Commit 0ca649f1 authored by Christophe Maudoux's avatar Christophe Maudoux 🐛

Use custom decrypt functions (#1956)

parent 9c823b2e
Pipeline #6775 passed with stage
in 13 minutes and 54 seconds
......@@ -103,6 +103,12 @@ License: CC-3
Comment: This work, "sfa_manager.png", is a derivative of
"Noun project 1162.svg" by Christopher T. Howlett, under CC-BY-3.0.
Files: lemonldap-ng-portal/site/htdocs/static/common/icons/decryptValue.png
Copyright: Christophe Maudoux <chrmdx@gmail.com>
License: CC-3
Comment: This work, "decryptValue.png", is a derivative of
"secure.png" by Austin Condiff, under CC-BY-3.0.
Files: lemonldap-ng-portal/site/htdocs/static/common/icons/switchcontext_OFF.png
Copyright: Christophe Maudoux <chrmdx@gmail.com>
License: CC-4
......
......@@ -1100,6 +1100,11 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'dbiUserUser' => {
'type' => 'text'
},
'decryptValueFunctions' => {
'msgFail' => '__badCustomFuncName__',
'test' => qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/,
'type' => 'text'
},
'decryptValueRule' => {
'default' => 0,
'type' => 'boolOrExpr'
......
......@@ -528,6 +528,13 @@ sub attributes {
documentation => 'Decrypt value activation rule',
flags => 'p',
},
decryptValueFunctions => {
type => 'text',
test => qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/,
msgFail => "__badCustomFuncName__",
documentation => 'Custom function used for decrypting values',
flags => 'p',
},
skipRenewConfirmation => {
type => 'bool',
default => 0,
......
......@@ -718,6 +718,7 @@ sub tree {
form => 'simpleInputContainer',
nodes => [
'decryptValueRule',
'decryptValueFunctions',
]
},
]
......
......@@ -231,6 +231,7 @@
"dbiSchema":"مخطط",
"dbiUserTable":"جدول المستخدم",
"decryptValue":"Decrypt value",
"decryptValueFunctions":"Decrypt functions",
"decryptValueRule":"Use rule",
"default":"الاعْتيادي",
"defaultRule":"القاعدة الاعتيادية ",
......
......@@ -231,6 +231,7 @@
"dbiSchema":"Schema",
"dbiUserTable":"User table",
"decryptValue":"Decrypt value",
"decryptValueFunctions":"Decrypt functions",
"decryptValueRule":"Use rule",
"default":"Default",
"defaultRule":"Default rule",
......
......@@ -231,6 +231,7 @@
"dbiSchema":"Schema",
"dbiUserTable":"User table",
"decryptValue":"Decrypt value",
"decryptValueFunctions":"Decrypt functions",
"decryptValueRule":"Use rule",
"default":"Default",
"defaultRule":"Default rule",
......
......@@ -231,6 +231,7 @@
"dbiSchema":"Schéma",
"dbiUserTable":"Table des utilisateurs",
"decryptValue":"Déchiffrement",
"decryptValueFunctions":"Fonctions de déchiffrement",
"decryptValueRule":"Règle d'utilisation",
"default":"Défaut",
"defaultRule":"Règle par défaut",
......
......@@ -231,6 +231,7 @@
"dbiSchema":"Schema",
"dbiUserTable":"Tabella utente",
"decryptValue":"Decrypt value",
"decryptValueFunctions":"Decrypt functions",
"decryptValueRule":"Use rule",
"default":"Predefinito",
"defaultRule":"Regola predefinita",
......
......@@ -231,6 +231,7 @@
"dbiSchema":"Giản đồ",
"dbiUserTable":"Bảng người dùng",
"decryptValue":"Decrypt value",
"decryptValueFunctions":"Decrypt functions",
"decryptValueRule":"Use rule",
"default":"Mặc định",
"defaultRule":"Quy tắc mặc định",
......
......@@ -231,6 +231,7 @@
"dbiSchema":"Schema",
"dbiUserTable":"用户表",
"decryptValue":"Decrypt value",
"decryptValueFunctions":"Decrypt functions",
"decryptValueRule":"Use rule",
"default":"默认",
"defaultRule":"默认规则",
......
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -124,6 +124,15 @@ sub params {
$self->logger->debug("Display SwitchContext link -> $res{contextSwitching}")
if $res{contextSwitching};
# Display DecryptValue link if allowed
my $dvPlugin =
$self->p->loadedModules->{'Lemonldap::NG::Portal::Plugins::DecryptValue'};
$res{decryptValue} =
$dvPlugin
? $dvPlugin->displayLink( $req, $req->userData )
: '';
$self->logger->debug("Display DecryptValue link") if $res{decryptValue};
return %res;
}
......
......@@ -81,7 +81,7 @@ sub display {
sub run {
my ( $self, $req ) = @_;
my $msg = '';
my ( $msg, $decryptedValue ) = ( '', '' );
# Check access rules
unless ( $self->rule->( $req, $req->userData ) ) {
......@@ -121,12 +121,43 @@ sub run {
}
my $cipheredValue = $req->param('cipheredValue') || '';
my $decryptedValue =
$self->p->HANDLER->tsv->{cipher}->decrypt($cipheredValue)
if $cipheredValue;
$self->logger->debug("decryptValue try with : $cipheredValue");
$self->logger->debug("Decrypted value = $decryptedValue") if $decryptedValue;
$self->logger->debug("decryptValue tried with value: $cipheredValue");
if ($cipheredValue) {
if ( $self->{conf}->{decryptValueFunctions}
and $self->{conf}->{decryptValueFunctions} =~
qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/ )
{
foreach ( split( /\s+/, $self->{conf}->{decryptValueFunctions} ) ) {
$self->userLogger->notice(
"Try to decrypt value with function: $_");
/^([\w:{2}]*?)(?:::)?(?:\w+)$/;
eval "require Lemonldap::NG::Portal::$1";
$self->logger->debug("Unable to load decrypt module: $@")
if ($@);
$decryptedValue = eval "$_()" unless ($@);
$self->logger->debug(
$@
? "Unable to eval decrypt function: $@"
: "Decrypted value = $decryptedValue"
);
last if $decryptedValue;
}
}
else {
$self->userLogger->notice("Malformed decrypt functions")
if $self->{conf}->{decryptValueFunctions};
$self->userLogger->notice(
"Try to decrypt value with internal LL::NG decrypt function");
$decryptedValue =
$self->p->HANDLER->tsv->{cipher}->decrypt($cipheredValue);
$self->logger->debug(
$@
? "Unable to decrypt value: $@"
: "Decrypted value = $decryptedValue"
);
}
}
# Display form
my $params = {
......@@ -155,4 +186,9 @@ sub run {
return $self->p->sendHtml( $req, 'decryptvalue', params => $params );
}
sub displayLink {
my ( $self, $req ) = @_;
return $self->rule->( $req, $req->userData );
}
1;
......@@ -69,10 +69,16 @@
</TMPL_IF>
<TMPL_IF NAME="contextSwitching">
<li class="dropdown-item"><a href="/switchcontext" class="nav-link">
<img src="<TMPL_VAR NAME="STATIC_PREFIX">common/icons/switchcontext_<TMPL_VAR NAME="contextSwitching">.png" width="20" height="20" alt="refresh" />
<img src="<TMPL_VAR NAME="STATIC_PREFIX">common/icons/switchcontext_<TMPL_VAR NAME="contextSwitching">.png" width="20" height="20" alt="switchContext" />
<span trspan="contextSwitching_<TMPL_VAR NAME="contextSwitching">">contextSwitching_<TMPL_VAR NAME="contextSwitching"></span>
</a></li>
</TMPL_IF>
<TMPL_IF NAME="decryptValue">
<li class="dropdown-item"><a href="/decryptvalue" class="nav-link">
<img src="<TMPL_VAR NAME="STATIC_PREFIX">common/icons/decryptValue.png" width="20" height="20" alt="decryptValue" />
<span trspan="decryptCipheredValue">decryptCipheredValue</span>
</a></li>
</TMPL_IF>
<li class="dropdown-item"><a href="/refresh" class="nav-link">
<img src="<TMPL_VAR NAME="STATIC_PREFIX">common/icons/arrow_refresh.png" width="16" height="16" alt="refresh" />
<span trspan="refreshrights">Refresh</span>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment