lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2018-11-29T20:19:44Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1550Error when enables "SSL, Custom " Auth modules with Choice2018-11-29T20:19:44ZChristophe Maudouxchrmdx@gmail.comError when enables "SSL, Custom " Auth modules with Choice### Concerned version
Version: 2.0
### Summary
Append SSL / LDAP / LDAP / / /
### Logs
[Wed Nov 21 20:37:46.066332 2018] [fcgid:warn] [pid 104980] [client 77.136.14.47:38540] mod_fcgid: stderr: Can't call method "conf" on an undefi...### Concerned version
Version: 2.0
### Summary
Append SSL / LDAP / LDAP / / /
### Logs
[Wed Nov 21 20:37:46.066332 2018] [fcgid:warn] [pid 104980] [client 77.136.14.47:38540] mod_fcgid: stderr: Can't call method "conf" on an undefined value at /usr/share/perl5/Lemonldap/NG/Portal/Auth/SSL.pm line 66.
[Wed Nov 21 20:45:16.196593 2018] [fcgid:warn] [pid 105473] [client 77.136.14.47:38642] mod_fcgid: stderr: Can't use an undefined value as a subroutine reference at /usr/share/perl5/Lemonldap/NG/Portal/Lib/Choice.pm line 236.2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1546Configuration comparator does not work2018-11-20T11:48:17ZChristophe Maudouxchrmdx@gmail.comConfiguration comparator does not work### Concerned version
Version: 2.0
### Summary
Seems config. comparator (diff.pm) dos not work if more than 3 sub levels keys are used.
Modified : General Parameters > Portal > Customization > Buttons on login page > Reset Password ...### Concerned version
Version: 2.0
### Summary
Seems config. comparator (diff.pm) dos not work if more than 3 sub levels keys are used.
Modified : General Parameters > Portal > Customization > Buttons on login page > Reset Password ....
Diff and "waiting for datas" always displayed
### Possible fixes
May be a recursive call issue...2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1539Option to enable / disable languages choice display2018-11-08T21:58:18ZChristophe Maudouxchrmdx@gmail.comOption to enable / disable languages choice displayManager booleanManager boolean2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1536Yubikey always valid if no internet connection2018-11-06T21:07:22ZChristophe Maudouxchrmdx@gmail.comYubikey always valid if no internet connection### Concerned version
Version: 2.0
### Summary
I register second factors (totp, yubikey…), then at the first user connexion, after the login / password prompt, a register prompt is asked (very good feature). Then after registering it...### Concerned version
Version: 2.0
### Summary
I register second factors (totp, yubikey…), then at the first user connexion, after the login / password prompt, a register prompt is asked (very good feature). Then after registering it and going back to the login page, any second factor value is accepted as correct.
Portal is displayed but session not granted
Of course, I’ve restarted services, and check from others computers to avoid cache source issues.
### Possible fixes
Send error tpl2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1535Append Portal parameter to modify Handler Internal Cache2018-11-10T19:32:25ZChristophe Maudouxchrmdx@gmail.comAppend Portal parameter to modify Handler Internal Cache### Summary
Be able to modify handler Internal Cache from ini file to customize unit tests### Summary
Be able to modify handler Internal Cache from ini file to customize unit tests2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1533OIDC Consent always required2018-10-30T22:26:54ZChristophe Maudouxchrmdx@gmail.comOIDC Consent always required### Concerned version
Version: 2.0
Platform: Apache2
### Summary
OIDC Consent always required despite user already gave it### Concerned version
Version: 2.0
Platform: Apache2
### Summary
OIDC Consent always required despite user already gave it2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1532The source list for CSP directive 'form-action' contains an invalid source2018-11-03T22:31:21ZChristophe Maudouxchrmdx@gmail.comThe source list for CSP directive 'form-action' contains an invalid source### Concerned version
Version: 2.0
Platform: Apache2
### Summary
The source list for Content Security Policy directive 'form-action' contains an invalid source: '/?cancel=1'. It will be ignored.
### Log
```
[debug] Display type logo...### Concerned version
Version: 2.0
Platform: Apache2
### Summary
The source list for Content Security Policy directive 'form-action' contains an invalid source: '/?cancel=1'. It will be ignored.
### Log
```
[debug] Display type logo for module Twitter
[debug] Authentication choice Twitter will be displayed
[debug] Displaying authentication choice 5_Facebook
[debug] Use URL /?cancel=1
[debug] Display type logo for module Facebook
[debug] Authentication choice Facebook will be displayed
[debug] Displaying authentication choice 6_SAML
[debug] Use URL /?cancel=1
[debug] Display type logo for module SAML
[debug] Authentication choice SAML will be displayed
[debug] Displaying authentication choice 7_OpenID_Connect
[debug] Use URL /?cancel=1
[debug] Display type logo for module OpenIDConnect
[debug] Authentication choice OpenID Connect will be displayed
[debug] Displaying authentication choice 8_CAS
[debug] Use URL /?cancel=1
[debug] Display type logo for module CAS
[debug] Authentication choice CAS will be displayed
[debug] Skin returned: login
[debug] Calling sendHtml with template login
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Set CSP form-action with request URL: /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1
[debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';form-action 'self' * /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1;frame-ancestors 'none';
```
![Capture_d_écran_2018-10-29_21-40-00](/uploads/7f3416d84b44f2e753ebc2649bf9f911/Capture_d_écran_2018-10-29_21-40-00.png)2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1526Portal menu application and categorie logos not displayed2018-10-17T20:44:57ZChristophe Maudouxchrmdx@gmail.comPortal menu application and categorie logos not displayed### Concerned version
Version: 2.0
Platform: Apache
### Summary
Application and categorie icons are not displayed in Portal > Menu > Categories and appications > Logo
Cross-Origin Read Blocking (CORB) blocked cross-origin response <...### Concerned version
Version: 2.0
Platform: Apache
### Summary
Application and categorie icons are not displayed in Portal > Menu > Categories and appications > Logo
Cross-Origin Read Blocking (CORB) blocked cross-origin response <URL> with MIME type text/html.
### Possible fixes
Maybe CSP blocks download
![Capture_d_écran_2018-10-17_22-26-11](/uploads/1d9cbe861bd47f7634b98f5f7373cc6d/Capture_d_écran_2018-10-17_22-26-11.png)2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1522Notifications with checkbox does not work2018-10-16T20:09:22ZChristophe Maudouxchrmdx@gmail.comNotifications with checkbox does not work### Concerned version
Version: 2.0
Platform: Apache
### Summary
If I submit the form twice without ticking the checbox, session is always granted.
Notification is not deleted
### Backends used
Demo
TODO : Add a goToPortal button ...### Concerned version
Version: 2.0
Platform: Apache
### Summary
If I submit the form twice without ticking the checbox, session is always granted.
Notification is not deleted
### Backends used
Demo
TODO : Add a goToPortal button & Modify unit tests to replay issue2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1515Possibility to configure main logo on portal page2018-11-03T22:01:36ZClément OUDOTPossibility to configure main logo on portal page### Summary
We have a parameter for portal background, we could also have a parameter for the main logo, so it would be easier to adapt the default bootstrap skin.### Summary
We have a parameter for portal background, we could also have a parameter for the main logo, so it would be easier to adapt the default bootstrap skin.2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1510GrantSession module does not work2018-10-07T20:42:22ZChristophe Maudouxchrmdx@gmail.comGrantSession module does not work### Concerned version
Version: 2.0
### Summary
1/ GrantSession.pm is not loaded when rules are set from Manager
2/ Seems rules are not applied
### Logs
[debug] **Store dwho in session key uid**
[debug] Launching ::Plugins::GrantSess...### Concerned version
Version: 2.0
### Summary
1/ GrantSession.pm is not loaded when rules are set from Manager
2/ Seems rules are not applied
### Logs
[debug] **Store dwho in session key uid**
[debug] Launching ::Plugins::GrantSession::run
[debug] **Grant session condition "$uid ne "dwho"##no"**
[debug] Processing storeHistory
[debug] Current login saved into successLogin
[debug] Found 'whatToTrace' -> dwho2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1508Test all password reset by mail workflows2020-07-28T14:01:48ZClément OUDOTTest all password reset by mail workflowsWhen testing password reset, submitting twice the same mail did not show a confirmation page to inform that a mail was already sent.
The log seems to show the opposite:
```
[debug] Build URL http://auth.example.com:19876/resetpwd?skin=b...When testing password reset, submitting twice the same mail did not show a confirmation page to inform that a mail was already sent.
The log seems to show the opposite:
```
[debug] Build URL http://auth.example.com:19876/resetpwd?skin=bootstrap
[debug] Redirect 127.0.0.1 to portal (url was /resetpwd?skin=bootstrap)
[debug] User not authenticated, Try in use, cancel redirection
[debug] Start routing resetpwd
[debug] Trying to load token 1537653191_524
[debug] Good captcha response
[debug] Captcha code verified
[debug] Processing getUser
[debug] Processing setSessionInfo
[debug] Processing setMacros
[debug] Processing setGroups
[debug] Processing setPersistentSessionInfo
[debug] Persistent session found for dwho
[debug] Restore persistent parameter _loginHistory
[debug] Restore persistent parameter _updateTime
[debug] Processing setLocalGroups
[debug] Try to get SSO session be2b1fb4c2201bf63c2243073335d0262b9b399965a375c4acd137f7c8803456
[debug] Return SSO session be2b1fb4c2201bf63c2243073335d0262b9b399965a375c4acd137f7c8803456
[debug] Mail session found: be2b1fb4c2201bf63c2243073335d0262b9b399965a375c4acd137f7c8803456
[debug] Mail expiration timestamp: 1537796370
[debug] Mail start timestamp: 1537724370
[notice] Reset mail already sent to dwho
[debug] Display called with code: 72
[debug] Skin bootstrap selected from GET/POST parameter
[debug] Display "confirm mail sent"
[debug] Starting HTML generation using /home/clement/dev/lemonldap-ng/lemonldap-ng-portal/site/templates/bootstrap/mail.tpl
[debug] Skin bootstrap selected from GET/POST parameter
[debug] Sending /home/clement/dev/lemonldap-ng/lemonldap-ng-portal/site/templates/bootstrap/mail.tpl
[debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';form-action 'self';frame-ancestors 'none';
auth.example.com:80 127.0.0.1 - - [23/Sep/2018:19:51:21 +0200] "POST /resetpwd?skin=bootstrap HTTP/1.1" 200 7597
auth.example.com:80 127.0.0.1 - - [23/Sep/2018:19:51:21 +0200] "GET /static/bwr/bootstrap/dist/css/bootstrap-theme.css HTTP/1.1" 302 543
```
Maybe an issue in the template.2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1507Force authentication to access to Portal is no more available2018-11-24T11:21:16ZChristophe Maudouxchrmdx@gmail.comForce authentication to access to Portal is no more available### Summary
On 2.0.0 Option is missing...
Force authentication: set to 'On' to force authentication when user connects to portal, even if he has a valid session
### Design proposition
Like in 1.9### Summary
On 2.0.0 Option is missing...
Force authentication: set to 'On' to force authentication when user connects to portal, even if he has a valid session
### Design proposition
Like in 1.92.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1506Implement a brut force attack protection2018-12-13T16:42:57ZChristophe Maudouxchrmdx@gmail.comImplement a brut force attack protection### Summary
Create a mechanism to prevent brut force attack
### Design proposition
After a failed login user must wait between each login attempt.
timer = Failed logins X 10 seconds### Summary
Create a mechanism to prevent brut force attack
### Design proposition
After a failed login user must wait between each login attempt.
timer = Failed logins X 10 seconds2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1505Check iframe protection2018-11-24T11:20:03ZChristophe Maudouxchrmdx@gmail.comCheck iframe protection### Summary
Test if iframe protection works fine
### Design proposition
Create an HTML page with a link to LLNG portal### Summary
Test if iframe protection works fine
### Design proposition
Create an HTML page with a link to LLNG portal2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1501Improve Login history module2018-11-06T20:35:05ZChristophe Maudouxchrmdx@gmail.comImprove Login history module### Concerned version
Version: 2.0
Platform: Apache
### Summary
Minor fixes todo
### Concerned version
Version: 2.0
Platform: Apache
### Summary
Minor fixes todo
2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1499CSP prevents to submit OIDC consents form2018-10-30T19:33:07ZChristophe Maudouxchrmdx@gmail.comCSP prevents to submit OIDC consents form### Concerned version
Version: 2.0
Platform: Nginx
### Summary
CSP prevents OIDC consents to be accepted ou refused
### Logs
Calling sendHtml with template confirm
Starting HTML generation using /usr/share/lemonldap-ng/portal/temp...### Concerned version
Version: 2.0
Platform: Nginx
### Summary
CSP prevents OIDC consents to be accepted ou refused
### Logs
Calling sendHtml with template confirm
Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/confirm.tpl
Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/confirm.tpl
Apply following CSP : default-src *;img-src *;style-src *;font-src *;connect-src *;form-action 'self';frame-ancestors 'none';
Start routing oauth22.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/14932FManagment.png is non DFSG free2018-08-26T16:36:53ZYadd2FManagment.png is non DFSG freeHello @maudoux,
2FManagment.png image is non DFSG _([Debian Free Software Guidelines](https://www.debian.org/social_contract#guidelines))_ free. This will cause problems to stay in "main" Debian branch.
Please change this file.
### Ex...Hello @maudoux,
2FManagment.png image is non DFSG _([Debian Free Software Guidelines](https://www.debian.org/social_contract#guidelines))_ free. This will cause problems to stay in "main" Debian branch.
Please change this file.
### Explanations:
Extract
> What you CANNOT DO:
> * Sublicense, **sell or rent any contents (or a modified version of them)**.
> * **Distribute Flaticon's Contents unless it has been expressly authorized by Flaticon**.
> * **Include Flaticon's Contents in an online or offline database or file**.
> * **Offering Flaticon's Contents designs (or modified Flaticon Contents versions) for download**.
This conflicts with [DFSG](https://www.debian.org/social_contract#guidelines), at least with DFSG#1 and [the desert island test](https://wiki.debian.org/DesertIslandTest):
> **Free Redistribution** _(DFSG#1)_
> * The license of a Debian component **may not restrict any party from selling** or **giving away the software** as a component of an aggregate software distribution containing programs from several different sources. The license may not require a royalty or other fee for such sale.2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1483State Check Activation option does not work2018-07-22T20:36:15ZChristophe Maudouxchrmdx@gmail.comState Check Activation option does not work### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
When click on General Parameters > Plugins > State Check > Activation
display freezes (Waiting for datas...)### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
When click on General Parameters > Plugins > State Check > Activation
display freezes (Waiting for datas...)2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1482Persistent Connections option does not work2018-07-22T20:36:30ZChristophe Maudouxchrmdx@gmail.comPersistent Connections option does not work### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
When click on General Parameters > Plugins > Persistent Connections
display freezes (Waiting for datas...)### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
When click on General Parameters > Plugins > Persistent Connections
display freezes (Waiting for datas...)2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.com