Commit 7e502af3 authored by Maxime Besson's avatar Maxime Besson

Add option to remove "Refresh my rights" from menu

parent a97041f8
Pipeline #8473 failed with stage
in 12 minutes and 25 seconds
......@@ -24,7 +24,7 @@ use constant MANAGERSECTION => "manager";
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
use constant APPLYSECTION => "apply";
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|o(?:ntextSwitchingStopWithLogout|mpactConf|rsEnabled)|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|re(?:st(?:(?:Session|Config)Server|ExportSecretKeys)|freshSessions)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|o(?:ntextSwitchingStopWithLogout|mpactConf|rsEnabled)|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|re(?:st(?:(?:Session|Config)Server|ExportSecretKeys)|freshSessions)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
......
......@@ -246,6 +246,7 @@ sub defaultValues {
'portalDisplayLoginHistory' => 1,
'portalDisplayLogout' => 1,
'portalDisplayOidcConsents' => '$_oidcConnectedRP',
'portalDisplayRefreshMyRights' => 1,
'portalDisplayRegister' => 1,
'portalErrorOnExpiredSession' => 1,
'portalForceAuthnInterval' => 5,
......
......@@ -2568,6 +2568,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 0,
'type' => 'bool'
},
'portalDisplayRefreshMyRights' => {
'default' => 1,
'type' => 'bool'
},
'portalDisplayRegister' => {
'default' => 1,
'type' => 'bool'
......
......@@ -1078,6 +1078,11 @@ sub attributes {
documentation =>
'Display password generate box in reset password form',
},
portalDisplayRefreshMyRights => {
default => 1,
type => 'bool',
documentation => 'Displays the link to refresh the user session',
},
# Cookies
cookieExpiration => {
......
......@@ -99,7 +99,8 @@ sub tree {
'portalAntiFrame',
'portalPingInterval',
'portalErrorOnExpiredSession',
'portalErrorOnMailNotFound'
'portalErrorOnMailNotFound',
'portalDisplayRefreshMyRights',
]
}
]
......
......@@ -715,6 +715,7 @@
"portalDisplayLogout":"تسجيل الخروج",
"portalDisplayPasswordPolicy":"Display policy in password form",
"portalDisplayOidcConsents":"OIDC Consents",
"portalDisplayRefreshMyRights": "Display rights refresh link",
"portalDisplayRegister":"تسجيل حساب جديد",
"portalDisplayResetPassword":"إعادة تعيين كلمة المرور",
"portalErrorOnExpiredSession":"عرض الخطأ في الجلسة المنتهية صلحيتها",
......
......@@ -715,6 +715,7 @@
"portalDisplayLogout":"Logout",
"portalDisplayPasswordPolicy":"Display policy in password form",
"portalDisplayOidcConsents":"OIDC Consents",
"portalDisplayRefreshMyRights": "Display rights refresh link",
"portalDisplayRegister":"Register new account",
"portalDisplayResetPassword":"Reset password",
"portalErrorOnExpiredSession":"Show error on expired session",
......
......@@ -715,6 +715,7 @@
"portalDisplayLogout":"Logout",
"portalDisplayPasswordPolicy": "Display policy in password form",
"portalDisplayOidcConsents":"OIDC Consents",
"portalDisplayRefreshMyRights": "Display rights refresh link",
"portalDisplayRegister":"Register new account",
"portalDisplayResetPassword":"Reset password",
"portalErrorOnExpiredSession":"Show error on expired session",
......
......@@ -715,6 +715,7 @@
"portalDisplayLogout":"Déconnexion",
"portalDisplayPasswordPolicy": "Afficher la politique dans le formulaire de mot de passe",
"portalDisplayOidcConsents":"Accords OIDC",
"portalDisplayRefreshMyRights": "Afficher le lien de rafraichissement des droits",
"portalDisplayRegister":"Création d'un nouveau compte",
"portalDisplayResetPassword":"Réinitialisation de mot de passe",
"portalErrorOnExpiredSession":"Affiche une erreur si la session est expirée",
......
......@@ -715,6 +715,7 @@
"portalDisplayLogout":"Logout",
"portalDisplayPasswordPolicy":"Display policy in password form",
"portalDisplayOidcConsents":"Consensi OIDC",
"portalDisplayRefreshMyRights": "Display rights refresh link",
"portalDisplayRegister":"Registra nuovo account",
"portalDisplayResetPassword":"Reimposta password",
"portalErrorOnExpiredSession":"Mostra errore nella sessione scaduta",
......
......@@ -715,6 +715,7 @@
"portalDisplayLogout":"Çıkış Yap",
"portalDisplayPasswordPolicy":"Politikayı parola form alanında görüntüle",
"portalDisplayOidcConsents":"OIDC İzinleri",
"portalDisplayRefreshMyRights": "Display rights refresh link",
"portalDisplayRegister":"Yeni hesap kaydet",
"portalDisplayResetPassword":"Parolayı sıfırla",
"portalErrorOnExpiredSession":"Süresi dolmuş oturumda hatayı göster",
......
......@@ -715,6 +715,7 @@
"portalDisplayLogout":"Đăng xuất",
"portalDisplayPasswordPolicy":"Display policy in password form",
"portalDisplayOidcConsents":"OIDC Consents",
"portalDisplayRefreshMyRights": "Display rights refresh link",
"portalDisplayRegister":"Đăng ký tài khoản mới",
"portalDisplayResetPassword":"Đặt lại mật khẩu",
"portalErrorOnExpiredSession":"Show error on expired session",
......
......@@ -715,6 +715,7 @@
"portalDisplayLogout":"Logout",
"portalDisplayPasswordPolicy":"Display policy in password form",
"portalDisplayOidcConsents":"OIDC Consents",
"portalDisplayRefreshMyRights": "Display rights refresh link",
"portalDisplayRegister":"Register new account",
"portalDisplayResetPassword":"Reset password",
"portalErrorOnExpiredSession":"Show error on expired session",
......
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -114,6 +114,9 @@ sub params {
$self->p->_sfEngine->display2fRegisters( $req, $req->userData );
$self->logger->debug("Display 2fRegisters link") if $res{sfaManager};
# Display refresh my rights unless disabled
$res{RefreshMyRights} = $self->conf->{portalDisplayRefreshMyRights};
# Display menu links only if required
foreach (qw(ContextSwitching DecryptValue Notifications)) {
my $plugin =
......@@ -129,6 +132,19 @@ sub params {
undef $plugin;
}
# Decide whether to display the dropdown or regular text
$res{DropdownMenu} = 0;
foreach (
qw(RefreshMyRights sfaManager Notifications DecryptValue ContextSwitching)
)
{
if ( $res{$_} ) {
$res{DropdownMenu} = 1;
last;
}
}
return %res;
}
......
......@@ -56,10 +56,17 @@
<ul class="user nav navbar-nav navbar-right">
<li class="nav-item dropdown">
<TMPL_IF NAME="DropdownMenu">
<a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown">
<span trspan="connectedAs">Connected as</span> <TMPL_VAR NAME="AUTH_USER">
<span class="caret"></span>
</a>
<TMPL_ELSE>
<div class="text-muted">
<span trspan="connectedAs">Connected as</span> <TMPL_VAR NAME="AUTH_USER">
</div>
</TMPL_IF>
<TMPL_IF NAME="DropdownMenu">
<ul class="dropdown-menu" role="menu">
<TMPL_IF NAME="sfaManager">
<li class="dropdown-item"><a href="/2fregisters" class="nav-link">
......@@ -85,11 +92,14 @@
<span trspan="contextSwitching_<TMPL_VAR NAME="contextSwitching">">contextSwitching_<TMPL_VAR NAME="ContextSwitching"></span>
</a></li>
</TMPL_IF>
<TMPL_IF NAME="RefreshMyRights">
<li class="dropdown-item"><a href="/refresh" class="nav-link">
<img src="<TMPL_VAR NAME="STATIC_PREFIX">common/icons/arrow_refresh.png" width="16" height="16" alt="refresh" />
<span trspan="refreshrights">Refresh</span>
</a></li>
</TMPL_IF>
</ul>
</TMPL_IF>
</li>
</ul>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment