Commit ddb42e35 authored by Antoine Rosier's avatar Antoine Rosier

Merge remote-tracking branch 'upstream/v2.0' into logs

parents e9cbbe45 4bab684e
......@@ -86,7 +86,7 @@
"authentication" : "Demo",
"cfgAuthor" : "The LemonLDAP::NG team",
"cfgNum" : 1,
"cfgVersion" : "2.0.2",
"cfgVersion" : "2.0.3",
"cookieName" : "lemonldap",
"demoExportedVars" : {
"cn" : "cn",
......@@ -119,8 +119,13 @@
"namespace" : "lemonldap-ng-sessions"
},
"locationRules" : {
"auth.__DNSDOMAIN__" : {
"(?#checkUser)^/checkuser" : "$uid eq \"dwho\"",
"(?#errors)^/lmerror/" : "accept",
"default" : "accept"
},
"manager.__DNSDOMAIN__" : {
"(?#Configuration)^/(manager\\.html|conf/)" : "$uid eq \"dwho\"",
"(?#Configuration)^/(manager\\.html|$)" : "$uid eq \"dwho\"",
"(?#Notifications)/notifications" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
"(?#Sessions)/sessions" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
"default" : "$uid eq \"dwho\" or $uid eq \"rtyler\""
......
......@@ -7,6 +7,7 @@ use Encode;
our $VERSION = '2.0.0';
our $initDone;
$YAML::Numify = 1;
sub Lemonldap::NG::Common::Conf::_yamlLock {
my ( $self, $cfgNum ) = @_;
......
......@@ -207,6 +207,7 @@ t/40-sessions.t
t/50-notifications-DBI.t
t/50-notifications.t
t/60-2ndfa.t
t/70-viewer.t
t/80-attributes.t
t/90-translations.t
t/99-pod.t
......@@ -218,5 +219,6 @@ t/jsonfiles/12-modified.json
t/jsonfiles/14-bad.json
t/jsonfiles/15-combination.json
t/lemonldap-ng-dbi.ini
t/lemonldap-ng-noBrowser.ini
t/lemonldap-ng.ini
t/test-lib.pm
package Lemonldap::NG::Manager::Conf::Zero;
our $VERSION = '2.0.2';
our $VERSION = '2.0.3';
sub zeroConf {
my ( $domain, $sessionDir, $persistentSessionDir, $notificationDir ) = @_;
......@@ -147,6 +147,11 @@ sub zeroConf {
'portal' => "http://auth.$domain/",
'notificationStorage' => 'File',
'locationRules' => {
"auth.$domain" => {
'(?#checkUser)^/checkuser' => '$uid eq "dwho"',
'(?#errors)^/lmerror/' => 'accept',
'default' => 'accept'
},
"test1.$domain" => {
'default' => 'accept',
'^/logout' => 'logout_sso'
......@@ -157,7 +162,7 @@ sub zeroConf {
},
"manager.$domain" => {
'default' => '$uid eq "dwho" or $uid eq "rtyler"',
'(?#Configuration)^/(manager\.html|conf/)' => '$uid eq "dwho"',
'(?#Configuration)^/(manager\.html|$)' => '$uid eq "dwho"',
'(?#Sessions)/sessions' => '$uid eq "dwho" or $uid eq "rtyler"',
'(?#Notifications)/notifications' =>
'$uid eq "dwho" or $uid eq "rtyler"',
......
# This module implements all the methods that responds to '/confs/*' requests
# It contains 2 sections:
# - initialization methods
# - upload method
#
# Read methods are inherited from Lemonldap::NG::Common::Conf::RESTServer
package Lemonldap::NG::Manager::Viewer;
use 5.10.0;
......@@ -31,8 +25,8 @@ sub addRoutes {
my ( $self, $conf ) = @_;
$self->ua( Lemonldap::NG::Common::UserAgent->new($conf) );
my $hiddenPK = '';
$hiddenPK = $self->{viewerHiddenPK} || $conf->{viewerHiddenPK};
my $hiddenPK = '';
$hiddenPK = $self->{viewerHiddenPK} || $conf->{viewerHiddenPK};
my @enabledPK = ();
my @keys = qw(virtualHosts samlIDPMetaDataNodes samlSPMetaDataNodes
applicationList oidcOPMetaDataNodes oidcRPMetaDataNodes
......@@ -65,6 +59,12 @@ sub addRoutes {
['GET']
);
}
unless ( $self->{viewerAllowBrowser} || $conf->{viewerAllowBrowser} ) {
$self->addRoute(
view => { ':cfgNum' => 'rejectKey' },
['GET']
);
}
# Other keys
$self->addRoute( view => { ':cfgNum' => { '*' => 'getKey' } }, ['GET'] )
......
......@@ -28,7 +28,7 @@
<td ng-if="n.type=='bool'">
<div class="input-group-solid" role="radiogroup">
<label class="radio-inline">
<input id="bopeOn/{{n.title}}" type="radio" ng-value="1" ng-model="n.data" role="radio" aria-labelledby="lbopeOn{{n.title}}"/>
<input id="bopeOn/{{n.title}}" type="radio" ng-value="1" ng-model="n.data" ng-checked="n.data==1||n.data=='1'" role="radio" aria-labelledby="lbopeOn{{n.title}}"/>
<span id="lbopeOn{{n.title}}" for="bopeOn/{{n.title}}" trspan="on"></span>
</label>
<label class="radio-inline">
......
......@@ -887,9 +887,9 @@
"samlIDPMetaDataOptionsSession":"جلسة",
"samlIDPMetaDataOptionsSignature":"توقيع",
"samlIDPMetaDataOptionsBinding":"ربط",
"samlIDPMetaDataOptionsDisplay":"Display",
"samlIDPMetaDataOptionsDisplay":"عرض",
"samlIDPMetaDataOptionsDisplayName":"Display name",
"samlIDPMetaDataOptionsDisplayParams":"Display",
"samlIDPMetaDataOptionsDisplayParams":"عرض",
"samlIDPMetaDataOptionsIcon":"Logo",
"samlIDPMetaDataOptionsSecurity":"الحماية",
"samlIDPMetaDataOptionsStoreSAMLToken":"حفظ SAML توكن",
......@@ -980,5 +980,5 @@
"samlCommonDomainCookieWriter":"يو آر إل الكاتب",
"samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ",
"samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
\ No newline at end of file
......@@ -980,5 +980,5 @@
"samlCommonDomainCookieWriter":"Writer URL",
"samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
\ No newline at end of file
......@@ -980,5 +980,5 @@
"samlCommonDomainCookieWriter":"URL dell'autore",
"samlRelayStateTimeout":"Timeout di sessione di RelayState",
"samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
\ No newline at end of file
......@@ -124,7 +124,7 @@
"casSrv":"CAS Server",
"casSrvMetaDataExportedVars":"Thuộc tính xuất",
"casSrvMetaDataOptions":"Tùy chọn",
"casSrvMetaDataOptionsDisplay":"Hiển thị",
"casSrvMetaDataOptionsDisplay":"Display",
"casSrvMetaDataOptionsDisplayName":"Tên để hiển thị",
"casSrvMetaDataOptionsGateway":"Xác thực Gateway",
"casSrvMetaDataOptionsIcon":"Đường dẫn Icon",
......@@ -980,5 +980,5 @@
"samlCommonDomainCookieWriter":"Trình viết URL",
"samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ",
"samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
\ No newline at end of file
......@@ -980,5 +980,5 @@
"samlCommonDomainCookieWriter":"Writer URL",
"samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
\ No newline at end of file
# Test viewer API
use Test::More;
use strict;
use IO::String;
use JSON qw(from_json);
require 't/test-lib.pm';
# Test that key value is sent
my $res = &client->jsonResponse('/view/1/portalDisplayOidcConsents');
ok( $res->{value} eq '$_oidcConnectedRP', 'Key found' );
count(1);
# Test that hidden key values are NOT sent
$res = &client->jsonResponse('/view/1/portalDisplayLogout');
ok( $res->{value} eq '_Hidden_', 'Key is hidden' );
$res = &client->jsonResponse('/view/1/samlIDPMetaDataNodes');
ok( $res->{value} eq '_Hidden_', 'Key is hidden' );
count(2);
# Try to display latest conf
$res = &client->jsonResponse('/view/latest');
ok( $res->{cfgNum} eq '1', 'Browser is allowed' );
count(1);
# Load lemonldap-ng-noBrowser.ini
use_ok('Lemonldap::NG::Manager::Cli::Lib');
my $client2;
ok(
$client2 = Lemonldap::NG::Manager::Cli::Lib->new(
iniFile => 't/lemonldap-ng-noBrowser.ini'
),
'Client object'
);
# Try to display latest conf
$res = $client2->jsonResponse('/view/1');
ok( $res->{value} eq '_Hidden_', 'Browser is NOT allowed' );
count(3);
done_testing( count() );
[all]
logLevel = error
localSessionStorage =
localSessionStorageOptions =
[configuration]
type=File
dirName=t/conf
[portal]
checkXSS = 0
[handler]
https = 0
;port = 8080
status = 0
useRedirectOnError = 0
[manager]
protection = manager
staticPrefix = app/
languages = fr, en, vi, ar
templateDir = site/templates/
enabledModules = conf, sessions, notifications, 2ndFA, viewer
viewerHiddenPK = samlIDPMetaDataNodes samlSPMetaDataNodes portalDisplayLogout
viewerAllowBrowser = 0
[sessionsExplorer]
;protection = authenticate
[apply]
......@@ -26,6 +26,9 @@ protection = manager
staticPrefix = app/
languages = fr, en, vi, ar
templateDir = site/templates/
enabledModules = conf, sessions, notifications, 2ndFA, viewer
viewerHiddenPK = samlIDPMetaDataNodes samlSPMetaDataNodes portalDisplayLogout
viewerAllowBrowser = 1
[sessionsExplorer]
......
......@@ -11,7 +11,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_PP_PASSWORD_EXPIRED
);
our $VERSION = '2.0.2';
our $VERSION = '2.0.3';
# Inheritance: UserDB::LDAP provides all needed ldap functions
extends
......@@ -55,6 +55,9 @@ sub authenticate {
}
my $res = $self->p->{_passwordDB}->_modifyPassword( $req, 1 );
# Refresh entry
$self->p->{_userDB}->getUser($req);
# Security: never create session here
return $res || PE_DONE;
}
......
......@@ -78,7 +78,7 @@ has wsdl => (
my $attrList = join "\n", map {
"<element name='$_' type='xsd:string' nillable='true'></element>"
} $self->exportedAttr;
} @{ $self->exportedAttr };
my $resp = join( '', <DATA> );
close DATA;
$resp =~ s/\$cookieList/$cookieList/g;
......
......@@ -259,4 +259,4 @@
"yourPhone":"رقم هاتفك",
"yourProfile":"ملفك الشخصي",
"yourTotpKey":"Your TOTP key"
}
}
\ No newline at end of file
......@@ -259,4 +259,4 @@
"yourPhone":"Ihre Telefonnummer",
"yourProfile":"Ihr Profil",
"yourTotpKey":"Your TOTP key"
}
}
\ No newline at end of file
......@@ -259,4 +259,4 @@
"yourPhone":"Your phone number",
"yourProfile":"Your profile",
"yourTotpKey":"Your TOTP key"
}
}
\ No newline at end of file
......@@ -259,4 +259,4 @@
"yourPhone":"Numero di telefono",
"yourProfile":"Il tuo profilo",
"yourTotpKey":"La tua chiave TOTP"
}
}
\ No newline at end of file
......@@ -259,4 +259,4 @@
"yourPhone":"Your phone number",
"yourProfile":"Your profile",
"yourTotpKey":"Your TOTP key"
}
}
\ No newline at end of file
......@@ -259,4 +259,4 @@
"yourPhone":"Your phone number",
"yourProfile":"Your profile",
"yourTotpKey":"Your TOTP key"
}
}
\ No newline at end of file
......@@ -99,8 +99,8 @@
"accountCreated":"Your account has been created, your temporary password has been sent to your mail address.",
"accountCreationSuccess":"Your account was successfully created.",
"action":"Action",
"anotherInformation":"Another information:",
"allowed":"Access ALLOWED",
"anotherInformation":"Another information:",
"areYouSure":"Are you sure?",
"askToRenew":"This application needs a more recent authentication. Do you want to reauthenticate?",
"askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate?",
......@@ -259,4 +259,4 @@
"yourPhone":"Your phone number",
"yourProfile":"Your profile",
"yourTotpKey":"Your TOTP key"
}
}
\ No newline at end of file
......@@ -99,8 +99,8 @@
"accountCreated":"Tài khoản của bạn đã được tạo, mật khẩu tạm thời của bạn đã được gửi đến địa chỉ mail của bạn.",
"accountCreationSuccess":"Tài khoản của bạn đã được tạo thành công.",
"action":"Action",
"anotherInformation":"Thông tin khác:",
"allowed":"Access ALLOWED",
"anotherInformation":"Thông tin khác:",
"areYouSure":"Bạn có chắc không?",
"askToRenew":"Ứng dụng này cần có chứng thực gần đây hơn. Bạn có muốn chứng thực lại?",
"askToUpgrade":"Ứng dụng này cần một mức xác thực cao hơn. Bạn có muốn chứng thực lại?",
......@@ -259,4 +259,4 @@
"yourPhone":"Số điện thoại của bạn",
"yourProfile":"Profile của bạn",
"yourTotpKey":"Your TOTP key"
}
}
\ No newline at end of file
......@@ -141,8 +141,8 @@
"errorMsg":"错误消息",
"fillTheForm":"Fill the form",
"firstName":"名",
"forgotPwd":"忘记密码?",
"forbidden":"Access FORBIDDEN",
"forgotPwd":"忘记密码?",
"generatePwd":"自动生成密码",
"gotNewMessages":"您有一些新消息",
"goToPortal":"回到首页",
......@@ -259,4 +259,4 @@
"yourPhone":"您的电话号码",
"yourProfile":"您的档案",
"yourTotpKey":"Your TOTP key"
}
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment