lemonldap-ng

Author	SHA1	Message	Date
Maxime Besson	14548b9a1f	Remove "new totp" from portal js	2021-06-15 14:54:33 +02:00
Maxime Besson	7b0990addd	Remove totp options from code (#2541 )	2021-06-15 14:54:32 +02:00
Maxime Besson	6f5cd3b645	Fix some undef warnings	2021-06-15 12:40:15 +02:00
Maxime Besson	75b81fcb5a	Fix NameID value when unspecified is requested by SP (#2518 )	2021-06-15 11:27:37 +02:00
Maxime Besson	63cd5ffb40	Revert `652d8ba9bc` See #2482	2021-06-11 08:53:26 +02:00
Christophe Maudoux	86f46ebc5b	Fix some warnings (#2538 )	2021-06-08 23:03:54 +02:00
Maxime Besson	87295178e0	optimize SingleSession to avoid unneeded session fetches (#2536 )	2021-06-04 16:17:18 +02:00
Maxime Besson	b8e8bbcedd	Ignore unknown scopes (#2496 )	2021-06-03 18:24:55 +02:00
Maxime Besson	55cdfefd7b	Workaround for #2472	2021-06-02 15:36:05 +02:00
Maxime Besson	fad337c58c	Add hooks on password change (#2510 )	2021-06-02 11:07:28 +02:00
Maxime Besson	91cfba275a	Skip registration of SAML SP when config has errors (#2525 )	2021-06-02 08:34:02 +02:00
Maxime Besson	71a8fc6d16	Skip registration of CAS App when config has errors (#2525 )	2021-06-02 08:34:02 +02:00
Maxime Besson	e50db3f083	Skip registration of OIDC RP when config has errors (#2525 )	2021-06-02 08:34:01 +02:00
Maxime Besson	cf3809a0de	Add CAS hooks (#2533 )	2021-06-01 11:27:45 +02:00
Maxime Besson	e98aafd6f7	add oidcGenerateCode hook (#2532 )	2021-05-31 11:16:28 +02:00
Maxime Besson	15298466ea	Fix JWT userinfo in Auth::OpenIDConnect (#2529 )	2021-05-31 09:52:02 +02:00
Christophe Maudoux	cf55716825	Allow findUser with UpgradeSession (#1976 )	2021-05-06 23:16:26 +02:00
Yadd	a24ed7bc41	Fix GrantSession rules sort	2021-05-04 15:50:38 +02:00
Christophe Maudoux	de3164fea7	Fix button top margin (#1976 )	2021-05-01 22:35:56 +02:00
Christophe Maudoux	fc481d40d2	Rename param (#1976 )	2021-04-30 22:36:31 +02:00
Maxime Besson	cd97d3b922	Refactor $req->{cspFormAction} (#2513 )	2021-04-23 09:02:24 +02:00
Maxime Besson	a876d978af	Suggest improvement for next major version	2021-04-23 09:02:24 +02:00
Maxime Besson	913ebbd556	fix missing domain in child-src during SAML POST logout (#2513 )	2021-04-23 09:02:24 +02:00
Maxime Besson	5ba0c11b58	Add helper to build CSP host list (#2513 )	2021-04-23 09:02:24 +02:00
Christophe Maudoux	b54c95ccd2	Improve unit tests & Fix regex (#2509 )	2021-04-21 22:14:47 +02:00
Maxime Besson	8695a633a7	Force type of JSON fields in token response (#2511 )	2021-04-20 11:31:32 +02:00
Christophe Maudoux	21ced5dbad	Fix speChars test, typos & display (#2509 )	2021-04-14 13:28:12 +02:00
Maxime Besson	a94fb616bd	Allow admin to disallow host-based match (#2506 )	2021-04-09 17:51:54 +02:00
Maxime Besson	c1e059eeb3	Use authChoiceAuthBasic to select Choice (#2502 )	2021-04-07 16:40:32 +02:00
Christophe Maudoux	64dffcf4d0	Send only technical and exported attributes (#2503 )	2021-04-03 16:46:43 +02:00
Christophe Maudoux	9f77e89f96	Send exported attributes with REST session server & typos (#2503 )	2021-04-02 23:57:30 +02:00
Christophe Maudoux	4751427105	Fix error level & Improve doc (#1976 )	2021-04-01 23:31:48 +02:00
Christophe Maudoux	c0db322ef0	Perl critic	2021-04-01 23:07:58 +02:00
Christophe Maudoux	bcfb075f63	Be more consistent with REST params & Update doc (#1976 )	2021-04-01 22:48:08 +02:00
Christophe Maudoux	654184dd66	Fix bad request (#2501 )	2021-04-01 14:49:44 +02:00
Maxime Besson	297dc830af	Update mail templates to no longer use string substitution (#2495 )	2021-03-31 14:27:23 +02:00
Maxime Besson	d696853556	Factor MAIN_LOGO variable in loadMailTemplate (#2495 )	2021-03-31 14:27:23 +02:00
Christophe Maudoux	89111859a0	Typos (#1976 )	2021-03-30 23:54:06 +02:00
Maxime Besson	20e1f9ded0	Hash JWT to catch tampering (#2419 ) This mechanism's only purpose is to make the introsection endpoint fail to verify the token when the JWT itself has been tampered with.	2021-03-30 16:32:14 +02:00
Maxime Besson	2c8cbbefe6	"xxx is allowed to update 2FA" should be a debug message	2021-03-30 16:32:14 +02:00
Clément OUDOT	55ab4b5a5f	Fix CAS log message on service ticket validation error (#2494 )	2021-03-25 16:33:48 +01:00
Maxime Besson	02b680df30	fix #2489	2021-03-19 16:45:37 +01:00
Maxime Besson	96a667cf2e	clarify REST log messages	2021-03-17 14:24:47 +01:00
Maxime Besson	ca6c98c26c	Allow selection of saml ACS during idp initiated (#2488 )	2021-03-17 14:24:47 +01:00
Maxime Besson	c0f8e8f46b	Skip serializing psgi streams when saving request It can interfere with unit tests in some cases, like #2000	2021-03-15 21:18:08 +01:00
Maxime Besson	44abc1e889	Add hook for client credentials (#2484 )	2021-03-10 15:47:19 +01:00
Maxime Besson	0f626ad94c	Add expiration time to Client Credential sessions (#2481 )	2021-03-03 15:43:18 +01:00
Maxime Besson	a70051e3fe	Remove deprecated base64url implementation All our target distros now have base64url in Mime::Base64	2021-03-03 11:03:19 +01:00
Maxime Besson	bb95e681e6	Tidy	2021-03-03 11:03:19 +01:00
Maxime Besson	e10d1e291c	Return granted scopes if different from requested scopes (#2424 )	2021-03-03 11:03:19 +01:00
Maxime Besson	6b9670c29d	Use computed scopes to fill claims in ID token (#2424 )	2021-03-03 11:03:19 +01:00
Maxime Besson	534745e5a2	Use computer scopes in Implicit/Hybrid responses (#2424 )	2021-03-03 11:03:18 +01:00
Yadd	3883c5abff	Fix vhost regexp (#2477 )	2021-03-02 07:57:21 +01:00
Maxime Besson	4841c7755e	Fix OAuth2 error code when supplying invalid code	2021-02-24 17:48:12 +01:00
Maxime Besson	5a8c20584b	Fix OIDC message when calling technical endpoints with cookies (#2475 )	2021-02-24 17:48:12 +01:00
Maxime Besson	2d7f9e34a6	OIDC: Return error if multiple client auth used (#2474 )	2021-02-24 17:48:12 +01:00
Christophe Maudoux	ff36b81e73	Append accessor to avoid modify conf (#2451 )	2021-02-19 07:44:00 +01:00
Xavier Guimard	b5c0ca94c4	CrowdSec plugin (#2451 )	2021-02-19 07:40:36 +01:00
Christophe Maudoux	057cfb29e8	Improve code (#2458 )	2021-02-18 23:35:25 +01:00
Maxime Besson	cceb6f767e	Use a dedicated function for OIDC error reporting (#2465 )	2021-02-18 22:06:39 +01:00
Christophe Maudoux	5f7981e256	Improve error message & unit test (#2458 )	2021-02-16 22:04:38 +01:00
Christophe Maudoux	1757cf5337	Merge branch 'CheckDevOps-plugin' into 'v2.0' Check DevOps file plugin (#2458) See merge request lemonldap-ng/lemonldap-ng!178	2021-02-16 18:46:19 +00:00
Christophe Maudoux	4583108068	Append download unit test (#2458 )	2021-02-16 14:21:10 +01:00
Christophe Maudoux	1f66e03969	Append an option to download rules.json file from remote server (#2458 )	2021-02-16 12:15:18 +01:00
Maxime Besson	31d0f26174	Clear hook list on configuration reload (#2463 )	2021-02-15 15:13:53 +01:00
Christophe Maudoux	e477a1cef8	Append unit test & Doc (#2458 )	2021-02-15 11:40:46 +01:00
Christophe Maudoux	110974cce4	Display rules (#2458 )	2021-02-12 22:39:34 +01:00
Christophe Maudoux	60cbb6d5f2	Improve code (#2458 )	2021-02-12 19:31:11 +01:00
Christophe Maudoux	3bee740125	display headers (#2458 )	2021-02-12 19:25:55 +01:00
Christophe Maudoux	6e1efc8bb5	WIP: CheckDevOps plugin skeleton (#2458 )	2021-02-12 18:11:37 +01:00
Maxime Besson	4408852d33	tidy	2021-02-12 18:10:53 +01:00
Maxime Besson	424cf91e88	Fix error message on missing template dir (#2460 )	2021-02-12 18:10:53 +01:00
Christophe Maudoux	4515768513	Display explicit error message (#2329 )	2021-02-10 22:27:12 +01:00
Christophe Maudoux	3e02682635	Update version	2021-02-09 23:06:36 +01:00
Maxime Besson	7db988b5a1	Improve some SAML error messages (#2349 )	2021-02-08 11:50:24 +01:00
Christophe Maudoux	55071d5210	Keep old behavior if no JS (#1976 )	2021-02-05 18:05:59 +01:00
Maxime Besson	a1ed57c035	Add typ header to access token jwt (#2419 )	2021-02-03 09:43:35 +01:00
Christophe Maudoux	635e75c1b6	Perl critic	2021-02-01 22:30:37 +01:00
Maxime Besson	1cd7dd3d2c	Add hook for access token JWT payload (#2419 )	2021-02-01 18:20:32 +01:00
Maxime Besson	d86e8ce0df	Refactor: remove extractJWT	2021-02-01 18:20:32 +01:00
Maxime Besson	cb04670003	Refactor checksignature	2021-02-01 18:20:32 +01:00
Maxime Besson	09dda56cb8	Refactor: rename method in issuer	2021-02-01 18:20:32 +01:00
Maxime Besson	d63017cffc	Refactor: use new functions in Auth	2021-02-01 18:20:32 +01:00
Maxime Besson	cd3c2678db	Refactor: rename variable	2021-02-01 18:20:32 +01:00
Maxime Besson	435ba82144	Refactor: rename and move getJWTJSONData	2021-02-01 18:20:32 +01:00
Maxime Besson	6aef1a6317	Refactor: getUserInfo now returns a hash	2021-02-01 18:20:32 +01:00
Maxime Besson	f3c97c22dc	Refactor access token id lookup into Common::JWT	2021-02-01 18:20:32 +01:00
Maxime Besson	aa877cf0a3	Let newAccessToken emit JWT (#2419 )	2021-02-01 18:15:55 +01:00
Maxime Besson	dc0bacd6f0	Accept Access Tokens in JWT format (#2419 )	2021-02-01 18:15:55 +01:00
Maxime Besson	acaaf1c749	Refactor buildUserInfo (#2419 )	2021-02-01 18:15:55 +01:00
Maxime Besson	dbddddfba1	Refactor newAccessToken (#2419 )	2021-02-01 18:15:55 +01:00
Maxime Besson	5303b4fc3e	Fix error format when sending an expired refresh token	2021-02-01 18:15:55 +01:00
Maxime Besson	090fad7475	Add warning when hook stack encounters error	2021-02-01 18:15:55 +01:00
Maxime Besson	4c1f49a90f	Use dynamic scope in issuer (#2424 )	2021-02-01 16:25:35 +01:00
Maxime Besson	5562d8b1dd	Add a function to resolve allowed scopes from rules (#2424 )	2021-02-01 16:25:35 +01:00
Maxime Besson	c30b452aa3	Load dynamic scopes from config (#2424 )	2021-02-01 16:25:35 +01:00
Christophe Maudoux	8017725caa	Code refactoring	2021-01-31 00:07:34 +01:00
Christophe Maudoux	ea80b4df0e	Use Ajax request (#1976 )	2021-01-30 23:22:03 +01:00
Clément OUDOT	d4ae146fd6	Update version in main modules	2021-01-30 18:32:52 +01:00
Christophe Maudoux	01721d5793	Append warning in log & code refactoring ("1976)	2021-01-30 18:22:13 +01:00
Maxime Besson	c844cc25b0	Fix SAML logout propagation with Redirect binding (#2449 )	2021-01-29 09:45:50 +01:00
Maxime Besson	84684b3b5b	Avoid loading plugins when their config is an empty hash (#2448 )	2021-01-28 11:42:36 +01:00
Xavier Guimard	39518079d5	Clean "afterSub" and "aroundSub" during reload (#2448 )	2021-01-27 17:30:54 +01:00
Xavier Guimard	4455f13976	Clean "afterSub" and "aroundSub" during init (#2448 )	2021-01-27 15:28:34 +01:00
Christophe Maudoux	d2e35df987	Test required select values & Append unit test (#1976 )	2021-01-24 19:07:58 +01:00
Christophe Maudoux	54f41f10ea	Test allowed select values (#19786 )	2021-01-24 18:17:36 +01:00
Christophe Maudoux	24cec1e08f	Fix warning	2021-01-23 23:27:46 +01:00
Christophe Maudoux	54b9e0d87b	Sort values (#1976 )	2021-01-23 23:20:50 +01:00
Christophe Maudoux	377fe4796c	Update version (#1976 )	2021-01-23 23:11:57 +01:00
Christophe Maudoux	1a3ea8685e	Improve code (#1976 )	2021-01-23 23:07:21 +01:00
Christophe Maudoux	7c3955b2aa	Allow input type select with FindUser (#1976 )	2021-01-23 23:00:23 +01:00
Christophe Maudoux	5d56a88ff3	Use strict & Typo	2021-01-23 18:57:24 +01:00
Christophe Maudoux	7d232b43fd	Append unit Combination unit test (#1976 )	2021-01-23 18:56:19 +01:00
Christophe Maudoux	d6e351ab90	Tidy	2021-01-19 22:45:05 +01:00
Christophe Maudoux	a8174d58a7	Typo	2021-01-19 22:24:17 +01:00
Maxime Besson	5b4e533f44	Add _scope and _clientID to portal (#1987 )	2021-01-19 17:06:21 +01:00
Maxime Besson	25fb8ca0f0	Implement client credentials grant (#1987 )	2021-01-19 17:06:21 +01:00
Maxime Besson	5e439b2f24	Advertise client credentials grant (#1987 )	2021-01-19 16:47:21 +01:00
Maxime Besson	dd5e9ec156	Tidy	2021-01-19 16:44:06 +01:00
Christophe Maudoux	aad6244997	Merge branch 'v2.0' into findUser	2021-01-18 12:05:04 +01:00
Clément OUDOT	8663c0104c	Update version in main modules for 2.0.10	2021-01-17 16:56:51 +01:00
Christophe Maudoux	cd37ccc35c	Merge branch 'v2.0' into findUser	2021-01-14 22:39:02 +01:00
Christophe Maudoux	f426064093	Comment no strict refs pragma (#2436 )	2021-01-14 22:37:17 +01:00
Christophe Maudoux	f4ea214056	No strict refs (#2436 )	2021-01-08 20:31:33 +01:00
Christophe Maudoux	7ebca3633c	No strict refs (#2436 )	2021-01-08 20:09:00 +01:00
Christophe Maudoux	e4444c907f	Append CheckUser normalized headers option & Improve unit test (#2436 )	2021-01-08 18:38:05 +01:00
Maxime Besson	6517718f26	Add an option to force getUser before LDAP password change (#714 )	2021-01-08 15:09:19 +01:00
Maxime Besson	9d24e5f0d5	Fix logging (#714 )	2021-01-07 18:49:58 +01:00
Christophe Maudoux	a93a85435d	Improve debug msg	2021-01-07 10:04:15 +01:00
Christophe Maudoux	bd1a0bf6da	Fix regex (#1976 )	2021-01-07 09:54:00 +01:00
Christophe Maudoux	d14fae87ce	Append conf test & REST init test & set default values (#2176 )	2021-01-06 23:10:09 +01:00
Christophe Maudoux	a76bf37c29	Tidy (#1976 )	2021-01-05 22:52:21 +01:00
Christophe Maudoux	39528ef1c3	Control parameters (#1976 ) & Improve unit tests	2021-01-05 22:46:35 +01:00
Christophe Maudoux	1c45e8a8c0	Merge branch 'v2.0' into findUser	2021-01-05 22:14:28 +01:00
Christophe Maudoux	846d6a3655	Allow wildcard with searching parameters (#1976 ) & Improve unit tests	2021-01-05 22:08:48 +01:00
Maxime Besson	127aa91a8f	Merge branch 'feature-cas-service-url-2321' into 'v2.0' Feature cas service url 2321 See merge request lemonldap-ng/lemonldap-ng!175	2021-01-05 18:49:24 +01:00
Maxime Besson	402a39a176	Merge branch 'feature-password-change-combination-714' into 'v2.0' Add Password::Combination See merge request lemonldap-ng/lemonldap-ng!174	2021-01-05 18:35:57 +01:00
Maxime Besson	7ffaa3f9ff	Fix Twitter authentication when coming from Issuers (#2426 )	2021-01-05 18:33:09 +01:00
Maxime Besson	2a805e06b9	Match CAS service via prefix (#2331 )	2021-01-05 17:34:57 +01:00
Maxime Besson	e78f8a2270	Refactor CAS code (#2321 )	2021-01-05 17:34:57 +01:00
Maxime Besson	6b24492e33	Allow override of userDB in Password::Combination (#714,#716)	2021-01-04 21:31:34 +01:00
Maxime Besson	fa3129465b	New Password::Combination module (#714,#716)	2021-01-04 21:31:34 +01:00
Maxime Besson	5ed0677d35	Fix password update in session (#2430 )	2021-01-04 21:16:52 +01:00
Christophe Maudoux	554daba5fe	Allow multi-valued excluding parameters (#1976 )	2021-01-04 20:23:42 +01:00
Christophe Maudoux	fc6ea96954	FindUser with combination (#1976 )	2021-01-03 19:00:20 +01:00
Christophe Maudoux	e1de8e34c2	Merge branch 'v2.0' into findUser	2021-01-02 22:55:45 +01:00
Christophe Maudoux	c2c02b4c86	Append REST UserDB unit test (#1976 )	2021-01-02 22:50:56 +01:00
Christophe Maudoux	994ccfae30	Append REST findUser URL parameter (#1986 )	2021-01-02 20:22:33 +01:00
Christophe Maudoux	de1be30176	Fix other Backend (#1976 )	2021-01-02 19:21:16 +01:00
Christophe Maudoux	b075082970	REST Backend (#1976 )	2021-01-02 18:59:30 +01:00
Maxime Besson	49905d4759	Remove debug log	2020-12-30 16:34:40 +01:00
Christophe Maudoux	a1700369c5	Merge branch 'v2.0' into findUser	2020-12-29 14:59:36 +01:00
Maxime Besson	4eeef91588	Add SAML ACS to environment (#2427 )	2020-12-29 14:17:06 +01:00
Christophe Maudoux	c2342336c2	Merge branch 'v2.0' into findUser	2020-12-27 23:39:54 +01:00
Christophe Maudoux	597455dfcf	FindUser with LDAP & AD & Append unit test (#1976 )	2020-12-27 23:37:40 +01:00
Christophe Maudoux	072f68004a	Improve debug log & unit tests (#1976 )	2020-12-27 18:03:08 +01:00
Christophe Maudoux	0b750fb6cc	Append Choice unit tests (#1976 )	2020-12-27 14:24:15 +01:00
Christophe Maudoux	c0f71ee0f1	Fix FindUSer with Choice (#1976 )	2020-12-27 13:29:10 +01:00
Christophe Maudoux	406fdbc54b	Append unit test if Impersonation is missing (#1976 )	2020-12-26 15:27:25 +01:00
Christophe Maudoux	3219673375	Append unit test with token & Fix error code (#1976 )	2020-12-26 14:30:38 +01:00
Christophe Maudoux	23e52fcec2	Append Demo UserDB unit test & Fix code (#1976 )	2020-12-26 14:30:38 +01:00
Christophe Maudoux	f956810e48	Redirect to Portal (#1976 )	2020-12-23 22:47:08 +01:00
Christophe Maudoux	0236dc00d6	Removing workaround with MailPasswordReset	2020-12-23 14:57:55 +01:00
Christophe Maudoux	60ce68ce23	Use OTT (#1976 )	2020-12-23 14:50:36 +01:00
Christophe Maudoux	77c25b98cf	FindUser DBI & Append unit test (#1976 )	2020-12-22 22:51:37 +01:00
Christophe Maudoux	510a1dc1c2	WIP: UserDB findUser (#1976 )	2020-12-22 17:02:51 +01:00
Christophe Maudoux	9dcf70a5ef	Code cleaning	2020-12-22 14:05:22 +01:00
Christophe Maudoux	e7baa348ba	Update lang & conf test (#1976 )	2020-12-21 22:31:29 +01:00
Christophe Maudoux	fc4024f024	Return parameters (#1976 )	2020-12-21 21:35:44 +01:00
Christophe Maudoux	bfcdd370df	Merge branch 'v2.0' into findUser	2020-12-21 21:11:55 +01:00
Maxime Besson	ed0be42c93	Merge branch 'WIP-plugin-hooks-2359' into 'v2.0' Plugin hook system to extend issuers (and maybe more) See merge request lemonldap-ng/lemonldap-ng!166	2020-12-21 16:35:03 +01:00
Maxime Besson	e05a167937	Handle missing nameid (#2420 )	2020-12-21 11:05:00 +01:00
Christophe Maudoux	a259566eb1	Excluding parameters (#1976 )	2020-12-20 23:49:46 +01:00
Christophe Maudoux	86bbb70b89	Skip empty values (#1976 )	2020-12-20 23:04:07 +01:00
Christophe Maudoux	4d04672c20	WIP: FindUser skeleton (#1976 )	2020-12-20 22:54:35 +01:00
Christophe Maudoux	512045c528	Fix conf test (#2243 )	2020-12-20 17:29:13 +01:00
Christophe Maudoux	7be0240389	Update default values & Tidy (#2243 )	2020-12-16 22:58:01 +01:00
Christophe Maudoux	652d8ba9bc	Prevent authentication on backend if account is locked (#2243 )	2020-12-16 22:49:41 +01:00
Christophe Maudoux	2dde8672d5	Fix unit tests warning (#2406 )	2020-12-11 00:10:22 +01:00
Maxime Besson	442203685f	checkState: fix perl error when testing a user account (#2413 )	2020-12-09 18:01:02 +01:00
Maxime Besson	8793a5b6a1	Fix storage of LDAP attributes with a value of 0 (#2403 )	2020-12-07 17:49:21 +01:00
Maxime Besson	c6d20ca8b3	Fix init of ::Portal::Password::LDAP (#2410 )	2020-12-07 16:59:48 +01:00
Maxime Besson	9ba6938e90	Show a friendlier error message when a module fails init (#2410 )	2020-12-07 16:59:48 +01:00
Christophe Maudoux	c2266720f9	Unauthenticated logout request with route & improve unit test (#2342 )	2020-12-06 11:21:11 +01:00
Christophe Maudoux	41889e5ee2	Append unit test (#2342 )	2020-12-05 20:37:50 +01:00
Christophe Maudoux	b2306cc8ad	Unauthenticated logout (#2342 )	2020-12-05 19:31:23 +01:00
Clément OUDOT	426555effe	Use a specific parameter for mail 2F session key (#2406 )	2020-12-03 19:59:36 +01:00
Christophe Maudoux	421929d081	Hide valued headers only (#2398 )	2020-12-01 20:49:42 +01:00
Clément OUDOT	8211850be7	Better userLogger messages for password change (#2393 )	2020-11-29 18:02:13 +01:00
Christophe Maudoux	32d52b96d8	Append an option to obfuscate some headers value (#2398 )	2020-11-27 23:09:18 +01:00
Maxime Besson	699679a8e0	Documentation for #2359	2020-11-27 14:00:58 +01:00
Maxime Besson	f49c1adf17	add oidcGenerateIDToken hook (#2359 )	2020-11-27 14:00:58 +01:00
Maxime Besson	daef0cf776	add oidcGenerateUserInfoResponse hook (#2359 )	2020-11-27 14:00:58 +01:00
Maxime Besson	faadb3f059	add oidcGotRequest hook (#2359 )	2020-11-27 14:00:58 +01:00
Maxime Besson	c19be1d501	Tidy SAML issuer (#2359 )	2020-11-27 14:00:58 +01:00
Maxime Besson	a706f8a470	add samlBuildLogoutResponse hook (#2359 )	2020-11-27 14:00:58 +01:00
Maxime Besson	ddc43f7c9c	add samlGotLogoutRequest hook (#2359 )	2020-11-27 14:00:58 +01:00
Maxime Besson	2dba11e6b3	Add samlBuildAuthnResponse hook (#2359 )	2020-11-27 14:00:58 +01:00
Maxime Besson	de1d6e205b	Add samlGotAuthnRequest hook (#2359 )	2020-11-27 14:00:58 +01:00
Maxime Besson	f0dbb28866	Add Hook system for plugins (#2359 )	2020-11-27 14:00:58 +01:00
Christophe Maudoux	7a7751e569	Code refactoring & typos (#2334 )	2020-11-25 21:59:49 +01:00
Christophe Maudoux	b04bb6ab84	Test if Vhost is HTTP or HTTPS & improve unit test (#2386 )	2020-11-25 19:09:33 +01:00
Christophe Maudoux	f963afd812	Logs more explicit (#2334 )	2020-11-25 17:17:36 +01:00
Christophe Maudoux	0a4fabb4e4	Use strict & fix warnings	2020-11-21 19:24:04 +01:00
Christophe Maudoux	6060a54536	Use whatToTrace in log (#2393 )	2020-11-19 21:51:58 +01:00
Christophe Maudoux	a19d229cd3	Use whatToTrace in log (#2393 )	2020-11-19 21:28:52 +01:00
Christophe Maudoux	0294df1cc8	URI are case sensitive (#2386 )	2020-11-17 22:03:55 +01:00
Christophe Maudoux	df99148b68	Fix wildcarded VHost & improve unit test (#2386 )	2020-11-17 22:03:55 +01:00
Christophe Maudoux	dfc68f9f98	Use Mouse instead of Exporter	2020-11-16 21:54:54 +01:00
Maxime Besson	8f1b30b6d0	Return an error if http session could not be found (#2382 )	2020-11-16 18:38:53 +01:00
Maxime Besson	0263865faa	Add CORS headers to error pages (#2380 )	2020-11-12 14:34:16 +01:00
Christophe Maudoux	231ec50d63	Fix protocol in log	2020-11-10 10:47:14 +01:00
Christophe Maudoux	91907eba90	Improve & fix AD backend (#2377 )	2020-11-09 17:50:15 +01:00
Christophe Maudoux	c742d8320e	Set user and oldpassword fields into reset password form & Improve unit tests (#2377 )	2020-11-09 13:27:16 +01:00
Maxime Besson	fa2301ab0e	Force OIDC claim types according to config (#2330 )	2020-11-06 19:00:52 +01:00
Xavier Guimard	893385d007	Replace application/javascript by application/json (Fixes #2376 )	2020-11-06 17:58:41 +01:00
Clément OUDOT	fa0f043f18	Check internal refresh result (#2375 )	2020-11-05 12:26:35 +01:00
Maxime Besson	d63a55d619	Check Kerberos domain against optional whitelist (#2372 )	2020-11-05 10:38:47 +01:00
Clément OUDOT	18c1a753ad	Remove space from generated login in register process (#2373 )	2020-11-04 21:10:09 +01:00
Christophe Maudoux	31ff8484bb	Tidy	2020-11-04 17:02:07 +01:00
Christophe Maudoux	20f5f467dd	Typos (#2368 )	2020-11-04 16:12:04 +01:00
Christophe Maudoux	50f01e2cbe	Remove cookie & code refactoring (#2368 )	2020-11-04 13:49:51 +01:00
Maxime Besson	1de41224f8	Avoid memory leaks in $req->steps (#2369 )	2020-11-02 23:22:04 +01:00
Clément OUDOT	8c1f5c6d50	Launch adaptative authentication plugin just before storing session values (#2336 )	2020-11-02 15:56:19 +01:00
Xavier Guimard	6990a4a0c0	Set "secure" to StayConnected cookie	2020-11-01 08:15:09 +01:00
Christophe Maudoux	0469d36aec	Update version & tidy (#2366 )	2020-10-31 23:55:41 +01:00
Christophe Maudoux	d8114e0e16	Submit 2FA with StayConnected plugin (#2366 )	2020-10-31 23:20:18 +01:00
Christophe Maudoux	7ac2a0da80	Allow to check last logins with stayConnected plugin & improve unit test (#2365 )	2020-10-31 22:10:14 +01:00
Christophe Maudoux	b869b59da7	Avoid assignment (#2360 )	2020-10-30 12:55:39 +01:00
Maxime Besson	367f1bc5ad	Add LDAP IO timeout (#2267 )	2020-10-27 16:01:39 +01:00
Christophe Maudoux	e704fe24ea	Fix warning if no path given & code refactoring	2020-10-26 19:21:54 +01:00
Christophe Maudoux	90c8c2ba86	Improve messages (#2332 )	2020-10-16 23:27:06 +02:00
Christophe Maudoux	da9dc04657	redirect user to 2fregisters after reAuthn process (#2332 )	2020-10-14 22:02:57 +02:00
Christophe Maudoux	a86bf488c4	Test if a skip option is enabled (#2352 )	2020-10-13 22:30:06 +02:00
Christophe Maudoux	929e00e91a	Display button only if upgradeSession plugin is enabled (#2332 )	2020-10-12 22:32:05 +02:00
Christophe Maudoux	f6eb9e5c1a	Improve unit test (#2332 )	2020-10-12 22:16:36 +02:00
Christophe Maudoux	605d724453	Improve GUI & unit tests (#2332 )	2020-10-12 19:24:52 +02:00
Christophe Maudoux	d76438b1e8	Update langs & error code (#2238 )	2020-10-12 15:16:55 +02:00
Christophe Maudoux	9245fc4ee1	Append unit test (#2338 )	2020-10-12 14:55:46 +02:00
Christophe Maudoux	01031d8c4f	Code refactoring (#2339 )	2020-10-10 19:47:55 +02:00
Maxime Besson	fcb8e6b3c5	Use keepalive for LDAP connections (#2344 )	2020-10-09 12:22:28 +02:00
Maxime Besson	5606d0ed6f	Add support for SHA384 and SHA512 (#2322 )	2020-10-07 15:31:57 +02:00
Maxime Besson	1234d5294f	Let users override default SAML signature method (#2319 )	2020-10-07 15:31:27 +02:00
Christophe Maudoux	cd02b8023e	Fix warning (#2332 )	2020-10-05 20:45:05 +02:00
Christophe Maudoux	352b97f681	Append option to modify 2FA during context switching (#2338 )	2020-10-04 21:18:09 +02:00
Christophe Maudoux	da91097969	Improve fix (#2332 )	2020-10-04 19:32:10 +02:00
Christophe Maudoux	a8343ac7be	Test authLevel before removing 2F device (#2332 )	2020-10-04 19:29:31 +02:00
Clément OUDOT	16211e5573	Remove unused sort rule (#2336 )	2020-10-04 17:05:16 +02:00
Clément OUDOT	2c9ef41c2c	Use whatToTrace (#2336 )	2020-10-04 17:02:55 +02:00
Clément OUDOT	fd5170c945	Use buildRule (#2336 )	2020-10-04 16:59:21 +02:00
Christophe Maudoux	b573dbb789	Better fix and improve unit test (#2337 )	2020-10-04 11:35:26 +02:00
Christophe Maudoux	452594dbb5	Revert "Avoid to create persistentSession during switching process" This reverts commit `5707f40c5a`.	2020-10-03 13:05:51 +02:00
Christophe Maudoux	cb0fed8e13	Prevent to update SFA if impersonation is in progress (#2337 )	2020-10-03 11:58:49 +02:00
Christophe Maudoux	5707f40c5a	Avoid to create persistentSession during switching process	2020-10-02 21:41:07 +02:00
Christophe Maudoux	055ec69b92	Code cleaning & refactoring	2020-10-02 20:40:41 +02:00
Clément OUDOT	6cccea0e46	First version of adaptative authentication level plugin (#2336 )	2020-10-02 15:05:15 +02:00
Christophe Maudoux	4ecce4726b	Remove corrupted sessions (#2334 )	2020-09-30 21:39:09 +02:00
Maxime Besson	89ec2b09b1	Improve SMTP error reporting (#2293 )	2020-09-16 17:29:49 +02:00
Maxime Besson	1db67d735a	Put mail transport code in Common so the manager can use it (#2293,#2304)	2020-09-16 17:27:00 +02:00
Christophe Maudoux	6d5ff2468b	Typo	2020-09-16 11:17:14 +02:00
Christophe Maudoux	d57c314abe	Code refactoring (#2314 )	2020-09-15 22:24:21 +02:00
Christophe Maudoux	1a73f7ab7f	Append rule & fix userData (#2314 & #2315 )	2020-09-15 14:13:34 +02:00
Xavier Guimard	5b22310eab	Log IP address in auth combination failures Fixes: #2317	2020-09-15 11:22:13 +02:00
Xavier Guimard	e110517942	Fix misspelled parameter in call to ldap->search() (Fixes: #2310 )	2020-09-10 08:40:23 +02:00
Maxime Besson	d31a14c303	Avoid accidentally creating an empty session (#2262 )	2020-09-09 12:05:09 +02:00
Maxime Besson	277e0872fa	Fix missing session timeouts (#2262 )	2020-09-09 12:04:17 +02:00
Maxime Besson	d598513504	Fix warning when resolving cas target authlevel (#2309 )	2020-09-09 10:37:00 +02:00
Maxime Besson	f9c7d0bdf7	saml proxy logout: Delay info until we return from idp (#2262 )	2020-09-08 17:25:11 +02:00
Maxime Besson	683b5a7861	Resume logout when returning from Auth::SAML IDP (#2262 )	2020-09-08 15:47:58 +02:00
Maxime Besson	24297aa942	Redirect to external provider for logout (#2262 )	2020-09-08 14:16:49 +02:00
Maxime Besson	8b5ddf6e43	Perform authLogout step during SAML SLO (#2262 )	2020-09-08 14:16:49 +02:00
Maxime Besson	3816fac9b6	Allow user to disable sig validation during SOAP SLO (#2262 )	2020-09-08 14:16:27 +02:00
Christophe Maudoux	059b2b13f1	Merge branch 'v2.0' into 2266	2020-09-07 18:56:37 +02:00
Clément OUDOT	f835f3d36f	Update version in modules	2020-09-06 19:58:58 +02:00
Maxime Besson	3771ead3db	Make LDAP auth/userdb/pass modules use ldapVerify (#2250 )	2020-09-05 12:21:37 +02:00
Xavier Guimard	c8df084247	Update versions	2020-09-04 17:59:00 +02:00
Maxime Besson	66c68f6056	Merge branch 'feature-delayed-2fa-2124' into 'v2.0' Delay 2FA until required by an application See merge request lemonldap-ng/lemonldap-ng!147	2020-09-04 17:40:46 +02:00
Maxime Besson	f9cdb5497a	Only clean _url part of pdata when redirecting to issuer (#1878,#2124)	2020-09-04 17:17:04 +02:00
Maxime Besson	b2bfa38d5a	Handle errors when no 2FA is available during upgrade (#2124 )	2020-09-04 17:17:04 +02:00
Maxime Besson	eb191be72e	Add error message when no sf available during upgrade (#2124 )	2020-09-04 17:17:02 +02:00
Maxime Besson	f69babadef	Differentiate renew and upgrade in Upgrade plugin (#2124 )	2020-09-04 17:16:11 +02:00
Maxime Besson	1cf1990fe2	Add portal code for session upgrade	2020-09-04 17:15:34 +02:00
Maxime Besson	bd110e7de6	cas issuer: check auth level and reauth if insufficient (#2124 )	2020-09-04 17:15:34 +02:00
Maxime Besson	ce5c19e3f4	saml issuer: check auth level and reauth if insufficient (#2124 )	2020-09-04 17:15:34 +02:00
Maxime Besson	7a36489b73	oidc issuer: check auth level and reauth if insufficient (#2124 )	2020-09-04 17:15:34 +02:00
Maxime Besson	e811ea3b2d	Skip 2FA if target level is enough (#2124 )	2020-09-04 17:15:34 +02:00
Maxime Besson	ef6b8587ee	Remember target authlevel in handler (#2124 )	2020-09-04 17:14:05 +02:00
Maxime Besson	8bfa5179cc	Issuers: Store required auth level in pdata (#2124 )	2020-09-04 17:14:04 +02:00
Clément OUDOT	e86293e165	Merge branch 'v2.0' of gitlab.ow2.org:lemonldap-ng/lemonldap-ng into v2.0	2020-09-04 16:14:37 +02:00
Clément OUDOT	828ecd7bfb	Show password form with change password after reset (#2307 )	2020-09-04 16:14:17 +02:00
Maxime Besson	ffb7c7430d	Fix encoding workaround in recursive group search (#2306 )	2020-09-03 15:59:18 +02:00
Christophe Maudoux	05096327c0	Re-order menu & Update langs (#2266 )	2020-08-29 22:50:29 +02:00
Christophe Maudoux	01beb5d48b	Allow all special chars (#2266 )	2020-08-29 22:12:09 +02:00
Christophe Maudoux	7a9020ff25	Modify type (#2266 )	2020-08-29 20:13:11 +02:00
Christophe Maudoux	0a4812203c	Allowed all special chars and rule to disable local password policy (#2266 )	2020-08-29 19:08:47 +02:00
Christophe Maudoux	b4222b50f3	Tidy & Update doc	2020-08-28 23:50:57 +02:00
Christophe Maudoux	779fd983e5	Typo (#2302 )	2020-08-28 21:56:54 +02:00
Christophe Maudoux	317172c8ac	Fix unit tests (#2276 )	2020-08-28 14:44:03 +02:00
Christophe Maudoux	525eab006d	Improve unit test (#2276 )	2020-08-28 10:41:40 +02:00
Christophe Maudoux	8b6ab584cf	WIP: Update langs & append conf test (#2276 )	2020-08-27 14:38:11 +02:00
Christophe Maudoux	4d52fedfe5	WIP - Incremental tempo	2020-08-25 22:58:47 +02:00
Maxime Besson	c5900ece14	Kerberos: fail with an explicit message on NTLM ticket (#2295 )	2020-08-25 20:01:28 +02:00
Clément OUDOT	f158961fa6	Fix bad reference usage on hash	2020-08-25 00:27:06 +02:00
Christophe Maudoux	e84b29aca4	Display special chars password policy with expired password form (#2289 )	2020-08-24 22:43:15 +02:00
Maxime Besson	a7b09f8dbb	Auth::SAML: fix warning on empty session index (#2291 )	2020-08-24 17:24:55 +02:00
Maxime Besson	5e78464d7f	Resolve nameid session attribute from local macros (#2280 )	2020-08-17 22:06:09 +02:00
Maxime Besson	9ac49b881a	Lookup casAppMetaDataOptionsUserAttribute in per-app macros (#2280 )	2020-08-17 22:06:09 +02:00
Maxime Besson	52c6edb453	Lookup oidcRPMetaDataOptionsUserIDAttr in per-RP macros (#2280 )	2020-08-17 22:06:09 +02:00
Maxime Besson	4497f39efe	Factor psession id calculation into Common	2020-08-17 18:43:29 +02:00
Maxime Besson	26cd1945fb	Try to compute the correct value of SameSite by default (#2281 )	2020-08-17 18:05:09 +02:00
Maxime Besson	7a02fdf8e5	rollback `caa346d075` (#2179 ) No longer needed since #2261	2020-08-12 09:49:14 +02:00
Maxime Besson	9d9e16e3f9	Remove setAuthSessionInfo from refresh process (#2261 )	2020-08-12 09:49:14 +02:00
Christophe Maudoux	ca514f69e5	Fix version (#2274 )	2020-08-11 22:43:32 +02:00
Christophe Maudoux	08ad68824e	Fix 500 error (#2274 )	2020-08-11 22:03:32 +02:00
Maxime Besson	b2a2575896	Fix incorrect SOAP content type in SAML issuer (#2263 )	2020-08-10 15:06:00 +02:00
Maxime Besson	9aa3b9b03f	Add correct secure flag to pdata cookie (#2272 )	2020-08-10 12:10:33 +02:00
Maxime Besson	a96820d6f6	Set secure flag when removing cookie (#2272 )	2020-08-10 12:10:33 +02:00
Christophe Maudoux	a1ebb0ee02	Fix ContextSwitching redirect & update unit tests (#2273 )	2020-08-08 20:00:41 +02:00
dcoutadeur	0045daa592	fix increase log level for mail sending and password reset (#2265 )	2020-07-28 15:04:55 +02:00
Clément OUDOT	d1418952eb	Convert mutli-valued attributes into arrays for OIDC UserInfo (#2256 )	2020-07-16 20:19:41 +02:00
Clément OUDOT	c5db3bc8bd	Add country to address claim (#2257 )	2020-07-16 19:58:53 +02:00
Baptiste Pecatte	5fbf7ae533	Remove useless variable	2020-07-05 13:11:28 +02:00
Baptiste Pecatte	2816bed66e	Add host to logs for use with fail2ban	2020-07-05 13:11:28 +02:00
Maxime Besson	5df1850847	Add cache-control headers to sendJSONresponse (#2234 )	2020-06-24 15:49:50 +02:00
Clément OUDOT	e544ee7778	Adapt user log in SAML issuer (#2244 )	2020-06-18 18:40:13 +02:00
Clément OUDOT	5d5eda9799	Adapt user log in CAS issuer (#2244 )	2020-06-18 18:39:53 +02:00
Clément OUDOT	0b3908e6dc	Add user log in GET issuer (#2244 )	2020-06-18 18:01:33 +02:00
Clément OUDOT	2da914cc90	Publish support for refresh_token grant_type (#2242 )	2020-06-18 09:43:56 +02:00
Clément OUDOT	7d327f0e2e	Do not remove mail token before form has been submitted (#2239 )	2020-06-17 16:29:31 +02:00
Christophe Maudoux	b86c3431c2	Append setSession info step (#2172 )	2020-06-07 13:25:07 +02:00
Christophe Maudoux	b04b2076de	Preserve real_hGroups (#2229 )	2020-06-06 23:27:37 +02:00
Maxime Besson	568c28d707	Fix REST clock tolerance (#2225 ) plus a bit of refactoring	2020-06-03 10:47:37 +02:00
Maxime Besson	33a5496e55	Fix regression in #2085 (#2224 ) Clearing all hidden form values was a mistake as it breaks SAML when the redirection URL contains a query string. We should keep existing hidden fields. In the context of OIDC request, we clear them before redirection to avoid #2085	2020-05-29 15:51:51 +02:00
Maxime Besson	e9c05a63b2	Yubikey: use userdb-provisionned session field (#2189 )	2020-05-25 18:57:07 +02:00
Christophe Maudoux	bb9e03d1e5	Tidy	2020-05-24 00:04:33 +02:00
Christophe Maudoux	53e16eca8c	Append unit tests (#2207 )	2020-05-23 23:02:37 +02:00
Clément OUDOT	39d7344f75	Add userLogger message in Demo backend (#2216 )	2020-05-22 14:52:58 +02:00
Clément OUDOT	4b5670a723	Fetch Public keys and GPG keys from GitHub (#2203 )	2020-05-21 22:55:42 +02:00
Christophe Maudoux	1113fab014	Append ContextSwitching unrestrictedUsers rule (#2207 )	2020-05-20 21:53:13 +02:00
Christophe Maudoux	312445d543	Append checkUser unrestrictedUsers rule & Fix idRule (#2207 & #2215 )	2020-05-20 21:23:31 +02:00
Christophe Maudoux	eb65264d5d	Append Impersonation unrestrictedUsers rule & Update langs (#2207 )	2020-05-19 23:33:07 +02:00
Maxime Besson	9d7e5c61cc	handle empty string value for yubikey parameters (#2211 )	2020-05-18 12:34:34 +02:00
Christophe Maudoux	2ecd0b18a8	Skip bad GrantSession rules & Improve unit test (#2201 )	2020-05-10 14:26:08 +02:00
Maxime Besson	db9e862843	Merge branch 'feature-userdb-password-restserver' into v2.0	2020-05-09 20:07:24 +02:00
Christophe Maudoux	9bf915b5dc	Fix unit tests & Version	2020-05-08 23:03:16 +02:00
Clément OUDOT	7efaf9d5cd	User not always known in try subroutine (#2165 )	2020-05-04 22:20:17 +02:00
Clément OUDOT	0bf1bfb7dd	Do not stop logout process on error in Combination (#2165 )	2020-05-04 21:53:14 +02:00
Clément OUDOT	7ed251ce3f	Better log messages (#2165 )	2020-05-04 21:48:06 +02:00
Xavier Guimard	6caf88a174	Better warning fix	2020-05-04 16:42:41 +02:00
Xavier Guimard	5d10695a79	Fix warning	2020-05-04 16:40:57 +02:00

... 5 6 7 8 9 ...

3234 Commits