Commit 7b08a7c4 authored by Christophe Maudoux's avatar Christophe Maudoux 🐛

Rename idSpoofing plugin to Impersonation & all relative parameters (#1664)

parent 26b80873
......@@ -64,34 +64,34 @@ sub defaultValues {
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
},
'gpgDb' => '',
'groups' => {},
'handlerInternalCache' => 15,
'hiddenAttributes' => '_password',
'httpOnly' => 1,
'https' => -1,
'idSpoofingHiddenAttributes' => '_2fDevices _loginHistory',
'idSpoofingPrefix' => 'real_',
'idSpoofingRule' => 0,
'idSpoofingSkipEmptyValues' => 1,
'infoFormMethod' => 'get',
'issuerDBCASPath' => '^/cas/',
'issuerDBCASRule' => 1,
'issuerDBGetParameters' => {},
'issuerDBGetPath' => '^/get/',
'issuerDBGetRule' => 1,
'issuerDBOpenIDConnectPath' => '^/oauth2/',
'issuerDBOpenIDConnectRule' => 1,
'issuerDBOpenIDPath' => '^/openidserver/',
'issuerDBOpenIDRule' => 1,
'issuerDBSAMLPath' => '^/saml/',
'issuerDBSAMLRule' => 1,
'jsRedirect' => 0,
'krbAuthnLevel' => 3,
'krbRemoveDomain' => 1,
'ldapAuthnLevel' => 2,
'ldapBase' => 'dc=example,dc=com',
'ldapExportedVars' => {
'gpgDb' => '',
'groups' => {},
'handlerInternalCache' => 15,
'hiddenAttributes' => '_password',
'httpOnly' => 1,
'https' => -1,
'impersonationHiddenAttributes' => '_2fDevices _loginHistory',
'impersonationPrefix' => 'real_',
'impersonationRule' => 0,
'impersonationSkipEmptyValues' => 1,
'infoFormMethod' => 'get',
'issuerDBCASPath' => '^/cas/',
'issuerDBCASRule' => 1,
'issuerDBGetParameters' => {},
'issuerDBGetPath' => '^/get/',
'issuerDBGetRule' => 1,
'issuerDBOpenIDConnectPath' => '^/oauth2/',
'issuerDBOpenIDConnectRule' => 1,
'issuerDBOpenIDPath' => '^/openidserver/',
'issuerDBOpenIDRule' => 1,
'issuerDBSAMLPath' => '^/saml/',
'issuerDBSAMLRule' => 1,
'jsRedirect' => 0,
'krbAuthnLevel' => 3,
'krbRemoveDomain' => 1,
'ldapAuthnLevel' => 2,
'ldapBase' => 'dc=example,dc=com',
'ldapExportedVars' => {
'cn' => 'cn',
'mail' => 'mail',
'uid' => 'uid'
......
......@@ -1195,23 +1195,23 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
'default' => -1,
'type' => 'trool'
},
'idSpoofingHiddenAttributes' => {
'impersonationHiddenAttributes' => {
'default' => '_2fDevices _loginHistory',
'type' => 'text'
},
'idSpoofingMergeSSOgroups' => {
'impersonationMergeSSOgroups' => {
'default' => 0,
'type' => 'bool'
},
'idSpoofingPrefix' => {
'impersonationPrefix' => {
'default' => 'real_',
'type' => 'text'
},
'idSpoofingRule' => {
'impersonationRule' => {
'default' => 0,
'type' => 'boolOrExpr'
},
'idSpoofingSkipEmptyValues' => {
'impersonationSkipEmptyValues' => {
'default' => 1,
'type' => 'bool'
},
......
......@@ -440,30 +440,30 @@ sub attributes {
documentation => 'Display session empty values',
flags => 'p',
},
idSpoofingMergeSSOgroups => {
impersonationMergeSSOgroups => {
default => 0,
type => 'bool',
documentation => 'Merge spoofed and real SSO groups',
flags => 'p',
},
idSpoofingPrefix => {
impersonationPrefix => {
type => 'text',
default => 'real_',
documentation => 'Prefix to rename real session attributes',
flags => 'p',
},
idSpoofingRule => {
impersonationRule => {
type => 'boolOrExpr',
default => 0,
documentation => 'IdSpoofing activation rule',
documentation => 'Impersonation activation rule',
},
idSpoofingHiddenAttributes => {
impersonationHiddenAttributes => {
type => 'text',
default => '_2fDevices _loginHistory',
documentation => 'Attributes to skip',
flags => 'p',
},
idSpoofingSkipEmptyValues => {
impersonationSkipEmptyValues => {
default => 1,
type => 'bool',
documentation => 'Skip session empty values',
......
......@@ -649,15 +649,15 @@ sub tree {
]
},
{
title => 'spoofingIds',
help => 'idspoofing.html',
title => 'impersonation',
help => 'impersonation.html',
form => 'simpleInputContainer',
nodes => [
'idSpoofingRule',
'idSpoofingPrefix',
'idSpoofingHiddenAttributes',
'idSpoofingSkipEmptyValues',
'idSpoofingMergeSSOgroups',
'impersonationRule',
'impersonationPrefix',
'impersonationHiddenAttributes',
'impersonationSkipEmptyValues',
'impersonationMergeSSOgroups',
]
},
]
......
......@@ -286,12 +286,12 @@
"hideTree":"إخفاء الشجرة",
"httpOnly":"الحماية بواسطة جافا سكريبت",
"https":"إتش تي تي بي س",
"spoofingIds":"Id Spoofing",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingMergeSSOgroups":"Merge spoofed and real SSO groups",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"impersonation":"Impersonation",
"impersonationRule":"Use rule",
"impersonationHiddenAttributes":"Hidden attributes",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationPrefix":"Real attributes prefix",
"impersonationSkipEmptyValues":"Skip empty values",
"incompleteForm":"الحقول المطلوبة مفقودة",
"index":"فهرس",
"infoFormMethod":"طريقة للحصول على معلومات الإستمارة",
......
......@@ -286,12 +286,12 @@
"hideTree":"Hide tree",
"httpOnly":"Javascript protection",
"https":"HTTPS",
"spoofingIds":"Id Spoofing",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingMergeSSOgroups":"Merge spoofed and real SSO groups",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"impersonation":"Impersonation",
"impersonationRule":"Use rule",
"impersonationHiddenAttributes":"Hidden attributes",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationPrefix":"Real attributes prefix",
"impersonationSkipEmptyValues":"Skip empty values",
"incompleteForm":"Required fields are missing",
"index":"Index",
"infoFormMethod":"Method for info form",
......
......@@ -286,12 +286,12 @@
"hideTree":"Hide tree",
"httpOnly":"Javascript protection",
"https":"HTTPS",
"spoofingIds":"Id Spoofing",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingMergeSSOgroups":"Merge spoofed and real SSO groups",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"impersonation":"Impersonation",
"impersonationRule":"Use rule",
"impersonationHiddenAttributes":"Hidden attributes",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationPrefix":"Real attributes prefix",
"impersonationSkipEmptyValues":"Skip empty values",
"incompleteForm":"Required fields are missing",
"index":"Index",
"infoFormMethod":"Method for info form",
......
......@@ -286,12 +286,12 @@
"hideTree":"Masquer l'arbre",
"httpOnly":"Protection contre javascript",
"https":"HTTPS",
"spoofingIds":"Usurpation d'identité",
"idSpoofingRule":"Règle d'utilisation",
"idSpoofingHiddenAttributes":"Attributs masqués",
"idSpoofingMergeSSOgroups":"Fusionner les groupes SSO réels et usurpés",
"idSpoofingPrefix":"Préfix des vrais attributs",
"idSpoofingSkipEmptyValues":"Ignorer les valeurs nulles",
"impersonation":"Usurpation d'identité",
"impersonationRule":"Règle d'utilisation",
"impersonationHiddenAttributes":"Attributs masqués",
"impersonationMergeSSOgroups":"Fusionner les groupes SSO réels et usurpés",
"impersonationPrefix":"Préfix des vrais attributs",
"impersonationSkipEmptyValues":"Ignorer les valeurs nulles",
"incompleteForm":"Des champs requis manquent",
"index":"Index",
"infoFormMethod":"Méthode du formulaire d'information",
......
......@@ -286,12 +286,12 @@
"hideTree":"Nascondi l'albero",
"httpOnly":"Protezione Javascript",
"https":"HTTPS",
"spoofingIds":"Id Spoofing",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingMergeSSOgroups":"Merge spoofed and real SSO groups",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"impersonation":"Impersonation",
"impersonationRule":"Use rule",
"impersonationHiddenAttributes":"Hidden attributes",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationPrefix":"Real attributes prefix",
"impersonationSkipEmptyValues":"Skip empty values",
"incompleteForm":"Mancano campi obbligatori",
"index":"Indice",
"infoFormMethod":"Metodo per il modulo informazioni",
......
......@@ -286,12 +286,12 @@
"hideTree":"Ẩn cây",
"httpOnly":"Bảo vệ Javascript",
"https":"HTTPS",
"spoofingIds":"Id Spoofing",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingMergeSSOgroups":"Merge spoofed and real SSO groups",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"impersonation":"Impersonation",
"impersonationRule":"Use rule",
"impersonationHiddenAttributes":"Hidden attributes",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationPrefix":"Real attributes prefix",
"impersonationSkipEmptyValues":"Skip empty values",
"incompleteForm":"Các trường bắt buộc bị thiếu",
"index":"Chỉ mục",
"infoFormMethod":"Phương pháp cho mẫu thông tin",
......
......@@ -286,12 +286,12 @@
"hideTree":"Hide tree",
"httpOnly":"Javascript protection",
"https":"HTTPS",
"spoofingIds":"Id Spoofing",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingMergeSSOgroups":"Merge spoofed and real SSO groups",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"impersonation":"Impersonation",
"impersonationRule":"Use rule",
"impersonationHiddenAttributes":"Hidden attributes",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationPrefix":"Real attributes prefix",
"impersonationSkipEmptyValues":"Skip empty values",
"incompleteForm":"Required fields are missing",
"index":"Index",
"infoFormMethod":"Method for info form",
......
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -98,7 +98,7 @@ use constant {
PE_OIDC_SERVICE_NOT_ALLOWED => 90,
PE_OID_SERVICE_NOT_ALLOWED => 91,
PE_GET_SERVICE_NOT_ALLOWED => 92,
PE_IDSPOOFING_SERVICE_NOT_ALLOWED => 93,
PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93,
};
# EXPORTER PARAMETERS
......@@ -126,7 +126,7 @@ our @EXPORT_OK = qw( PE_SENDRESPONSE PE_INFO PE_REDIRECT PE_DONE PE_OK
PE_REGISTERALREADYEXISTS PE_NOTOKEN PE_TOKENEXPIRED HANDLER PE_U2FFAILED
PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE PE_WAIT PE_MUSTAUTHN
PE_MUSTHAVEMAIL PE_SAML_SERVICE_NOT_ALLOWED PE_OIDC_SERVICE_NOT_ALLOWED
PE_OID_SERVICE_NOT_ALLOWED PE_GET_SERVICE_NOT_ALLOWED PE_IDSPOOFING_SERVICE_NOT_ALLOWED
PE_OID_SERVICE_NOT_ALLOWED PE_GET_SERVICE_NOT_ALLOWED PE_IMPERSONATION_SERVICE_NOT_ALLOWED
);
our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );
......
......@@ -291,7 +291,7 @@ sub display {
REGISTER_URL => $self->conf->{registerUrl},
HIDDEN_INPUTS => $self->buildHiddenForm($req),
STAYCONNECTED => $self->conf->{stayConnected},
SPOOFID => $self->conf->{idSpoofingRule},
SPOOFID => $self->conf->{impersonationRule},
(
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
......
......@@ -26,7 +26,7 @@ our @pList = (
checkState => '::Plugins::CheckState',
portalForceAuthn => '::Plugins::ForceAuthn',
checkUser => '::Plugins::CheckUser',
idSpoofingRule => '::Plugins::IdSpoofing',
impersonationRule => '::Plugins::Impersonation',
);
##@method list enabledPlugins
......
package Lemonldap::NG::Portal::Plugins::IdSpoofing;
package Lemonldap::NG::Portal::Plugins::Impersonation;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants
qw( PE_OK PE_BADCREDENTIALS PE_IDSPOOFING_SERVICE_NOT_ALLOWED );
qw( PE_OK PE_BADCREDENTIALS PE_IMPERSONATION_SERVICE_NOT_ALLOWED );
our $VERSION = '2.0.3';
......@@ -16,7 +16,7 @@ use constant endAuth => 'run';
has rule => ( is => 'rw', default => sub {1} );
sub hAttr {
$_[0]->{conf}->{idSpoofingHiddenAttributes} . ' '
$_[0]->{conf}->{impersonationHiddenAttributes} . ' '
. $_[0]->{conf}->{hiddenAttributes};
}
......@@ -26,11 +26,11 @@ sub init {
# Parse activation rule
my $hd = $self->p->HANDLER;
$self->logger->debug(
"IdSpoofing rule -> " . $self->conf->{idSpoofingRule} );
"impersonation rule -> " . $self->conf->{impersonationRule} );
my $rule
= $hd->buildSub( $hd->substitute( $self->conf->{idSpoofingRule} ) );
= $hd->buildSub( $hd->substitute( $self->conf->{impersonationRule} ) );
unless ($rule) {
$self->error( "Bad IdSpoofing rule -> " . $hd->tsv->{jail}->error );
$self->error( "Bad impersonation rule -> " . $hd->tsv->{jail}->error );
return 0;
}
$self->{rule} = $rule;
......@@ -48,8 +48,8 @@ sub run {
# Check activation rule
unless ( $self->rule->( $req, $req->sessionInfo ) ) {
$self->userLogger->error('IdSpoofing service not authorized');
return PE_IDSPOOFING_SERVICE_NOT_ALLOWED;
$self->userLogger->error('Impersonation service not authorized');
return PE_IMPERSONATION_SERVICE_NOT_ALLOWED;
}
# Fill spoof session
......@@ -57,10 +57,10 @@ sub run {
$self->logger->debug("Spoofing Id: $spoofId...");
my $spk = '';
foreach my $k ( keys %{ $req->{sessionInfo} } ) {
if ( $self->{conf}->{idSpoofingSkipEmptyValues} ) {
if ( $self->{conf}->{impersonationSkipEmptyValues} ) {
next unless defined $req->{sessionInfo}->{$k};
}
$spk = "$self->{conf}->{idSpoofingPrefix}$k";
$spk = "$self->{conf}->{impersonationPrefix}$k";
unless ( $self->hAttr =~ /\b$k\b/ ) {
$realSession->{$spk} = $req->{sessionInfo}->{$k};
$self->logger->debug("-> Store $k in realSession key: $spk");
......@@ -70,10 +70,10 @@ sub run {
$spoofSession = $self->_userDatas($req);
# Merging SSO groups and hGroups & Dedup
if ( $self->{conf}->{idSpoofingMergeSSOgroups} ) {
if ( $self->{conf}->{impersonationMergeSSOgroups} ) {
$self->userLogger->warn("MERGING SSO groups and hGroups...");
my $spg = "$self->{conf}->{idSpoofingPrefix}groups";
my $sphg = "$self->{conf}->{idSpoofingPrefix}hGroups";
my $spg = "$self->{conf}->{impersonationPrefix}groups";
my $sphg = "$self->{conf}->{impersonationPrefix}hGroups";
my $separator = $self->{conf}->{multiValuesSeparator};
if ( $spoofSession->{groups}
and $realSession->{$spg} )
......@@ -113,7 +113,7 @@ sub _userDatas {
if ( my $error = $self->p->process($req) ) {
if ( $error == PE_BADCREDENTIALS ) {
$self->userLogger->warn(
'IdSpoofing requested for an unvalid user ('
'Impersonation requested for an unvalid user ('
. $req->{user}
. ")" );
}
......
......@@ -92,7 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"PE93":"Access non granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"قبول",
"accessDenied":"ليس لديك إذن بالدخول لهذا التطبيق",
......
......@@ -92,7 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"PE93":"Access non granted on IMPERSONATION service",
"2fRegRequired":"Dieser Dienst benötigt Zwei-Faktor-Authentifizierung. Bitte legen Sie ein Gerät an und gehen dann zum Portal zurück.",
"accept":"Akzeptieren",
"accessDenied":"Sie haben keine Zugriffsberechtigung für diese Anwendung",
......
......@@ -92,7 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"PE93":"Access non granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
......
......@@ -92,7 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"PE93":"Access non granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
......
......@@ -92,7 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"PE93":"Access non granted on IMPERSONATION service",
"2fRegRequired":"Questo servizio richiede un'autenticazione a doppio fattore. Registrare un dispositivo ora, quindi tornare al portale.",
"accept":"Accetta",
"accessDenied":"Non hai un'autorizzazione di accesso per questa applicazione",
......
......@@ -92,7 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"PE93":"Access non granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
......
......@@ -92,7 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"PE93":"Access non granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
......
......@@ -92,7 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"PE93":"Access non granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
......
......@@ -92,7 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"PE93":"Access non granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Chấp nhận",
"accessDenied":"Bạn không có quyền truy cập vào ứng dụng này",
......
......@@ -92,7 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"PE93":"Access non granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept 方法",
"accessDenied":"您无权访问此应用",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment