dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6,232 Commits 3 Branches 0 Tags 75 MiB
f8aa6149f1
Commit Graph

1244 Commits

Author SHA1 Message Date
Clément Oudot
b001965707 Create an option to display error on mail not found (#1225) 2017-05-11 13:48:50 +00:00
Clément Oudot
eb681b57fd Display date in MailReset even if user is not found (#1225) 2017-05-11 12:45:31 +00:00
Xavier Guimard
d7240e038e Fix #852 2017-05-04 07:19:50 +00:00
Xavier Guimard
b4102acf45 May fix #852 2017-05-04 07:13:26 +00:00
Clément Oudot
56254f1d4f Apply commit 6513 to trunk (#1218) 2017-04-27 10:21:46 +00:00
Xavier Guimard
d9dcc98f11 Fix Choice (fixes: #1217) 2017-04-25 08:11:16 +00:00
Xavier Guimard
c5dbed80b7 Add Password::Null (fixes: #1216) 2017-04-25 07:28:33 +00:00
Xavier Guimard
fc2d796ba3 Fix #1213 2017-04-19 08:32:42 +00:00
Xavier Guimard
ef8ff0f4cb Remember $urldc in 2F (fixes: #1015) 2017-04-17 10:57:35 +00:00
Xavier Guimard
3203c82ccf Verify CAS with multiple app (#1183) 2017-04-16 09:47:32 +00:00
Xavier Guimard
00423fc223 Fix proxied services in CAS (#1183) 2017-04-15 13:21:33 +00:00
Xavier Guimard
74f780733d Use App ExportedVars if defined (#1183) 2017-04-14 07:40:01 +00:00
Xavier Guimard
22d921698a Add UserDB::CAS (#1183) 2017-04-13 19:36:25 +00:00
Xavier Guimard
b83374b274 New Issuer::CAS (#1183) 2017-04-13 19:17:29 +00:00
Xavier Guimard
d1d57fae22 Adapt CAS "proxy" to new arch (#1183) 2017-04-13 18:54:06 +00:00
Xavier Guimard
1b0d1dbb55 Auth::CAS works (#1183) 2017-04-13 07:28:15 +00:00
Xavier Guimard
7499d1198b Auth::CAS rebuild in progress (#1183) 2017-04-12 21:11:11 +00:00
Xavier Guimard
df3c1efb54 Handle 404 and 502 error codes (fixes: #1211) 2017-04-12 07:07:27 +00:00
Xavier Guimard
68707a0b36 Don't store request datas in $self (#1183) 2017-04-11 20:28:01 +00:00
Xavier Guimard
a83a707931 Add Ajax to SSL (closes #1212) 2017-04-11 19:19:59 +00:00
Xavier Guimard
eed489a557 Store CAS attributes for UserDB::CAS (#1183) 
@coudot: can you validate this ?
 2017-04-11 17:05:02 +00:00
Xavier Guimard
a44dd9b4f6 Optimize url building (#1183) 2017-04-11 17:05:00 +00:00
Xavier Guimard
acf9420c5f Kerberos works !!! (#707) 2017-04-11 12:57:52 +00:00
Xavier Guimard
6cc554ac75 Optimization (#595) 2017-04-10 18:45:45 +00:00
Xavier Guimard
165c505ca5 Grant after 2F (#595) 2017-04-09 20:48:12 +00:00
Xavier Guimard
8e4dc89918 Some errors (#595) 2017-04-07 04:39:55 +00:00
Xavier Guimard
e7c3561451 Some errors (#595) 2017-04-07 04:39:53 +00:00
Xavier Guimard
fafb134e65 Add Kerberos test (#707) 2017-04-06 21:25:41 +00:00
Xavier Guimard
537d41a29b Kerberos in progress (#707) 2017-04-06 20:37:38 +00:00
Xavier Guimard
5210a8edec Add Krb JS (#707) 2017-04-06 20:37:36 +00:00
Xavier Guimard
73194ef2e3 More debug (#707) 2017-04-06 11:44:29 +00:00
Xavier Guimard
ddc1615546 Kerberos-by-Ajax skeleton (#707) 
TODO: write javascript
 2017-04-06 11:33:12 +00:00
Xavier Guimard
8582c8f7c0 Add "FILE:" to keyTab (#707) 2017-04-05 12:21:21 +00:00
Xavier Guimard
2cd1c1bf44 Init keyTab (#707) 2017-04-05 12:09:58 +00:00
Xavier Guimard
c4b27b9c24 Use PE_BADCREDENTIALS instead of 403 (#707) 2017-04-05 12:02:02 +00:00
Xavier Guimard
6943c49c05 More debug (#707) 2017-04-05 11:59:29 +00:00
Xavier Guimard
9ab046311c Auth::Kerberos skeleton (#707) 2017-04-05 11:54:44 +00:00
Xavier Guimard
2580a21f7a Remove old UA exported var (#1044) 2017-03-31 16:15:38 +00:00
Clément Oudot
24d28533ad Fix LDAP test after session variable rewrite (#1169) 2017-03-30 08:50:13 +00:00
Clément Oudot
b175218d1d Fix parsing CAS XML (#1183) 2017-03-29 19:43:10 +00:00
Clément Oudot
10cd479de4 Remove ticket from service URL when calling serviceValidate (#1183) 2017-03-29 19:43:10 +00:00
Xavier Guimard
9944115c8d Fix CAS test (#1183) 2017-03-29 19:02:38 +00:00
Clément Oudot
75ffa010e7 Fix typo in CAS code (#1183) 2017-03-29 07:51:18 +00:00
Xavier Guimard
2e59ea441a Replace request management in handler (#1044) 
Note: this is a big change, more tests needed
 2017-03-28 21:07:49 +00:00
Clément Oudot
552c432fef Remove use of AuthCAS module (#1183) 2017-03-28 18:23:50 +00:00
Xavier Guimard
775f1da607 Reauth for OIDC (#1204) 2017-03-28 17:09:46 +00:00
Xavier Guimard
c49dc6f334 Missing "substitute" call (#595) 2017-03-27 20:45:17 +00:00
Xavier Guimard
c761cc5781 Mark some properties "lazy" to be sure conf is intialized (#595) 2017-03-27 16:51:18 +00:00
Xavier Guimard
6efec8525f Install new SMTP options (#1206) 2017-03-27 07:02:19 +00:00
Xavier Guimard
6cb301c531 Replace MIME::Lite by Email::Sender/MIME::Entity (#1206) 2017-03-27 05:22:08 +00:00
Xavier Guimard
bd9e6f50bf Start replacing MIME::Lite (#1206) 2017-03-26 05:26:28 +00:00
Xavier Guimard
20717fcce0 Verify SAML reauth (#595) 2017-03-26 05:26:25 +00:00
Xavier Guimard
d93130d168 Adapt SAML forceAuth to new portal (#595) 2017-03-24 18:04:46 +00:00
Xavier Guimard
6a651b5bee Try to implement SAML reauth (#595) 2017-03-23 20:49:52 +00:00
Xavier Guimard
581f0e4c93 Portal part of reauthentication (#1204) 2017-03-23 18:22:40 +00:00
Xavier Guimard
050cf20c72 Session upgrade skeleton (#1204) 2017-03-23 12:41:53 +00:00
Xavier Guimard
7b06532ee6 Comments 2017-03-23 12:41:52 +00:00
Xavier Guimard
3cde1d0a58 Add second factor doc 2017-03-23 12:14:09 +00:00
Xavier Guimard
9c9e48512f Add second factor doc 2017-03-23 12:06:53 +00:00
Xavier Guimard
86d7a3a8c0 Add SecondFactor superclass (#1015) 2017-03-23 11:17:01 +00:00
Xavier Guimard
e33a741acf Add rules for 2f (#1015) 2017-03-23 06:20:06 +00:00
Xavier Guimard
6a76cf1e17 Use system() for security in External2F plugin (#1015) 2017-03-22 22:46:49 +00:00
Xavier Guimard
0538ad1cee Add External2F plugin (#1015) 2017-03-22 22:18:28 +00:00
Xavier Guimard
7e81e1b1e0 Add OIDC-RP rule (#1161) 2017-03-22 20:47:07 +00:00
Xavier Guimard
62528e8b6a Add SAML-SP rule (#1161) 2017-03-22 20:20:30 +00:00
Xavier Guimard
830f15f71d Bad safe usage (#595) 2017-03-22 19:03:49 +00:00
Xavier Guimard
e8c2925a3f Typo 2017-03-22 18:11:44 +00:00
Xavier Guimard
54cab03e06 Avoid warning (#1151) 2017-03-22 18:11:40 +00:00
Xavier Guimard
95d2253bdc Don't ask 2 token validations (Combination with token) 2017-03-22 18:11:36 +00:00
Xavier Guimard
077455e015 Update TODO list 2017-03-22 14:10:21 +00:00
Xavier Guimard
ca2e9be0e5 Rename _loginHistory (#1169) 2017-03-21 21:00:37 +00:00
Xavier Guimard
99ddfbfe25 Rename _startTime and _updateTime (#1169) 2017-03-21 20:52:40 +00:00
Xavier Guimard
51665b41f8 Validate OIDC-RP-to-SAML-IdP with POST (#1113) 2017-03-21 19:36:10 +00:00
Xavier Guimard
919a706efa Restore OpenID-2 (#1113) 2017-03-21 16:06:44 +00:00
Xavier Guimard
5993757427 Little things (#1113) 2017-03-21 07:59:54 +00:00
Xavier Guimard
6dba4fd1c2 Better request management in issuers (#595) 2017-03-21 06:23:58 +00:00
Xavier Guimard
7aeef26a94 Add portal in trusted domains 2017-03-20 18:14:10 +00:00
Xavier Guimard
1c6d81e86c Fix timeout 2017-03-20 18:14:08 +00:00
Xavier Guimard
d0467f0802 Restore relayState (#595) 2017-03-20 12:43:57 +00:00
Xavier Guimard
60796fa6a1 SAML in progress (#595) 2017-03-20 06:16:56 +00:00
Xavier Guimard
97fa806052 Adapt appsListOrder from 1.9 (#595) 2017-03-19 07:00:10 +00:00
Xavier Guimard
a6c2d72065 Update variable names (#LEMONDAP-1169) 2017-03-19 06:29:35 +00:00
Xavier Guimard
f1ac524c24 Use OTT for state token (#(595) 2017-03-18 19:51:00 +00:00
Xavier Guimard
1a65e9a0fe Use OTT for nonce token (#(595) 2017-03-18 19:50:56 +00:00
Xavier Guimard
6cab5c0990 Try SAML-SP to OIDC-OP (#1113) 2017-03-18 12:08:24 +00:00
Xavier Guimard
cdeec00972 Replace "?lmError=" by router path (#595) 2017-03-16 21:33:13 +00:00
Xavier Guimard
9a5ecdf1cb Repair activeTimer (#595) 2017-03-16 20:19:06 +00:00
Clément Oudot
272296841a Force AllowCreate in NameIDPolicy (#1200) 2017-03-16 18:39:00 +00:00
Xavier Guimard
bf3c43aecd Replace inline css (#1137) 2017-03-16 11:38:52 +00:00
Xavier Guimard
0845237efe Import CSP in manager code (#1137) 2017-03-15 22:27:58 +00:00
Xavier Guimard
9b9ecee8bb Replace inline script in history (#1137) 2017-03-15 21:20:10 +00:00
Xavier Guimard
1c76c713e7 Remove persistent cookie on lougout (#1131) 2017-03-15 10:01:36 +00:00
Xavier Guimard
126fdb091c Manage cookie expiration (#1131) 2017-03-15 10:01:29 +00:00
Xavier Guimard
15cf1991bd Reinitialize token when login fails (#1140) 2017-03-14 17:38:50 +00:00
Xavier Guimard
43437a5244 Reinitialize token when login fails (#1140) 2017-03-14 17:26:07 +00:00
Xavier Guimard
2d7902421a Reinitialize token when login fails (#1140) 2017-03-14 16:52:11 +00:00
Xavier Guimard
a07e92759c Add Auth::PAM (#closes: #1196) 2017-03-14 15:34:10 +00:00
Clément Oudot
efb776a7bf Remove unused icons (#1184) 2017-03-14 14:40:09 +00:00
Xavier Guimard
05a856ebb1 FrontChannel frame for already logged out user (#1194) 2017-03-12 07:36:07 +00:00
Xavier Guimard
73b71e5587 Set timeout in local cache (#1140) 2017-03-12 07:11:52 +00:00
Xavier Guimard
ec211da331 OIDC RP logout skeleton 2017-03-11 18:12:03 +00:00
Xavier Guimard
a8f3eee74a Use global sessions only (#595) 2017-03-11 18:12:01 +00:00
Xavier Guimard
81d3729394 Use local cache by default for tokens (#1140) 2017-03-11 18:11:57 +00:00
Clément Oudot
6b775be965 Apply patch in loadSP (#1193) 2017-03-11 10:02:50 +00:00
Xavier Guimard
f54dfe6276 More clean patch (#1193) 2017-03-11 07:27:52 +00:00
Xavier Guimard
c73dce5c3f Typo (#1194) 2017-03-11 07:16:27 +00:00
Xavier Guimard
8f4b4588c7 Fix LEMONLDAP-1193 2017-03-11 07:16:24 +00:00
Xavier Guimard
7f460429e1 OIDC OP2RP logout in progress (#1194) 2017-03-10 11:39:19 +00:00
Xavier Guimard
8a5f8d96ef Front-channel logout (#1032) 2017-03-09 21:56:51 +00:00
Xavier Guimard
2c5dddde8a Unused constant (#595) 2017-03-09 21:56:50 +00:00
Xavier Guimard
d70a5b005f Update handler internal cache on session update (#595) 2017-03-09 21:56:48 +00:00
Xavier Guimard
4d9a8da274 Register OIDC associations (#1032) 2017-03-09 21:56:47 +00:00
Xavier Guimard
179f6e0381 Follow OIDC spec: bad error codes (closes: #1191) 2017-03-09 21:56:43 +00:00
Xavier Guimard
4665c9d2ea Revert r6192 (#595) 2017-03-09 05:44:16 +00:00
Xavier Guimard
6c042c5660 Launch other logouts in OIDC (#1032) 2017-03-08 22:49:00 +00:00
Xavier Guimard
244fad96a0 no strict (#595) 2017-03-08 22:48:57 +00:00
Xavier Guimard
dec3eb4feb Error: IdP cookie was not read (#595) 2017-03-08 22:48:55 +00:00
Xavier Guimard
3926b9876a StayConnected checkbox (closes: #1131) 2017-03-08 21:09:21 +00:00
Xavier Guimard
ef444dab43 Verify fingerprint (#1131) 2017-03-08 20:56:48 +00:00
Xavier Guimard
6c0a0b6350 Keep combination state when used with StayConnected (#1131) 2017-03-08 20:56:47 +00:00
Xavier Guimard
3921f07349 Keep combination state with stay connected (#1131) 2017-03-08 20:56:45 +00:00
Xavier Guimard
9183935b26 Typo (#595) 2017-03-08 20:56:41 +00:00
Xavier Guimard
8a85dfe0c5 StayConnected plugin ready (#1131) 
TODO: stayconnected parameter in login.tpl, that's all !
 2017-03-08 19:37:31 +00:00
Xavier Guimard
57189c1fb6 StayConnected plugin (#1131) 
TODO: - check fingerprint back
      - insert "stayconnected" param in login.tpl
 2017-03-07 22:20:51 +00:00
Xavier Guimard
f63e5eaca1 Add version in conf (to be used later with #797) 2017-03-07 17:49:46 +00:00
Xavier Guimard
2fb085b2a6 New "Custom" modules family (closes: #1188) 2017-03-07 17:28:09 +00:00
Xavier Guimard
6344051c75 Update some versions 2017-03-07 06:05:08 +00:00
Xavier Guimard
a9c36da63d Check if vhostOptions is defined (#1185) 2017-03-06 20:26:22 +00:00
Xavier Guimard
82d39edc42 Verify "mysession" (#970) 2017-03-06 16:43:06 +00:00
Xavier Guimard
906f081b31 Verify REST backend config (#970) 2017-03-06 15:06:49 +00:00
Xavier Guimard
64e5b3c53c Import local configuration for conf access (#595) 2017-03-06 12:18:06 +00:00
Xavier Guimard
d5484c28a7 Add u2fAuthnLevel (#1148) 2017-03-06 12:18:04 +00:00
Xavier Guimard
a065f941ed Security: verify that method is POST for main forms (#595) 2017-03-04 08:36:26 +00:00
Xavier Guimard
96263e0e65 Clean repo 2017-03-03 17:25:03 +00:00
Xavier Guimard
5d0a4bd96b UTF-8 for Artifacts (#1118) 2017-03-03 16:57:02 +00:00
Xavier Guimard
d83cd6d584 Remove portal part of #971 2017-03-03 12:29:47 +00:00
Xavier Guimard
59970dd3d6 Typo (#595) 2017-03-03 12:17:15 +00:00
Xavier Guimard
8c4367fd3f Service token in progress (#971) 2017-03-03 06:29:50 +00:00
Xavier Guimard
0b25e306d6 Update LDAP tests (see r6129) + fix bad log (#595) 2017-03-02 21:25:03 +00:00
Xavier Guimard
b31afabc5d Fix UTF for OIDC (#1118) 2017-03-02 20:52:12 +00:00
Clément Oudot
fcd76f42a1 Fix LDAP password change code 2017-03-02 17:21:15 +00:00
Xavier Guimard
cd3ce4c55c LDAP tests in progress (#1118) 2017-03-02 06:35:15 +00:00
Xavier Guimard
587277e621 Change password test (#595) 2017-03-02 06:13:52 +00:00
Xavier Guimard
d29fef91f6 UTF8 tests for DBI backend (#1118) 2017-03-01 17:35:15 +00:00
Xavier Guimard
cc18d7f050 First UTF-8 tests (#1118) 2017-03-01 17:35:12 +00:00
Xavier Guimard
64756142e1 Service token server (#971) 2017-03-01 06:41:42 +00:00
Xavier Guimard
e2f4de3f9d Missing versions (#595) 2017-02-28 20:53:19 +00:00
Clément Oudot
ffa83eb6b0 Use getSkin to choose portal skin in Register and MailReset (#1177) 2017-02-28 18:43:27 +00:00
Clément Oudot
c18533d447 Use getSkin to choose portal skin (#1177) 2017-02-28 18:39:56 +00:00
Xavier Guimard
b0f0e1004b Replace SOAP by REST for AuthBasic (#970) 2017-02-28 09:49:37 +00:00
Xavier Guimard
4102180eff Typo 2017-02-28 06:34:52 +00:00
Xavier Guimard
7da90a8850 Add ~getCookie (#970) 2017-02-28 06:34:51 +00:00
Xavier Guimard
c773150d86 Security error 2017-02-28 06:34:49 +00:00
Xavier Guimard
b132e83530 Better token for REST session creation (#970) 2017-02-28 05:30:47 +00:00
Xavier Guimard
c0c67fd0bd Minimize persistentSession tie/untie (#713, #LEMONLDAP-1173) 2017-02-27 20:48:00 +00:00
Xavier Guimard
046554d41b Clean old files (#1151) 2017-02-24 11:33:58 +00:00
Xavier Guimard
d65e8e5bd4 Clean old files (#1151) 2017-02-24 11:32:53 +00:00
Xavier Guimard
7be468841b Add conditional SSLVar (closes: #803) 2017-02-24 06:29:50 +00:00
Xavier Guimard
9f731e3fd7 Little things (closes: #1174) 2017-02-24 05:37:32 +00:00
Xavier Guimard
d7025a2251 Add REST Auth/UserDB/Password backend (closes: #1174) 2017-02-23 21:46:00 +00:00
Xavier Guimard
e315a447d7 Change JS access (#1137) 2017-02-21 05:38:59 +00:00
Xavier Guimard
7a71c9db37 Revert r6047 (#1148) 2017-02-20 21:59:31 +00:00
Xavier Guimard
8c3ff5fb0b Minimize Apache::Session tie/untie (closes: #1173) 2017-02-20 21:00:05 +00:00
Xavier Guimard
ffd769e780 U2F update (#1148) 
Broken for now (pb with session->update)
 2017-02-20 17:30:58 +00:00
Xavier Guimard
4b5e081e18 U2F modified (#1148) 2017-02-20 06:21:28 +00:00
Xavier Guimard
09f13b1b00 Notification server SOAP/REST (#595) 2017-02-19 17:04:49 +00:00
Xavier Guimard
761cf58e0a Little error (#595) 2017-02-19 12:02:19 +00:00
Xavier Guimard
e71d96a2e8 Clean checkLogin usage (#595) 2017-02-19 11:56:20 +00:00
Xavier Guimard
ede8f56ef3 Tidy 2017-02-19 11:51:58 +00:00
Xavier Guimard
697ebfdf8e Move default mail subjects in JSON (may close #1033) 2017-02-19 08:07:21 +00:00
Xavier Guimard
2e680c2ff1 Enable history (#595) 2017-02-19 07:17:48 +00:00
Xavier Guimard
22c22af3c0 Don't create session before U2F check (#1148) 2017-02-19 07:17:45 +00:00
Xavier Guimard
2735520c16 Don't use "login" to display errors for connected users (#595) 2017-02-19 07:17:42 +00:00
Xavier Guimard
11e6cd2134 Don't display menu when reject (#595) 2017-02-19 07:17:39 +00:00
Xavier Guimard
fa0fe980a2 Don't display login form on error if user authenticated (#595) 2017-02-19 07:17:37 +00:00
Xavier Guimard
a70842603a Update portal status (#595) 2017-02-18 14:25:51 +00:00
Xavier Guimard
3e4554ee45 Move some errors from tech logs to user logs (#595) 2017-02-18 14:25:48 +00:00
Xavier Guimard
ca2c453e71 Add "public pages" concept to 2.0 (#1120) 2017-02-18 06:49:06 +00:00
Xavier Guimard
3dd8684829 Translation for mails (#595) 2017-02-17 20:47:01 +00:00
Xavier Guimard
87bb55cb00 Other session plugins (#595) 2017-02-17 07:40:18 +00:00
Xavier Guimard
97b8b40cc5 Add grantSession test (#595) 2017-02-17 07:40:15 +00:00
Xavier Guimard
53402413f0 GrantSession plugin (#595) 2017-02-16 18:14:42 +00:00
Xavier Guimard
1642a20d56 Display multiple forms (#830) 2017-02-16 17:22:08 +00:00
Xavier Guimard
b6e4d862e3 Add authLogout sub (#1151) 2017-02-16 17:22:03 +00:00
Xavier Guimard
99aa48105a Add refresh session utility (#852) 
TODO: link in menu
 2017-02-16 16:11:12 +00:00
Xavier Guimard
271a30ec28 Import SAML SP parameters in $req->env (closes: #1157) 2017-02-16 08:24:02 +00:00
Xavier Guimard
ddc7e01a08 Try to implement re-auth (#595) 
@coudot: must be tested ;-)
 2017-02-15 19:03:59 +00:00
Xavier Guimard
8758f074c7 Add log (#595) 2017-02-15 19:03:55 +00:00
Xavier Guimard
1e7b2c4a39 Add LWP options (closes: #1065) 2017-02-15 15:08:23 +00:00
Clément Oudot
c702ba763b Export CAS request parameters in %ENV (#1158) 2017-02-15 14:59:56 +00:00
Xavier Guimard
5a701ff366 Better userLogger (fix: #857) 2017-02-15 14:17:02 +00:00
Xavier Guimard
b829b6c19b Replace userNotice/Error... by userLogger (#857) 2017-02-15 14:16:59 +00:00
Xavier Guimard
d446e15488 Replace userLogger object in Combination 2017-02-15 14:16:53 +00:00
Clément Oudot
80a03c6290 Add more OIDC request parameters in %ENV (#1156) 2017-02-15 10:45:57 +00:00
Clément Oudot
1948637f2d Do not search SAML proxy sessions for IDP SSO initiated (#1147) 2017-02-15 08:36:24 +00:00
Xavier Guimard
deb28bc9cb Replace lmLog by logger-> (#857) 2017-02-15 06:41:50 +00:00
Clément Oudot
21f59356e5 Return invalid_grant when provided code is invalid (#1142) 2017-02-14 14:28:53 +00:00
Clément Oudot
a213ff0ba0 Do not decode session values when replacing HTML templates var (#1141) 2017-02-13 10:43:26 +00:00
Clément Oudot
00b18caf6c Populate user variable for logging purpose (#1145) 2017-02-13 10:36:03 +00:00
Xavier Guimard
c5626c77b5 Create logger files (#1162) 2017-02-12 20:09:46 +00:00