Commit f1fe0f3e authored by Yadd's avatar Yadd
Browse files

Merge branch 'v2.0'

parents 6c4a5b91 107ddc8e
Pipeline #14771 failed with stages
in 12 minutes and 14 seconds
......@@ -3,12 +3,21 @@
use warnings;
use strict;
use POSIX;
use Getopt::Long;
our $opt_user = '__APACHEUSER__';
our $opt_group = '__APACHEGROUP';
GetOptions (
"user=s" => \$opt_user,
"group=s" => \$opt_group
)
or die("Error in command line arguments\n");
my $action;
eval {
POSIX::setgid( scalar( getgrnam('__APACHEGROUP__') ) );
POSIX::setuid( scalar( getpwnam('__APACHEUSER__') ) );
POSIX::setgid( scalar( getgrnam($opt_group) ) );
POSIX::setuid( scalar( getpwnam($opt_user) ) );
};
for ( my $i = 0 ; $i < @ARGV ; $i++ ) {
......
......@@ -167,8 +167,11 @@ Examples
lemonldap-ng-sessions search --where uid=dwho \
--id-only
lemonldap-ng-sessions search --backend persistent \
--where _session_uid=dwho
lemonldap-ng-sessions search --where uid=dwho \
--select authenticationLevel
--select authenticationLevel
=head2 Delete
......@@ -191,6 +194,8 @@ Examples:
lemonldap-ng-sessions delete --where uid=dwho
lemonldap-ng-sessions delete --persistent --where _session_uid=dwho
=head2 Set Key
lemonldap-ng-sessions setKey <id> <key> <value> [<key> <value> ...]
......
......@@ -10,13 +10,23 @@ use English qw(-no_match_vars);
use File::Temp;
use POSIX qw(setuid setgid);
use Safe;
use Getopt::Long;
use strict;
my $cli = Lemonldap::NG::Manager::Cli::Lib->new;
our $opt_user = '__APACHEUSER__';
our $opt_group = '__APACHEGROUP__';
GetOptions (
"user=s" => \$opt_user,
"group=s" => \$opt_group
)
or die("Error in command line arguments\n");
eval {
setgid( ( getgrnam('__APACHEGROUP__') )[2] );
setuid( ( getpwnam('__APACHEUSER__') )[2] );
setgid( ( getgrnam($opt_group) )[2] );
setuid( ( getpwnam($opt_user) )[2] );
print STDERR "Running as uid $EUID and gid $EGID\n";
};
......
......@@ -1211,4 +1211,4 @@
"yubikey2fUrl":"خدمة أل يو أر ل",
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
"zeroConfExplanations":"لا يحتوي الخادم على إعدادات. استخدام قالب لحفظ الأول"
}
}
\ No newline at end of file
......@@ -1211,4 +1211,4 @@
"yubikey2fUrl":"Service URL",
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
"zeroConfExplanations":"Server has no configuration. Use template to save the first."
}
}
\ No newline at end of file
......@@ -1211,4 +1211,4 @@
"yubikey2fUrl":"Service URL",
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
"zeroConfExplanations":"Server has no configuration. Use template to save the first."
}
}
\ No newline at end of file
......@@ -1211,4 +1211,4 @@
"yubikey2fUrl":"URL del servizio",
"yubikey2fUserCanRemoveKey":"Autorizza l'utente a rimuovere la Yubikey",
"zeroConfExplanations":"Il server non ha alcuna configurazione. Utilizza il modello per salvare il primo."
}
}
\ No newline at end of file
......@@ -1211,4 +1211,4 @@
"yubikey2fUrl":"URL usługi",
"yubikey2fUserCanRemoveKey":"Pozwól użytkownikowi usunąć Yubikey",
"zeroConfExplanations":"Serwer nie ma konfiguracji. Użyj szablonu, aby zapisać pierwszy."
}
}
\ No newline at end of file
......@@ -1054,7 +1054,7 @@
"sfExtra":"Ek ikinci faktörler",
"sfManagerRule":"Yönetici bağlantısını görüntüle",
"sfOnlyUpgrade":"Oturum yükseltme için 2FA kullan",
"sfRegisterTimeout":"Registration timeout",
"sfRegisterTimeout":"Kayıtlanma zaman aşımı",
"sfRemovedMsg":"Süresi dolan bir 2FA kaldırıldığında bir mesaj göster",
"sfRemovedMsgRule":"Aktivasyon",
"sfRemovedNotifMsg":"Bildirim mesajı",
......@@ -1211,4 +1211,4 @@
"yubikey2fUrl":"Servis URL'si",
"yubikey2fUserCanRemoveKey":"Yubikey'i kaldırmak için kullanıcıya izin ver",
"zeroConfExplanations":"Sunucunun yapılandırması yok. Şimdi bir tane kaydetmek için şablonu kullanın."
}
}
\ No newline at end of file
......@@ -1211,4 +1211,4 @@
"yubikey2fUrl":"Dịch vụ URL",
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
"zeroConfExplanations":"Máy chủ không có cấu hình. Sử dụng mẫu để lưu đầu tiên. "
}
}
\ No newline at end of file
......@@ -1211,4 +1211,4 @@
"yubikey2fUrl":"Service URL",
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
"zeroConfExplanations":"Server has no configuration. Use template to save the first."
}
}
\ No newline at end of file
......@@ -1211,4 +1211,4 @@
"yubikey2fUrl":"服務 URL",
"yubikey2fUserCanRemoveKey":"允許使用者移除 Yubikey",
"zeroConfExplanations":"伺服器未設定。使用飯本來儲存第一個。"
}
}
\ No newline at end of file
......@@ -481,6 +481,7 @@ site/templates/common/registerBrowser.tpl
site/templates/common/script.tpl
t/01-AuthDemo.t
t/01-CSP-and-CORS-headers.t
t/01-EnablePasswordDisplay.t
t/01-Handler-redirection-and-URL-check-by-portal.t
t/01-pdata.t
t/01-Reject-Hashes-in-URL.t
......@@ -604,6 +605,9 @@ t/36-Combination.t
t/37-CAS-App-to-SAML-IdP-POST-with-WAYF.t
t/37-CAS-App-to-SAML-IdP-POST.t
t/37-Issuer-Timeout.t
t/37-Logout-from-2-chained-SAML-SP-SOAP.t
t/37-Logout-from-OIDC-RP-to-SAML-IDP-Redirect.t
t/37-Logout-from-OIDC-RP-to-SAML-IDP-SOAP.t
t/37-Logout-from-OIDC-RP-to-SAML-SP.t
t/37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t
t/37-OIDC-RP-to-SAML-IdP-GET.t
......@@ -651,6 +655,7 @@ t/57-GlobalLogout-with-Double-cookies.t
t/57-GlobalLogout-without-Timer.t
t/57-GlobalLogout.t
t/57-LogoutForward.t
t/57-LogoutForward2153.t
t/58-DecryptValue-with-custom-function.t
t/58-DecryptValue-with-internal-function.t
t/59-Double-cookies-for-a-Single-session.t
......@@ -738,6 +743,7 @@ t/73-2F-UTOTP-TOTP-and-U2F-with-History.t
t/73-2F-UTOTP-TOTP-and-U2F.t
t/73-2F-UTOTP-TOTP-only-with-History.t
t/73-2F-UTOTP-TOTP-only.t
t/74-2F-Required-Issuer-Timeouts.t
t/74-2F-Required.t
t/75-2F-Registers.t
t/76-2F-Ext-with-BruteForce.t
......
......@@ -292,12 +292,12 @@
"submit":"Gönder",
"switchContext":"Bağlam değiştir",
"totp2f":"OTP Uygulaması",
"totpExistingKey":"A TOTP device is already registered, you must remove it before adding a new TOTP device",
"totpMissingCode":"Please enter the code supplied by your TOTP application",
"totpQrCode":"Scan this QR code in your TOTP application",
"totpRegisterCode":"Input the code provided by your application",
"totpRegisterName":"Choose a name for this TOTP device",
"totpSecretKey":"If your TOTP application does not support QR codes, enter the following key instead:",
"totpExistingKey":"Bir TOTP cihazı zaten kaydedildi, yeni bir TOTP cihazı eklemeden önce diğerini kaldırmalısınız",
"totpMissingCode":"Lütfen TOTP uygulamanız tarafından sağlanan kodu girin",
"totpQrCode":"TOTP uygulamanızda bu QR kodu tarayın",
"totpRegisterCode":"Uygulamanız tarafından desteklenen kodu girin",
"totpRegisterName":"TOTP cihazınız için bir isim seçin",
"totpSecretKey":"TOTP uygulamanız QR kodlarını desteklemiyorsa, bunun yerine aşağıdaki anahtarı girin:",
"touchU2fDevice":"Lütfen şimdi yanıp sönen U2F cihazına dokunun.",
"touchU2fDeviceOrEnterTotp":"Lütfen şimdi yanıp sönen U2F cihazına dokunun veya TOTP kodunu girin.",
"type":"Tür",
......
......@@ -97,6 +97,11 @@ my @tests = (
'aHR0cDovL3d3dz88c2NyaXB0Pg==',
'http://test1.example.com/' => 0,
'script with logout',
# 21 url=http://www.toto.com/, no referer
'aHR0cDovL3d3dy50b3RvLmNvbS8=',
'' => 1,
'Logout required by good site, empty referer',
);
my $res;
......
use Test::More;
use strict;
use IO::String;
use Data::Dumper;
BEGIN {
require 't/test-lib.pm';
}
my $res;
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
loginHistoryEnabled => 0,
bruteForceProtection => 0,
requireToken => 0,
restSessionServer => 1,
logoutServices => { 'mytest' => 'http://test1.example.com/logout.html' }, # page that does not exist
locationRules => {
'test1.example.com' => {
'(?#logout)^/logout.html' => 'unprotect',
'default' => 'accept'
},
},
logger => 'Lemonldap::NG::Common::Logger::Std',
}
}
);
# Handler part
use_ok('Lemonldap::NG::Handler::Server');
use_ok('Lemonldap::NG::Common::PSGI::Cli::Lib');
count(2);
my ( $cli, $app );
ok( $app = Lemonldap::NG::Handler::Server->run( $client->ini ), 'App' );
count(1);
## First successful connection for 'dwho'
ok(
$res = $client->_post(
'/',
IO::String->new('user=dwho&password=dwho'),
length => 23,
accept => 'text/html',
),
'1st "dwho" Auth query'
);
count(1);
my $cookie = expectCookie($res, 'lemonldap');
expectRedirection( $res, 'http://auth.example.com/' );
## Logout request for 'dwho'
ok(
$res = $client->_get(
'/',
query => 'logout',
cookie => "lemonldap=$cookie",
accept => 'text/html'
),
'Logout request for "dwho"'
);
count(1);
ok(
$res->[2]->[0] =~
m%<h3 trspan="logoutFromOtherApp">logoutFromOtherApp</h3>%,
'Found Logout Forward page'
) or explain( $res->[2]->[0], "PE_LOGOUT_OK" );
count(1);
$cookie = expectCookie($res, 'lemonldap');
ok( $cookie eq "0", 'Test empty cookie sent at logout' );
count(1);
# Verify that there is no pdata
my $cookies = getCookies($res);
my $id;
ok(
! defined( $id = $cookies->{'lemonldappdata'} ),
" Verify absence of cookie lemonldappdata"
) or explain( 'Get lemonldappdata cookie' );
count(1);
my ($logouturl) = grep(/iframe/, split("\n", $res->[2]->[0]));
$logouturl =~ s/.*<iframe src="([^"]+)".*/\1/;
my $ep = $logouturl;
$ep =~ s/https?:\/\/[^\/]+//;
## Forward logout
## TODO: handler behaviour is incomplete here, because it does not check:
##  - locationRules
## - presence of resource in the server (404,...)
ok(
$res = $app->( {
'HTTP_ACCEPT' => 'text/html',
'SCRIPT_NAME' => '/',
'SERVER_NAME' => '127.0.0.1',
'HTTP_CACHE_CONTROL' => 'max-age=0',
'HTTP_ACCEPT_LANGUAGE' => 'fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3',
'PATH_INFO' => '/',
'REQUEST_METHOD' => 'GET',
'REQUEST_URI' => "/$ep",
'X_ORIGINAL_URI' => "/",
'SERVER_PORT' => '80',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'HTTP_USER_AGENT' =>
'Mozilla/5.0 (VAX-4000; rv:36.0) Gecko/20350101 Firefox',
'REMOTE_ADDR' => '127.0.0.1',
'HTTP_HOST' => 'test1.example.com',
'COOKIE' => "lemonldap=$cookie",
}
),
'Forward logout'
);
count(1);
# Verify that there is no pdata
$cookies = getCookies($res);
$id;
ok(
! defined( $id = $cookies->{'lemonldappdata'} ),
" Verify absence of cookie lemonldappdata"
) or explain( 'Get lemonldappdata cookie' );
count(1);
clean_sessions();
done_testing( count() );
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment