Commit bf8022b8 authored by Christophe Maudoux's avatar Christophe Maudoux 🐛
Browse files

WIP - Decrease authLevel skeleton (#1784)

parent 9e66b0a1
......@@ -52,6 +52,7 @@ sub defaultValues {
'cspStyle' => '\'self\'',
'dbiAuthnLevel' => 2,
'dbiExportedVars' => {},
'decreaseAuthLevelInterval' => 0,
'demoExportedVars' => {
'cn' => 'cn',
'mail' => 'mail',
......
......@@ -193,11 +193,12 @@ sub defaultValuesInit {
my ( $class, $conf ) = @_;
$class->tsv->{$_} = $conf->{$_} foreach ( qw(
cookieExpiration cookieName customFunctions httpOnly
cookieExpiration cookieName customFunctions
cookieExpiration cookieName customFunctions
securedCookie timeout timeoutActivity
timeoutActivityInterval useRedirectOnError useRedirectOnForbidden
useSafeJail whatToTrace handlerInternalCache
handlerServiceTokenTTL
handlerServiceTokenTTL decreaseAuthLevelInterval httpOnly
)
);
......
......@@ -148,6 +148,9 @@ sub run {
# ACCOUNTING (1. Inform web server)
$class->set_user( $req, $session->{ $class->tsv->{whatToTrace} } );
# Decrease authentication level if required
$class->decreaseAuthLevel( $req, $session );
# AUTHORIZATION
return ( $class->forbidden( $req, $session ), $session )
unless ( $class->grant( $req, $session, $uri, $cond ) );
......@@ -831,4 +834,13 @@ sub postJavascript {
. "</script>\n";
}
sub decreaseAuthLevel {
my ( $class, $req, $session ) = @_;
if ( $class->tsv->{decreaseAuthLevelInterval} ) {
$session->{authenticationLevel} = 1;
#$session->update( { authenticationLevel => 1 } );
}
}
1;
......@@ -1083,6 +1083,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'dbiUserUser' => {
'type' => 'text'
},
'decreaseAuthLevelInterval' => {
'default' => 0,
'type' => 'int'
},
'demoExportedVars' => {
'default' => {
'cn' => 'cn',
......
......@@ -525,7 +525,13 @@ sub attributes {
documentation => 'Handler ServiceToken timeout',
flags => 'hp',
},
decreaseAuthLevelInterval => {
type => 'int',
default => 0,
documentation => 'Decrease authentication level interval',
flags => 'hp',
},
# Loggers (ini only)
logLevel => {
type => 'text',
......
......@@ -808,6 +808,7 @@ sub tree {
help => 'security.html#configure_security_settings',
nodes => [
'userControl',
'decreaseAuthLevelInterval',
'portalForceAuthn',
'portalForceAuthnInterval',
'key',
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment