Commit d9556aaa authored by Clément OUDOT's avatar Clément OUDOT
Browse files

Add portalEnablePasswordDisplay parameter in manager (#2454)

parent ab355076
Pipeline #14576 passed with stage
in 10 minutes and 15 seconds
......@@ -31,7 +31,7 @@ use constant DEFAULTCONFBACKENDOPTIONS => (
);
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|ScopeRule|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
our $arrayParameters = qr/^mySessionAuthorizedRWKeys$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:sS(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|ptcha_(?:register|login|mail)_enabled)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|heck(?:DevOps(?:Download)?|State|User|XSS)|rowdsec|da)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|to(?:tp2fUserCanRemoveKey|kenUseGlobalStorage)|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|E(?:rrorOn(?:ExpiredSession|MailNotFound)|nablePasswordDisplay)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:sS(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|ptcha_(?:register|login|mail)_enabled)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|heck(?:DevOps(?:Download)?|State|User|XSS)|rowdsec|da)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|to(?:tp2fUserCanRemoveKey|kenUseGlobalStorage)|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/;
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
......
......@@ -2842,6 +2842,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 0,
'type' => 'bool'
},
'portalEnablePasswordDisplay' => {
'default' => 0,
'type' => 'bool'
},
'portalErrorOnExpiredSession' => {
'default' => 1,
'type' => 'bool'
......
......@@ -1229,6 +1229,11 @@ sub attributes {
type => 'bool',
documentation => 'Display link to refresh the user session',
},
portalEnablePasswordDisplay => {
default => 0,
type => 'bool',
documentation => 'Allow to display password in login form',
},
# Cookies
cookieExpiration => {
......@@ -3226,7 +3231,7 @@ sub attributes {
sfRemovedNotifMsg => {
type => 'text',
default =>
'_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!',
'_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!',
help => 'secondfactor.html',
documentation => 'Notification message',
},
......@@ -4155,8 +4160,14 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
oidcRPMetaDataOptions => { type => 'subContainer', },
# OpenID Connect providers
oidcOPMetaDataJSON => { type => 'file', keyTest => sub { 1 } },
oidcOPMetaDataJWKS => { type => 'file', keyTest => sub { 1 } },
oidcOPMetaDataJSON => {
type => 'file',
keyTest => sub { 1 }
},
oidcOPMetaDataJWKS => {
type => 'file',
keyTest => sub { 1 }
},
oidcOPMetaDataExportedVars => {
type => 'keyTextContainer',
default => {
......@@ -4248,7 +4259,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
oidcRPMetaDataOptionsUserInfoSignAlg => {
type => 'select',
select => [
{ k => '', v => 'JSON' },
{ k => '', v => 'JSON' },
{ k => 'none', v => 'JWT/None' },
{ k => 'HS256', v => 'JWT/HS256' },
{ k => 'HS384', v => 'JWT/HS384' },
......@@ -4355,6 +4366,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
type => 'keyTextContainer',
help => 'idpopenidconnect.html#scope-rules',
test => {
# RFC6749
keyTest => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/,
keyMsgFail => '__badMacroName__',
......
......@@ -79,6 +79,7 @@ sub tree {
'portalRequireOldPassword',
'hideOldPassword',
'mailOnPasswordChange',
'portalEnablePasswordDisplay',
]
},
{
......
......@@ -786,6 +786,7 @@
"portalDisplayRefreshMyRights":"Display rights refresh link",
"portalDisplayRegister":"تسجيل حساب جديد",
"portalDisplayResetPassword":"إعادة تعيين كلمة المرور",
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"عرض الخطأ في الجلسة المنتهية صلحيتها",
"portalErrorOnMailNotFound":"إظهار الخطأ في البريد الغيرالموجود",
"portalForceAuthn":"فرض إثبات الهوية",
......
......@@ -786,6 +786,7 @@
"portalDisplayRefreshMyRights":"Display rights refresh link",
"portalDisplayRegister":"Register new account",
"portalDisplayResetPassword":"Reset password",
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"Show error on expired session",
"portalErrorOnMailNotFound":"Show error on mail not found",
"portalForceAuthn":"Force authentication",
......
......@@ -786,6 +786,7 @@
"portalDisplayRefreshMyRights":"Display rights refresh link",
"portalDisplayRegister":"Register new account",
"portalDisplayResetPassword":"Reset password",
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"Show error on expired session",
"portalErrorOnMailNotFound":"Show error on mail not found",
"portalForceAuthn":"Force authentication",
......
......@@ -786,6 +786,7 @@
"portalDisplayRefreshMyRights":"Display rights refresh link",
"portalDisplayRegister":"Registrar nueva cuenta",
"portalDisplayResetPassword":"Reiniciar contraseña",
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"Mostrar error en sesión caducada",
"portalErrorOnMailNotFound":"Mostrar error cuando no se encuentra el email",
"portalForceAuthn":"Forzar autentificación",
......
......@@ -786,6 +786,7 @@
"portalDisplayRefreshMyRights":"Afficher le lien de rafraichissement des droits",
"portalDisplayRegister":"Création d'un nouveau compte",
"portalDisplayResetPassword":"Réinitialisation de mot de passe",
"portalEnablePasswordDisplay":"Permettre d'afficher le mot de passe",
"portalErrorOnExpiredSession":"Affiche une erreur si la session est expirée",
"portalErrorOnMailNotFound":"Affiche une erreur si le mail n'est pas trouvé",
"portalForceAuthn":"Authentification forcée",
......
......@@ -786,6 +786,7 @@
"portalDisplayRefreshMyRights":"Display rights refresh link",
"portalDisplayRegister":"Registra nuovo account",
"portalDisplayResetPassword":"Reimposta password",
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"Mostra errore nella sessione scaduta",
"portalErrorOnMailNotFound":"Mostra errore sulla posta non trovata",
"portalForceAuthn":"Forza l'autenticazione",
......
......@@ -786,6 +786,7 @@
"portalDisplayRefreshMyRights":"Wyświetl link do odświeżania praw",
"portalDisplayRegister":"Zarejestruj Nowe Konto",
"portalDisplayResetPassword":"Zresetuj hasło",
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"Pokaż błąd w wygasłej sesji",
"portalErrorOnMailNotFound":"Pokaż błąd w poczcie nie znaleziono",
"portalForceAuthn":"Wymuś uwierzytelnienie",
......
......@@ -786,6 +786,7 @@
"portalDisplayRefreshMyRights":"Görüntüleme hakları yenileme bağlantısı",
"portalDisplayRegister":"Yeni hesap kaydet",
"portalDisplayResetPassword":"Parolayı sıfırla",
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"Süresi dolmuş oturumda hatayı göster",
"portalErrorOnMailNotFound":"E-posta bulunamadığında hatayı göster",
"portalForceAuthn":"Kimlik doğrulamaya zorla",
......
......@@ -786,6 +786,7 @@
"portalDisplayRefreshMyRights":"Display rights refresh link",
"portalDisplayRegister":"Đăng ký tài khoản mới",
"portalDisplayResetPassword":"Đặt lại mật khẩu",
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"Show error on expired session",
"portalErrorOnMailNotFound":"Show error on mail not found",
"portalForceAuthn":"Bắt buộc xác thực",
......
......@@ -786,6 +786,7 @@
"portalDisplayRefreshMyRights":"Display rights refresh link",
"portalDisplayRegister":"Register new account",
"portalDisplayResetPassword":"Reset password",
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"Show error on expired session",
"portalErrorOnMailNotFound":"Show error on mail not found",
"portalForceAuthn":"Force authentication",
......
......@@ -786,6 +786,7 @@
"portalDisplayRefreshMyRights":"顯示權限重新整理連結",
"portalDisplayRegister":"註冊新帳號",
"portalDisplayResetPassword":"重設密碼",
"portalEnablePasswordDisplay":"Allow to display password",
"portalErrorOnExpiredSession":"在過期的工作階段上顯示錯誤",
"portalErrorOnMailNotFound":"找不到郵件時顯示錯誤",
"portalForceAuthn":"強制驗證",
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment