lemonldap-ng issues
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues
2018-11-19T18:58:11Z
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1547
Confirmation password not verified in menu password change form
2018-11-19T18:58:11Z
Clément OUDOT
Confirmation password not verified in menu password change form
When putting different passwords in new password/confirm password, the password is changed with the first value, the second value is not verified
When putting different passwords in new password/confirm password, the password is changed with the first value, the second value is not verified
2.0.0
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1517
Password backend not called with Choice
2018-11-19T17:40:07Z
Clément OUDOT
Password backend not called with Choice
I have a Choice configuration with LDAP/LDAP/LDAP configuration, but when trying to modify password, the LDAP directory is not called at all.
Here are the logs:
```
==> /var/log/apache2/error.log <==
[debug] Check configuration for Lemo...
I have a Choice configuration with LDAP/LDAP/LDAP configuration, but when trying to modify password, the LDAP directory is not called at all.
Here are the logs:
```
==> /var/log/apache2/error.log <==
[debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[debug] Get configuration from cache without verification.
[debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[debug] Get session 0e7d87c9809be37657096372bd2af908
[debug] removing cookie
[debug] User coudot was granted to access to /
[debug] Start routing default route
[debug] Processing importHandlerData
[debug] Processing restoreArgs
[debug] Processing controlUrl
[debug] Processing checkLogout
[debug] Processing code ref
[debug] Launching ::Auth::Choice::_forAuthUser
[debug] Processing code ref
[debug] Launching ::UserDB::Choice::_forAuthUser
[debug] Processing code ref
[debug] Launching ::Password::Choice::_modifyPassword
[debug] Choice 2LDAP selected
[debug] Choice 2LDAP selected from pdata
[debug] Bad old password
[debug] Unbind and disconnect from ldap://localhost
[debug] Returned error: 39
[debug] Skin returned: error
[debug] Calling sendHtml with template error
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/error.tpl
[debug] Skin bootstrap selected from GET/POST parameter
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/error.tpl
[debug] Apply following CSP : form-action 'self';frame-ancestors 'none';
2.0.0
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1542
Provide sessions attributes in template
2018-11-15T10:54:39Z
Clément OUDOT
Provide sessions attributes in template
For customization, we need to be able to display some user informations in portal. So it would be great to load as template parameters all sessions attributes, with a prefix in key, for example : 'session_'
So to display 'cn', we can ca...
For customization, we need to be able to display some user informations in portal. So it would be great to load as template parameters all sessions attributes, with a prefix in key, for example : 'session_'
So to display 'cn', we can call this in template:
```html
<TMPL_VAR NAME="session_cn">
```
2.0.0
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1540
Wrong LDAP DN encoding when modifying password
2018-11-15T09:41:53Z
Clément OUDOT
Wrong LDAP DN encoding when modifying password
The LDAP DN is well stored in session after authentication:
```
$ cat e2e-tests/conf/sessions/805a2f0620a1839d5d4d18a2b67cc94f9af58708a17c88f42b9fba8f3f40c3b7 | json_pp
```
```js
{
"UA" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:6...
The LDAP DN is well stored in session after authentication:
```
$ cat e2e-tests/conf/sessions/805a2f0620a1839d5d4d18a2b67cc94f9af58708a17c88f42b9fba8f3f40c3b7 | json_pp
```
```js
{
"UA" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0",
"_dn" : "cn=Clément OUDOT,ou=users,dc=example,dc=com",
"_session_kind" : "SSO",
"_loginHistory" : {
"successLogin" : [
{
"_utime" : 1542126092,
"ipAddr" : "127.0.0.1"
}
]
},
"ipAddr" : "127.0.0.1",
"_session_id" : "805a2f0620a1839d5d4d18a2b67cc94f9af58708a17c88f42b9fba8f3f40c3b7",
"_auth" : "LDAP",
"_lastAuthnUTime" : 1542126092,
"_utime" : 1542126092,
"authenticationLevel" : 1,
"_userDB" : "LDAP",
"uid" : "coudot2",
"_user" : "coudot2",
"_whatToTrace" : "coudot2",
"_startTime" : "20181113172132",
"mail" : "clement@oodo.net",
"cn" : "Clément OUDOT",
"_choice" : "2LDAP",
"_updateTime" : "20181113172132"
}
```
But we have an error when modifying password:
```
Nov 13 17:22:06 ader-worteks slapd[1205]: conn=1020 op=1 BIND anonymous mech=implicit ssf=0
Nov 13 17:22:06 ader-worteks slapd[1205]: conn=1020 op=1 BIND dn="cn=Clément OUDOT,ou=users,dc=example,dc=com" method=128
Nov 13 17:22:06 ader-worteks slapd[1205]: conn=1020 op=1 RESULT tag=97 err=49 text=
Nov 13 17:22:06 ader-worteks slapd[1205]: conn=1020 op=2 UNBIND
Nov 13 17:22:06 ader-worteks slapd[1205]: conn=1020 fd=16 closed
```
2.0.0
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1528
Issuer CAS redirect on bad service URL
2018-11-15T09:38:22Z
Clément OUDOT
Issuer CAS redirect on bad service URL
When service is http://cas.example.com/test/, we are redirected to http://cas.example.com/ (test/ is removed).
When service is http://cas.example.com/test/, we are redirected to http://cas.example.com/ (test/ is removed).
2.0.0
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1529
Custom modules are erased by package updates
2018-11-15T09:32:44Z
Clément OUDOT
Custom modules are erased by package updates
We have the possibility to have Custom modules in 2.0, but as they are part of the distribution, if we modify them, they are erased by packages update.
We should not ship these modules inside LL::NG code, or call them "Custom.example" i...
We have the possibility to have Custom modules in 2.0, but as they are part of the distribution, if we modify them, they are erased by packages update.
We should not ship these modules inside LL::NG code, or call them "Custom.example" instead of "Custom.pm", or ship them in doc/, not in modules.
What do you think?
2.0.0
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1535
Append Portal parameter to modify Handler Internal Cache
2018-11-10T19:32:25Z
Christophe Maudoux
chrmdx@gmail.com
Append Portal parameter to modify Handler Internal Cache
### Summary
Be able to modify handler Internal Cache from ini file to customize unit tests
### Summary
Be able to modify handler Internal Cache from ini file to customize unit tests
2.0.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1534
Provide ipAddr in $req->env for rules
2018-11-09T11:05:49Z
Clément OUDOT
Provide ipAddr in $req->env for rules
We had in 1.9 the $ipAddr that could be used in rules, we need the same in 2.0.
We had in 1.9 the $ipAddr that could be used in rules, we need the same in 2.0.
2.0.0
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1430
JS errors in OpenID Connect checksession iframe
2018-11-08T21:59:12Z
Clément OUDOT
JS errors in OpenID Connect checksession iframe
When testing checksession, I got javascript errors in console:
```
TypeError: b is undefined[En savoir plus]
sha256.min.js:1:223
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/sha256.min.js:1:223
<anonyme>
https://auth.openid.cl...
When testing checksession, I got javascript errors in console:
```
TypeError: b is undefined[En savoir plus]
sha256.min.js:1:223
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/sha256.min.js:1:223
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/sha256.min.js:1:199
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/sha256.min.js:1:164
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/sha256.min.js:1:2
TypeError: g is undefined[En savoir plus]
enc-base64.min.js:1:222
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/enc-base64.min.js:1:222
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/enc-base64.min.js:1:199
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/enc-base64.min.js:1:164
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/enc-base64.min.js:1:2
ReferenceError: receiveMessage is not defined[En savoir plus]
oidcchecksession.min.js:1:316
<anonyme>
https://auth.openid.club/static/common/js/oidcchecksession.min.js:1:316
<anonyme>
https://auth.openid.club/static/common/js/oidcchecksession.min.js:1:2
ReferenceError: receiveMessage is not defined[En savoir plus]
oidcchecksession.min.js:1:251
<anonyme>
https://auth.openid.club/static/common/js/oidcchecksession.min.js:1:251
i
https://auth.openid.club/static/bwr/jquery/dist/jquery.min.js:2:27146
fireWith
https://auth.openid.club/static/bwr/jquery/dist/jquery.min.js:2:27914
ready
https://auth.openid.club/static/bwr/jquery/dist/jquery.min.js:2:29705
J
https://auth.openid.club/static/bwr/jquery/dist/jquery.min.js:2:29890
```
2.0.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1539
Option to enable / disable languages choice display
2018-11-08T21:58:18Z
Christophe Maudoux
chrmdx@gmail.com
Option to enable / disable languages choice display
Manager boolean
Manager boolean
2.0.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1536
Yubikey always valid if no internet connection
2018-11-06T21:07:22Z
Christophe Maudoux
chrmdx@gmail.com
Yubikey always valid if no internet connection
### Concerned version
Version: 2.0
### Summary
I register second factors (totp, yubikey…), then at the first user connexion, after the login / password prompt, a register prompt is asked (very good feature). Then after registering it...
### Concerned version
Version: 2.0
### Summary
I register second factors (totp, yubikey…), then at the first user connexion, after the login / password prompt, a register prompt is asked (very good feature). Then after registering it and going back to the login page, any second factor value is accepted as correct.
Portal is displayed but session not granted
Of course, I’ve restarted services, and check from others computers to avoid cache source issues.
### Possible fixes
Send error tpl
2.0.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1501
Improve Login history module
2018-11-06T20:35:05Z
Christophe Maudoux
chrmdx@gmail.com
Improve Login history module
### Concerned version
Version: 2.0
Platform: Apache
### Summary
Minor fixes todo
### Concerned version
Version: 2.0
Platform: Apache
### Summary
Minor fixes todo
2.0.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1532
The source list for CSP directive 'form-action' contains an invalid source
2018-11-03T22:31:21Z
Christophe Maudoux
chrmdx@gmail.com
The source list for CSP directive 'form-action' contains an invalid source
### Concerned version
Version: 2.0
Platform: Apache2
### Summary
The source list for Content Security Policy directive 'form-action' contains an invalid source: '/?cancel=1'. It will be ignored.
### Log
```
[debug] Display type logo...
### Concerned version
Version: 2.0
Platform: Apache2
### Summary
The source list for Content Security Policy directive 'form-action' contains an invalid source: '/?cancel=1'. It will be ignored.
### Log
```
[debug] Display type logo for module Twitter
[debug] Authentication choice Twitter will be displayed
[debug] Displaying authentication choice 5_Facebook
[debug] Use URL /?cancel=1
[debug] Display type logo for module Facebook
[debug] Authentication choice Facebook will be displayed
[debug] Displaying authentication choice 6_SAML
[debug] Use URL /?cancel=1
[debug] Display type logo for module SAML
[debug] Authentication choice SAML will be displayed
[debug] Displaying authentication choice 7_OpenID_Connect
[debug] Use URL /?cancel=1
[debug] Display type logo for module OpenIDConnect
[debug] Authentication choice OpenID Connect will be displayed
[debug] Displaying authentication choice 8_CAS
[debug] Use URL /?cancel=1
[debug] Display type logo for module CAS
[debug] Authentication choice CAS will be displayed
[debug] Skin returned: login
[debug] Calling sendHtml with template login
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Set CSP form-action with request URL: /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1
[debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';form-action 'self' * /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1;frame-ancestors 'none';
```
![Capture_d_écran_2018-10-29_21-40-00](/uploads/7f3416d84b44f2e753ebc2649bf9f911/Capture_d_écran_2018-10-29_21-40-00.png)
2.0.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1515
Possibility to configure main logo on portal page
2018-11-03T22:01:36Z
Clément OUDOT
Possibility to configure main logo on portal page
### Summary
We have a parameter for portal background, we could also have a parameter for the main logo, so it would be easier to adapt the default bootstrap skin.
### Summary
We have a parameter for portal background, we could also have a parameter for the main logo, so it would be easier to adapt the default bootstrap skin.
2.0.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1533
OIDC Consent always required
2018-10-30T22:26:54Z
Christophe Maudoux
chrmdx@gmail.com
OIDC Consent always required
### Concerned version
Version: 2.0
Platform: Apache2
### Summary
OIDC Consent always required despite user already gave it
### Concerned version
Version: 2.0
Platform: Apache2
### Summary
OIDC Consent always required despite user already gave it
2.0.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1499
CSP prevents to submit OIDC consents form
2018-10-30T19:33:07Z
Christophe Maudoux
chrmdx@gmail.com
CSP prevents to submit OIDC consents form
### Concerned version
Version: 2.0
Platform: Nginx
### Summary
CSP prevents OIDC consents to be accepted ou refused
### Logs
Calling sendHtml with template confirm
Starting HTML generation using /usr/share/lemonldap-ng/portal/temp...
### Concerned version
Version: 2.0
Platform: Nginx
### Summary
CSP prevents OIDC consents to be accepted ou refused
### Logs
Calling sendHtml with template confirm
Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/confirm.tpl
Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/confirm.tpl
Apply following CSP : default-src *;img-src *;style-src *;font-src *;connect-src *;form-action 'self';frame-ancestors 'none';
Start routing oauth2
2.0.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1530
AD Password module is missing
2018-10-29T17:35:44Z
Clément OUDOT
AD Password module is missing
The Portal/Password/AD.pm module is missing
The Portal/Password/AD.pm module is missing
2.0.0
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1531
LDAP parameters are dropped if authentication backend is AD
2018-10-29T16:04:52Z
Clément OUDOT
LDAP parameters are dropped if authentication backend is AD
If we choose AD as authentication backend, all LDAP parameters are dropped.
If we choose AD as authentication backend, all LDAP parameters are dropped.
2.0.0
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1513
SAML replay protection is not replaying authentication
2018-10-28T12:27:08Z
Clément OUDOT
SAML replay protection is not replaying authentication
As SAML SP, when we check replay protection, we should replay authentication if the check fails:
```
unless ( $self->replayProtection($assertion_responded) ) {
# Assertion was already consumed or is e...
As SAML SP, when we check replay protection, we should replay authentication if the check fails:
```
unless ( $self->replayProtection($assertion_responded) ) {
# Assertion was already consumed or is expired
# Force authentication replay
$self->userLogger->error(
"Message $assertion_responded already used or expired, replay authentication"
);
delete $req->{urldc};
$req->mustRedirect(1);
$req->steps( [] );
return PE_OK;
}
```
But at this moment we did not set $req->user so we end with this error in Portal/Main/Process.pm
```
sub extractFormInfo {
my ( $self, $req ) = @_;
return PE_ERROR unless ( $self->_authentication );
my $ret = $self->_authentication->extractFormInfo($req);
if ( $ret == PE_OK and not( $req->user or $req->continue ) ) {
$self->logger->error(
'Authentication module succeed but has not set $req->user');
return PE_ERROR;
}
```
Should we not set "$req->continue" in our SAML code?
2.0.0
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1518
Possibility to override portal messages
2018-10-17T09:44:45Z
Clément OUDOT
Possibility to override portal messages
In 1.9 we had the possibility to override portal messages, see https://lemonldap-ng.org/documentation/1.9/portalcustom#messages
This does not seem possible in 2.0 anymore, as translations are provided trough a JSON file.
How could we r...
In 1.9 we had the possibility to override portal messages, see https://lemonldap-ng.org/documentation/1.9/portalcustom#messages
This does not seem possible in 2.0 anymore, as translations are provided trough a JSON file.
How could we restore this feature?
2.0.0
Yadd
Yadd