Commit 0b1f6b5c authored by Christophe Maudoux's avatar Christophe Maudoux 🐛
Browse files

Fix warnings with confirmation (#1603)

parent 245913da
...@@ -36,37 +36,40 @@ sub addRoutes { ...@@ -36,37 +36,40 @@ sub addRoutes {
# HTML template # HTML template
$self->addRoute( 'manager.html', undef, ['GET'] ) $self->addRoute( 'manager.html', undef, ['GET'] )
# READ # READ
# Special keys # Special keys
->addRoute( ->addRoute(
confs => { confs => {
':cfgNum' => [ ':cfgNum' => [
qw(virtualHosts samlIDPMetaDataNodes samlSPMetaDataNodes qw(virtualHosts samlIDPMetaDataNodes samlSPMetaDataNodes
applicationList oidcOPMetaDataNodes oidcRPMetaDataNodes applicationList oidcOPMetaDataNodes oidcRPMetaDataNodes
casSrvMetaDataNodes casAppMetaDataNodes casSrvMetaDataNodes casAppMetaDataNodes
authChoiceModules grantSessionRules combModules authChoiceModules grantSessionRules combModules
openIdIDPList) openIdIDPList)
] ]
}, },
['GET'] ['GET']
) )
# Other keys # Other keys
->addRoute( confs => { ':cfgNum' => { '*' => 'getKey' } }, ['GET'] ) ->addRoute( confs => { ':cfgNum' => { '*' => 'getKey' } }, ['GET'] )
# New key and conf save # New key and conf save
->addRoute( ->addRoute(
confs => confs => {
{ newRSAKey => 'newRSAKey', raw => 'newRawConf', '*' => 'newConf' }, newRSAKey => 'newRSAKey',
raw => 'newRawConf',
'*' => 'newConf'
},
['POST'] ['POST']
) )
# Difference between confs # Difference between confs
->addRoute( diff => { ':conf1' => { ':conf2' => 'diff' } } ) ->addRoute( diff => { ':conf1' => { ':conf2' => 'diff' } } )
->addRoute( 'diff.html', undef, ['GET'] ) ->addRoute( 'diff.html', undef, ['GET'] )
# Url loader # Url loader
->addRoute( 'prx', undef, ['POST'] ); ->addRoute( 'prx', undef, ['POST'] );
} }
# 35 - New RSA key pair on demand # 35 - New RSA key pair on demand
...@@ -82,7 +85,7 @@ sub addRoutes { ...@@ -82,7 +85,7 @@ sub addRoutes {
sub newRSAKey { sub newRSAKey {
my ( $self, $req, @others ) = @_; my ( $self, $req, @others ) = @_;
return $self->sendError( $req, 'There is no subkey for "newRSAKey"', 400 ) return $self->sendError( $req, 'There is no subkey for "newRSAKey"', 400 )
if (@others); if (@others);
my $query = $req->jsonBodyToObj; my $query = $req->jsonBodyToObj;
my $rsa = Crypt::OpenSSL::RSA->generate_key(2048); my $rsa = Crypt::OpenSSL::RSA->generate_key(2048);
my $keys = { my $keys = {
...@@ -124,12 +127,12 @@ sub newRSAKey { ...@@ -124,12 +127,12 @@ sub newRSAKey {
sub prx { sub prx {
my ( $self, $req, @others ) = @_; my ( $self, $req, @others ) = @_;
return $self->sendError( $req, 'There is no subkey for "prx"', 400 ) return $self->sendError( $req, 'There is no subkey for "prx"', 400 )
if (@others); if (@others);
my $query = $req->jsonBodyToObj; my $query = $req->jsonBodyToObj;
return $self->sendError( $req, 'Missing parameter', 400 ) return $self->sendError( $req, 'Missing parameter', 400 )
unless ( $query->{url} ); unless ( $query->{url} );
return $self->sendError( $req, 'Bad parameter', 400 ) return $self->sendError( $req, 'Bad parameter', 400 )
unless ( $query->{url} =~ m#^(?:f|ht)tps?://\w# ); unless ( $query->{url} =~ m#^(?:f|ht)tps?://\w# );
$self->ua->timeout(10); $self->ua->timeout(10);
my $response = $self->ua->get( $query->{url} ); my $response = $self->ua->get( $query->{url} );
...@@ -137,11 +140,12 @@ sub prx { ...@@ -137,11 +140,12 @@ sub prx {
return $self->sendError( $req, return $self->sendError( $req,
$response->code . " (" . $response->message . ")", 400 ); $response->code . " (" . $response->message . ")", 400 );
} }
unless ( $response->header('Content-Type') =~ unless ( $response->header('Content-Type')
m#^(?:application/json|(?:application|text)/.*xml).*$# ) =~ m#^(?:application/json|(?:application|text)/.*xml).*$# )
{ {
return $self->sendError( $req, return $self->sendError( $req,
'Content refused for security reason (neither XML or JSON)', 400 ); 'Content refused for security reason (neither XML or JSON)',
400 );
} }
return $self->sendJSONresponse( $req, { content => $response->content } ); return $self->sendJSONresponse( $req, { content => $response->content } );
} }
...@@ -185,7 +189,7 @@ sub getConfByNum { ...@@ -185,7 +189,7 @@ sub getConfByNum {
sub newConf { sub newConf {
my ( $self, $req, @other ) = @_; my ( $self, $req, @other ) = @_;
return $self->sendError( $req, 'There is no subkey for "newConf"', 400 ) return $self->sendError( $req, 'There is no subkey for "newConf"', 400 )
if (@other); if (@other);
# Body must be json # Body must be json
my $new = $req->jsonBodyToObj; my $new = $req->jsonBodyToObj;
...@@ -203,9 +207,9 @@ sub newConf { ...@@ -203,9 +207,9 @@ sub newConf {
return $self->sendError( return $self->sendError(
$req, $req,
"Configuration " "Configuration "
. $req->params('cfgNum') . $req->params('cfgNum')
. " not available " . " not available "
. $Lemonldap::NG::Common::Conf::msg, . $Lemonldap::NG::Common::Conf::msg,
400 400
); );
} }
...@@ -231,8 +235,10 @@ sub newConf { ...@@ -231,8 +235,10 @@ sub newConf {
$res->{message} = $parser->{message}; $res->{message} = $parser->{message};
foreach my $t (qw(errors warnings changes)) { foreach my $t (qw(errors warnings changes)) {
$res->{details}->{ '__' . $t . '__' } = $parser->$t $res->{details}->{ '__' . $t . '__' } = $parser->$t
if ( @{ $parser->$t } ); if ( @{ $parser->$t } );
} }
$res->{details}->{'__needConfirmation__'} = $parser->{needConfirmation}
if ( @{ $parser->{needConfirmation} } && !$req->params('force') );
if ( $res->{result} ) { if ( $res->{result} ) {
if ( $self->{demoMode} ) { if ( $self->{demoMode} ) {
$res->{message} = '__demoModeOn__'; $res->{message} = '__demoModeOn__';
...@@ -240,7 +246,9 @@ sub newConf { ...@@ -240,7 +246,9 @@ sub newConf {
else { else {
my %args; my %args;
$args{force} = 1 if ( $req->params('force') ); $args{force} = 1 if ( $req->params('force') );
my $s = $self->confAcc->saveConf( $parser->newConf, %args ); my $s = CONFIG_WAS_CHANGED;
$s = $self->confAcc->saveConf( $parser->newConf, %args )
unless ( @{ $parser->{needConfirmation} } && !$args{force} );
if ( $s > 0 ) { if ( $s > 0 ) {
$self->userLogger->notice( $self->userLogger->notice(
'User ' . $self->userId($req) . " has stored conf $s" ); 'User ' . $self->userId($req) . " has stored conf $s" );
...@@ -248,18 +256,19 @@ sub newConf { ...@@ -248,18 +256,19 @@ sub newConf {
$res->{cfgNum} = $s; $res->{cfgNum} = $s;
if ( my $status = $self->applyConf( $parser->newConf ) ) { if ( my $status = $self->applyConf( $parser->newConf ) ) {
push @{ $res->{details}->{__applyResult__} }, push @{ $res->{details}->{__applyResult__} },
{ message => "$_: $status->{$_}" } { message => "$_: $status->{$_}" }
foreach ( keys %$status ); foreach ( keys %$status );
} }
} }
else { else {
$self->userLogger->notice( $self->userLogger->notice(
'Saving attempt rejected, asking for confirmation to ' 'Saving attempt rejected, asking for confirmation to '
. $self->userId($req) ); . $self->userId($req) );
$res->{result} = 0; $res->{result} = 0;
if ( $s == CONFIG_WAS_CHANGED ) { if ( $s == CONFIG_WAS_CHANGED ) {
$res->{needConfirm} = 1; $res->{needConfirm} = 1;
$res->{message} .= '__needConfirmation__'; $res->{message} .= '__needConfirmation__'
unless @{ $parser->{needConfirmation} };
} }
else { else {
$res->{message} = $Lemonldap::NG::Common::Conf::msg; $res->{message} = $Lemonldap::NG::Common::Conf::msg;
...@@ -278,7 +287,7 @@ sub newConf { ...@@ -278,7 +287,7 @@ sub newConf {
sub newRawConf { sub newRawConf {
my ( $self, $req, @other ) = @_; my ( $self, $req, @other ) = @_;
return $self->sendError( $req, 'There is no subkey for "newConf"', 400 ) return $self->sendError( $req, 'There is no subkey for "newConf"', 400 )
if (@other); if (@other);
# Body must be json # Body must be json
my $new = $req->jsonBodyToObj; my $new = $req->jsonBodyToObj;
...@@ -303,7 +312,7 @@ sub newRawConf { ...@@ -303,7 +312,7 @@ sub newRawConf {
else { else {
$self->userLogger->notice( $self->userLogger->notice(
'Raw saving attempt rejected, asking for confirmation to ' 'Raw saving attempt rejected, asking for confirmation to '
. $self->userId($req) ); . $self->userId($req) );
$res->{result} = 0; $res->{result} = 0;
$res->{needConfirm} = 1 if ( $s == CONFIG_WAS_CHANGED ); $res->{needConfirm} = 1 if ( $s == CONFIG_WAS_CHANGED );
$res->{message} .= '__needConfirmation__'; $res->{message} .= '__needConfirmation__';
...@@ -325,8 +334,8 @@ sub applyConf { ...@@ -325,8 +334,8 @@ sub applyConf {
$self->api->checkConf(); $self->api->checkConf();
# Get apply section values # Get apply section values
my %reloadUrls = my %reloadUrls
%{ $self->confAcc->getLocalConf( APPLYSECTION, undef, 0 ) }; = %{ $self->confAcc->getLocalConf( APPLYSECTION, undef, 0 ) };
if ( !%reloadUrls && $newConf->{reloadUrls} ) { if ( !%reloadUrls && $newConf->{reloadUrls} ) {
%reloadUrls = %{ $newConf->{reloadUrls} }; %reloadUrls = %{ $newConf->{reloadUrls} };
} }
...@@ -342,10 +351,10 @@ sub applyConf { ...@@ -342,10 +351,10 @@ sub applyConf {
my $targetUrl = $url->scheme . "://" . $host; my $targetUrl = $url->scheme . "://" . $host;
$targetUrl .= ":" . $url->port if defined( $url->port ); $targetUrl .= ":" . $url->port if defined( $url->port );
$targetUrl .= $url->full_path; $targetUrl .= $url->full_path;
$r = $r = HTTP::Request->new( 'GET', $targetUrl,
HTTP::Request->new( 'GET', $targetUrl,
HTTP::Headers->new( Host => $url->host ) ); HTTP::Headers->new( Host => $url->host ) );
if ( defined $url->userinfo && $url->userinfo =~ /^([^:]+):(.*)$/ ) if ( defined $url->userinfo
&& $url->userinfo =~ /^([^:]+):(.*)$/ )
{ {
$r->authorization_basic( $1, $2 ); $r->authorization_basic( $1, $2 );
} }
...@@ -353,12 +362,14 @@ sub applyConf { ...@@ -353,12 +362,14 @@ sub applyConf {
my $response = $self->ua->request($r); my $response = $self->ua->request($r);
if ( $response->code != 200 ) { if ( $response->code != 200 ) {
$status->{$host} = $status->{$host}
"Error " . $response->code . " (" . $response->message . ")"; = "Error "
. $response->code . " ("
. $response->message . ")";
$self->logger->error( "Apply configuration for $host: error " $self->logger->error( "Apply configuration for $host: error "
. $response->code . " (" . $response->code . " ("
. $response->message . $response->message
. ")" ); . ")" );
} }
else { else {
$status->{$host} = "OK"; $status->{$host} = "OK";
...@@ -372,14 +383,14 @@ sub applyConf { ...@@ -372,14 +383,14 @@ sub applyConf {
sub diff { sub diff {
my ( $self, $req, @path ) = @_; my ( $self, $req, @path ) = @_;
return $self->sendError( $req, 'to many arguments in path info', 400 ) return $self->sendError( $req, 'to many arguments in path info', 400 )
if (@path); if (@path);
my @cfgNum = my @cfgNum
( scalar( $req->param('conf1') ), scalar( $req->param('conf2') ) ); = ( scalar( $req->param('conf1') ), scalar( $req->param('conf2') ) );
my @conf; my @conf;
$self->logger->debug(" Loading confs"); $self->logger->debug(" Loading confs");
# Load the 2 configurations # Load the 2 configurations
for ( my $i = 0 ; $i < 2 ; $i++ ) { for ( my $i = 0; $i < 2; $i++ ) {
if ( %{ $self->currentConf } if ( %{ $self->currentConf }
and $cfgNum[$i] == $self->currentConf->{cfgNum} ) and $cfgNum[$i] == $self->currentConf->{cfgNum} )
{ {
...@@ -390,7 +401,7 @@ sub diff { ...@@ -390,7 +401,7 @@ sub diff {
{ cfgNum => $cfgNum[$i], raw => 1, noCache => 1 } ); { cfgNum => $cfgNum[$i], raw => 1, noCache => 1 } );
return $self->sendError( return $self->sendError(
$req, $req,
"Configuration $cfgNum[$i] not available $Lemonldap::NG::Common::Conf::msg", "Configuration $cfgNum[$i] not available $Lemonldap::NG::Common::Conf::msg",
400 400
) unless ( $conf[$i] ); ) unless ( $conf[$i] );
} }
...@@ -398,8 +409,7 @@ sub diff { ...@@ -398,8 +409,7 @@ sub diff {
require Lemonldap::NG::Manager::Conf::Diff; require Lemonldap::NG::Manager::Conf::Diff;
return $self->sendJSONresponse( return $self->sendJSONresponse(
$req, $req,
[ [ $self->Lemonldap::NG::Manager::Conf::Diff::diff(
$self->Lemonldap::NG::Manager::Conf::Diff::diff(
$conf[0], $conf[1] $conf[0], $conf[1]
) )
] ]
......
...@@ -609,9 +609,11 @@ sub tests { ...@@ -609,9 +609,11 @@ sub tests {
# Warn if Mailrest plugin is enabled without Token or Captcha # Warn if Mailrest plugin is enabled without Token or Captcha
checkMailResetSecurity => sub { checkMailResetSecurity => sub {
return 1 unless ( $conf->{portalDisplayResetPassword} ); return 1 unless ( $conf->{portalDisplayResetPassword} );
return ( 1, return ( -1,
'"passwordMailReset" plugin is enabled without CSRF Token or Captcha required !!!' '"passwordMailReset" plugin is enabled without CSRF Token or Captcha required !!!'
) unless ( $conf->{requireToken} or $conf->{captcha_mail_enabled} ); )
unless ( $conf->{requireToken}
or $conf->{captcha_mail_enabled} );
# Return # Return
return 1; return 1;
......
...@@ -144,7 +144,7 @@ llapp.controller 'TreeCtrl', [ ...@@ -144,7 +144,7 @@ llapp.controller 'TreeCtrl', [
title: '' title: ''
message: '' message: ''
items: [] items: []
$scope.confirmNeeded = true if data.message == '__needConfirmation__' $scope.confirmNeeded = true if data.needConfirm
$scope.message.message = data.message if data.message $scope.message.message = data.message if data.message
if data.details if data.details
for m of data.details when m != '__changes__' for m of data.details when m != '__changes__'
......
...@@ -170,7 +170,7 @@ This file contains: ...@@ -170,7 +170,7 @@ This file contains:
message: '', message: '',
items: [] items: []
}; };
if (data.message === '__needConfirmation__') { if (data.needConfirm) {
$scope.confirmNeeded = true; $scope.confirmNeeded = true;
} }
if (data.message) { if (data.message) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment