Commit 81a37e5b authored by Christophe Maudoux's avatar Christophe Maudoux 🐛

Dispatching attributes (#1658)

parent 4fe1473f
...@@ -28,7 +28,7 @@ sub defaultValues { ...@@ -28,7 +28,7 @@ sub defaultValues {
'casAccessControlPolicy' => 'none', 'casAccessControlPolicy' => 'none',
'casAuthnLevel' => 1, 'casAuthnLevel' => 1,
'checkTime' => 600, 'checkTime' => 600,
'checkUserHiddenAttributes' => 'UA _2fDevices _loginHistory', 'checkUserHiddenAttributes' => '_2fDevices _loginHistory hGroups',
'checkXSS' => 1, 'checkXSS' => 1,
'confirmFormMethod' => 'post', 'confirmFormMethod' => 'post',
'cookieName' => 'lemonldap', 'cookieName' => 'lemonldap',
......
...@@ -780,7 +780,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.] ...@@ -780,7 +780,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'type' => 'bool' 'type' => 'bool'
}, },
'checkUserHiddenAttributes' => { 'checkUserHiddenAttributes' => {
'default' => 'UA _2fDevices _loginHistory', 'default' => '_2fDevices _loginHistory hGroups',
'type' => 'text' 'type' => 'text'
}, },
'checkXSS' => { 'checkXSS' => {
......
...@@ -586,7 +586,7 @@ sub attributes { ...@@ -586,7 +586,7 @@ sub attributes {
}, },
checkUserHiddenAttributes => { checkUserHiddenAttributes => {
type => 'text', type => 'text',
default => 'UA _2fDevices _loginHistory', default => '_2fDevices _loginHistory hGroups',
documentation => 'Attributes to hide in CheckUser plugin', documentation => 'Attributes to hide in CheckUser plugin',
flags => 'p', flags => 'p',
}, },
......
...@@ -151,7 +151,7 @@ ...@@ -151,7 +151,7 @@
"clickHereToForce":"انقر هنا لإجبار", "clickHereToForce":"انقر هنا لإجبار",
"checkState":"Activation", "checkState":"Activation",
"checkStateSecret":"Shared secret", "checkStateSecret":"Shared secret",
"checkUsers":"Session check", "checkUsers":"Session Check",
"checkUser":"Activation", "checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes", "checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session", "checkUserDisplayPersistentInfo":"Display persistent session",
......
...@@ -151,8 +151,8 @@ ...@@ -151,8 +151,8 @@
"clickHereToForce":"Click here to force", "clickHereToForce":"Click here to force",
"checkState":"Activation", "checkState":"Activation",
"checkStateSecret":"Shared secret", "checkStateSecret":"Shared secret",
"checkUsers":"Session Check",
"choiceParams":"Choice parameters", "choiceParams":"Choice parameters",
"checkUsers":"Session check",
"checkUser":"Activation", "checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes", "checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session", "checkUserDisplayPersistentInfo":"Display persistent session",
......
...@@ -151,7 +151,7 @@ ...@@ -151,7 +151,7 @@
"clickHereToForce":"Click here to force", "clickHereToForce":"Click here to force",
"checkState":"Activation", "checkState":"Activation",
"checkStateSecret":"Shared secret", "checkStateSecret":"Shared secret",
"checkUsers":"Session check", "checkUsers":"Session Check",
"checkUser":"Activation", "checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes", "checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session", "checkUserDisplayPersistentInfo":"Display persistent session",
......
...@@ -151,12 +151,12 @@ ...@@ -151,12 +151,12 @@
"clickHereToForce":"Cliquer ici pour forcer", "clickHereToForce":"Cliquer ici pour forcer",
"checkState":"Activation", "checkState":"Activation",
"checkStateSecret":"Secret partagé", "checkStateSecret":"Secret partagé",
"choiceParams":"Paramètres des choix",
"checkUsers":"Vérification de session", "checkUsers":"Vérification de session",
"checkUser":"Activation", "checkUser":"Activation",
"checkUserHiddenAttributes":"Attributs masqués", "checkUserHiddenAttributes":"Attributs masqués",
"checkUserDisplayPersistentInfo":"Afficher les données de session persistante", "checkUserDisplayPersistentInfo":"Afficher les données de session persistante",
"checkUserDisplayEmptyValues":"Afficher les valeurs nulles", "checkUserDisplayEmptyValues":"Afficher les valeurs nulles",
"choiceParams":"Paramètres des choix",
"chooseLogo":"Choisir le logo", "chooseLogo":"Choisir le logo",
"chooseSkin":"Choisir le thème", "chooseSkin":"Choisir le thème",
"combination":"Combinaison", "combination":"Combinaison",
......
...@@ -151,7 +151,7 @@ ...@@ -151,7 +151,7 @@
"clickHereToForce":"Clicca qui per forzare", "clickHereToForce":"Clicca qui per forzare",
"checkState":"Attivazione", "checkState":"Attivazione",
"checkStateSecret":"Segreto condiviso", "checkStateSecret":"Segreto condiviso",
"checkUsers":"Session check", "checkUsers":"Session Check",
"checkUser":"Activation", "checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes", "checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session", "checkUserDisplayPersistentInfo":"Display persistent session",
......
...@@ -151,7 +151,7 @@ ...@@ -151,7 +151,7 @@
"clickHereToForce":"Nhấp vào đây để bắt buộc", "clickHereToForce":"Nhấp vào đây để bắt buộc",
"checkState":"Kích hoạt", "checkState":"Kích hoạt",
"checkStateSecret":"Shared secret", "checkStateSecret":"Shared secret",
"checkUsers":"Session check", "checkUsers":"Session Check",
"checkUser":"Activation", "checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes", "checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session", "checkUserDisplayPersistentInfo":"Display persistent session",
......
...@@ -151,7 +151,7 @@ ...@@ -151,7 +151,7 @@
"clickHereToForce":"Click here to force", "clickHereToForce":"Click here to force",
"checkState":"Activation", "checkState":"Activation",
"checkStateSecret":"Shared secret", "checkStateSecret":"Shared secret",
"checkUsers":"Session check", "checkUsers":"Session Check",
"checkUser":"Activation", "checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes", "checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session", "checkUserDisplayPersistentInfo":"Display persistent session",
......
This source diff could not be displayed because it is too large. You can view the blob instead.
...@@ -47,10 +47,10 @@ sub check { ...@@ -47,10 +47,10 @@ sub check {
# Check access rule # Check access rule
unless ( $self->accessCtrl( $req, 'checkuser' ) ) { unless ( $self->accessCtrl( $req, 'checkuser' ) ) {
$self->userLogger->error( $self->userLogger->error(
"$req->{user} not allowed to access /checkuser"); "user $req->{user} not allowed to access /checkuser");
return $self->p->lmError( $req, 403 ); return $self->p->lmError( $req, 403 );
} }
$self->userLogger->notice("$req->{user} is allowed to access /checkuser"); $self->userLogger->notice("user $req->{user} is allowed to access /checkuser");
# Check token # Check token
if ( $self->conf->{requireToken} ) { if ( $self->conf->{requireToken} ) {
...@@ -90,22 +90,29 @@ sub check { ...@@ -90,22 +90,29 @@ sub check {
$attrs = {}; $attrs = {};
} }
else { else {
$msg = 'checkUser';
# Create an array of hashes for template loop # Create an array of hashes for template loop
$self->logger->debug("Delete hidden or empty attributes"); $self->logger->debug("Delete hidden or empty attributes");
foreach my $k ( sort keys %$attrs ) { if ( $self->conf->{checkUserDisplayEmptyValues} ) {
foreach my $k ( sort keys %$attrs ) {
# Ignore hidden attributes or empty values # Ignore hidden attributes
if ( $self->conf->{checkUserDisplayEmptyValues} ) {
push @$array_attrs, { key => $k, value => $attrs->{$k} } push @$array_attrs, { key => $k, value => $attrs->{$k} }
unless ( $self->hAttr =~ /\b$k\b/ ); unless ( $self->hAttr =~ /\b$k\b/ );
} }
else { }
else {
foreach my $k ( sort keys %$attrs ) {
# Ignore hidden attributes and empty values
push @$array_attrs, { key => $k, value => $attrs->{$k} } push @$array_attrs, { key => $k, value => $attrs->{$k} }
unless ( $self->hAttr =~ /\b$k\b/ or !$attrs->{$k} ); unless ( $self->hAttr =~ /\b$k\b/ or !$attrs->{$k} );
} }
} }
$msg = 'checkUser';
# ARRAY_REF = [ A_REF GROUPS, A_REF MACROS, A_REF OTHERS ]
$array_attrs = $self->_splitAttributes($array_attrs);
} }
# Check if user is allowed to access submitted URL and compute headers # Check if user is allowed to access submitted URL and compute headers
...@@ -148,7 +155,9 @@ sub check { ...@@ -148,7 +155,9 @@ sub check {
ALERTE_AUTH => ALERTE_AUTH =>
( $auth eq 'allowed' ? 'alert-success' : 'alert-danger' ), ( $auth eq 'allowed' ? 'alert-success' : 'alert-danger' ),
HEADERS => $array_hdrs, HEADERS => $array_hdrs,
ATTRIBUTES => $array_attrs, ATTRIBUTES => $array_attrs->[2],
MACROS => $array_attrs->[1],
GROUPS => $array_attrs->[0],
TOKEN => $token, TOKEN => $token,
} }
); );
...@@ -160,10 +169,10 @@ sub display { ...@@ -160,10 +169,10 @@ sub display {
# Check access rule # Check access rule
unless ( $self->accessCtrl( $req, 'checkuser' ) ) { unless ( $self->accessCtrl( $req, 'checkuser' ) ) {
$self->userLogger->error( $self->userLogger->error(
"$req->{user} not allowed to access /checkuser"); "user $req->{user} not allowed to access /checkuser");
return $self->p->lmError( $req, 403 ); return $self->p->lmError( $req, 403 );
} }
$self->userLogger->notice("$req->{user} is allowed to access /checkuser"); $self->userLogger->notice("user $req->{user} is allowed to access /checkuser");
my $token = $self->ott->createToken( $req->sessionInfo ); my $token = $self->ott->createToken( $req->sessionInfo );
# Display form # Display form
...@@ -225,4 +234,31 @@ sub _headers { ...@@ -225,4 +234,31 @@ sub _headers {
return $self->p->HANDLER->checkHeaders( $req, $req->{sessionInfo} ); return $self->p->HANDLER->checkHeaders( $req, $req->{sessionInfo} );
} }
sub _splitAttributes {
my ( $self, $attrs ) = @_;
my ( $grps, $mcrs, $others ) = ( [], [], [] );
my $macros = $self->{conf}->{macros};
$self->logger->debug("Dispatching attributes...");
while (@$attrs) {
my $element = shift @$attrs;
my $ok = 0;
if ( $element->{key} eq 'groups' ) {
my $separator = $self->{conf}->{multiValuesSeparator};
my @tmp = split /\Q$separator/, $element->{value};
$grps = [ map { { value => $_ } } sort @tmp ];
next;
}
foreach my $key ( sort keys %$macros ) {
if ( $element->{key} eq $key ) {
push @$mcrs, $element;
$ok = 1;
last;
}
}
push @$others, $element unless $ok;
}
return [ $grps, $mcrs, $others ];
}
1; 1;
...@@ -83,6 +83,49 @@ ...@@ -83,6 +83,49 @@
</div> </div>
</TMPL_IF> </TMPL_IF>
<TMPL_IF NAME="MACROS">
<div class="card mb-3 border-secondary">
<div class="card-body table-responsive">
<table class="table table-hover">
<thead>
<tr class="align-middle"><span trspan="macros">MACROS</span></tr>
<tr>
<th class="align-middle"><span trspan="key">Key</span></th>
<th class="align-middle"><span trspan="value">Value</span></th>
</tr>
</thead>
<tbody>
<TMPL_LOOP NAME="MACROS">
<tr>
<td class="align-middle"><TMPL_VAR NAME="key"></td>
<td class="align-middle"><TMPL_VAR NAME="value"></td>
</tr>
</TMPL_LOOP>
</tbody>
</table>
</div>
</div>
</TMPL_IF>
<TMPL_IF NAME="GROUPS">
<div class="card mb-3 border-secondary">
<div class="card-body table-responsive">
<table class="table table-hover">
<thead>
<tr class="align-middle"><span trspan="groups_sso">GROUPS SSO</span></tr>
</thead>
<tbody>
<TMPL_LOOP NAME="GROUPS">
<tr>
<td class="align-middle"><TMPL_VAR NAME="value"></td>
</tr>
</TMPL_LOOP>
</tbody>
</table>
</div>
</div>
</TMPL_IF>
<div class="buttons"> <div class="buttons">
<button type="submit" class="btn btn-success"> <button type="submit" class="btn btn-success">
<span class="fa fa-sign-in"></span> <span class="fa fa-sign-in"></span>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment