dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
12,267 Commits 3 Branches 0 Tags 75 MiB
79bd842424
Commit Graph

600 Commits

Author SHA1 Message Date
Maxime Besson
dc0bacd6f0 Accept Access Tokens in JWT format (#2419) 2021-02-01 18:15:55 +01:00
Maxime Besson
acaaf1c749 Refactor buildUserInfo (#2419) 2021-02-01 18:15:55 +01:00
Maxime Besson
dbddddfba1 Refactor newAccessToken (#2419) 2021-02-01 18:15:55 +01:00
Maxime Besson
5562d8b1dd Add a function to resolve allowed scopes from rules (#2424) 2021-02-01 16:25:35 +01:00
Maxime Besson
c30b452aa3 Load dynamic scopes from config (#2424) 2021-02-01 16:25:35 +01:00
Maxime Besson
c844cc25b0 Fix SAML logout propagation with Redirect binding (#2449) 2021-01-29 09:45:50 +01:00
Christophe Maudoux
5d56a88ff3 Use strict & Typo 2021-01-23 18:57:24 +01:00
Christophe Maudoux
d6e351ab90 Tidy 2021-01-19 22:45:05 +01:00
Maxime Besson
5b4e533f44 Add _scope and _clientID to portal (#1987) 2021-01-19 17:06:21 +01:00
Maxime Besson
dd5e9ec156 Tidy 2021-01-19 16:44:06 +01:00
Christophe Maudoux
bd1a0bf6da Fix regex (#1976) 2021-01-07 09:54:00 +01:00
Christophe Maudoux
1c45e8a8c0 Merge branch 'v2.0' into findUser 2021-01-05 22:14:28 +01:00
Christophe Maudoux
846d6a3655 Allow wildcard with searching parameters (#1976) & Improve unit tests 2021-01-05 22:08:48 +01:00
Maxime Besson
2a805e06b9 Match CAS service via prefix (#2331) 2021-01-05 17:34:57 +01:00
Maxime Besson
e78f8a2270 Refactor CAS code (#2321) 2021-01-05 17:34:57 +01:00
Christophe Maudoux
fc6ea96954 FindUser with combination (#1976) 2021-01-03 19:00:20 +01:00
Christophe Maudoux
c2c02b4c86 Append REST UserDB unit test (#1976) 2021-01-02 22:50:56 +01:00
Christophe Maudoux
de1be30176 Fix other Backend (#1976) 2021-01-02 19:21:16 +01:00
Christophe Maudoux
597455dfcf FindUser with LDAP & AD & Append unit test (#1976) 2020-12-27 23:37:40 +01:00
Christophe Maudoux
072f68004a Improve debug log & unit tests (#1976) 2020-12-27 18:03:08 +01:00
Christophe Maudoux
0b750fb6cc Append Choice unit tests (#1976) 2020-12-27 14:24:15 +01:00
Christophe Maudoux
c0f71ee0f1 Fix FindUSer with Choice (#1976) 2020-12-27 13:29:10 +01:00
Christophe Maudoux
510a1dc1c2 WIP: UserDB findUser (#1976) 2020-12-22 17:02:51 +01:00
Christophe Maudoux
bfcdd370df Merge branch 'v2.0' into findUser 2020-12-21 21:11:55 +01:00
Maxime Besson
ed0be42c93 Merge branch 'WIP-plugin-hooks-2359' into 'v2.0' 
Plugin hook system to extend issuers (and maybe more)

See merge request lemonldap-ng/lemonldap-ng!166
 2020-12-21 16:35:03 +01:00
Christophe Maudoux
4d04672c20 WIP: FindUser skeleton (#1976) 2020-12-20 22:54:35 +01:00
Clément OUDOT
8211850be7 Better userLogger messages for password change (#2393) 2020-11-29 18:02:13 +01:00
Maxime Besson
f49c1adf17 add oidcGenerateIDToken hook (#2359) 2020-11-27 14:00:58 +01:00
Maxime Besson
daef0cf776 add oidcGenerateUserInfoResponse hook (#2359) 2020-11-27 14:00:58 +01:00
Christophe Maudoux
dfc68f9f98 Use Mouse instead of Exporter 2020-11-16 21:54:54 +01:00
Christophe Maudoux
c742d8320e Set user and oldpassword fields into reset password form & Improve unit tests (#2377) 2020-11-09 13:27:16 +01:00
Maxime Besson
fa2301ab0e Force OIDC claim types according to config (#2330) 2020-11-06 19:00:52 +01:00
Maxime Besson
367f1bc5ad Add LDAP IO timeout (#2267) 2020-10-27 16:01:39 +01:00
Maxime Besson
fcb8e6b3c5 Use keepalive for LDAP connections (#2344) 2020-10-09 12:22:28 +02:00
Maxime Besson
5606d0ed6f Add support for SHA384 and SHA512 (#2322) 2020-10-07 15:31:57 +02:00
Maxime Besson
1234d5294f Let users override default SAML signature method (#2319) 2020-10-07 15:31:27 +02:00
Christophe Maudoux
055ec69b92 Code cleaning & refactoring 2020-10-02 20:40:41 +02:00
Maxime Besson
89ec2b09b1 Improve SMTP error reporting (#2293) 2020-09-16 17:29:49 +02:00
Maxime Besson
1db67d735a Put mail transport code in Common so the manager can use it (#2293,#2304) 2020-09-16 17:27:00 +02:00
Xavier Guimard
e110517942 Fix misspelled parameter in call to ldap->search() (Fixes: #2310) 2020-09-10 08:40:23 +02:00
Maxime Besson
d31a14c303 Avoid accidentally creating an empty session (#2262) 2020-09-09 12:05:09 +02:00
Maxime Besson
683b5a7861 Resume logout when returning from Auth::SAML IDP (#2262) 2020-09-08 15:47:58 +02:00
Maxime Besson
3771ead3db Make LDAP auth/userdb/pass modules use ldapVerify (#2250) 2020-09-05 12:21:37 +02:00
Xavier Guimard
c8df084247 Update versions 2020-09-04 17:59:00 +02:00
Maxime Besson
ffb7c7430d Fix encoding workaround in recursive group search (#2306) 2020-09-03 15:59:18 +02:00
Christophe Maudoux
779fd983e5 Typo (#2302) 2020-08-28 21:56:54 +02:00
Maxime Besson
52c6edb453 Lookup oidcRPMetaDataOptionsUserIDAttr in per-RP macros (#2280) 2020-08-17 22:06:09 +02:00
Maxime Besson
b2a2575896 Fix incorrect SOAP content type in SAML issuer (#2263) 2020-08-10 15:06:00 +02:00
Maxime Besson
a96820d6f6 Set secure flag when removing cookie (#2272) 2020-08-10 12:10:33 +02:00
dcoutadeur
0045daa592 fix increase log level for mail sending and password reset (#2265) 2020-07-28 15:04:55 +02:00
Clément OUDOT
d1418952eb Convert mutli-valued attributes into arrays for OIDC UserInfo (#2256) 2020-07-16 20:19:41 +02:00
Clément OUDOT
c5db3bc8bd Add country to address claim (#2257) 2020-07-16 19:58:53 +02:00
Baptiste Pecatte
5fbf7ae533 Remove useless variable 2020-07-05 13:11:28 +02:00
Baptiste Pecatte
2816bed66e Add host to logs for use with fail2ban 2020-07-05 13:11:28 +02:00
Christophe Maudoux
bb9e03d1e5 Tidy 2020-05-24 00:04:33 +02:00
Christophe Maudoux
a7a0f25321 Update function signature and params list 2020-04-28 18:24:55 +02:00
Christophe Maudoux
591f953d5e Merge branch 'v2.0' into 2178-new 2020-04-28 18:20:49 +02:00
Clément OUDOT
9cd079e8fe Manage multi valued attributes in CAS authentication module (#2118) 2020-04-28 12:44:16 +02:00
Christophe Maudoux
a52c8f53b0 Use rule (#2178) 2020-04-27 22:12:12 +02:00
Maxime Besson
a3821fc560 Implement additional audiences in ID token (#2177) 2020-04-24 11:10:44 +02:00
Maxime Besson
a217590869 Tidy OIDC 2020-04-22 21:25:56 +02:00
Xavier Guimard
faadd4fc52 DBI: verify parameters during init (Fixes: #2161) 2020-04-21 07:55:07 +02:00
Maxime Besson
55f3ca0e77 Improve error reporting for SAML replay protection 2020-04-18 19:54:02 +02:00
Maxime Besson
e9bab71585 Make sure restCall returns a hashref (#2125) 2020-03-26 11:31:33 +01:00
Maxime Besson
168dc75f96 OIDC: return id_token in hybrid flow (#2120) 2020-03-18 21:05:39 +01:00
Clément OUDOT
4c36c77452 Set default value for encryption_mode (#2117) 2020-03-12 17:00:50 +01:00
Clément OUDOT
921cf16fcf Format parameters for trspan (#2113) 2020-03-10 11:28:04 +01:00
Clément OUDOT
7c947ab976 Use the correct message for ppolicy time before expiration (#2113) 2020-03-10 11:16:43 +01:00
Clément OUDOT
f830fc4d8a Add some debug logs for ppolicy (#2113) 2020-03-10 10:50:02 +01:00
Christophe Maudoux
824acec27f Improve log (#2071) 2020-03-03 22:25:30 +01:00
Xavier Guimard
4459a47f76 Tidy 2020-02-20 23:37:05 +01:00
Xavier Guimard
a76cba3856 Update versions 2020-02-20 23:37:01 +01:00
Xavier Guimard
22c1f7270c Add feature to override SOAP Proxy URN (#2100) 2020-02-20 21:49:55 +01:00
Christophe Maudoux
a0ef149b5f Fix userData (#2071) 2020-02-12 22:50:08 +01:00
Christophe Maudoux
99c539fe53 Use a var & Update version (#2071) 2020-02-10 22:35:37 +01:00
Christophe Maudoux
2f04ffcc4a WIP - Notifications explorer (#2071) 2020-02-09 17:47:25 +01:00
Maxime Besson
3b48746948 SAML: Hide error in storeEnv (#2084) 2020-02-03 17:08:18 +01:00
Maxime Besson
e52f6d3ba7 Increase visibility of Lasso errors (#2084) 2020-02-03 17:08:18 +01:00
Clément OUDOT
681452524d Associate SAML access rule to SP conf key and not SP entityID (#2074) 2020-01-24 09:01:56 +01:00
Christophe Maudoux
39f93b0eb0 Retrieve all notifications & Improve unit test (#2012) 2019-12-19 20:52:34 +01:00
Clément OUDOT
ae0d455e7f Use base64 URL to decode JWT (#2045) 2019-12-19 17:31:02 +01:00
Maxime Besson
a410793122 CAS per-service macros portal code (#2042) 2019-12-16 17:26:35 +01:00
Maxime Besson
2a15bb0523 SAML per-service macros portal code (#2042) 2019-12-16 17:26:34 +01:00
Maxime Besson
32ecf37be4 OIDC per-service macros portal code (#2042) 2019-12-16 17:26:34 +01:00
Christophe Maudoux
6f2e5c1811 Typo 2019-11-25 22:48:12 +01:00
Christophe Maudoux
a54a8228b4 Check only active notifications & Improve unit test - XML format (#2012) 2019-11-25 11:55:19 +01:00
Christophe Maudoux
80f19e4e71 Check only active notifications & Improve unit test - JSON format (#2012) 2019-11-25 11:51:08 +01:00
Christophe Maudoux
60ef07bcd6 Check notifications date (#2012) 2019-11-22 21:08:28 +01:00
Maxime Besson
e130c6160b Validate LDAP connections in getUser (#2018) 2019-11-20 20:57:33 +01:00
Christophe Maudoux
e20555623e Append defaulCondition option (#2012) 2019-11-18 17:34:56 +01:00
Christophe Maudoux
ea3337574c Append conf manager test (#2012) 2019-11-17 22:36:52 +01:00
Christophe Maudoux
d935753eaf Append to JSON format condition check & improve unit test (#2012) 2019-11-17 22:25:06 +01:00
Christophe Maudoux
c548a4d03e Typo 2019-11-17 22:23:12 +01:00
Christophe Maudoux
632f731774 Allow non array ref with single checkbox and split notification body (#2012) 2019-11-15 21:03:18 +01:00
Maxime Besson
57b28940fa Do not show password change prompt when AD password is incorrect (#2007) 2019-11-15 11:59:03 +01:00
Maxime Besson
2639c482b1 Fix cookie removal on SAML logout (#2001) 
Since the fixes for #1863, calling p->do consumes the response headers
set by any previous code. So we must only call do() in a return statement.
 2019-11-06 18:44:10 +01:00
Maxime Besson
7bdd33eb46 Fix token ID format (#1998) 2019-11-06 11:45:47 +01:00
Maxime Besson
713737c11f Add an option to return claims in ID token 2019-11-04 18:27:28 +01:00
Maxime Besson
b34a229eda Add doc for buildUserInfoResponseFromId 2019-11-04 10:47:35 +01:00
Maxime Besson
a386a7502a Allow refresh tokens to be emitted for regular sessions (#813) 2019-11-04 10:44:54 +01:00
Maxime Besson
ea2365cc98 Implement OIDC Offline sessions through refresh tokens (#813) 2019-11-04 10:44:54 +01:00
Maxime Besson
474bb48aa1 Make Password::LDAP/AD check connection before use (#1909) 
Also remove a mostly redundant wrapper method in Auth::LDAP
 2019-10-01 19:17:31 +02:00
Maxime Besson
fa49e77495 Better logs in case of a LDAP error 2019-10-01 15:14:51 +02:00
Maxime Besson
5d5ac66a6e Add Date: field to emails (#1953) 
This adds a dependancy to Email::Date::Format, but it's already a
dependancy of Email::Sender::Simple (and probably more), so in practice
no new packages are going to be installed
 2019-09-26 12:32:58 +02:00
Christophe Maudoux
146aca7c82 Remove trailing whitespaces 2019-09-16 20:30:35 +02:00
Christophe Maudoux
fcf05c5602 Avoid warning 2019-09-16 17:22:35 +02:00
Christophe Maudoux
9784e75ead Check Slave credential headers (#1935) 2019-09-13 22:21:09 +02:00
Xavier
e50e7d09d1 Update version of (really) modified files 2019-09-12 21:56:49 +02:00
Clément OUDOT
e54355ff9f Use conf as HASH key (#1619) 2019-09-05 17:16:55 +02:00
Clément OUDOT
5b7bb4b9cd Check error message from ITDS (#1619) 2019-09-05 17:14:44 +02:00
Maxime Besson
ff3d4e218c doc: suggest a better fix for #1864 
We can't do it yet because the issue isn't fixed in versions of Lasso
found in the wild. But someday it will be.
 2019-09-03 18:13:13 +02:00
Maxime Besson
d61935ab6e Implement introspection endpoint for access tokens (#1843) 2019-08-29 19:10:51 +02:00
Maxime Besson
fd7453b7a5 Refactor endpoint auth 2019-08-29 18:57:26 +02:00
Xavier Guimard
1660109e2f Security: use 3-form for open 2019-08-28 11:32:54 +02:00
Maxime Besson
810d2c7f94 Disable template cache to avoid translation issues in mail (#1897) 2019-08-27 23:13:36 +02:00
Maxime Besson
a04a376777 Make regular template variables available in mails 
SKIN, PORTAL_URL, env_*, session_* are now available in email templates

Preliminary work for #1861
 2019-08-27 23:13:36 +02:00
Xavier Guimard
323d92fa1b Don't load Data::Dumper unless debug 2019-08-27 10:10:11 +02:00
Xavier Guimard
0415370f2c More REST debug 2019-08-22 15:17:51 +02:00
Maxime Besson
661a007b4a Check OIDC access token expiration (#1879) 2019-08-21 12:18:55 +02:00
Christophe Maudoux
78a82dbee9 Override OTT conf. for Upgrade tokens (#1884) 2019-08-15 22:01:44 +02:00
Christophe Maudoux
9dac92064c Better fix & update unit tests (#1861) 2019-08-07 22:29:12 +02:00
Christophe Maudoux
7aad470586 Delete pdata cookie after XML notif validation & Improve unit test (#1861) 2019-08-06 22:29:48 +02:00
Christophe Maudoux
c630a90064 Delete pdata cookie after notif validation & Improve unit test (#1861) 2019-08-06 22:25:09 +02:00
Xavier
ea713a3169 Avoid conflict in $req->data between DBI and LDAP 
Closes: #1875
 2019-08-06 21:54:41 +02:00
Maxime Besson
68c8be333a Fix translation override in mails 2019-08-02 17:45:03 +02:00
Maxime Besson
c9dba5212e HTML-decode entityID from metadata (#1864) 2019-07-25 18:29:46 +02:00
Christophe Maudoux
3d6a7bd843 Sort notifications: JSON format (#1862) 2019-07-25 12:42:58 +02:00
Christophe Maudoux
bf5fe2246d Send specified parameters (#1851) 2019-07-25 12:00:37 +02:00
Christophe Maudoux
11f2d0f34a Improve notifications REST API & unit test (#1851) 2019-07-23 15:54:53 +02:00
Christophe Maudoux
fb7a222c9d Append notifications REST API (#1851) 2019-07-22 15:39:59 +02:00
Christophe Maudoux
81aa2fb37b Improve test-lib & unit test (#1851) 2019-07-21 23:23:20 +02:00
Christophe Maudoux
3972861ba4 WIP - Improve unit test & need to fix list notifications feature!!! (#1851) 2019-07-21 22:47:48 +02:00
Clément OUDOT
f15e8bd108 Possibility to list notifications (#1851) 2019-07-21 20:47:16 +02:00
Christophe Maudoux
ca7ebe09f7 WIP - REST service to remove notification (#1851) 2019-07-20 22:25:03 +02:00
Christophe Maudoux
21c1d83df3 Typo 2019-07-20 13:28:48 +02:00
Christophe Maudoux
4eecd90230 Typo (#1857) 2019-07-17 12:20:30 +02:00
Christophe Maudoux
b99b76e2d6 Improve code (#1857) 2019-07-17 12:18:15 +02:00
Christophe Maudoux
d8b3eb2a34 Remove cipher cookie if notification refused (#1857) 2019-07-16 13:51:01 +02:00
Clément OUDOT
e12cb3a905 Fix loop on notifications (#1856) 2019-07-15 10:55:33 +02:00
Xavier
64c587417b Improvement 2019-07-12 19:09:55 +02:00
Clément OUDOT
c024ed0fe6 Improve logging when a notification is added by REST (#1853) 2019-07-12 18:34:55 +02:00
Xavier
a104db2f2d Clean logs 2019-07-04 07:24:50 +02:00
Maxime Besson
6f058fb2fa Add manager manpages to deb 2019-07-03 15:17:16 +02:00
Xavier Guimard
c1137edba8 make tidy with perltidy-20181120 2019-07-02 20:03:40 +02:00
Clément OUDOT
e04a6f1983 Reject none algorithm when checking JWT signature (#1835) 2019-07-02 16:36:43 +02:00
Clément OUDOT
60c03010ce Use Base64URL for JWT generation (#1834) 2019-07-01 17:29:35 +02:00
Xavier
c921c295ed Use user skin in loadTemplate (Fixes: #1828) 2019-06-28 13:40:56 +02:00
Xavier Guimard
44a6e25851 Improve cryptographic functions (#1823) 2019-06-28 10:30:37 +02:00
Xavier Guimard
e15a41bc66 Fix typo: s/templatesDir/templateDir/g (#1819) 2019-06-26 11:59:13 +02:00
Xavier Guimard
45a0b68c3b Disable external entities in XML parsers (Fixes: #1818) 2019-06-26 11:32:10 +02:00