Thomas CHEMINEAU
72e0247f03
fixes #314372 - introduce isAuthorizedURI SOAP function
2010-01-07 11:07:48 +00:00
Xavier Guimard
8102f72d50
POD updates :
...
* spelling errors found by Lintian
* encoding utf8
2010-01-03 08:09:59 +00:00
Clément Oudot
ee62c967b9
Reset password by mail for DBI backend
2009-12-30 19:42:17 +00:00
Xavier Guimard
23ee91c414
Modify _DBI::checkPassword to make it reuseable by another module than AuthDBI
2009-12-22 08:46:54 +00:00
Clément Oudot
0a618cda34
Refactor DBI code in _DBI.pm and SMTP code in _SMTP.pm
2009-12-21 22:28:38 +00:00
Xavier Guimard
4d47d92749
* Debian upgrade for jquery management
...
* SQL injection protection for DBI
* Regexp to control user field
* Missing parameters in _Struct.pm
* Bad errors management in Uploader
2009-12-19 08:57:59 +00:00
Clément Oudot
a8601a0e5f
portalOpenLinkInNewWindow parameter
2009-12-17 14:10:39 +00:00
Clément Oudot
5b82343808
Reorganize issuer methods in process()
2009-12-16 15:53:49 +00:00
Clément Oudot
578d0a0d59
Add in li classes to enable CSS icon customization in IE 6
2009-12-15 17:21:37 +00:00
Xavier Guimard
dcd4905342
* Update Perl and Debian dependencies, and debian/rules for the new manager
...
* Add pod skeleton for Manager.pm
* correct pod for IssuerDB*
2009-12-13 15:40:33 +00:00
Xavier Guimard
5b2363b959
perltidy
2009-12-11 21:17:06 +00:00
Xavier Guimard
b301a5b5c8
New manager
2009-12-11 18:17:00 +00:00
Xavier Guimard
04ed7be634
exported vars are now asked to the LDAP server (instead of *)
2009-12-10 21:48:43 +00:00
Clément Oudot
5499a042ab
Replace SAML* methods by IssuerDB* methods, allowing use of other IssuerDB modules
2009-12-10 17:03:57 +00:00
Clément Oudot
1f0b9ed10c
First implementation of Auth/UserDB/PasswordDB DBI
2009-12-10 11:30:43 +00:00
Clément Oudot
3faa932908
New userDB module: UserDBEnv, allows to collect environment variable as session elements, very usefull with AuthSSL
2009-12-04 17:01:30 +00:00
Clément Oudot
65387caebe
Do not use allowempty flag in Config::IniFiles (close bug #314539 )
2009-12-04 09:44:37 +00:00
Clément Oudot
9d7e1a85c1
Move default values in setDefaultValues
2009-12-03 13:51:55 +00:00
Clément Oudot
36e8868e31
Add parameter cookieExpiration (close feature request #314368 )
2009-12-03 11:47:50 +00:00
Xavier Guimard
061994cfcc
Debian tests
2009-12-03 10:08:33 +00:00
Clément Oudot
0ea44c2389
Merge storage.conf and localconf.ini in lemonldap-ng.ini
2009-12-02 15:08:35 +00:00
Clément Oudot
70522969f3
Add possibility to use a local configuration file (localconf.ini) to override configuration parameters
2009-11-30 16:46:14 +00:00
Xavier Guimard
7d4a491af3
* Remove class variable in handler (to do later)
...
* little bug in _LDAP
* new parameter singleUserByIp + removeOther() try to purge local cache
2009-11-25 12:38:22 +00:00
Clément Oudot
b972c10a20
Use configuration parameters for portal customization
2009-11-25 08:44:12 +00:00
Clément Oudot
7d255abdef
Move AuthCAS loading in authInit
2009-11-17 15:43:05 +00:00
Xavier Guimard
5f73c30706
Bug if trustedDomains contains more than 1 domain
2009-11-09 15:32:27 +00:00
Xavier Guimard
83e33a90ad
perltidy and licence update
2009-11-07 13:05:50 +00:00
Thomas CHEMINEAU
e2d47ce982
fixe #314458 - add url parameter in URL of CAS portal redirection
2009-11-05 14:25:55 +00:00
Xavier Guimard
95424e487a
* New manager in progress
...
* Strange problem with Net::LDAP in mpm-worker environment (not fixed)
* Clean lock files when using Apache::Session::File
2009-10-30 17:27:36 +00:00
Xavier Guimard
7a04829a08
New portal parameters : singleIP and singleSession
2009-10-21 12:43:13 +00:00
Xavier Guimard
ec15f539b2
Perl warning
2009-10-18 08:52:12 +00:00
Xavier Guimard
655fd9e526
* perltidy
...
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()
2009-10-12 16:55:35 +00:00
Xavier Guimard
bf488752b4
Documentation update
2009-10-12 15:03:29 +00:00
Xavier Guimard
def1d50780
Closes #314192
2009-10-11 11:28:25 +00:00
Xavier Guimard
041fcbe05a
Closes #314369
2009-10-11 11:21:52 +00:00
Xavier Guimard
bf6230c5ac
VERSION 0.9.4.1
2009-10-11 08:13:50 +00:00
Xavier Guimard
49cc593005
'*' for trustedDomains
2009-10-02 16:10:23 +00:00
Xavier Guimard
a8c75750cd
Bug in _Multi.pm : eval { require $mod } means "search the file named $mod", but since $mod is a module name, we have to write eval "require $mod"
2009-09-30 10:59:02 +00:00
Xavier Guimard
112cf4c1e6
Rename "Relay" auth mechanism to "Proxy" and add test
2009-09-27 07:54:05 +00:00
Xavier Guimard
947ee7f7c6
Relay in progress...
2009-09-23 13:35:19 +00:00
Xavier Guimard
48ac5bd591
* New authentication scheme : Relay (queries by SOAP another portal)
...
* syslog facility was not taken in account
* Missing HTTP::Headers dependency
* lmConfigEditor must not display reVHosts and cipher which are calculated by Conf.pm
* bad Apache security in Debian configuration files
2009-09-23 12:42:34 +00:00
Xavier Guimard
444e093004
Bugs :
...
* Crypto was usable only with 16xn characters
* Menu was not able to filter embedded <application>
Google page speed :
* optimize images
* set size
2009-08-20 14:19:40 +00:00
Xavier Guimard
bfebb497a1
Closes : #314163 : testUri() unusable
2009-08-20 14:15:16 +00:00
Xavier Guimard
771bf46a5f
HTTP code 302 has to be replaced by 303
2009-08-18 13:33:36 +00:00
Clément Oudot
0a1c2c95b8
Bug CAS: redirect function was not valid
2009-07-21 13:52:10 +00:00
Xavier Guimard
6c7558cffd
* Better performances for Menu : XML was parsed 2 times
...
* Doc for SympaAutoLogin
* Version update
2009-07-05 11:11:33 +00:00
Xavier Guimard
8965bd6119
* Menu update : application can contains application
...
* update trunk from branch
2009-07-01 08:52:14 +00:00
Clément Oudot
7bd70aec9e
Do not use , as separator as it breaks DN
2009-06-25 07:51:39 +00:00
Xavier Guimard
affdc1f5bc
SOAP configuration access :
...
* Missing SOAP fonction for config access in Portal/_SOAP.pm (lastCfg)
* Common/Conf/SOAP.pm now reports SOAP errors
* Common/Conf.pm reports an error when lastCfg returns 0
* SOAP namespace error in Common/Conf/SOAP.pm
Other :
* error in logout_sso default value (Handler/Simple.pm)
* bad returned value when configuration was missing in Handler/SharedConf.pm
2009-06-23 20:36:44 +00:00
Clément Oudot
f3536d4634
Bug in Webform: tests always returned PE_FORMEMPTY
2009-06-22 14:04:24 +00:00
Clément Oudot
198bcf70bc
Get the timezone of the user and correct checkLogonHours function
2009-06-22 10:01:58 +00:00
Xavier Guimard
36c9aa2409
Change CDA parameter to cda.
2009-06-15 14:13:09 +00:00
Xavier Guimard
0ac63904e7
* New parameter for XSS protection : trustedDomains
...
* parameters test to avoid warnings
* debian/control : missing dependencies
* perltidy
* tests update
2009-06-14 16:43:02 +00:00
Xavier Guimard
e55a4868d3
Beginning 0.9.4 publication works : version update
2009-06-08 16:29:13 +00:00
Clément Oudot
81950e0b52
Remove local groups from UserDBLDAP
2009-06-04 15:37:36 +00:00
Thomas CHEMINEAU
0df6ea67fa
adding extended groups functionality
2009-06-04 15:33:53 +00:00
Clément Oudot
f52b609d0e
Correct errors seen in make test
2009-06-04 14:27:36 +00:00
Clément Oudot
8f423fd276
Move setGroups in UserDB
2009-06-04 09:13:03 +00:00
Clément Oudot
84c02a1c17
Mail customization (plain text only) with parameter mailBody
2009-06-03 16:40:41 +00:00
Clément Oudot
50e88a68a7
Manage X-FORWARDED-FOR with multiple IP
2009-06-03 14:52:22 +00:00
Clément Oudot
9d87ad8532
Use PasswordDBLDAP in Menu
2009-06-02 15:34:13 +00:00
Clément Oudot
15dadc06d0
LEMONLDAP::NG: bugs found with make test
2009-05-29 09:53:07 +00:00
Clément Oudot
75c1f0feae
LEMONLDAP::NG : Reset password by mail (new functionnality)
2009-05-28 16:31:39 +00:00
Clément Oudot
68975eaa40
LEMONLDAP::NG : correct some little bugs seen in 'make test'
2009-05-26 12:24:03 +00:00
Clément Oudot
a38bd3e6c7
LEMONLDAP::NG :
...
* Create UserDBNull to use only Auth module
* Store submitted login (user field) in AuthSessionInfos
* Store password if needed in AuthRemote
2009-05-25 12:59:57 +00:00
Clément Oudot
43988469c7
LEMONLDAP::NG : Manage X-FORWARDED-FOR header for IP (close bug #312340 )
2009-05-20 09:29:52 +00:00
Clément Oudot
0d9eaed6fc
LEMONLDAP::NG :
...
* Correct XSS on user field
* Add "XSS attack detected" log messages
2009-05-19 08:52:27 +00:00
Clément Oudot
565ba83c05
LEMONLDAP::NG :
...
* Verify old password before modify
* Add the "PE_BADOLDPASSWORD" error
* Minor changes in pastel skin
* Erase old default skins
* Move icons to skins/common
2009-05-18 13:53:51 +00:00
Clément Oudot
cae5e6ed98
LemonLDAP::NG :
...
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates
2009-05-14 16:19:49 +00:00
Xavier Guimard
cb494c36d5
Logs as PerlLogHandler in handler and little things
2009-05-06 05:38:20 +00:00
Clément Oudot
eebac0ee3e
LEMONLDAP::NG : checkLogonHours and checkDate in Safelib, and correct bug #313624
2009-04-21 13:24:38 +00:00
Xavier Guimard
051f61b288
Since CGI stores now parameters at the root of the object, param is now redefined in Common/CGI.pm to secure those parameters
2009-04-11 11:16:44 +00:00
Xavier Guimard
294e35cbeb
Error with PPolicy + CleanupHandler not launched
2009-04-11 06:13:28 +00:00
Xavier Guimard
c40c13734e
SAML skeleton in progress...
2009-04-08 16:31:13 +00:00
Xavier Guimard
3ad76f30b2
PPolicy management is now in _LDAP.pm instead of AuthLDAP to be reused by Menu.pm
2009-04-08 10:32:33 +00:00
Xavier Guimard
a98e3ac8bb
SAML skeleton
2009-04-07 20:38:24 +00:00
Xavier Guimard
e15d136398
LDAP_PP_CHANGE_AFTER_RESET was not intercepted with OpenLDAP since bind() is granted in this case.
2009-04-07 08:26:12 +00:00
Xavier Guimard
740ad09f9f
Safelib + LDAPFilter parameter
2009-04-05 08:12:16 +00:00
Xavier Guimard
73fa979c65
'CustomSOAPServices' target in portal
2009-04-04 07:36:42 +00:00
Xavier Guimard
8bc0d20afa
* Portal can now been used as 'proxy' for SOAP session storage.
...
* Session explorer works now with SOAP session storage (very low performances)
2009-04-03 16:17:57 +00:00
Xavier Guimard
b0b971b241
Double session mechanism : 2 cookies are generated, 1 secured, the other not.
...
Handlers detects automatically the cookie to choose.
2009-03-31 10:52:43 +00:00
Xavier Guimard
e5e80709e6
Use Net::LDAP high availability system
...
%ENV was not shared
2009-03-08 17:37:31 +00:00
Xavier Guimard
231f54ddf0
* New authentication and userDB module : 'Multi' to chain authentication modules.
...
* Compilation for ModPerl::Registry by default
2009-03-08 08:50:58 +00:00
Xavier Guimard
6bf8377104
More methods for notification mechanism (to be used by batch that control done notifications)
2009-03-04 08:37:08 +00:00
Xavier Guimard
a4dbbf2ccd
POD
2009-03-03 06:21:52 +00:00
Xavier Guimard
859be3923f
* Doxygen doc update
...
* More tests
* perltidy on tests
2009-02-25 18:10:07 +00:00
Xavier Guimard
6307a00750
Lot of work on Portal SOAP services. Now 5 functions are exported:
...
* getAttributes(cookieValue)
* getConfig()
* getCookies(user,password)
* error(code,language)
* newNotification(xml)
WSDL is up to date but getConfig is not documented since it's a Lemonldap::NG internal service.
2009-02-24 17:53:59 +00:00
Xavier Guimard
20764ad812
New authentication and userDB backend : "Remote" can be used to check authentication from a remote Lemonldap::NG portal using CDA
2009-02-23 17:35:38 +00:00
Xavier Guimard
018bee1fc6
CDA now included in main portal
2009-02-17 15:39:14 +00:00
Xavier Guimard
553058998f
Doxygen comments update
2009-02-17 15:22:42 +00:00
Xavier Guimard
ffb5ee8e33
Doxygen filter modification to show authentication process methods
2009-02-17 14:56:38 +00:00
Xavier Guimard
5803952784
* delete log() method from the portal :
...
* user actions are logged by userNotice() and userError()
* other access are logged by HTTP server
* create authenticate() method in Simple.pm used to launch userNotice() for
all authentication method
2009-02-15 17:58:38 +00:00
Xavier Guimard
b6cdee5d2a
Now userNotice and userError are customizable like subs called by _subProcess
2009-02-15 11:30:25 +00:00
Xavier Guimard
415d23b6e4
User actions are now registered with 3 functions :
...
* log : normal access to the portal
* userNotice : authentications, logout,...
* userError : bad password,...
A new parameter 'syslog => "auth"' can be set to log userNotice and userError via syslog
2009-02-15 08:53:44 +00:00
Xavier Guimard
f1dd28c821
LEMONLDAP::NG : more error reporting
2009-02-14 15:21:58 +00:00
Xavier Guimard
0c18700f65
* cleaning code :
...
* session have not to be recover in Menu since it's done before bu the portal
* accounting in CGIs (ModPerl::Registry context only) :
* used by portal to inform Apache
2009-02-14 08:55:19 +00:00
Xavier Guimard
15e4a17bd8
* Typo in debian/control
...
* Notification/DBI.pm is now running
2009-02-13 09:26:02 +00:00
Xavier Guimard
19e59af4cd
log & debug method lmLog() for CGIs
2009-02-12 19:48:53 +00:00
Clément Oudot
ed55803c04
LEMONLDAP::NG : Abort redirection if ppolicy warnings are present
2009-02-12 17:09:33 +00:00
Xavier Guimard
f8169c1909
Notification system in progress :
...
* File storage is running
* DBI storage has not yet been tested
Documentation update
2009-02-11 16:18:38 +00:00
Xavier Guimard
7c1ff1d938
Versions update
2009-02-10 17:28:27 +00:00
Thomas CHEMINEAU
6b821a21dd
LEMONLDAP::NG : Fixe a bug in libertySignOn function, to retrieve correct providerID
2009-02-09 16:06:41 +00:00
Xavier Guimard
c5a5ba909f
Typo in pod
2009-02-08 19:12:08 +00:00
Xavier Guimard
fbdb9ccb22
LEMONLDAP::NG : * Version is missing in SOAPServer.pm
...
* perltidy on Portal/Simple.pm
2009-02-08 07:59:46 +00:00
Xavier Guimard
6494326e1e
LEMONLDAP::NG : typo
2009-02-06 17:41:23 +00:00
Xavier Guimard
2f9e6da6c1
LEMONLDAP::NG : problem with UTF8 in Notification.pm
2009-02-06 17:32:44 +00:00
Xavier Guimard
1800497815
LEMONLDAP::NG : propagation of 0.9.3.4 changes
2009-02-05 17:05:18 +00:00
Xavier Guimard
a25e10b040
LEMONLDAP::NG : * documentation modification
...
* SOAP service to update notification database
2009-02-03 09:36:13 +00:00
Xavier Guimard
1b6f56699a
LEMONLDAP::NG : Missing file Portal/Notification.pm
2009-02-02 08:53:51 +00:00
Xavier Guimard
85d765a002
LEMONLDAP::NG : WSDL for portal + dependency of Crypt::Rijndael in Debian
2009-02-01 15:38:06 +00:00
Xavier Guimard
21f5808cdf
LEMONLDAP::NG : Notification system is running now (for file storage only). TODO: Soapservice to accept notifications
2009-01-30 15:26:34 +00:00
Xavier Guimard
2540bb36f0
LEMONLDAP::NG : * new feature in devel : notification system
...
* now, there is a shared key that can be use to crypt datas
(used in notification to hide cookie value)
2009-01-28 17:37:10 +00:00
Xavier Guimard
ecb8ccbf96
LEMONLDAP::NG : bug with ldap+tls ( Closes : #312418 )
2009-01-17 19:45:21 +00:00
Xavier Guimard
f143719429
LEMONLDAP::NG : Typo
2009-01-03 08:54:49 +00:00
Xavier Guimard
bfab1a6e3b
LEMONLDAP::NG Doxygen in progress
2008-12-31 15:10:02 +00:00
Xavier Guimard
62b02d49fd
LEMONLDAP::NG : Doxygen documentation in progress
2008-12-30 09:37:56 +00:00
Xavier Guimard
41fe04e8b8
LEMONLDAP::NG : Doxygen documentation in progress...
2008-12-29 10:28:31 +00:00
Xavier Guimard
2e5911ac4e
LEMONLDAP::NG : Doxygen in progress.
2008-12-28 08:36:52 +00:00
Clément Oudot
985bdc2509
LEMONLDAP::NG : don't test url if direct access to portal
2008-12-27 11:00:45 +00:00
Xavier Guimard
228288d43c
LEMONLDAP::NG : Doxygen in progress
2008-12-26 19:18:23 +00:00
Xavier Guimard
13a5a1daab
LEMONLDAP::NG : Doxygen documentation in progress
2008-12-26 17:58:48 +00:00
Xavier Guimard
5483c4451a
LEMONLDAP::NG : * Romanian translation update
...
* perltidy
* test for menu
2008-12-25 14:14:15 +00:00
Xavier Guimard
0d8ab5ea2b
LEMONLDAP::NG : Perl module versions update for CPAN export
2008-12-25 08:04:33 +00:00
Xavier Guimard
78852ac337
LEMONLDAP::NG perltidy
2008-12-24 14:57:23 +00:00
Xavier Guimard
13cdc9b8ec
LEMONLDAP::NG : XSS patch not compatible with logout system
2008-12-24 14:55:44 +00:00
Xavier Guimard
2449e92c2d
LEMONLDAP::NG : A site in the protected domain is accepted in $portal->{urldc} even if the site is not declared in the manager
2008-12-24 09:12:53 +00:00
Xavier Guimard
cc07eae107
LEMONLDAP::NG : customFunctions are now shared in macros, groups, headers and rules
2008-12-11 17:02:02 +00:00
Xavier Guimard
a77e385730
LEMONLDAP::NG : little bug in SOAP error()
2008-12-08 10:56:19 +00:00
Xavier Guimard
16a29be9fa
LEMONLDAP::NG : error display in SOAP
2008-12-07 20:07:52 +00:00
Xavier Guimard
b9ba2337e4
LEMONLDAP::NG : now the portal can be called by browser or by SOAP
2008-12-07 14:12:36 +00:00
Xavier Guimard
68d447b422
LEMONLDAP::NG : typo
2008-12-07 12:15:40 +00:00
Xavier Guimard
53dc4bbbf4
LEMONLDAP::NG : * To avoid XSS, 3 controls :
...
1) url must be base64 encoded
2) urldc is serialized on 1 line ("s/[\r\n]//sg")
3) urldc must not contains '"`\0<
* Common/CGI can now intercept SOAP requests
2008-12-07 09:02:44 +00:00
Xavier Guimard
8b4f38e58c
LEMONLDAP::NG : XSS prevention
2008-12-06 10:26:24 +00:00
Xavier Guimard
66c60cc416
LEMONLDAP::NG : * branche 0.9.2 is missing
...
* ' and " are now filtered in url in Portal.pm
2008-12-06 07:27:35 +00:00
Xavier Guimard
5bbe35cedc
LEMONLDAP::NG : To help Doxygen, we have to use "use base" instead of @ISA when possible
2008-12-04 13:53:05 +00:00
Xavier Guimard
5f552f4085
LEMONLDAP::NG : minnor things
2008-12-03 18:30:57 +00:00
Xavier Guimard
b8905b4247
LEMONLDAP::NG : * bug correction : AuthLDAP can now be used without UserDBLDAP
2008-12-03 16:43:31 +00:00
Clément Oudot
35df5dddb8
LEMONLDAP::NG : Enforce XSS protection by deleting bad urls
2008-12-03 16:41:30 +00:00
Xavier Guimard
24a14caeda
LEMONLDAP::NG : * Security fix : redirections in portal must be in protected sites
...
* perltidy in Manager/Sessions.pm
* Doxygen in progress...
2008-12-03 16:05:27 +00:00
Xavier Guimard
1af1632c72
LEMONLDAP::NG : minor security fix : PE_USERNOTFOUND has not to be used
2008-12-03 13:30:37 +00:00
Xavier Guimard
fbc8b7bfd2
LEMONLDAP::NG : * security fix => XSS
...
* Begin Doxygen documentation
2008-12-03 13:27:30 +00:00
Xavier Guimard
de7edc7387
LEMONLDAP::NG : better manner to delete cookie
2008-12-01 13:39:52 +00:00
Xavier Guimard
d7bbb44924
LEMONLDAP::NG : * change default value for existing sessions : now, it's PE_DONE
...
* after POST and logout, Portal generates a redirection to itself unless an url is given. This help MSIE to relog after logout
2008-12-01 09:36:02 +00:00
Xavier Guimard
96e625a29d
LEMONLDAP::NG : binmod(STDOUT,'utf8') has to be called at each request
2008-11-26 11:20:36 +00:00
Xavier Guimard
ccbb0a12e0
LEMONLDAP::NG : * eval+abort in XML parsing (to avoid die include in XML::LibXML)
...
* Correct use of UTF8 : a apps-list.xml UTF8 encoded was not displayed correctly
2008-11-26 11:11:03 +00:00
Xavier Guimard
d99ef1ba3f
LEMONLDAP::NG : web form in a distinct file
2008-11-24 14:06:54 +00:00
Xavier Guimard
a72eebdd81
LEMONLDAP::NG : Notification system skeleton
2008-11-24 06:57:18 +00:00
Xavier Guimard
2725f06fd3
LEMONLDAP::NG : * Handler/SharedConf.pm is more simple now since it use the new Conf.pm capabilities
...
* CGIs now use abort() instead of die
* debug system in COnf.pm (set "LogLevel debug" in Apache)
2008-11-21 17:51:52 +00:00
Xavier Guimard
63f196078b
LEMONLDAP::NG : die replaced by $self->abort in CGIs
2008-11-21 07:27:08 +00:00
Xavier Guimard
ac87a4b49e
LEMONLDAP::NG : removing old feature : LDAP filter in groups
2008-11-20 18:13:27 +00:00