...
 
Commits (10)
......@@ -4,6 +4,8 @@ use strict;
use Mouse;
use Lemonldap::NG::Common::Conf;
extends 'Lemonldap::NG::Common::PSGI::Cli::Lib';
our $VERSION = '2.1.0';
has confAccess => (
......
......@@ -53,6 +53,7 @@ sub defaultValues {
'cspDefault' => '\'self\'',
'cspFont' => '\'self\'',
'cspFormAction' => '*',
'cspFrameAncestors' => '',
'cspImg' => '\'self\' data:',
'cspScript' => '\'self\'',
'cspStyle' => '\'self\'',
......
......@@ -1051,6 +1051,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => '*',
'type' => 'text'
},
'cspFrameAncestors' => {
'default' => '',
'type' => 'text'
},
'cspImg' => {
'default' => '\'self\' data:',
'type' => 'text'
......
......@@ -877,6 +877,11 @@ sub attributes {
default => "'self'",
documentation => 'Font source for Content-Security-Policy',
},
cspFrameAncestors => {
type => 'text',
default => '',
documentation => 'Frame-Ancestors for Content-Security-Policy',
},
portalAntiFrame => {
default => 1,
type => 'bool',
......
......@@ -949,7 +949,7 @@ sub tree {
'cspDefault', 'cspImg',
'cspScript', 'cspStyle',
'cspFont', 'cspFormAction',
'cspConnect',
'cspConnect', 'cspFrameAncestors'
]
},
{
......
......@@ -30,6 +30,7 @@ has force => ( is => 'rw', isa => 'Bool', default => 0 );
has logger => ( is => 'ro', lazy => 1, builder => sub { $_[0]->mgr->logger } );
has userLogger =>
( is => 'ro', lazy => 1, builder => sub { $_[0]->mgr->userLogger } );
has localConf => ( is => 'ro', lazy => 1, builder => sub { $_[0]->mgr } );
sub get {
my ( $self, @keys ) = @_;
......@@ -275,13 +276,15 @@ sub _save {
req => $self->req
}
);
unless ( $parser->testNewConf() ) {
$self->logger->error("CLI: Configuration rejected with message: $parser->{message}");
unless ( $parser->testNewConf( $self->localConf ) ) {
$self->logger->error(
"CLI: Configuration rejected with message: $parser->{message}");
printf STDERR "Modifications rejected: %s:\n", $parser->{message};
}
my $saveParams = { force => $self->force };
if ( $self->force and $self->cfgNum ) {
$self->logger->debug("CLI: cfgNum forced with $self->cfgNum()");
$self->logger->debug( "CLI: cfgNum forced with " . $self->cfgNum );
print STDERR "cfgNum forced with ", $self->cfgNum;
$saveParams->{cfgNum} = $self->cfgNum;
$saveParams->{cfgNumFixed} = 1;
}
......@@ -297,7 +300,8 @@ sub _save {
my $s = $self->mgr->confAcc->saveConf( $new, %$saveParams );
if ( $s > 0 ) {
$self->logger->debug("CLI: Configuration $s has been saved by $new->{cfgAuthor}");
$self->logger->debug(
"CLI: Configuration $s has been saved by $new->{cfgAuthor}");
$self->logger->info("CLI: Configuration $s saved");
print STDERR "Saved under number $s\n";
$parser->{status} = [ $self->mgr->applyConf($new) ];
......@@ -343,8 +347,7 @@ sub run {
$self->cfgNum( $self->lastCfg ) unless ( $self->cfgNum );
my $action = shift;
unless ( $action =~ /^(?:get|set|addKey|delKey|save|restore)$/ ) {
die
"Unknown action $action. Only get, set, addKey or delKey allowed";
die "Unknown action $action. Only get, set, addKey or delKey allowed";
}
$self->$action(@_);
......@@ -355,7 +358,7 @@ package Lemonldap::NG::Manager::Cli::Request;
use Mouse;
has cfgNum => ( is => 'rw' );
has error => ( is => 'rw' );
has error => ( is => 'rw' );
sub params {
my ( $self, $key ) = @_;
......
......@@ -94,8 +94,7 @@ sub hdebug {
# Main method
#@return result
sub check {
my $self = shift;
my $localConf = shift;
my ( $self, $localConf ) = @_;
hdebug("# check()");
unless ( $self->newConf ) {
......@@ -107,7 +106,7 @@ sub check {
}
my $separator = $self->newConf->{multiValuesSeparator} || '; ';
hdebug(" tests succeed");
my %conf = %{ $self->newConf() };
my %conf = %{ $self->newConf };
my %compactedConf = %{ $self->compactConf( $self->newConf ) };
my @removedKeys = ();
unless ( $self->confChanged ) {
......@@ -115,11 +114,10 @@ sub check {
$self->message('__confNotChanged__');
return 0;
}
if ( $self->newConf->{compactConf} ) {
foreach ( sort keys %conf ) {
push @removedKeys, $_ unless exists $compactedConf{$_};
}
}
# Return removed keys if conf compacted
@removedKeys = map { exists $compactedConf{$_} ? () : $_ } sort keys %conf
if ( $self->newConf->{compactConf} );
push @{ $self->changes },
(
$self->{newConf}->{compactConf}
......@@ -129,6 +127,7 @@ sub check {
}
: { confCompacted => '0' }
);
return 1;
}
......@@ -1093,8 +1092,7 @@ sub defaultValue {
#
#@return true if tests succeed
sub testNewConf {
my $self = shift;
my $localConf = shift;
my ( $self, $localConf ) = @_;
hdebug('# testNewConf()');
return $self->_unitTest( $self->newConf(), $localConf )
......@@ -1121,7 +1119,7 @@ sub _unitTest {
}
hdebug("Testing $key");
my $attr = $attrs->{$key};
my $type = $types->{ $attr->{type} };
my $type = $types->{ $attr->{type} } if $attr;
unless ( $type or $attr->{test} ) {
$localConf->logger->debug("Unknown attribute $key, deleting it\n");
delete $conf->{$key};
......
......@@ -687,7 +687,8 @@ sub tests {
|| $conf->{yubikey2fActivation}
|| $conf->{u2fActivation}
|| $conf->{utotp2fActivation} );
return ( 1, "History enabled WITHOUT persistent session storage" )
return ( 1,
"History plugin enabled WITHOUT persistent session storage" )
if ( $conf->{loginHistoryEnabled} );
return ( 1,
"OIDC consents enabled WITHOUT persistent session storage" )
......
......@@ -95,7 +95,7 @@ if (`diff $refFile $editFile`) {
print STDERR "Configuration has changed\n";
}
elsif ( $res == DATABASE_LOCKED ) {
print STDERR "Configuration database is or can nor be locked\n";
print STDERR "Configuration database is or can not be locked\n";
}
elsif ( $res == UPLOAD_DENIED ) {
print STDERR "You're not authorized to save this configuration\n";
......
......@@ -159,13 +159,14 @@
"contextSwitchingIdRule":"Identities use rule",
"contextSwitchingRule":"استخدام القاعدة",
"contextSwitchingStopWithLogout":"Stop by logout",
"cspConnect":"وجهات أجاكس",
"cspDefault":"القيمة الاعتيادية ",
"cspFont":" مصدر نوع الخط",
"cspFormAction":"Form destinations",
"cspFrameAncestors":"Frame ancestors URL",
"cspImg":"مصدر الصورة",
"cspScript":"مصدر السكربت",
"cspStyle":"مصدر الأسلوب ",
"cspConnect":"وجهات أجاكس",
"cspFont":" مصدر نوع الخط",
"crossOrigineResourceSharing":"Cross-Origin Resource Sharing",
"corsEnabled":"Activation",
"corsAllow_Credentials":"Access-Control-Allow-Credentials",
......
......@@ -159,13 +159,14 @@
"contextSwitchingIdRule":"Identities use rule",
"contextSwitchingRule":"Use rule",
"contextSwitchingStopWithLogout":"Stop by logout",
"cspConnect":"Ajax destinations",
"cspDefault":"Default value",
"cspFont":"Font source",
"cspFormAction":"Form destinations",
"cspFrameAncestors":"Frame ancestors URL",
"cspImg":"Image source",
"cspScript":"Script source",
"cspStyle":"Style source",
"cspConnect":"Ajax destinations",
"cspFont":"Font source",
"crossOrigineResourceSharing":"Cross-Origin Resource Sharing",
"corsEnabled":"Activation",
"corsAllow_Credentials":"Access-Control-Allow-Credentials",
......
......@@ -159,13 +159,14 @@
"contextSwitchingIdRule":"Identities use rule",
"contextSwitchingRule":"Use rule",
"contextSwitchingStopWithLogout":"Stop by logout",
"cspConnect":"Ajax destinations",
"cspDefault":"Default value",
"cspFont":"Font source",
"cspFormAction":"Form destinations",
"cspFrameAncestors":"Frame ancestors URL",
"cspImg":"Image source",
"cspScript":"Script source",
"cspStyle":"Style source",
"cspConnect":"Ajax destinations",
"cspFont":"Font source",
"crossOrigineResourceSharing":"Cross-Origin Resource Sharing",
"corsEnabled":"Activation",
"corsAllow_Credentials":"Access-Control-Allow-Credentials",
......
......@@ -159,13 +159,14 @@
"contextSwitchingIdRule":"Règle d'utilisation des identités",
"contextSwitchingRule":"Règle d'utilisation",
"contextSwitchingStopWithLogout":"Arrêt par déconnexion",
"cspConnect":"Destinations des requêtes AJAX",
"cspDefault":"Valeur par défaut",
"cspFont":"Sources des polices",
"cspFormAction":"Destinations des formulaires",
"cspFrameAncestors":"URL parentes des iFrames",
"cspImg":"Sources des images",
"cspScript":"Sources des scripts",
"cspStyle":"Sources des styles",
"cspConnect":"Destinations des requêtes AJAX",
"cspFont":"Sources des polices",
"crossOrigineResourceSharing":"Partage des ressources entre origines multiples",
"corsEnabled":"Activation",
"corsAllow_Credentials":"Access-Control-Allow-Credentials",
......
......@@ -159,13 +159,14 @@
"contextSwitchingIdRule":"Le identità usano la regola",
"contextSwitchingRule":"Utilizza la regola",
"contextSwitchingStopWithLogout":"Stop by logout",
"cspConnect":"Destinazioni Ajax",
"cspDefault":"Valore di default",
"cspFont":"Origine carattere",
"cspFormAction":"Formare le destinazioni",
"cspFrameAncestors":"Frame ancestors URL",
"cspImg":"Origine immagine",
"cspScript":"Origine script",
"cspStyle":"Origine di stile",
"cspConnect":"Destinazioni Ajax",
"cspFont":"Origine carattere",
"crossOrigineResourceSharing":"Cross-Origin Resource Sharing",
"corsEnabled":"Attivazione",
"corsAllow_Credentials":"Access-Control-Allow-Credentials",
......
......@@ -159,13 +159,14 @@
"contextSwitchingIdRule":"Kimlik kullanım kuralı",
"contextSwitchingRule":"Kuralı kullan",
"contextSwitchingStopWithLogout":"Çıkış yapmayı durdur",
"cspConnect":"Ajax hedefleri",
"cspDefault":"Varsayılan değer",
"cspFont":"Font kaynağı",
"cspFormAction":"Hedefleri biçimlendir",
"cspFrameAncestors":"Frame ancestors URL",
"cspImg":"Görüntü kaynağı",
"cspScript":"Betik kaynağı",
"cspStyle":"Stil kaynağı",
"cspConnect":"Ajax hedefleri",
"cspFont":"Font kaynağı",
"crossOrigineResourceSharing":"Kökler Arası Kaynak Paylaşımı (CORS)",
"corsEnabled":"Aktivasyon",
"corsAllow_Credentials":"Access-Control-Allow-Credentials",
......
......@@ -159,13 +159,14 @@
"contextSwitchingIdRule":"Identities use rule",
"contextSwitchingRule":"Quy tắc sử dụng",
"contextSwitchingStopWithLogout":"Stop by logout",
"cspConnect":"Đích cúa Ajax",
"cspDefault":"Giá trị mặc định",
"cspFont":"Nguồn phông chữ",
"cspFormAction":"Form destinations",
"cspFrameAncestors":"Frame ancestors URL",
"cspImg":"Nguồn ảnh",
"cspScript":"Nguồn kịch bản",
"cspStyle":"Nguồn phong cách",
"cspConnect":"Đích cúa Ajax",
"cspFont":"Nguồn phông chữ",
"crossOrigineResourceSharing":"Cross-Origin Resource Sharing",
"corsEnabled":"Kích hoạt",
"corsAllow_Credentials":"Access-Control-Allow-Credentials",
......
......@@ -159,13 +159,14 @@
"contextSwitchingIdRule":"Identities use rule",
"contextSwitchingRule":"Use rule",
"contextSwitchingStopWithLogout":"Stop by logout",
"cspConnect":"Ajax destinations",
"cspDefault":"Default value",
"cspFont":"字体源",
"cspFormAction":"Form destinations",
"cspFrameAncestors":"Frame ancestors URL",
"cspImg":"Image source",
"cspScript":"Script source",
"cspStyle":"Style source",
"cspConnect":"Ajax destinations",
"cspFont":"字体源",
"crossOrigineResourceSharing":"Cross-Origin Resource Sharing",
"corsEnabled":"Activation",
"corsAllow_Credentials":"Access-Control-Allow-Credentials",
......
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -41,11 +41,20 @@ ok(
@{ $resBody->{details}->{__changes__} } == 24,
'JSON response contains 24 changes'
) or print STDERR Dumper($resBody);
ok(
$resBody->{details}->{__changes__}->[23]->{confCompacted} == 1,
'Conf. has been compacted'
) or print STDERR Dumper($resBody);
#print STDERR Dumper($resBody);
my @removedKeys = split /; /, $resBody->{details}->{__changes__}->[23]->{removedKeys};
ok(
@removedKeys == 60, 'All removed keys found'
) or print STDERR Dumper(\@removedKeys);
#print STDERR Dumper($resBody);
ok( -f $confFiles->[1], 'File is created' );
count(4);
count(6);
my @changes = @{&changes};
my @cmsg = @{ $resBody->{details}->{__changes__} };
my $bug;
......
......@@ -3,7 +3,7 @@ use JSON;
use strict;
require 't/test-lib.pm';
my $tests = 9;
my $tests = 14;
use_ok('Lemonldap::NG::Common::Cli');
use_ok('Lemonldap::NG::Manager::Cli');
......@@ -16,12 +16,14 @@ SKIP: {
}
my $client =
Lemonldap::NG::Manager::Cli->new( iniFile => 't/lemonldap-ng.ini' );
my $commonClient =
Lemonldap::NG::Common::Cli->new( iniFile => 't/lemonldap-ng.ini' );
my @cmd;
my $res;
# Test 'set' command
@cmd = qw(-yes 1 set notification 1);
$res = Capture::Tiny::capture_stdout( sub { $client->run(@cmd) } );
Capture::Tiny::capture_stdout( sub { $client->run(@cmd) } );
# Test 'get' command
@cmd = qw(get notification);
......@@ -45,12 +47,17 @@ SKIP: {
'"delKey" OK'
);
# Test 'get' command
# Test 'get' command with key/subkey
@cmd = qw(get locationRules/test1.example.com);
$res = Capture::Tiny::capture_stdout( sub { $client->run(@cmd) } );
ok( $res =~ m#(?:/logout|default)#, '"get key/subkey" OK' )
or diag "$res";
# Test 'set' command with key/subkey
@cmd = qw(-yes 1 set locationRules/test1.example.com/default deny);
Capture::Tiny::capture_stdout( sub { $client->run(@cmd) } );
# Test 'save' command
@cmd = ('save');
$res = Capture::Tiny::capture_stdout( sub { $client->run(@cmd) } );
......@@ -64,6 +71,40 @@ SKIP: {
@cmd = ( 'restore', '-' );
Test::Output::combined_like( sub { $client->run(@cmd) },
qr/"cfgNum"\s*:\s*"3"/s, 'New config: 3' );
# Test 'set' command with force
@cmd = qw(-yes 1 -force 1 -cfgNum 2 set useSafeJail 0);
Test::Output::combined_like(
sub { $client->run(@cmd) },
qr#cfgNum forced with 2#s,
'"Force cfgNum" OK'
);
# Test 'update-cache' command with force
@cmd = qw(update-cache);
Test::Output::combined_like(
sub { $commonClient->run(@cmd) },
qr#Cache updated to configuration 3#s,
'"update-cache" OK'
);
# Test 'info' command with force
@cmd = qw(info);
Test::Output::combined_like(
$res = sub { $commonClient->run(@cmd) },
qr#\bAuthor IP\b#s,
'"Author IP" OK'
);
Test::Output::combined_like(
$res = sub { $commonClient->run(@cmd) },
qr#\bLog\b#s,
'"Log" OK'
);
Test::Output::combined_like(
$res = sub { $commonClient->run(@cmd) },
qr#\bVersion\b#s,
'"Version" OK'
);
}
count($tests);
......
......@@ -638,7 +638,7 @@ t/68-Impersonation-with-merge.t
t/68-Impersonation-with-TOTP.t
t/68-Impersonation.t
t/69-FavApps.t
t/70-2F-TOTP-8.t
t/70-2F-TOTP-8-with-global-storage.t
t/70-2F-TOTP-with-History.t
t/70-2F-TOTP-with-TTL-and-JSON.t
t/70-2F-TOTP-with-TTL-and-XML.t
......
......@@ -866,10 +866,18 @@ sub sendHtml {
$csp .= ';';
# Deny using portal in frame except if it is required
unless ( $req->frame or $self->conf->{portalAntiFrame} == 0 ) {
unless ( $req->frame
or $self->conf->{portalAntiFrame} == 0
or $self->conf->{cspFrameAncestors} )
{
push @{ $res->[1] }, 'X-Frame-Options' => 'DENY';
$csp .= "frame-ancestors 'none';";
}
if ( $self->conf->{cspFrameAncestors} ) {
push @{ $res->[1] }, 'X-Frame-Options' => 'ALLOW-FROM '
. "$self->{conf}->{cspFrameAncestors};";
$csp .= "frame-ancestors $self->{conf}->{cspFrameAncestors};";
}
# Check if frames need to be embedded
my @url;
......
......@@ -14,9 +14,25 @@ use constant afterData => 'run';
sub init {
my ($self) = @_;
if ( $self->conf->{disablePersistentStorage} ) {
$self->logger->error(
'"BruteForceProtection" plugin enabled WITHOUT persistent session storage"'
);
return 0;
}
unless ( $self->conf->{loginHistoryEnabled} ) {
$self->logger->error(
'"History" plugin is required for "BruteForceProtection" plugin');
'"BruteForceProtection" plugin enabled WITHOUT "History" plugin');
return 0;
}
unless ( $self->conf->{failedLoginNumber} >
$self->conf->{bruteForceProtectionMaxFailed} )
{
$self->logger->error( 'failedLoginNumber('
. $self->conf->{failedLoginNumber}
. ') must be higher than bruteForceProtectionMaxFailed('
. $self->conf->{bruteForceProtectionMaxFailed}
. ')' );
return 0;
}
return 1;
......
......@@ -6,6 +6,7 @@ _go = 1
stop = () ->
_go = 0
$('#divToHide').hide();
$('#wait').hide();
go = () ->
$("#form").submit() if _go
......@@ -17,7 +18,8 @@ timer = () ->
$('#timer').html(h)
window.setTimeout timer, 1000
$(document).ready ->
#$(document).ready ->
$(window).on 'load', () ->
if window.datas['activeTimer']
window.setTimeout go, 30000
window.setTimeout timer, 1000
......
(function(){$(document).ready(function(){return $("#upgrd").submit()})}).call(this);
\ No newline at end of file
(function(){$(document).ready(function(){return $("#upgrd").submit()})}).call(this);
//# sourceMappingURL=lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.min.js.map
\ No newline at end of file
{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.js"],"names":["$","document","ready","submit","call","this"],"mappings":"CACA,WACEA,EAAEC,UAAUC,MAAM,WAChB,OAAOF,EAAE,UAAUG,aAGpBC,KAAKC"}
\ No newline at end of file
{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.js"],"names":["$","document","ready","submit","call","this"],"mappings":"CACA,WACEA,EAAEC,UAAUC,MAAM,WAChB,MAAOF,GAAE,UAAUG,aAGpBC,KAAKC","file":"lemonldap-ng-portal/site/htdocs/static/common/js/autoRenew.min.js"}
\ No newline at end of file
// Generated by CoffeeScript 1.12.8
// Generated by CoffeeScript 1.12.7
(function() {
var _go, go, i, stop, timer;
......@@ -8,7 +8,8 @@
stop = function() {
_go = 0;
return $('#divToHide').hide();
$('#divToHide').hide();
return $('#wait').hide();
};
go = function() {
......@@ -28,7 +29,7 @@
return window.setTimeout(timer, 1000);
};
$(document).ready(function() {
$(window).on('load', function() {
if (window.datas['activeTimer']) {
window.setTimeout(go, 30000);
window.setTimeout(timer, 1000);
......
(function(){var t,i,e,n,r;e=30,t=1,n=function(){return t=0,$("#divToHide").hide()},i=function(){if(t)return $("#form").submit()},r=function(){var t;return t=$("#timer").html(),0<e&&e--,t=t.replace(/\d+/,e),$("#timer").html(t),window.setTimeout(r,1e3)},$(document).ready(function(){return window.datas.activeTimer&&(window.setTimeout(i,3e4),window.setTimeout(r,1e3)),$("#wait").on("click",function(){return n()})})}).call(this);
\ No newline at end of file
(function(){var i,t,n,e,o;n=30,i=1,e=function(){return i=0,$("#divToHide").hide(),$("#wait").hide()},t=function(){if(i)return $("#form").submit()},o=function(){var i;return i=$("#timer").html(),0<n&&n--,i=i.replace(/\d+/,n),$("#timer").html(i),window.setTimeout(o,1e3)},$(window).on("load",function(){return window.datas.activeTimer&&(window.setTimeout(t,3e4),window.setTimeout(o,1e3)),$("#wait").on("click",function(){return e()})})}).call(this);
\ No newline at end of file
{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/info.js"],"names":["_go","go","i","stop","timer","$","hide","submit","h","html","replace","window","setTimeout","document","ready","datas","on","call","this"],"mappings":"CACA,WACE,IAAIA,EAAKC,EAAIC,EAAGC,EAAMC,EAEtBF,EAAI,GAEJF,EAAM,EAENG,EAAO,WAEL,OADAH,EAAM,EACCK,EAAE,cAAcC,QAGzBL,EAAK,WACH,GAAID,EACF,OAAOK,EAAE,SAASE,UAItBH,EAAQ,WACN,IAAII,EAOJ,OANAA,EAAIH,EAAE,UAAUI,OACR,EAAJP,GACFA,IAEFM,EAAIA,EAAEE,QAAQ,MAAOR,GACrBG,EAAE,UAAUI,KAAKD,GACVG,OAAOC,WAAWR,EAAO,MAGlCC,EAAEQ,UAAUC,MAAM,WAOhB,OANIH,OAAOI,MAAmB,cAC5BJ,OAAOC,WAAWX,EAAI,KACtBU,OAAOC,WAAWR,EAAO,MAIpBC,EAAE,SAASW,GAAG,QAAS,WAC5B,OAAOb,UAIVc,KAAKC"}
\ No newline at end of file
{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/info.js"],"names":["_go","go","i","stop","timer","$","hide","submit","h","html","replace","window","setTimeout","on","datas","call","this"],"mappings":"CACA,WACE,IAAIA,EAAKC,EAAIC,EAAGC,EAAMC,EAEtBF,EAAI,GAEJF,EAAM,EAENG,EAAO,WAGL,OAFAH,EAAM,EACNK,EAAE,cAAcC,OACTD,EAAE,SAASC,QAGpBL,EAAK,WACH,GAAID,EACF,OAAOK,EAAE,SAASE,UAItBH,EAAQ,WACN,IAAII,EAOJ,OANAA,EAAIH,EAAE,UAAUI,OACR,EAAJP,GACFA,IAEFM,EAAIA,EAAEE,QAAQ,MAAOR,GACrBG,EAAE,UAAUI,KAAKD,GACVG,OAAOC,WAAWR,EAAO,MAGlCC,EAAEM,QAAQE,GAAG,OAAQ,WAOnB,OANIF,OAAOG,MAAmB,cAC5BH,OAAOC,WAAWX,EAAI,KACtBU,OAAOC,WAAWR,EAAO,MAIpBC,EAAE,SAASQ,GAAG,QAAS,WAC5B,OAAOV,UAIVY,KAAKC"}
\ No newline at end of file
......@@ -13,7 +13,8 @@ my $client = LLNG::Manager::Test->new( {
corsAllow_Origin => '',
corsAllow_Methods => 'POST',
cspFormAction => '*',
customToTrace => 'mail'
cspFrameAncestors => 'test.example.com',
customToTrace => 'mail',
}
}
);
......@@ -54,10 +55,13 @@ my %headers = @{ $res->[1] };
#CSP
ok(
$headers{'Content-Security-Policy'} =~
/default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action \*;frame-ancestors 'none'/,
'CSP header value found'
m%default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action \*;frame-ancestors test\.example\.com;%,
'CSP header values found'
) or print STDERR Dumper( $res->[1] );
count(1);
ok( $headers{'X-Frame-Options'} eq 'ALLOW-FROM test.example.com;',
'X-Frame-Options "ALLOW-FROM" found' )
or print STDERR Dumper( $res->[1] );
count(2);
# Try to authenticate with good password
# --------------------------------------
......@@ -106,7 +110,10 @@ ok( $headers{'Lm-Remote-User'} eq 'dwho', "Lm-Remote-User found" )
ok( $headers{'Lm-Remote-Custom'} eq 'dwho@badwolf.org',
"Lm-Remote-Custom found" )
or print STDERR Dumper( $res->[1] );
count(2);
ok( $headers{'X-Frame-Options'} eq 'ALLOW-FROM test.example.com;',
'X-Frame-Options "ALLOW-FROM" found' )
or print STDERR Dumper( $res->[1] );
count(3);
checkCorsPolicy($res);
......
......@@ -19,11 +19,15 @@ my $ini = {
domain => 'example.com',
templateDir => 'site/templates',
staticPrefix => '/static',
authentication => 'Demo',
userDB => 'Demo',
passwordDB => 'Demo',
registerDB => 'Demo',
loginHistoryEnabled => 1,
securedCookie => 0,
https => 0,
portalDisplayResetPassword => 1,
# portalDisplayCertificateResetByMail => 1, Missing dependencies
# portalDisplayCertificateResetByMail => 1, Missing dependencies
portalStatus => 1,
cda => 1,
notification => 1,
......