime Besson
9464bd2503 Merge branch 'fix-oidc-consent-2fa-2142' into 'v2.0' 
Fix #2142

See merge request lemonldap-ng/lemonldap-ng!135
 2020-05-04 16:00:35 +02:00
Xavier Guimard
317bfcd97d Clean all issuer when issuerTs expires (fixes: #2186) 2020-05-04 15:42:25 +02:00
Xavier Guimard
52938222a5 Fix combination logout if condition changed (Fixes: #2165) 2020-05-04 15:29:16 +02:00
Christophe Maudoux
46bb6fea4f Return PE_SESSIONEXPIRED instead of 400 bad request (#2184) 2020-05-01 19:52:32 +02:00
Maxime Besson
dfc4411eae Add UserDB methods to REST server (#1659) 2020-05-01 13:44:23 +02:00
Maxime Besson
b5d461da47 Add password methods to REST server (#1598) 2020-05-01 13:44:23 +02:00
Maxime Besson
6adb0e17b3 Use req->data instead of req->userData to retrieve LDAP dn (#1598) 2020-05-01 13:44:23 +02:00
Maxime Besson
0c77c0b46d Add missing SetSecurity in UserDB::REST (#1659) 2020-05-01 13:43:12 +02:00
Maxime Besson
172993fcd6 Add useMail to UserDB::REST (#1659) 2020-05-01 13:43:12 +02:00
Maxime Besson
29d44121d7 Add useMail to Password::REST (#1598) 2020-05-01 13:43:12 +02:00
Christophe Maudoux
7014327232 Append an option to display sfManager link (#2185) 2020-04-30 20:50:10 +02:00
Clément OUDOT
ac9769ff69 Prepare release 2.0.8 2020-04-30 19:59:37 +02:00
Xavier Guimard
d801070a8f Clean also pdata in Main::Issuer::_redirect() ("1939) and add @maxbes test 2020-04-30 12:56:28 +02:00
Christophe Maudoux
dc672c2d1f Force FF to submit forms (#2158) 2020-04-30 12:43:06 +02:00
Christophe Maudoux
bd28760bd7 Change plugins loading order (#2180) 2020-04-29 19:36:18 +02:00
Maxime Besson
8eb9120af7 RESTServer: Clarify error message when time skew is too great 
deab21e091 did only half the job
 2020-04-29 18:41:11 +02:00
Christophe Maudoux
a7a0f25321 Update function signature and params list 2020-04-28 18:24:55 +02:00
Christophe Maudoux
591f953d5e Merge branch 'v2.0' into 2178-new 2020-04-28 18:20:49 +02:00
Clément OUDOT
9cd079e8fe Manage multi valued attributes in CAS authentication module (#2118) 2020-04-28 12:44:16 +02:00
Christophe Maudoux
a52c8f53b0 Use rule (#2178) 2020-04-27 22:12:12 +02:00
Christophe Maudoux
763eb04b4b Update tree (#2178) 2020-04-27 20:39:02 +02:00
Christophe Maudoux
caa346d075 Restore previous authentication level (#2179) 2020-04-27 18:20:23 +02:00
Maxime Besson
c1fb1a1b66 Mitigate #1980 by displaying an error to the user 2020-04-27 17:40:34 +02:00
Maxime Besson
7e502af391 Add option to remove "Refresh my rights" from menu 2020-04-27 17:19:41 +02:00
Clément OUDOT
a97041f8cd Fix test for Issuer timeout (#1939) 2020-04-27 14:40:45 +02:00
Xavier Guimard
dff45f5456 Fix tytpe (#1939) 2020-04-27 10:31:03 +02:00
Christophe Maudoux
ac06832c1e Partial revert 2020-04-26 12:13:13 +02:00
Christophe Maudoux
81185fef82 Improve code 2020-04-26 11:25:12 +02:00
Xavier Guimard
c868cb431f Add pdata timeout for issuers (#1939) 2020-04-26 09:31:38 +02:00
Christophe Maudoux
fd19547c1c Tidy 2020-04-25 14:51:11 +02:00
Christophe Maudoux
a3c11a662a Code refactoring (#1664) 2020-04-25 14:47:10 +02:00
Christophe Maudoux
5dffb9de78 Code refactoring (#1999) 2020-04-25 14:42:02 +02:00
Christophe Maudoux
23d721c7c5 Code refactoring (#1956) 2020-04-25 14:41:33 +02:00
Christophe Maudoux
522b2bd860 Code refactoring (#1783) 2020-04-25 14:41:23 +02:00
Christophe Maudoux
4fefa02028 Code refactoring (#1658) 2020-04-25 14:39:40 +02:00
Christophe Maudoux
9d6197232f Improve code (#2163) 2020-04-25 11:44:27 +02:00
Christophe Maudoux
c61ae6be59 Tidy (#2163) 2020-04-25 01:02:25 +02:00
Christophe Maudoux
36fbc98bed Fix error return (#1999) 2020-04-25 01:01:57 +02:00
Christophe Maudoux
d387c0f355 Display otherSessions & remove Link (#2163) 2020-04-25 00:43:56 +02:00
Maxime Besson
e607d8281f OIDC: do not advertise missing functionality (#1194) 
Back-Channel logout is not supported yet
 2020-04-24 12:15:51 +02:00
Clément OUDOT
138ee4284f Disable cache when registering a new OIDC client (#2058) 2020-04-24 11:52:04 +02:00
Maxime Besson
a3821fc560 Implement additional audiences in ID token (#2177) 2020-04-24 11:10:44 +02:00
Christophe Maudoux
6018610196 Make checkUser option rules (#2173) 2020-04-24 00:25:10 +02:00
Maxime Besson
6ccf078432 Implement Resource Owner Password Credentials grant (#2155) 2020-04-23 17:49:25 +02:00
Maxime Besson
37f71a43b5 create helper function to display portal error code 2020-04-23 17:49:25 +02:00
Maxime Besson
ded6c74fe0 Allow special characters in scope names (#2168) 2020-04-23 14:50:53 +02:00
Christophe Maudoux
d11442ed26 Append setSessionInfo step (#2172) 2020-04-23 14:16:46 +02:00
Xavier Guimard
0baf014e6b Revert "Fix part of circular links (related to #1990)" 
This reverts commit c9e7f3a1b0.
 2020-04-23 12:00:51 +02:00
Maxime Besson
31f05b9e2d Make Introspection endpoint look for offline sessions (#2171) 2020-04-23 10:29:08 +02:00
Xavier Guimard
24c1a2e90a Restore default route (#1990) 2020-04-22 22:09:15 +02:00
Xavier Guimard
d5da0362fd Fix #1990 2020-04-22 21:46:59 +02:00
Maxime Besson
626715a580 Prevent duplicate consents in psession (#2169) 2020-04-22 21:26:38 +02:00
Maxime Besson
a217590869 Tidy OIDC 2020-04-22 21:25:56 +02:00
Christophe Maudoux
a74b5acafa Merge branch 'fix-oidc-info-2085' into 'v2.0' 
Fix OIDC info before redirect (#2085)

See merge request lemonldap-ng/lemonldap-ng!134
 2020-04-22 18:17:58 +02:00
Christophe Maudoux
df9beb25f2 Merge branch 'fix-2081' into 'v2.0' 
Fix #2081 by detecting external URL

See merge request lemonldap-ng/lemonldap-ng!138
 2020-04-22 17:58:26 +02:00
Xavier Guimard
1f80a0ab8c Avoid little warning in test 2020-04-22 15:37:19 +02:00
Xavier Guimard
c9e7f3a1b0 Fix part of circular links (related to #1990) 2020-04-22 14:13:14 +02:00
Maxime Besson
ecbcc0b6b6 Fix #2081 by detecting external URL 2020-04-22 11:25:06 +02:00
Maxime Besson
92af252ae9 Make SingleSession configurable by rule (#2164) 2020-04-22 11:02:59 +02:00
Maxime Besson
0983c66139 Portal: add helper method to build a rule from a string 2020-04-22 11:02:59 +02:00
Xavier Guimard
1a13e3d0dc Really fix #2161 2020-04-21 22:09:40 +02:00
Maxime Besson
b8d72e21b4 fix display of deleted sessions (#2159) 2020-04-21 10:18:50 +02:00
Xavier Guimard
faadd4fc52 DBI: verify parameters during init (Fixes: #2161) 2020-04-21 07:55:07 +02:00
Christophe Maudoux
cd8f8bd847 Typo (#2159) 2020-04-21 00:03:45 +02:00
Maxime Besson
deab21e091 RESTServer: Clarify error message when time skew is too great 2020-04-20 17:14:32 +02:00
Christophe Maudoux
dcef93eea9 Update version (#2154) 2020-04-19 19:25:26 +02:00
Maxime Besson
55f3ca0e77 Improve error reporting for SAML replay protection 2020-04-18 19:54:02 +02:00
Christophe Maudoux
e00cb0ecf0 use localDate & Improve unit test (#1999) 2020-04-18 11:50:07 +02:00
Christophe Maudoux
612682fddb Sort active sessions (#1999) 2020-04-18 00:32:21 +02:00
Clément OUDOT
fb29673fdf GitHub authentication module (#2154) 2020-04-17 23:34:45 +02:00
Christophe Maudoux
478d205f07 Code refactoring & Tidy (#2138) 2020-04-17 20:00:36 +02:00
dcoutadeur dcoutadeur
2c6df4dfc0 Merge branch 'logoutforward' into 'v2.0' 
fix #2138 logout forward doesn't work anymore

See merge request lemonldap-ng/lemonldap-ng!136
 2020-04-17 17:56:48 +02:00
dcoutadeur
c984bb8b4a fix CAS logoutServices (see #2138 logout forward doesn't work anymore) 2020-04-17 17:36:43 +02:00
dcoutadeur
641c523b62 revert c1b61f535 fix CAS logoutServices 2020-04-17 17:14:16 +02:00
dcoutadeur
c1b61f535a fix CAS logoutServices (see #2138 logout forward doesn't work anymore) 2020-04-17 16:56:35 +02:00