Christophe Maudoux
146aca7c82
Remove trailing whitespaces
2019-09-16 20:30:35 +02:00
Christophe Maudoux
fcf05c5602
Avoid warning
2019-09-16 17:22:35 +02:00
Maxime Besson
c94e2534a9
Send CORS headers when doing JSON responses too ( #1765 )
2019-09-16 16:55:15 +02:00
Maxime Besson
e281ad7cc3
Add support for CORS preflight ( #1765 )
2019-09-16 16:55:15 +02:00
Christophe Maudoux
9c01c46fea
Typo ( #1932 )
2019-09-14 23:37:50 +02:00
Christophe Maudoux
dd66f37739
Return httpSession id if exists ( #1932 )
2019-09-14 22:47:11 +02:00
Christophe Maudoux
5615d5b2a3
Append display Slave logo option ( #1936 )
2019-09-14 22:07:44 +02:00
Christophe Maudoux
ce4cdcee85
Don t display Slave module
2019-09-13 22:37:35 +02:00
Christophe Maudoux
9784e75ead
Check Slave credential headers ( #1935 )
2019-09-13 22:21:09 +02:00
Clément OUDOT
5c7905e342
Improve regexp ( #1891 )
2019-09-13 15:35:05 +02:00
Clément OUDOT
36a1f07786
Remove cancel parameter in CAS service value ( #1891 )
2019-09-13 15:17:51 +02:00
Xavier
e50e7d09d1
Update version of (really) modified files
2019-09-12 21:56:49 +02:00
Clément OUDOT
70d2856d71
Option to display password generation box ( #1928 )
2019-09-12 18:26:56 +02:00
Clément OUDOT
c75a74da5a
Display password form if password is refused ( #1930 )
2019-09-12 17:54:43 +02:00
Christophe Maudoux
4287c39f5b
typo
2019-09-11 16:20:28 +02:00
Christophe Maudoux
bb0b5814f7
Fix empty groups ( #1791 )
2019-09-11 16:18:35 +02:00
Christophe Maudoux
c1af9e49f7
WIP - Append extractFormInfo step & AuthChoiceParam for AuthChoice ( #1925 )
2019-09-09 23:23:52 +02:00
Christophe Maudoux
132f42d44c
Forbid browsers to store users password & Improve unit tests ( #1913 )
2019-09-08 19:28:28 +02:00
Maxime Besson
94877793d4
increase clock tolerance during rest secret check ( #1923 )
2019-09-06 17:45:51 +02:00
Maxime Besson
00e91f374b
Add specific error code when missing a required SAML attr ( #1919 )
...
The MISSINGREQATTR message is a good default value, but a site
administrator may decide to override it with a personnalized version
that only applies to issuer errors caused by an incomplete user profile
(for example, giving a pointer to the local user profile management
application)
2019-09-06 11:04:39 +02:00
Clément OUDOT
e54355ff9f
Use conf as HASH key ( #1619 )
2019-09-05 17:16:55 +02:00
Clément OUDOT
5b7bb4b9cd
Check error message from ITDS ( #1619 )
2019-09-05 17:14:44 +02:00
Clément OUDOT
17123d6196
Avoid plugin conflicts ( #993 )
2019-09-05 13:30:49 +02:00
Clément OUDOT
068ffbe604
Define portalDisplayPasswordPolicy parameter in Manager ( #993 )
2019-09-05 13:02:51 +02:00
Clément OUDOT
b44c13ba2f
Display password policy in password change form ( #993 )
2019-09-05 12:46:32 +02:00
Clément OUDOT
2f2f62ae1c
Check password quality in mail reset plugin ( #993 )
2019-09-05 12:02:51 +02:00
Clément OUDOT
3700a1b54c
Fix logger in Kerberos Auth init
2019-09-04 15:42:33 +02:00
Christophe Maudoux
3e9a424090
Update version ( #1916 )
2019-09-03 22:57:51 +02:00
Christophe Maudoux
56ed8a5724
Append issuersTimeout option ( #1916 )
2019-09-03 22:52:07 +02:00
Clément OUDOT
a2d3ae1d03
Local password policy: minimal digits ( #993 )
2019-09-03 19:08:19 +02:00
Clément OUDOT
28309dca9b
Merge branch 'v2.0' of gitlab.ow2.org:lemonldap-ng/lemonldap-ng into v2.0
2019-09-03 19:07:22 +02:00
Clément OUDOT
b52bbdb838
Local password policy: minimal upper characters ( #993 )
2019-09-03 18:45:35 +02:00
Maxime Besson
ff3d4e218c
doc: suggest a better fix for #1864
...
We can't do it yet because the issue isn't fixed in versions of Lasso
found in the wild. But someday it will be.
2019-09-03 18:13:13 +02:00
Clément OUDOT
ef3d6a26c4
Local password policy: minimal lower characters ( #993 )
2019-09-03 16:10:04 +02:00
Clément OUDOT
8998eb183e
Local password policy: minimal size ( #993 )
2019-09-03 14:30:22 +02:00
Clément OUDOT
82a06fce91
Pass skin parameter in 2F flows ( #1915 )
2019-09-03 11:56:48 +02:00
Clément OUDOT
fca831411b
Fix call to logger in REST authentication backend
2019-08-30 09:46:25 +02:00
Clément OUDOT
177f446f25
Display main logo in redirect page ( #1906 )
2019-08-29 19:29:27 +02:00
Maxime Besson
d61935ab6e
Implement introspection endpoint for access tokens ( #1843 )
2019-08-29 19:10:51 +02:00
Maxime Besson
fd7453b7a5
Refactor endpoint auth
2019-08-29 18:57:26 +02:00
Xavier Guimard
ae6e69667a
Fix warning
2019-08-29 10:49:01 +02:00
Xavier Guimard
9379188000
Fix ^ ( #1903 )
2019-08-28 19:28:20 +02:00
Xavier Guimard
df4e7e7522
Generic fix for issues like #1903
2019-08-28 19:12:29 +02:00
Clément OUDOT
2145483be7
Pass extra args in Combination module ( #1903 )
2019-08-28 18:22:19 +02:00
Xavier Guimard
1660109e2f
Security: use 3-form for open
2019-08-28 11:32:54 +02:00
Xavier
1f2f0240f0
Love Perl ( #1863 )
...
TIMTOWTDI
2019-08-28 00:36:18 +02:00
Maxime Besson
810d2c7f94
Disable template cache to avoid translation issues in mail ( #1897 )
2019-08-27 23:13:36 +02:00
Maxime Besson
a04a376777
Make regular template variables available in mails
...
SKIN, PORTAL_URL, env_*, session_* are now available in email templates
Preliminary work for #1861
2019-08-27 23:13:36 +02:00
Xavier Guimard
48883dbe4e
More tests
2019-08-27 10:32:26 +02:00
Xavier Guimard
323d92fa1b
Don't load Data::Dumper unless debug
2019-08-27 10:10:11 +02:00
Clément OUDOT
796d1b12e6
Add _session_kind to default exported attributes ( #1896 )
2019-08-26 17:38:08 +02:00
Christophe Maudoux
ec59cc164c
Catch error earlier in process ( #1867 )
2019-08-24 23:26:42 +02:00
Xavier Guimard
0415370f2c
More REST debug
2019-08-22 15:17:51 +02:00
Clément OUDOT
e42e71b5e3
Use LinkedIn v2 API ( #1890 )
2019-08-22 14:51:24 +02:00
Christophe Maudoux
894b8be541
By pass first access ( #1867 )
2019-08-21 23:40:23 +02:00
Maxime Besson
661a007b4a
Check OIDC access token expiration ( #1879 )
2019-08-21 12:18:55 +02:00
Christophe Maudoux
b694b16a19
Avoid warning with Choice
2019-08-20 17:08:37 +02:00
Christophe Maudoux
8e9f4e513e
Improve combination with FaceBook & LinkedIn
2019-08-17 17:27:14 +02:00
Christophe Maudoux
5985e6d258
Fix REST service ( #1870 )
2019-08-17 17:11:28 +02:00
Xavier
097183f2b3
Fix warning
2019-08-16 09:10:10 +02:00
Christophe Maudoux
78a82dbee9
Override OTT conf. for Upgrade tokens ( #1884 )
2019-08-15 22:01:44 +02:00
Maxime Besson
2e9f57ab6f
Better default behavior for oidcServiceMetaDataIssuer ( #1882 )
2019-08-13 18:09:59 +02:00
Christophe Maudoux
7502e424e3
Revert "Concatenate pdata and lemon cookies in the same set-cookie header ( #1863 )"
...
This reverts commit c3a01c042c
2019-08-13 10:16:31 +02:00
Christophe Maudoux
c3a01c042c
Concatenate pdata and lemon cookies in the same set-cookie header ( #1863 )
2019-08-12 23:52:33 +02:00
Christophe Maudoux
3891c9caec
Fix log level & improve e2e ini file ( #1878 )
2019-08-12 22:20:22 +02:00
Christophe Maudoux
f8ef2797a8
Update manifest
2019-08-12 21:36:55 +02:00
Christophe Maudoux
d7cb8bf4b8
Force remove pdata cookie to avoid loop ( #1878 )
2019-08-12 21:29:08 +02:00
Christophe Maudoux
09158f0084
Return whatToTrace instead of uid & Fix + Append unit test ( #1664 )
2019-08-10 12:38:25 +02:00
Christophe Maudoux
52fa94bd55
Sort functions & append comments
2019-08-10 11:13:56 +02:00
Christophe Maudoux
bee0e675f3
Revert "Fix langs directory ( #1870 )"
...
This reverts commit b453647b26
.
2019-08-09 22:46:43 +02:00
Christophe Maudoux
b453647b26
Fix langs directory ( #1870 )
2019-08-09 22:11:05 +02:00
Maxime Besson
daa03a9a9c
OIDC: tie client_id to authorization code ( #1881 )
2019-08-09 13:54:53 +02:00
Christophe Maudoux
9dac92064c
Better fix & update unit tests ( #1861 )
2019-08-07 22:29:12 +02:00
Maxime Besson
9b24fd02e5
Log more detailed information about Kerberos failures
2019-08-07 19:35:35 +02:00
Christophe Maudoux
ce05b44172
Remove useless constants ( #1867 )
2019-08-06 22:42:17 +02:00
Christophe Maudoux
7aad470586
Delete pdata cookie after XML notif validation & Improve unit test ( #1861 )
2019-08-06 22:29:48 +02:00
Christophe Maudoux
c630a90064
Delete pdata cookie after notif validation & Improve unit test ( #1861 )
2019-08-06 22:25:09 +02:00
Xavier
ea713a3169
Avoid conflict in $req->data between DBI and LDAP
...
Closes : #1875
2019-08-06 21:54:41 +02:00
Christophe Maudoux
742e7417d4
Better fix ( #1867 )
2019-08-06 21:04:52 +02:00
Maxime Besson
8de0a89029
Give more customization options for 2F prompt messages
...
new translations labels for mail and rest, and we now pass the 2F prefix
to templates. It's not used in the default skin, but it should help in
cases where extra second factors are used to offer the user a more
helpful prompt message
2019-08-05 20:08:28 +02:00
Christophe Maudoux
bf20db03b9
Improve unit test & fix ( #1867 )
2019-08-04 22:39:14 +02:00
Christophe Maudoux
c1736f7f82
Catch error if setSecurity is undefined ( #1874 )
2019-08-04 12:08:34 +02:00
Christophe Maudoux
1422c28c0b
Improve fix & unit test ( #1874 )
2019-08-03 23:49:02 +02:00
Christophe Maudoux
6cf1c83151
Fix & Improve unit test ( #1874 )
2019-08-03 22:48:07 +02:00
Christophe Maudoux
058ef90662
Append dependency
2019-08-03 11:05:12 +02:00
Christophe Maudoux
6ad07f9c4d
Fix debug log
2019-08-03 11:04:58 +02:00
Christophe Maudoux
dcd0c53fde
Fix warning message
2019-08-02 22:58:36 +02:00
Christophe Maudoux
46208d74fe
Improve unit test ( #1870 )
2019-08-02 21:58:08 +02:00
Maxime Besson
15c3b0bbf8
Add Radius second factor ( #1847 )
2019-08-02 18:03:10 +02:00
Maxime Besson
68c8be333a
Fix translation override in mails
2019-08-02 17:45:03 +02:00
Maxime Besson
c1afdbefac
Add labels and logos to all 2F providers ( #1873 )
2019-08-01 17:27:14 +02:00
Christophe Maudoux
216d683f22
Fix debug log ( #1870 )
2019-08-01 11:59:02 +02:00
Christophe Maudoux
188c7be337
perltidy
2019-07-31 23:38:48 +02:00
Christophe Maudoux
ee5a705d2f
Append REST API to retrieve error message ( #1870 )
2019-07-31 23:09:38 +02:00
Clément OUDOT
4ee49de4c2
Adapt grant_types_supported attribute ( #1846 )
2019-07-25 19:06:53 +02:00
Maxime Besson
c9dba5212e
HTML-decode entityID from metadata ( #1864 )
2019-07-25 18:29:46 +02:00
Christophe Maudoux
3d6a7bd843
Sort notifications: JSON format ( #1862 )
2019-07-25 12:42:58 +02:00
Christophe Maudoux
bf5fe2246d
Send specified parameters ( #1851 )
2019-07-25 12:00:37 +02:00
Christophe Maudoux
3082168617
Append HTTP method options ( #1851 )
2019-07-25 10:49:49 +02:00
Christophe Maudoux
11f2d0f34a
Improve notifications REST API & unit test ( #1851 )
2019-07-23 15:54:53 +02:00
Maxime Besson
d82f776df8
Allow multi instanciation of 2F modules ( #1860 )
...
This commit adds a manager interface to declare multiple instances of a
single 2F module, in a manner similar to Combination.
An additional portal code reads the `sfExtra` variable to load the
declared modules.
An empty rules means the module will be always active.
2019-07-22 19:30:37 +02:00
Christophe Maudoux
fb7a222c9d
Append notifications REST API ( #1851 )
2019-07-22 15:39:59 +02:00
Christophe Maudoux
81aa2fb37b
Improve test-lib & unit test ( #1851 )
2019-07-21 23:23:20 +02:00
Christophe Maudoux
3972861ba4
WIP - Improve unit test & need to fix list notifications feature!!! ( #1851 )
2019-07-21 22:47:48 +02:00
Clément OUDOT
f15e8bd108
Possibility to list notifications ( #1851 )
2019-07-21 20:47:16 +02:00
Christophe Maudoux
ca7ebe09f7
WIP - REST service to remove notification ( #1851 )
2019-07-20 22:25:03 +02:00
Christophe Maudoux
21c1d83df3
Typo
2019-07-20 13:28:48 +02:00
Christophe Maudoux
4eecd90230
Typo ( #1857 )
2019-07-17 12:20:30 +02:00
Christophe Maudoux
b99b76e2d6
Improve code ( #1857 )
2019-07-17 12:18:15 +02:00
Christophe Maudoux
d8b3eb2a34
Remove cipher cookie if notification refused ( #1857 )
2019-07-16 13:51:01 +02:00
Clément OUDOT
e12cb3a905
Fix loop on notifications ( #1856 )
2019-07-15 10:55:33 +02:00
Xavier
64c587417b
Improvement
2019-07-12 19:09:55 +02:00
Clément OUDOT
c024ed0fe6
Improve logging when a notification is added by REST ( #1853 )
2019-07-12 18:34:55 +02:00
Xavier Guimard
3c6a301785
Keep original PATH_INFO during notification process ( Fixes : #1852 )
2019-07-12 10:33:36 +02:00
Clément OUDOT
c76dc52436
Adapt response_types_supported attribute in OpenID Connect metadata depending on configured flows ( #1846 )
2019-07-08 15:38:57 +02:00
Clément OUDOT
9b98893c44
Manage claims in ID token if no access token requested ( #1846 )
2019-07-08 15:15:13 +02:00
Christophe Maudoux
240617d8d8
Fix unit tests
2019-07-06 23:27:45 +02:00
Christophe Maudoux
d0da10b375
Improve code ( #1664 )
2019-07-06 23:00:35 +02:00
Christophe Maudoux
619ea8258f
Improve unit test & fix warning - Expired sessions ( #1783 )
2019-07-06 23:00:24 +02:00
Christophe Maudoux
2d6c46920e
Fix & improve unit test ( #1844 )
2019-07-05 22:53:48 +02:00
Xavier
88f75c42ed
Set pdata domain also when removing cookie ( #1829 )
2019-07-05 06:43:11 +02:00
Christophe Maudoux
6a579644f8
Fix warning ( #1842 )
2019-07-04 23:20:11 +02:00
Christophe Maudoux
f38a583967
Improve code
2019-07-04 22:50:46 +02:00
Christophe Maudoux
2016abd2ee
Send pdata cookie to cross domain ( #1829 )
2019-07-04 21:49:28 +02:00
Xavier
9cdfd4c9a6
Add notice when user is connected
2019-07-04 21:22:06 +02:00
Clément OUDOT
1ebbde9a50
Tidy code and add missing check on hash_level ( #1835 )
2019-07-04 09:49:01 +02:00
Xavier
a104db2f2d
Clean logs
2019-07-04 07:24:50 +02:00
Xavier
d4fedbdfcf
Duplicate log rules in Plugin manpage
2019-07-04 07:09:39 +02:00
Christophe Maudoux
6df12176de
Disable secondFactor ( #1783 )
2019-07-03 23:21:19 +02:00
Christophe Maudoux
2f541370a6
perltidy ( #1783 )
2019-07-03 23:12:15 +02:00
Christophe Maudoux
03f2d89d0c
ContextSwitching: Check (expiration) errors & Improve logs ( #1783 )
2019-07-03 23:08:50 +02:00
Christophe Maudoux
161d6cee0f
Fix unit test warning (Auth-and-issuer-OIDC-authorization_code-with-none-alg.t)
2019-07-03 22:17:22 +02:00
Maxime Besson
6f058fb2fa
Add manager manpages to deb
2019-07-03 15:17:16 +02:00
Xavier
78a4bb4987
ContextSwitching: Check (expiration) errors ( #1783 )
2019-07-03 06:47:33 +02:00
Christophe Maudoux
5a53fee2db
WIP - Improve log ( #1783 )
2019-07-03 00:09:14 +02:00
Christophe Maudoux
42bc5efdb3
Use skin rules in plugins ( #1828 )
2019-07-02 22:17:53 +02:00
Christophe Maudoux
9c62a04f22
Improve code ( #1783 )
2019-07-02 22:08:17 +02:00
Christophe Maudoux
12e0853b51
Improve log ( #1783 )
2019-07-02 21:33:32 +02:00
Xavier Guimard
c1137edba8
make tidy with perltidy-20181120
2019-07-02 20:03:40 +02:00
Clément OUDOT
e04a6f1983
Reject none algorithm when checking JWT signature ( #1835 )
2019-07-02 16:36:43 +02:00
Clément OUDOT
60c03010ce
Use Base64URL for JWT generation ( #1834 )
2019-07-01 17:29:35 +02:00
Christophe Maudoux
b94cbe0144
Fix default value ( #1825 )
2019-07-01 13:28:01 +02:00
Christophe Maudoux
69d2a2db0c
Fix default value ( #1825 )
2019-07-01 12:56:10 +02:00
Christophe Maudoux
a1f5791e06
Merge branch '1783' into v2.0
2019-06-30 19:00:41 +02:00
Christophe Maudoux
bcbea7bee0
Update version ( #1825 )
2019-06-29 21:48:52 +02:00
Christophe Maudoux
eda8151432
Don t mix && with and ( #1825 )
2019-06-29 21:35:13 +02:00
Christophe Maudoux
11d2909b0a
WIP - Disable persistent sessions storage ( #1825 )
2019-06-29 21:10:16 +02:00
Christophe Maudoux
d97c36a97e
Disable spoofed sessions ( #1783 )
2019-06-28 23:53:43 +02:00
Christophe Maudoux
897d04ac93
Merge branch 'v2.0' into 1783
2019-06-28 22:05:48 +02:00
Xavier Guimard
43d5139040
Update versions
2019-06-28 17:04:14 +02:00