diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
index 666dc32aaabb3ea0c761257f2d041ebfb1315f80..6966dba1f7d254eabaf21e1531c352d5b3ea2114 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
@@ -125,7 +125,7 @@ sub defaultValues {
'max2FDevicesNameLength' => 20,
'multiValuesSeparator' => '; ',
'mySessionAuthorizedRWKeys' =>
- [ '_appsListOrder', '_oidcConnectedRP', '_oidc_consent_*' ],
+ [ '_appsListOrder', '_oidcConnectedRP', '_oidcConsents' ],
'notificationStorage' => 'File',
'notificationStorageOptions' => {
'dirName' => '/var/lib/lemonldap-ng/notifications'
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
index e76250c00382c153e8f3fede98ae7f954b7aaae4..f40828ab4e3001af727d45f43130f08038ec0eaa 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@@ -1603,7 +1603,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
},
'mySessionAuthorizedRWKeys' => {
'default' =>
- [ '_appsListOrder', '_oidcConnectedRP', '_oidc_consent_*' ],
+ [ '_appsListOrder', '_oidcConnectedRP', '_oidcConsents' ],
'type' => 'array'
},
'nginxCustomHandlers' => {
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
index 6357f1a543444710b025d12504c88c6bd3dc2759..d80cee2ce0222170748c932e2a53c8eeb329e3ad 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@@ -229,7 +229,7 @@ sub attributes {
type => 'array',
documentation => 'Alterable session keys by user itself',
default =>
- [ '_appsListOrder', '_oidcConnectedRP', '_oidc_consent_*' ],
+ [ '_appsListOrder', '_oidcConnectedRP', '_oidcConsents' ],
},
configStorage => {
type => 'text',
diff --git a/lemonldap-ng-manager/site/coffee/sessions.coffee b/lemonldap-ng-manager/site/coffee/sessions.coffee
index 3acae3f17ebd482c82eaddcb31309ffb72629018..741dacd4bae8a10ae6a30d1660fe6f71f7153978 100644
--- a/lemonldap-ng-manager/site/coffee/sessions.coffee
+++ b/lemonldap-ng-manager/site/coffee/sessions.coffee
@@ -85,6 +85,7 @@ categories =
BrowserID: ['_browserIdAnswer', '_browserIdAnswerRaw']
OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token']
sfaTitle: ['_2fDevices']
+ oidcConsents: ['_oidcConsents']
# Menu entries
menu =
@@ -200,7 +201,7 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
pattern = /^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})$/
arrayDate = value.match(pattern)
session[key] = "#{arrayDate[3]}/#{arrayDate[2]}/#{arrayDate[1]} à #{arrayDate[4]}:#{arrayDate[5]}:#{arrayDate[6]}"
-
+
res = []
# 2. Push session keys in result, grouped by categories
@@ -213,6 +214,7 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
title: "type"
value: "name"
epoch: "date"
+ td: "0"
array = JSON.parse(session[attr])
for sfDevice in array
for key, value of sfDevice
@@ -226,6 +228,28 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
title: title
value: name
epoch: epoch
+ td: "1"
+ delete session[attr]
+ else if session[attr].toString().match(/"rp":\s*"[\w-]+"/)
+ subres.push
+ title: "rp"
+ value: "scope"
+ epoch: "date"
+ td: "0"
+ array = JSON.parse(session[attr])
+ for oidcConsent in array
+ for key, value of oidcConsent
+ if key == 'rp'
+ title = value
+ if key == 'scope'
+ name = value
+ if key == 'epoch'
+ epoch = value
+ subres.push
+ title: title
+ value: name
+ epoch: epoch
+ td: "1"
delete session[attr]
else if session[attr].toString().match(/\w+/)
subres.push
diff --git a/lemonldap-ng-manager/site/htdocs/static/forms/oidcOPMetaDataNodeContainer.html b/lemonldap-ng-manager/site/htdocs/static/forms/oidcOPMetaDataNodeContainer.html
index fddadd325374b7d2afd438142ba9731a40a67c8f..49cc9d4759ec7e3233c09c819a6b385435092e93 100644
--- a/lemonldap-ng-manager/site/htdocs/static/forms/oidcOPMetaDataNodeContainer.html
+++ b/lemonldap-ng-manager/site/htdocs/static/forms/oidcOPMetaDataNodeContainer.html
@@ -4,7 +4,7 @@
- |
+ | |
diff --git a/lemonldap-ng-manager/site/htdocs/static/forms/oidcRPMetaDataNodeContainer.html b/lemonldap-ng-manager/site/htdocs/static/forms/oidcRPMetaDataNodeContainer.html
index 83e1e2a57c4eff99bbd65edf920be6b8e886f86f..9a958fa359cbc65538bc110e59d4dea0abf710ee 100644
--- a/lemonldap-ng-manager/site/htdocs/static/forms/oidcRPMetaDataNodeContainer.html
+++ b/lemonldap-ng-manager/site/htdocs/static/forms/oidcRPMetaDataNodeContainer.html
@@ -4,7 +4,7 @@
- |
+ | |
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/sessions.js b/lemonldap-ng-manager/site/htdocs/static/js/sessions.js
index 4aa600b9ef27ef878a1e039ecbe0f08b75e2978e..983357a1842edfcfb73c7bfc6f389f3aba4a9b6f 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/sessions.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/sessions.js
@@ -101,7 +101,8 @@
ldap: ['dn'],
BrowserID: ['_browserIdAnswer', '_browserIdAnswerRaw'],
OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token'],
- sfaTitle: ['_2fDevices']
+ sfaTitle: ['_2fDevices'],
+ oidcConsents: ['_oidcConsents']
};
menu = {
@@ -186,7 +187,7 @@
$scope.displaySession = function(scope) {
var sessionId, transformSession;
transformSession = function(session) {
- var _insert, _stToStr, array, arrayDate, attr, attrs, category, epoch, i, id, j, k, key, l, len, len1, len2, len3, m, name, pattern, ref, ref1, res, sfDevice, subres, time, title, tmp, value;
+ var _insert, _stToStr, array, arrayDate, attr, attrs, category, epoch, i, id, j, k, key, l, len, len1, len2, len3, len4, m, name, o, oidcConsent, pattern, ref, ref1, res, sfDevice, subres, time, title, tmp, value;
_stToStr = function(s) {
return s;
};
@@ -246,7 +247,8 @@
subres.push({
title: "type",
value: "name",
- epoch: "date"
+ epoch: "date",
+ td: "0"
});
array = JSON.parse(session[attr]);
for (j = 0, len1 = array.length; j < len1; j++) {
@@ -266,7 +268,38 @@
subres.push({
title: title,
value: name,
- epoch: epoch
+ epoch: epoch,
+ td: "1"
+ });
+ }
+ delete session[attr];
+ } else if (session[attr].toString().match(/"rp":\s*"[\w-]+"/)) {
+ subres.push({
+ title: "rp",
+ value: "scope",
+ epoch: "date",
+ td: "0"
+ });
+ array = JSON.parse(session[attr]);
+ for (k = 0, len2 = array.length; k < len2; k++) {
+ oidcConsent = array[k];
+ for (key in oidcConsent) {
+ value = oidcConsent[key];
+ if (key === 'rp') {
+ title = value;
+ }
+ if (key === 'scope') {
+ name = value;
+ }
+ if (key === 'epoch') {
+ epoch = value;
+ }
+ }
+ subres.push({
+ title: title,
+ value: name,
+ epoch: epoch,
+ td: "1"
});
}
delete session[attr];
@@ -297,8 +330,8 @@
tmp = [];
if (session._loginHistory.successLogin) {
ref = session._loginHistory.successLogin;
- for (k = 0, len2 = ref.length; k < len2; k++) {
- l = ref[k];
+ for (m = 0, len3 = ref.length; m < len3; m++) {
+ l = ref[m];
tmp.push({
t: l._utime,
title: $scope.localeDate(l._utime),
@@ -308,8 +341,8 @@
}
if (session._loginHistory.failedLogin) {
ref1 = session._loginHistory.failedLogin;
- for (m = 0, len3 = ref1.length; m < len3; m++) {
- l = ref1[m];
+ for (o = 0, len4 = ref1.length; o < len4; o++) {
+ l = ref1[o];
tmp.push({
t: l._utime,
title: $scope.localeDate(l._utime),
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js b/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js
index a645a21203351a068c3eb87d597be5ab9ac499e3..5a5afd96823ab17917d809dc6fe30d886f5762f2 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js
@@ -1 +1 @@
-(function(){var categories,hiddenAttributes,llapp,max,menu,overScheme,schemes;max=25;schemes={_whatToTrace:[function(t,v){return"groupBy=substr("+t+",1)"},function(t,v){return t+"="+v+"*&groupBy="+t},function(t,v){return t+"="+v}],ipAddr:[function(t,v){return"groupBy=net("+t+",16,1)"},function(t,v){if(!v.match(/:/)){v=v+"."}return t+"="+v+"*&groupBy=net("+t+",32,2)"},function(t,v){if(!v.match(/:/)){v=v+"."}return t+"="+v+"*&groupBy=net("+t+",48,3)"},function(t,v){if(!v.match(/:/)){v=v+"."}return t+"="+v+"*&groupBy=net("+t+",128,4)"},function(t,v){return t+"="+v+"&groupBy=_whatToTrace"},function(t,v,q){return q.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+v)}],_startTime:[function(t,v){return"groupBy=substr("+t+",8)"},function(t,v){return t+"="+v+"*&groupBy=substr("+t+",10)"},function(t,v){return t+"="+v+"*&groupBy=substr("+t+",11)"},function(t,v){return t+"="+v+"*&groupBy=substr("+t+",12)"},function(t,v){return t+"="+v+"*&groupBy=_whatToTrace"},function(t,v,q){console.log(t);console.log(v);console.log(q);return q.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+v)}],doubleIp:[function(t,v){return t},function(t,v){return"_whatToTrace="+v+"&groupBy=ipAddr"},function(t,v,q){return q.replace(/\&groupBy.*$/,"")+("&ipAddr="+v)}]};overScheme={_whatToTrace:function(t,v,level,over){if(level===1){return t+"="+v+"*&groupBy=substr("+t+","+(level+over+1)+")"}else{return null}},ipAddr:function(t,v,level,over){if(level>0&&level<4){return t+"="+v+"*&groupBy=net("+t+","+(16*level+4*(over+1))+",2)"}else{return null}}};hiddenAttributes="_password";categories={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"],sfaTitle:["_2fDevices"]};menu={session:[{title:"deleteSession",icon:"trash"}],home:[]};llapp=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);llapp.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function($scope,$translator,$location,$q,$http){var autoId,c,pathEvent,sessionType;$scope.links=links;$scope.menulinks=menulinks;$scope.staticPrefix=staticPrefix;$scope.scriptname=scriptname;$scope.formPrefix=formPrefix;$scope.availableLanguages=availableLanguages;$scope.waiting=true;$scope.showM=false;$scope.showT=true;$scope.data=[];$scope.currentScope=null;$scope.currentSession=null;$scope.menu=menu;$scope.translateP=$translator.translateP;$scope.translate=$translator.translate;$scope.translateTitle=function(node){return $translator.translateField(node,"title")};sessionType="global";$scope.menuClick=function(button){if(button.popup){window.open(button.popup)}else{if(!button.action){button.action=button.title}switch(typeof button.action){case"function":button.action($scope.currentNode,$scope);break;case"string":$scope[button.action]();break;default:console.log(typeof button.action)}}return $scope.showM=false};$scope.deleteSession=function(){$scope.waiting=true;return $http["delete"](scriptname+"sessions/"+sessionType+"/"+$scope.currentSession.id).then(function(response){$scope.currentSession=null;$scope.currentScope.remove();return $scope.waiting=false},function(resp){$scope.currentSession=null;$scope.currentScope.remove();return $scope.waiting=false})};$scope.stoggle=function(scope){var node;node=scope.$modelValue;if(node.nodes.length===0){$scope.updateTree(node.value,node.nodes,node.level,node.over,node.query,node.count)}return scope.toggle()};$scope.displaySession=function(scope){var sessionId,transformSession;transformSession=function(session){var _insert,_stToStr,array,arrayDate,attr,attrs,category,epoch,i,id,j,k,key,l,len,len1,len2,len3,m,name,pattern,ref,ref1,res,sfDevice,subres,time,title,tmp,value;_stToStr=function(s){return s};_insert=function(re,title){var key,reg,tmp,value;tmp=[];reg=new RegExp(re);for(key in session){value=session[key];if(key.match(reg)&&value){tmp.push({title:key,value:value});delete session[key]}}if(tmp.length>0){return res.push({title:title,nodes:tmp})}};time=session._utime;id=session._session_id;for(key in session){value=session[key];if(!value){delete session[key]}else{if(typeof session==="string"&&value.match(/; /)){session[key]=value.split("; ")}if(typeof session[key]!=="object"){if(hiddenAttributes.match(new RegExp("\b"+key+"\b"))){session[key]="********"}else if(key.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){session[key]=$scope.localeDate(value)}else if(key.match(/^(_startTime|_updateTime)$/)){value=_stToStr(value);pattern=/^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})$/;arrayDate=value.match(pattern);session[key]=arrayDate[3]+"/"+arrayDate[2]+"/"+arrayDate[1]+" à "+arrayDate[4]+":"+arrayDate[5]+":"+arrayDate[6]}}}}res=[];for(category in categories){attrs=categories[category];subres=[];for(i=0,len=attrs.length;i0){res.push({title:"__"+category+"__",nodes:subres})}}_insert("^openid","OpenID");_insert("^notification_(.+)","__notificationsDone__");if(session._loginHistory){tmp=[];if(session._loginHistory.successLogin){ref=session._loginHistory.successLogin;for(k=0,len2=ref.length;kb.title){return 1}else if(a.titlemax&&overScheme[$scope.type]){if(tmp=overScheme[$scope.type]($scope.type,value,level,over,currentQuery)){over++;query=tmp;level=level-1}else{over=0}}else{over=0}return $http.get(scriptname+"sessions/"+sessionType+"?"+query).then(function(response){var data,i,len,n,ref;data=response.data;if(data.result){ref=data.values;for(i=0,len=ref.length;i0&&level<4){return t+"="+v+"*&groupBy=net("+t+","+(16*level+4*(over+1))+",2)"}else{return null}}};hiddenAttributes="_password";categories={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"],sfaTitle:["_2fDevices"],oidcConsents:["_oidcConsents"]};menu={session:[{title:"deleteSession",icon:"trash"}],home:[]};llapp=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);llapp.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function($scope,$translator,$location,$q,$http){var autoId,c,pathEvent,sessionType;$scope.links=links;$scope.menulinks=menulinks;$scope.staticPrefix=staticPrefix;$scope.scriptname=scriptname;$scope.formPrefix=formPrefix;$scope.availableLanguages=availableLanguages;$scope.waiting=true;$scope.showM=false;$scope.showT=true;$scope.data=[];$scope.currentScope=null;$scope.currentSession=null;$scope.menu=menu;$scope.translateP=$translator.translateP;$scope.translate=$translator.translate;$scope.translateTitle=function(node){return $translator.translateField(node,"title")};sessionType="global";$scope.menuClick=function(button){if(button.popup){window.open(button.popup)}else{if(!button.action){button.action=button.title}switch(typeof button.action){case"function":button.action($scope.currentNode,$scope);break;case"string":$scope[button.action]();break;default:console.log(typeof button.action)}}return $scope.showM=false};$scope.deleteSession=function(){$scope.waiting=true;return $http["delete"](scriptname+"sessions/"+sessionType+"/"+$scope.currentSession.id).then(function(response){$scope.currentSession=null;$scope.currentScope.remove();return $scope.waiting=false},function(resp){$scope.currentSession=null;$scope.currentScope.remove();return $scope.waiting=false})};$scope.stoggle=function(scope){var node;node=scope.$modelValue;if(node.nodes.length===0){$scope.updateTree(node.value,node.nodes,node.level,node.over,node.query,node.count)}return scope.toggle()};$scope.displaySession=function(scope){var sessionId,transformSession;transformSession=function(session){var _insert,_stToStr,array,arrayDate,attr,attrs,category,epoch,i,id,j,k,key,l,len,len1,len2,len3,len4,m,name,o,oidcConsent,pattern,ref,ref1,res,sfDevice,subres,time,title,tmp,value;_stToStr=function(s){return s};_insert=function(re,title){var key,reg,tmp,value;tmp=[];reg=new RegExp(re);for(key in session){value=session[key];if(key.match(reg)&&value){tmp.push({title:key,value:value});delete session[key]}}if(tmp.length>0){return res.push({title:title,nodes:tmp})}};time=session._utime;id=session._session_id;for(key in session){value=session[key];if(!value){delete session[key]}else{if(typeof session==="string"&&value.match(/; /)){session[key]=value.split("; ")}if(typeof session[key]!=="object"){if(hiddenAttributes.match(new RegExp("\b"+key+"\b"))){session[key]="********"}else if(key.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){session[key]=$scope.localeDate(value)}else if(key.match(/^(_startTime|_updateTime)$/)){value=_stToStr(value);pattern=/^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})$/;arrayDate=value.match(pattern);session[key]=arrayDate[3]+"/"+arrayDate[2]+"/"+arrayDate[1]+" à "+arrayDate[4]+":"+arrayDate[5]+":"+arrayDate[6]}}}}res=[];for(category in categories){attrs=categories[category];subres=[];for(i=0,len=attrs.length;i0){res.push({title:"__"+category+"__",nodes:subres})}}_insert("^openid","OpenID");_insert("^notification_(.+)","__notificationsDone__");if(session._loginHistory){tmp=[];if(session._loginHistory.successLogin){ref=session._loginHistory.successLogin;for(m=0,len3=ref.length;mb.title){return 1}else if(a.titlemax&&overScheme[$scope.type]){if(tmp=overScheme[$scope.type]($scope.type,value,level,over,currentQuery)){over++;query=tmp;level=level-1}else{over=0}}else{over=0}return $http.get(scriptname+"sessions/"+sessionType+"?"+query).then(function(response){var data,i,len,n,ref;data=response.data;if(data.result){ref=data.values;for(i=0,len=ref.length;i
-
{{translate(node.title)}} |
- {{node.title}} |
- {{translate(node.value)}} |
- {{node.value}} |
- {{translate(node.epoch)}} |
- {{localeDate(node.epoch)}} |
+ {{translate(node.title)}} |
+ {{node.title}} |
+ {{translate(node.value)}} |
+ {{node.value}} |
+ {{translate(node.epoch)}} |
+ {{localeDate(node.epoch)}} |
-
+
diff --git a/lemonldap-ng-manager/site/templates/sessions.tpl b/lemonldap-ng-manager/site/templates/sessions.tpl
index 8d4fff54095d8874b4d20c880657764aec956f38..3d2fb625cb7b2d87b07ce4060c292f28704f6613 100644
--- a/lemonldap-ng-manager/site/templates/sessions.tpl
+++ b/lemonldap-ng-manager/site/templates/sessions.tpl
@@ -91,14 +91,13 @@
|
-
{{translate(node.title)}} |
- ${{node.title}} |
- {{node.title}} |
- {{translate(node.value)}} |
- {{node.value}} |
- {{translate(node.epoch)}} |
- {{localeDate(node.epoch)}} |
- |
+ {{translate(node.title)}} |
+ {{node.title}} |
+ {{translate(node.value)}} |
+ {{node.value}} |
+ {{translate(node.epoch)}} |
+ {{localeDate(node.epoch)}} |
+ |
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm
index b0969591568b8f16a26918397960c09d7f316fa2..e9b5f8ba229c238b0fcbcf56e833e980ee909db9 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm
@@ -32,11 +32,12 @@ Use any of Plack launcher. Example:
=head1 DESCRIPTION
Lemonldap::NG is a modular Web-SSO based on Apache::Session modules. It
-simplifies the build of a protected area with a few changes in the application.
+provides an easy way to build a secured area to protect applications with
+very few changes.
-It manages both authentication and authorization and provides headers for
-accounting. So you can have a full AAA protection for your web space as
-described below.
+Lemonldap::NG manages both authentication and authorization. Furthermore
+it provides headers for accounting. So you can have a full AAA protection
+for your web space as described below.
Lemonldap::NG::Portal provides portal components. See
L for more.
@@ -44,16 +45,16 @@ L for more.
=head1 KINEMATICS
The portal object is based on L: underlying
-handler tries to authenticate user and then follow the routes (auth/unauth)
-declared during initialization.
+handler tries to authenticate user and follows initialized auth / unauth
+routes.
=head2 Initialization
-The initialisation process subscribes portal to handler configuration reload and
-ask for handler initialization (L).
-So configuration read is triggered by handler at each reload.
+Initialization process subscribes portal to handler configuration reload and
+requests handler initialization (L).
+So configuration is read by handler at each reload.
-During configuration reload, every enabled components are loaded as plugins:
+During configuration reload, each enabled components are loaded as plugins:
=over
@@ -65,7 +66,7 @@ During configuration reload, every enabled components are loaded as plugins:
=back
-init() is called for each plugin. If one plugin initialization fails (init()
+init() is called for each plugin. If a plugin initialization fails (init()
returns 0), the portal responds a 500 status code for each request.
See L to see how to write modules.
@@ -73,7 +74,7 @@ See L to see how to write modules.
=head2 Main route
The "/" route is declared in L. It points to
-different methods in L. Theses methods choose
+different methods in L. Theses methods select
methods to call in the process and call do().
do() stores methods to call in $req->steps and launches
@@ -81,18 +82,18 @@ Lemonldap::NG::Portal::Main::Process::process(). This method removes each method
stored in $req->steps and launches it. If the result is PE_OK, process()
continues, else it returns the error code.
-If the request was an Ajax one, do() responds in JSON format else it manages
+If it is an Ajax request, do() responds in JSON format else it manages
redirection if any. Else it calls
-Lemonldap::NG::Portal::Main::Display::display() to have template and arguments,
-then it launch Lemonldap::NG::Common::PSGI::sendHtml() with them.
+Lemonldap::NG::Portal::Main::Display::display() to load template and arguments,
+and launches Lemonldap::NG::Common::PSGI::sendHtml() using them.
=head1 DEVELOPER INSTRUCTIONS
Portal main object is defined in Lemonldap::NG::Portal::Main::* classes. Other
-components are plugins. Plugins must not store any hash key in the main object.
+components are plugins. Plugins do not have to store any hash key in main object.
-Main and plugin keys must be initializated during initialization. They must
-be read-only during receiving requests.
+Main and plugin keys must be set during initialization process. They must
+be read-only during requests receiving.
The L request has fixed keys. A plugin
that wants to store a temporary key must store it in C<$req-Edata> or use
@@ -100,10 +101,11 @@ defined keys, but it must never create a root key. Plugin keys may have
explicit names to avoid conflicts.
Whole configuration is always available. It is stored in $self->conf. It must
-not be modified by anyone even during initialization or receiving request
-(during initialization, copy the value in the plugin namespace instead).
+not be modified by any components even during initialization process or
+receiving request (during initialization, copy the value in the plugin
+namespace instead).
-All plugins can dial with the portal methods using $self->p which points to
+All plugins can access to portal methods using $self->p which points to
portal main object. Some main methods are mapped to the plugin namespace:
=over
@@ -118,8 +120,7 @@ portal main object. Some main methods are mapped to the plugin namespace:
=head1 SEE ALSO
-Most of the documentation is available on the website
-L
+Most of the documentation is available on L website
=head2 OTHER POD FILES
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
index ace9c3933c06f3b92420d51d423a0a7001e1f4e5..609b17b6741cbdbaeb1965b49a2c7eabab9e22aa 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
@@ -178,9 +178,6 @@ sub run {
foreach ( @{ $req->data->{crypter} } ) {
my $k = push @rk,
{ keyHandle => $_->{keyHandle}, version => $data->{version} };
-
- #{ keyHandle => $_->{keyHandle}, version => $challenge->{version} };
-
}
# Serialize data
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
index dd6159e67e8e8c86639f90a1ec72e1fbdcb7afcf..d422c68cabc12faafb5e660a4c077947d6ced4ff 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
@@ -1,7 +1,7 @@
package Lemonldap::NG::Portal::Issuer::OpenIDConnect;
use strict;
-use JSON;
+use JSON qw(from_json to_json);
use Mouse;
use Lemonldap::NG::Common::FormEncode;
use Lemonldap::NG::Portal::Main::Constants qw(
@@ -118,7 +118,7 @@ sub run {
# AUTHORIZE
if ( $path eq $self->conf->{oidcServiceMetaDataAuthorizeURI} ) {
$self->logger->debug(
- "URL detected as an OpenID Connect AUTHORIZE URL");
+ "URL detected as an OpenID Connect AUTHORIZE URL");
# Get and save parameters
my $oidc_request = {};
@@ -211,15 +211,15 @@ sub run {
return PE_UNAUTHORIZEDPARTNER;
}
else {
- $self->logger->debug("Client id $client_id match RP $rp");
+ $self->logger->debug("Client id $client_id matches RP $rp");
}
- # Check if this RP is authorizated
+ # Check if this RP is authorized
if ( my $rule = $self->spRules->{$rp} ) {
unless ( $rule->( $req, $req->sessionInfo ) ) {
$self->userLogger->warn( 'User '
. $req->sessionInfo->{ $self->conf->{whatToTrace} }
- . "was not authorizated to access to $rp" );
+ . "was not authorized to access to $rp" );
return PE_UNAUTHORIZEDPARTNER;
}
}
@@ -288,7 +288,7 @@ sub run {
)
{
$self->logger->debug(
-"Reauthentication requested by Relying Party in prompt parameter"
+"Reauthentication required by Relying Party in prompt parameter"
);
return $self->reAuth($req);
}
@@ -297,7 +297,7 @@ sub run {
my $_lastAuthnUTime = $req->{sessionInfo}->{_lastAuthnUTime};
if ( $max_age && time > $_lastAuthnUTime + $max_age ) {
$self->logger->debug(
-"Reauthentication forced cause authentication time ($_lastAuthnUTime) is too old (>$max_age s)"
+"Reauthentication forced because authentication time ($_lastAuthnUTime) is too old (>$max_age s)"
);
return $self->reAuth($req);
}
@@ -320,11 +320,11 @@ sub run {
)
{
$self->logger->error(
- "Request JWT signature could not be verified");
+ "JWT signature request can not be verified");
return PE_ERROR;
}
else {
- $self->logger->debug("Request JWT signature verified");
+ $self->logger->debug("JWT signature request verified");
}
}
@@ -343,12 +343,12 @@ sub run {
my $user_id = $req->{sessionInfo}->{$user_id_attribute};
unless ( $sub eq $user_id ) {
$self->userLogger->error(
- "ID Token hint sub $sub do not match user $user_id");
+ "ID Token hint sub $sub does not match user $user_id");
return $self->returnRedirectError(
$req,
$oidc_request->{'redirect_uri'},
'invalid_request',
- "current user do not match id_token_hint sub",
+ "Current user does not match id_token_hint sub",
undef,
$oidc_request->{'state'},
( $flow ne "authorizationcode" )
@@ -356,7 +356,7 @@ sub run {
}
else {
$self->logger->debug(
- "ID Token hint sub $sub match current user");
+ "ID Token hint sub $sub matches current user");
}
}
@@ -365,19 +365,64 @@ sub run {
->{oidcRPMetaDataOptionsBypassConsent};
if ($bypassConsent) {
$self->logger->debug(
- "Consent is disabled for RP $rp, user will not be prompted"
+"Consent is disabled for Relying Party $rp, user will not be prompted"
);
}
else {
my $ask_for_consent = 1;
- if ( $req->{sessionInfo}->{"_oidc_consent_time_$rp"}
- and $req->{sessionInfo}->{"_oidc_consent_scope_$rp"} )
- {
+ my $_oidcConsents;
+ my @RPoidcConsent = ();
+
+ # Loading existing oidcConsents
+ $self->logger->debug("Looking for OIDC Consents ...");
+
+ if ( $req->{sessionInfo}->{_oidcConsents} ) {
+ $_oidcConsents = eval {
+ from_json( $req->{sessionInfo}->{_oidcConsents},
+ { allow_nonref => 1 } );
+ };
+ if ($@) {
+ $self->logger->error(
+ "Corrupted session (_oidcConsents): $@");
+ return PE_ERROR;
+ }
+ }
+ else {
+ $self->logger->debug("No OIDC Consent found");
+ $_oidcConsents = [];
+ }
+
+ ############
+ ### Exclude revoked consents
+ #my @keep = ();
+ #while (@$_oidcConsents) {
+ # my $element = shift @$_oidcConsents;
+ # $self->logger->debug(
+ # "Looking for revoked consents to delete ...");
+ # push @keep, $element
+ # if ( defined $element->{rp}
+ # and defined $element->{epoch}
+ # and defined $element->{scope} );
+ #}
+ #@$_oidcConsents = @keep;
+
+ ############
+
+ # Read existing RP
+ @RPoidcConsent = grep { $_->{rp} eq $rp } @$_oidcConsents;
+ unless (@RPoidcConsent) {
+ $self->logger->debug("No Relying Party $rp Consent found");
+
+ # Set default value
+ push @RPoidcConsent,
+ { rp => $rp, epoch => '', scope => '' };
+ }
+
+ if ( $RPoidcConsent[0]{rp} eq $rp ) {
$ask_for_consent = 0;
- my $consent_time =
- $req->{sessionInfo}->{"_oidc_consent_time_$rp"};
- my $consent_scope =
- $req->{sessionInfo}->{"_oidc_consent_scope_$rp"};
+
+ my $consent_time = $RPoidcConsent[0]{epoch};
+ my $consent_scope = $RPoidcConsent[0]{scope};
$self->logger->debug(
"Consent already given for Relying Party $rp (time: $consent_time, scope: $consent_scope)"
@@ -408,15 +453,25 @@ sub run {
if ( $req->param('confirm')
and $req->param('confirm') == 1 )
{
+ #############
+ #$self->p->updatePersistentSession( $req,
+ #{ "_oidc_consent_time_$rp" => time } );
+ #$self->p->updatePersistentSession(
+ #$req,
+ #{
+ #"_oidc_consent_scope_$rp" =>
+ #$oidc_request->{'scope'}
+ #}
+ #);
+ #############
+ $RPoidcConsent[0]{epoch} = time;
+ $RPoidcConsent[0]{scope} = $oidc_request->{'scope'};
+ push @{$_oidcConsents}, @RPoidcConsent;
+ $self->logger->debug(
+ "Append Relying Party $rp Consent");
$self->p->updatePersistentSession( $req,
- { "_oidc_consent_time_$rp" => time } );
- $self->p->updatePersistentSession(
- $req,
- {
- "_oidc_consent_scope_$rp" =>
- $oidc_request->{'scope'}
- }
- );
+ { _oidcConsents => to_json($_oidcConsents) } );
+
$self->logger->debug(
"Consent given for Relying Party $rp");
}
@@ -437,12 +492,13 @@ sub run {
}
else {
$self->logger->debug(
- "Obtain user consent for Relying Party $rp");
+ "Request user consent for Relying Party $rp");
# Return error if prompt is none
if ( $prompt and $prompt =~ /\bnone\b/ ) {
$self->logger->debug(
- "Consent is needed but prompt is none");
+ "Consent is requiered but prompt is set to none"
+ );
return $self->returnRedirectError(
$req,
$oidc_request->{'redirect_uri'},
@@ -776,7 +832,7 @@ sub run {
return PE_REDIRECT;
}
- $self->logger->debug("No flow has been selected");
+ $self->logger->debug("None flow has been selected");
return PE_OK;
}
@@ -898,7 +954,7 @@ sub token {
return $self->p->sendError( $req, 'invalid_request', 400 );
}
else {
- $self->logger->debug("Client id $client_id match RP $rp");
+ $self->logger->debug("Client id $client_id match Relying Party $rp");
}
# Check client_secret
@@ -924,7 +980,7 @@ sub token {
# Check we have the same redirect_uri value
unless ( $req->param("redirect_uri") eq $codeSession->data->{redirect_uri} )
{
- $self->userLogger->error( "Provided redirect_uri is different from "
+ $self->userLogger->error( "Provided redirect_uri does not match "
. $codeSession->{redirect_uri} );
return $self->p->sendError( $req, 'invalid_request', 400 );
}
@@ -1290,7 +1346,7 @@ sub logout {
foreach my $rp (@rps) {
my $rpConf = $self->conf->{oidcRPMetaDataOptions}->{$rp};
unless ($rpConf) {
- $self->logger->error("Unknown RP $rp");
+ $self->logger->error("Unknown Relying Party $rp");
return PE_ERROR;
}
if ( my $url = $rpConf->{oidcRPMetaDataOptionsLogoutUrl} ) {
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
index 7e30aaa5d508a76f528b6b1752b1aaa025baf6ec..e249dc417f68ec274f0e87cd458bf70343dfb385 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@@ -7,6 +7,7 @@ our $VERSION = '2.0.0';
package Lemonldap::NG::Portal::Main;
use strict;
use Mouse;
+use JSON;
has skinRules => ( is => 'rw' );
@@ -521,19 +522,50 @@ sub mkOidcConsent {
}
}
- my $consents = {};
+ # Loading existing oidcConsents
+ $self->logger->debug("Loading OIDC Consents ...");
+ my $_consents;
+ if ( exists $session->{_oidcConsents} ) {
+ $_consents = eval {
+ from_json( $session->{_oidcConsents}, { allow_nonref => 1 } );
+ };
+ if ($@) {
+ $self->logger->error("Corrupted session (_oidcConsents): $@");
+ return PE_ERROR;
+ }
+ }
+ else {
+ $self->logger->debug("No OIDC Consent found");
- foreach ( keys %$session ) {
- if ( $_ =~ /_oidc_consent_time_(.+)$/ ) {
- $consents->{$1}->{time} = $session->{ "_oidc_consent_time_" . $1 };
- $consents->{$1}->{scope} =
- $session->{ "_oidc_consent_scope_" . $1 };
- $consents->{$1}->{displayName} =
- $self->conf->{oidcRPMetaDataOptions}->{$1}
- ->{oidcRPMetaDataOptionsDisplayName};
+ #$_oidcConsents = [];
+ }
+
+ my $consents = {};
+#####################
+
+ foreach (@$_consents) {
+ if ( defined $_->{rp} ) {
+ my $rp = $_->{rp};
+ $self->logger->debug("RP { $rp } Consent found");
+ $consents->{$rp}->{epoch} = $_->{epoch};
+ $consents->{$rp}->{scope} = $_->{scope};
+ $consents->{$rp}->{displayName} =
+ $self->conf->{oidcRPMetaDataOptions}->{$rp}->{oidcRPMetaDataOptionsDisplayName};
}
}
+ #foreach ( keys %$session ) {
+ #if ( $_ =~ /_oidc_consent_time_(.+)$/ ) {
+ #$consents->{$1}->{time} = $session->{ "_oidc_consent_time_" . $1 };
+ #$consents->{$1}->{scope} =
+ #$session->{ "_oidc_consent_scope_" . $1 };
+ #$consents->{$1}->{displayName} =
+ #$self->conf->{oidcRPMetaDataOptions}->{$1}
+ #->{oidcRPMetaDataOptionsDisplayName};
+ #}
+ #}
+#####################
+
return $self->loadTemplate(
'oidcConsents',
params => {
@@ -541,7 +573,7 @@ sub mkOidcConsent {
map {
{
name => $_,
- time => $consents->{$_}->{time},
+ epoch => $consents->{$_}->{epoch},
scope => $consents->{$_}->{scope},
displayName => $consents->{$_}->{displayName}
}
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDC.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDC.pm
index 2e7d3275d6fc42218c1c9a436d3f0abf01441b3e..ed68063f3e8f43925d0a7e0f429534c50f1d9ca9 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDC.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDC.pm
@@ -1,4 +1,4 @@
-package Lemonldap::NG::Portal::CDC;
+package Lemonldap::NG::Portal::Plugins::CDC;
use strict;
use Mouse;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm
index 955c714584db8e6b65f83a2103a228f946f8d52c..6093673e11a9c1f97a5fd02ee5c2fd070fe46432 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm
@@ -45,6 +45,7 @@ package Lemonldap::NG::Portal::Plugins::RESTServer;
use strict;
use Mouse;
+use JSON qw(from_json to_json);
use MIME::Base64;
our $VERSION = '2.0.0';
@@ -351,7 +352,8 @@ sub mysession {
sub getMyKey {
my ( $self, $req, $key ) = @_;
- $self->logger->debug('Request to get personal session info');
+ $key ||= '';
+ $self->logger->debug("Request to get personal session info -> Key : $key");
return $self->session(
$req,
$req->userData->{_session_id},
@@ -384,6 +386,8 @@ sub updateMySession {
push @$mKeys, $key;
$self->p->updatePersistentSession( $req,
{ $key => $v } );
+ $self->logger->debug(
+ "Request to update session -> Key : $key");
}
}
}
@@ -407,6 +411,7 @@ sub delKeyInMySession {
my $res = 0;
my $mKeys = [];
my $dkey = $req->param('key');
+ my $sub = $req->param('sub');
if ( my $token = $req->param('token') ) {
if ( $self->ott->getToken($token) ) {
if ( $req->param('sessionType') eq 'persistent' ) {
@@ -424,8 +429,51 @@ sub delKeyInMySession {
}
}
if ($res) {
- $self->p->updatePersistentSession( $req,
- { $dkey => undef } );
+ if ( $dkey !~ /^_oidcConsents$/ ) {
+ $self->p->updatePersistentSession( $req,
+ { $dkey => undef } );
+ $self->logger->debug(
+ "Update session -> delete Key : $dkey");
+ }
+ elsif ( $dkey =~ /^_oidcConsents$/ and defined $sub ) {
+
+ # Read existing oidcConsents
+ $self->logger->debug("Looking for OIDC Consents ...");
+ my $_oidcConsents;
+ if ( $req->userData->{_oidcConsents} ) {
+ $_oidcConsents = eval {
+ from_json( $req->userData->{_oidcConsents},
+ { allow_nonref => 1 } );
+ };
+ if ($@) {
+ $self->logger->error(
+ "Corrupted session (_oidcConsents): $@");
+ return $self->p->sendError( $req,
+ "Corrupted session", 500 );
+ }
+ }
+ else {
+ $self->logger->debug("No OIDC Consent found");
+ $_oidcConsents = [];
+ }
+ my @keep = ();
+ while (@$_oidcConsents) {
+ my $element = shift @$_oidcConsents;
+ $self->logger->debug(
+ "Looking for OIDC Consent to delete ...");
+ push @keep, $element
+ unless ( $element->{rp} eq $sub );
+ }
+ $self->p->updatePersistentSession( $req,
+ { _oidcConsents => to_json( \@keep ) } );
+ $self->logger->debug(
+"Update session -> delete Key : $dkey with Sub : $sub"
+ );
+ }
+ else {
+ $self->logger->error(
+ 'Update session request with invalid Key or Sub');
+ }
}
}
}
diff --git a/lemonldap-ng-portal/site/coffee/portal.coffee b/lemonldap-ng-portal/site/coffee/portal.coffee
index 37802a9ef65fd51a32aa43a676b20d0c7ad1c583..ae8bcc9fb9e3d30b2a15533e82311ecd5887d4ac 100644
--- a/lemonldap-ng-portal/site/coffee/portal.coffee
+++ b/lemonldap-ng-portal/site/coffee/portal.coffee
@@ -54,7 +54,7 @@ getValues = () ->
# ----------------------------------------
setSelector = "#appslist"
-# Function that writes the list order to session (network errors ignored)
+# Function to write the sorted apps list to session (network errors ignored)
setOrder = ->
setKey '_appsListOrder', $(setSelector).sortable("toArray").join()
@@ -71,15 +71,11 @@ removeOidcConsent = (partner) ->
# alert "#{s} #{e}"
e = (j,s,e) ->
alert "#{s} #{e}"
- delKey "_oidc_consent_time_#{partner}"
+ delKey "_oidcConsents",partner
# Success
, () ->
- delKey "_oidc_consent_scope_#{partner}"
- # Success
- , () ->
- $("[partner='#{partner}']").hide()
- # Error
- , e
+ $("[partner='#{partner}']").hide()
+ # Error
, e
# Function used by setOrder() and removeOidcConsent() to push new values
@@ -104,7 +100,7 @@ setKey = (key,val,success,error) ->
success: success
error: error
-delKey = (key,success,error) ->
+delKey = (key,sub,success,error) ->
$.ajax
type: "GET"
url: datas['scriptname'] + '/mysession/?gettoken'
@@ -114,7 +110,7 @@ delKey = (key,success,error) ->
success: (data) ->
$.ajax
type: "DELETE"
- url: "#{datas['scriptname']}/mysession/persistent/#{key}?token=#{data.token}"
+ url: "#{datas['scriptname']}/mysession/persistent/#{key}?sub=#{sub}&token=#{data.token}"
dataType: 'json'
success: success
error: error
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
index cdf84296af0701f16f237587858b3e76cb95d731..8cda5be9de58f6d6d5bdcdddb16d0f987ffa5418 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
@@ -79,10 +79,8 @@ LemonLDAP::NG Portal jQuery scripts
e = function(j, s, e) {
return alert(s + " " + e);
};
- return delKey("_oidc_consent_time_" + partner, function() {
- return delKey("_oidc_consent_scope_" + partner, function() {
- return $("[partner='" + partner + "']").hide();
- }, e);
+ return delKey("_oidcConsents", partner, function() {
+ return $("[partner='" + partner + "']").hide();
}, e);
};
@@ -110,7 +108,7 @@ LemonLDAP::NG Portal jQuery scripts
});
};
- delKey = function(key, success, error) {
+ delKey = function(key, sub, success, error) {
return $.ajax({
type: "GET",
url: datas['scriptname'] + '/mysession/?gettoken',
@@ -119,7 +117,7 @@ LemonLDAP::NG Portal jQuery scripts
success: function(data) {
return $.ajax({
type: "DELETE",
- url: datas['scriptname'] + "/mysession/persistent/" + key + "?token=" + data.token,
+ url: datas['scriptname'] + "/mysession/persistent/" + key + "?sub=" + sub + "&token=" + data.token,
dataType: 'json',
success: success,
error: error
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
index 934f15054dd1e801cc658641da74c82193b18c5f..90fa6cedf483fbbc101649f6dc1b17955ca050cb 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
@@ -1 +1 @@
-(function(){var datas,delKey,getCookie,getValues,isHiddenFormValueSet,ping,removeOidcConsent,restoreOrder,setCookie,setKey,setOrder,setSelector,translate,translatePage,translationFields,indexOf=[].indexOf||function(item){for(var i=0,l=this.length;i div.category",update:function(){return setOrder()}});restoreOrder();$("div.message").fadeIn("slow");$("input[name=timezone]").val(-((new Date).getTimezoneOffset()/60));menuTabs=$("#menu").tabs({active:0});menuIndex=$('#menu a[href="#'+datas["displaytab"]+'"]').parent().index();if(menuIndex<0){menuIndex=0}menuTabs.tabs("option","active",menuIndex);authMenuTabs=$("#authMenu").tabs({active:0});if(datas["choicetab"]){authMenuTabs.tabs("option","active",$('#authMenu a[href="#'+datas["choicetab"]+'"]').parent().index())}if(datas["login"]){$("input[type=password]:first").focus()}else{$("input[type!=hidden]:first").focus()}if(datas["newwindow"]){$("#appslist a").attr("target","_blank")}if($("p.removeOther").length){action=$("form.login").attr("action");method=$("form.login").attr("method");back_url="";if(action.indexOf("?")!==-1){action.substring(0,action.indexOf("?"))+"?"}else{back_url=action+"?"}$("form.login input[type=hidden]").each(function(index){return back_url+="&"+$(this).attr("name")+"="+$(this).val()});link=$("p.removeOther a").attr("href")+"&method="+method+"&url="+btoa(back_url);$("p.removeOther a").attr("href",link)}lang=getCookie("llnglanguage");if(!lang){if(navigator){langs=[];langs2=[];nlangs=[navigator.language];if(navigator.languages){nlangs=navigator.languages}ref=window.availableLanguages;for(i=0,len=ref.length;i ';for(l=0,len1=nlangs.length;l '}$("#languages").html(langdiv);$(".langicon").on("click",function(){lang=$(this).attr("title");setCookie("llnglanguage",lang);return translatePage(lang)});if(datas["pingInterval"]&&datas["pingInterval"]>0){window.setTimeout(ping,datas["pingInterval"])}$(".localeDate").each(function(){var s;s=new Date($(this).attr("val")*1e3);return $(this).text(s.toLocaleString())});return $(".oidcConsent").on("click",function(){return removeOidcConsent($(this).attr("partner"))})})}).call(this);
+(function(){var datas,delKey,getCookie,getValues,isHiddenFormValueSet,ping,removeOidcConsent,restoreOrder,setCookie,setKey,setOrder,setSelector,translate,translatePage,translationFields,indexOf=[].indexOf||function(item){for(var i=0,l=this.length;i div.category",update:function(){return setOrder()}});restoreOrder();$("div.message").fadeIn("slow");$("input[name=timezone]").val(-((new Date).getTimezoneOffset()/60));menuTabs=$("#menu").tabs({active:0});menuIndex=$('#menu a[href="#'+datas["displaytab"]+'"]').parent().index();if(menuIndex<0){menuIndex=0}menuTabs.tabs("option","active",menuIndex);authMenuTabs=$("#authMenu").tabs({active:0});if(datas["choicetab"]){authMenuTabs.tabs("option","active",$('#authMenu a[href="#'+datas["choicetab"]+'"]').parent().index())}if(datas["login"]){$("input[type=password]:first").focus()}else{$("input[type!=hidden]:first").focus()}if(datas["newwindow"]){$("#appslist a").attr("target","_blank")}if($("p.removeOther").length){action=$("form.login").attr("action");method=$("form.login").attr("method");back_url="";if(action.indexOf("?")!==-1){action.substring(0,action.indexOf("?"))+"?"}else{back_url=action+"?"}$("form.login input[type=hidden]").each(function(index){return back_url+="&"+$(this).attr("name")+"="+$(this).val()});link=$("p.removeOther a").attr("href")+"&method="+method+"&url="+btoa(back_url);$("p.removeOther a").attr("href",link)}lang=getCookie("llnglanguage");if(!lang){if(navigator){langs=[];langs2=[];nlangs=[navigator.language];if(navigator.languages){nlangs=navigator.languages}ref=window.availableLanguages;for(i=0,len=ref.length;i ';for(l=0,len1=nlangs.length;l '}$("#languages").html(langdiv);$(".langicon").on("click",function(){lang=$(this).attr("title");setCookie("llnglanguage",lang);return translatePage(lang)});if(datas["pingInterval"]&&datas["pingInterval"]>0){window.setTimeout(ping,datas["pingInterval"])}$(".localeDate").each(function(){var s;s=new Date($(this).attr("val")*1e3);return $(this).text(s.toLocaleString())});return $(".oidcConsent").on("click",function(){return removeOidcConsent($(this).attr("partner"))})})}).call(this);
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/oidcConsents.tpl b/lemonldap-ng-portal/site/templates/bootstrap/oidcConsents.tpl
index 9304cceb4920e893c555edc150347aedd654e50e..cd0912768421fc201d8b12059596671b50d990c3 100644
--- a/lemonldap-ng-portal/site/templates/bootstrap/oidcConsents.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/oidcConsents.tpl
@@ -11,7 +11,7 @@
">
|
- "> |
+ "> |
|
" title="delete" class="oidcConsent link nodecor text-danger glyphicon glyphicon-minus-sign"> |