...
 
Commits (50)
## map directive must be in http context
# Uncomment this if you use Auth SSL:
#map $ssl_client_s_dn $ssl_client_s_dn_cn {
# default "";
# ~/CN=(?<CN>[^/]+) $CN;
#}
server { server {
listen __PORT__; listen __PORT__;
server_name auth.__DNSDOMAIN__; server_name auth.__DNSDOMAIN__;
...@@ -29,11 +36,7 @@ server { ...@@ -29,11 +36,7 @@ server {
fastcgi_split_path_info ^(.*\.psgi)(/.*)$; fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
# Uncomment this if you use Auth SSL: # Uncomment this if you use Auth SSL:
#map $ssl_client_s_dn $ssl_client_s_dn_cn { #fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;
# default "";
# ~/CN=(?<CN>[^/]+) $CN;
#}
#fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn
# OR TO USE uWSGI # OR TO USE uWSGI
#include /etc/nginx/uwsgi_params; #include /etc/nginx/uwsgi_params;
...@@ -41,6 +44,8 @@ server { ...@@ -41,6 +44,8 @@ server {
#uwsgi_param LLTYPE psgi; #uwsgi_param LLTYPE psgi;
#uwsgi_param SCRIPT_FILENAME $document_root$sc; #uwsgi_param SCRIPT_FILENAME $document_root$sc;
#uwsgi_param SCRIPT_NAME $sc; #uwsgi_param SCRIPT_NAME $sc;
# Uncomment this if you use Auth SSL:
#uwsgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;
} }
...@@ -49,7 +54,7 @@ server { ...@@ -49,7 +54,7 @@ server {
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
# Uncomment this if you use https only # Uncomment this if you use https only
#add_header Strict-Transport-Security "15768000"; #add_header Strict-Transport-Security max-age=15768000;
} }
location /static/ { location /static/ {
......
...@@ -28,6 +28,7 @@ sub defaultValues { ...@@ -28,6 +28,7 @@ sub defaultValues {
'casAccessControlPolicy' => 'none', 'casAccessControlPolicy' => 'none',
'casAuthnLevel' => 1, 'casAuthnLevel' => 1,
'checkTime' => 600, 'checkTime' => 600,
'checkUserHiddenAttributes' => 'UA _2fDevices _loginHistory',
'checkXSS' => 1, 'checkXSS' => 1,
'confirmFormMethod' => 'post', 'confirmFormMethod' => 'post',
'cookieName' => 'lemonldap', 'cookieName' => 'lemonldap',
...@@ -240,6 +241,7 @@ sub defaultValues { ...@@ -240,6 +241,7 @@ sub defaultValues {
'samlOrganizationDisplayName' => 'Example', 'samlOrganizationDisplayName' => 'Example',
'samlOrganizationName' => 'Example', 'samlOrganizationName' => 'Example',
'samlOrganizationURL' => 'http://www.example.com', 'samlOrganizationURL' => 'http://www.example.com',
'samlOverrideIDPEntityID' => '',
'samlRelayStateTimeout' => 600, 'samlRelayStateTimeout' => 600,
'samlServiceSignatureMethod' => 'RSA_SHA1', 'samlServiceSignatureMethod' => 'RSA_SHA1',
'samlSPSSODescriptorArtifactResolutionServiceArtifact' => 'samlSPSSODescriptorArtifactResolutionServiceArtifact' =>
......
...@@ -66,7 +66,7 @@ our $issuerParameters = { ...@@ -66,7 +66,7 @@ our $issuerParameters = {
issuerDBOpenIDConnect => [qw(issuerDBOpenIDConnectActivation issuerDBOpenIDConnectPath issuerDBOpenIDConnectRule)], issuerDBOpenIDConnect => [qw(issuerDBOpenIDConnectActivation issuerDBOpenIDConnectPath issuerDBOpenIDConnectRule)],
issuerDBSAML => [qw(issuerDBSAMLActivation issuerDBSAMLPath issuerDBSAMLRule)], issuerDBSAML => [qw(issuerDBSAMLActivation issuerDBSAMLPath issuerDBSAMLRule)],
}; };
our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlIdPResolveCookie samlMetadataForceUTF8 samlStorage samlStorageOptions samlRelayStateTimeout samlUseQueryStringSpecific samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive)]; our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlIdPResolveCookie samlMetadataForceUTF8 samlStorage samlStorageOptions samlRelayStateTimeout samlUseQueryStringSpecific samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive samlOverrideIDPEntityID)];
our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcStorage oidcStorageOptions)]; our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcStorage oidcStorageOptions)];
1; 1;
...@@ -60,7 +60,7 @@ sub _run { ...@@ -60,7 +60,7 @@ sub _run {
$self->routes( $self->authRoutes ); $self->routes( $self->authRoutes );
$req->userData( $self->api->data ); $req->userData( $self->api->data );
} }
else { elsif ( $res->[0] != 403 ) {
# Unset headers (handler adds a Location header) # Unset headers (handler adds a Location header)
$self->logger->debug( $self->logger->debug(
"User not authenticated, Try in use, cancel redirection"); "User not authenticated, Try in use, cancel redirection");
...@@ -68,6 +68,9 @@ sub _run { ...@@ -68,6 +68,9 @@ sub _run {
$req->respHeaders( [] ); $req->respHeaders( [] );
$self->routes( $self->unAuthRoutes ); $self->routes( $self->unAuthRoutes );
} }
else {
return $res;
}
$res = $self->handler($req); $res = $self->handler($req);
# Insert respHeaders in response only if not already set # Insert respHeaders in response only if not already set
......
...@@ -767,6 +767,22 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.] ...@@ -767,6 +767,22 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 600, 'default' => 600,
'type' => 'int' 'type' => 'int'
}, },
'checkUser' => {
'default' => 0,
'type' => 'bool'
},
'checkUserDisplayEmptyValues' => {
'default' => 0,
'type' => 'bool'
},
'checkUserDisplayPersistentInfo' => {
'default' => 0,
'type' => 'bool'
},
'checkUserHiddenAttributes' => {
'default' => 'UA _2fDevices _loginHistory',
'type' => 'text'
},
'checkXSS' => { 'checkXSS' => {
'default' => 1, 'default' => 1,
'type' => 'bool' 'type' => 'bool'
...@@ -2849,6 +2865,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.] ...@@ -2849,6 +2865,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 'http://www.example.com', 'default' => 'http://www.example.com',
'type' => 'text' 'type' => 'text'
}, },
'samlOverrideIDPEntityID' => {
'default' => '',
'type' => 'text'
},
'samlRelayStateTimeout' => { 'samlRelayStateTimeout' => {
'default' => 600, 'default' => 600,
'type' => 'int' 'type' => 'int'
......
...@@ -578,6 +578,30 @@ sub attributes { ...@@ -578,6 +578,30 @@ sub attributes {
documentation => 'Enable Cross Domain Authentication', documentation => 'Enable Cross Domain Authentication',
flags => 'hp', flags => 'hp',
}, },
checkUser => {
default => 0,
type => 'bool',
documentation => 'Enable check user',
flags => 'p',
},
checkUserHiddenAttributes => {
type => 'text',
default => 'UA _2fDevices _loginHistory',
documentation => 'Attributes to hide in CheckUser plugin',
flags => 'p',
},
checkUserDisplayPersistentInfo => {
default => 0,
type => 'bool',
documentation => 'Display persistent session info',
flags => 'p',
},
checkUserDisplayEmptyValues => {
default => 0,
type => 'bool',
documentation => 'Display session empty values',
flags => 'p',
},
checkXSS => { checkXSS => {
default => 1, default => 1,
type => 'bool', type => 'bool',
...@@ -1968,6 +1992,11 @@ sub attributes { ...@@ -1968,6 +1992,11 @@ sub attributes {
default => 600, default => 600,
documentation => 'SAML timeout of relay state', documentation => 'SAML timeout of relay state',
}, },
samlOverrideIDPEntityID => {
type => 'text',
documentation => 'Override SAML EntityID when acting as an IDP',
default => '',
},
samlUseQueryStringSpecific => { samlUseQueryStringSpecific => {
default => 0, default => 0,
type => 'bool', type => 'bool',
......
...@@ -637,6 +637,17 @@ sub tree { ...@@ -637,6 +637,17 @@ sub tree {
form => 'simpleInputContainer', form => 'simpleInputContainer',
nodes => [ 'checkState', 'checkStateSecret', ], nodes => [ 'checkState', 'checkStateSecret', ],
}, },
{
title => 'checkUsers',
help => 'checkuser.html',
form => 'simpleInputContainer',
nodes => [
'checkUser',
'checkUserHiddenAttributes',
'checkUserDisplayPersistentInfo',
'checkUserDisplayEmptyValues',
]
},
] ]
}, },
{ {
...@@ -986,7 +997,8 @@ sub tree { ...@@ -986,7 +997,8 @@ sub tree {
'samlDiscoveryProtocolPolicy', 'samlDiscoveryProtocolPolicy',
'samlDiscoveryProtocolIsPassive' 'samlDiscoveryProtocolIsPassive'
] ]
} },
'samlOverrideIDPEntityID',
] ]
} }
] ]
......
...@@ -151,6 +151,11 @@ ...@@ -151,6 +151,11 @@
"clickHereToForce":"انقر هنا لإجبار", "clickHereToForce":"انقر هنا لإجبار",
"checkState":"Activation", "checkState":"Activation",
"checkStateSecret":"Shared secret", "checkStateSecret":"Shared secret",
"checkUsers":"Session check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyValues":"Display empty values",
"choiceParams":"اختيارالإعدادات", "choiceParams":"اختيارالإعدادات",
"chooseLogo":"اختيار الشعار", "chooseLogo":"اختيار الشعار",
"chooseSkin":"اختيار الغلاف", "chooseSkin":"اختيار الغلاف",
...@@ -243,7 +248,7 @@ ...@@ -243,7 +248,7 @@
"exportedVars":"المتغيرات المصدرة", "exportedVars":"المتغيرات المصدرة",
"external2f":"External second factor", "external2f":"External second factor",
"ext2fActivation":"تفعيل", "ext2fActivation":"تفعيل",
"ext2fCodeActivation":"2F code generated by Portal", "ext2fCodeActivation":"Code regex",
"ext2fAuthnLevel":"مستوى إثبات الهوية", "ext2fAuthnLevel":"مستوى إثبات الهوية",
"ext2fLogo":"Logo", "ext2fLogo":"Logo",
"ext2FSendCommand":"إرسال الأمر", "ext2FSendCommand":"إرسال الأمر",
...@@ -964,5 +969,6 @@ ...@@ -964,5 +969,6 @@
"samlCommonDomainCookieReader":"يو آر إل القارئ", "samlCommonDomainCookieReader":"يو آر إل القارئ",
"samlCommonDomainCookieWriter":"يو آر إل الكاتب", "samlCommonDomainCookieWriter":"يو آر إل الكاتب",
"samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ", "samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ",
"samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين" "samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين",
} "samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
\ No newline at end of file }
...@@ -152,6 +152,11 @@ ...@@ -152,6 +152,11 @@
"checkState":"Activation", "checkState":"Activation",
"checkStateSecret":"Shared secret", "checkStateSecret":"Shared secret",
"choiceParams":"Choice parameters", "choiceParams":"Choice parameters",
"checkUsers":"Session check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyValues":"Display empty values",
"chooseLogo":"Choose logo", "chooseLogo":"Choose logo",
"chooseSkin":"Choose skin", "chooseSkin":"Choose skin",
"combination":"Combination", "combination":"Combination",
...@@ -243,7 +248,7 @@ ...@@ -243,7 +248,7 @@
"exportedVars":"Exported Variables", "exportedVars":"Exported Variables",
"external2f":"External second factor", "external2f":"External second factor",
"ext2fActivation":"Activation", "ext2fActivation":"Activation",
"ext2fCodeActivation":"2F code generated by Portal", "ext2fCodeActivation":"Code regex",
"ext2fAuthnLevel":"Authentication level", "ext2fAuthnLevel":"Authentication level",
"ext2fLogo":"Logo", "ext2fLogo":"Logo",
"ext2FSendCommand":"Send comand", "ext2FSendCommand":"Send comand",
...@@ -964,5 +969,6 @@ ...@@ -964,5 +969,6 @@
"samlCommonDomainCookieReader":"Reader URL", "samlCommonDomainCookieReader":"Reader URL",
"samlCommonDomainCookieWriter":"Writer URL", "samlCommonDomainCookieWriter":"Writer URL",
"samlRelayStateTimeout":"RelayState session timeout", "samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method" "samlUseQueryStringSpecific":"Use specific query_string method",
} "samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
\ No newline at end of file }
...@@ -151,6 +151,11 @@ ...@@ -151,6 +151,11 @@
"clickHereToForce":"Click here to force", "clickHereToForce":"Click here to force",
"checkState":"Activation", "checkState":"Activation",
"checkStateSecret":"Shared secret", "checkStateSecret":"Shared secret",
"checkUsers":"Session check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyValues":"Display empty values",
"choiceParams":"Choice parameters", "choiceParams":"Choice parameters",
"chooseLogo":"Choose logo", "chooseLogo":"Choose logo",
"chooseSkin":"Choose skin", "chooseSkin":"Choose skin",
...@@ -243,7 +248,7 @@ ...@@ -243,7 +248,7 @@
"exportedVars":"Exported Variables", "exportedVars":"Exported Variables",
"external2f":"External second factor", "external2f":"External second factor",
"ext2fActivation":"Activation", "ext2fActivation":"Activation",
"ext2fCodeActivation":"2F code generated by Portal", "ext2fCodeActivation":"Code regex",
"ext2fAuthnLevel":"Authentication level", "ext2fAuthnLevel":"Authentication level",
"ext2fLogo":"Logo", "ext2fLogo":"Logo",
"ext2FSendCommand":"Send comand", "ext2FSendCommand":"Send comand",
...@@ -964,5 +969,6 @@ ...@@ -964,5 +969,6 @@
"samlCommonDomainCookieReader":"Reader URL", "samlCommonDomainCookieReader":"Reader URL",
"samlCommonDomainCookieWriter":"Writer URL", "samlCommonDomainCookieWriter":"Writer URL",
"samlRelayStateTimeout":"RelayState session timeout", "samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method" "samlUseQueryStringSpecific":"Use specific query_string method",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
} }
...@@ -152,6 +152,11 @@ ...@@ -152,6 +152,11 @@
"checkState":"Activation", "checkState":"Activation",
"checkStateSecret":"Secret partagé", "checkStateSecret":"Secret partagé",
"choiceParams":"Paramètres des choix", "choiceParams":"Paramètres des choix",
"checkUsers":"Vérification de session",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Attributs masqués",
"checkUserDisplayPersistentInfo":"Afficher les données de session persistante",
"checkUserDisplayEmptyValues":"Afficher les valeurs nulles",
"chooseLogo":"Choisir le logo", "chooseLogo":"Choisir le logo",
"chooseSkin":"Choisir le thème", "chooseSkin":"Choisir le thème",
"combination":"Combinaison", "combination":"Combinaison",
...@@ -243,7 +248,7 @@ ...@@ -243,7 +248,7 @@
"exportedVars":"Attributs à exporter", "exportedVars":"Attributs à exporter",
"external2f":"Second facteur externe", "external2f":"Second facteur externe",
"ext2fActivation":"Activation", "ext2fActivation":"Activation",
"ext2fCodeActivation":"2F code généré par le Portail", "ext2fCodeActivation":"Expression régulière pour la génération du code",
"ext2fAuthnLevel":"Niveau de l'authentification", "ext2fAuthnLevel":"Niveau de l'authentification",
"ext2fLogo":"Logo", "ext2fLogo":"Logo",
"ext2FSendCommand":"Commande pour l'envoi", "ext2FSendCommand":"Commande pour l'envoi",
...@@ -964,5 +969,6 @@ ...@@ -964,5 +969,6 @@
"samlCommonDomainCookieReader":"URL de lecture", "samlCommonDomainCookieReader":"URL de lecture",
"samlCommonDomainCookieWriter":"URL d'écriture", "samlCommonDomainCookieWriter":"URL d'écriture",
"samlRelayStateTimeout":"Durée de vie d'une session RelayState", "samlRelayStateTimeout":"Durée de vie d'une session RelayState",
"samlUseQueryStringSpecific":"Utilisation d'une fonction spécifique pour query_string" "samlUseQueryStringSpecific":"Utilisation d'une fonction spécifique pour query_string",
"samlOverrideIDPEntityID": "Valeur de l'Entity ID en mode IDP"
} }
...@@ -151,6 +151,11 @@ ...@@ -151,6 +151,11 @@
"clickHereToForce":"Clicca qui per forzare", "clickHereToForce":"Clicca qui per forzare",
"checkState":"Attivazione", "checkState":"Attivazione",
"checkStateSecret":"Segreto condiviso", "checkStateSecret":"Segreto condiviso",
"checkUsers":"Session check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyValues":"Display empty values",
"choiceParams":"Scelta parametri", "choiceParams":"Scelta parametri",
"chooseLogo":"Scegli logo", "chooseLogo":"Scegli logo",
"chooseSkin":"Scegli interfaccia", "chooseSkin":"Scegli interfaccia",
...@@ -243,7 +248,7 @@ ...@@ -243,7 +248,7 @@
"exportedVars":"Variabili esportate", "exportedVars":"Variabili esportate",
"external2f":"2° fattore esterno", "external2f":"2° fattore esterno",
"ext2fActivation":"Attivazione", "ext2fActivation":"Attivazione",
"ext2fCodeActivation":"2F code generated by Portal", "ext2fCodeActivation":"Code regex",
"ext2fAuthnLevel":"Livello di autenticazione", "ext2fAuthnLevel":"Livello di autenticazione",
"ext2fLogo":"Logo", "ext2fLogo":"Logo",
"ext2FSendCommand":"Invia comando", "ext2FSendCommand":"Invia comando",
...@@ -964,5 +969,6 @@ ...@@ -964,5 +969,6 @@
"samlCommonDomainCookieReader":"URL del lettore", "samlCommonDomainCookieReader":"URL del lettore",
"samlCommonDomainCookieWriter":"URL dell'autore", "samlCommonDomainCookieWriter":"URL dell'autore",
"samlRelayStateTimeout":"Timeout di sessione di RelayState", "samlRelayStateTimeout":"Timeout di sessione di RelayState",
"samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string" "samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string",
} "samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
\ No newline at end of file }
...@@ -151,6 +151,11 @@ ...@@ -151,6 +151,11 @@
"clickHereToForce":"Nhấp vào đây để bắt buộc", "clickHereToForce":"Nhấp vào đây để bắt buộc",
"checkState":"Kích hoạt", "checkState":"Kích hoạt",
"checkStateSecret":"Shared secret", "checkStateSecret":"Shared secret",
"checkUsers":"Session check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyValues":"Display empty values",
"choiceParams":"Các tham số lựa chọn", "choiceParams":"Các tham số lựa chọn",
"chooseLogo":"Chọn logo", "chooseLogo":"Chọn logo",
"chooseSkin":"Chọn giao diện", "chooseSkin":"Chọn giao diện",
...@@ -243,7 +248,7 @@ ...@@ -243,7 +248,7 @@
"exportedVars":"Biến đã được xuất", "exportedVars":"Biến đã được xuất",
"external2f":"Yếu tố thứ 2 bên ngoài", "external2f":"Yếu tố thứ 2 bên ngoài",
"ext2fActivation":"Kích hoạt", "ext2fActivation":"Kích hoạt",
"ext2fCodeActivation":"2F code generated by Portal", "ext2fCodeActivation":"Code regex",
"ext2fAuthnLevel":"Mức xác thực", "ext2fAuthnLevel":"Mức xác thực",
"ext2fLogo":"Logo", "ext2fLogo":"Logo",
"ext2FSendCommand":"Gửi lệnh", "ext2FSendCommand":"Gửi lệnh",
...@@ -964,5 +969,6 @@ ...@@ -964,5 +969,6 @@
"samlCommonDomainCookieReader":"Trình đọc URL", "samlCommonDomainCookieReader":"Trình đọc URL",
"samlCommonDomainCookieWriter":"Trình viết URL", "samlCommonDomainCookieWriter":"Trình viết URL",
"samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ", "samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ",
"samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể" "samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể",
} "samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
\ No newline at end of file }
...@@ -151,6 +151,11 @@ ...@@ -151,6 +151,11 @@
"clickHereToForce":"Click here to force", "clickHereToForce":"Click here to force",
"checkState":"Activation", "checkState":"Activation",
"checkStateSecret":"Shared secret", "checkStateSecret":"Shared secret",
"checkUsers":"Session check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyValues":"Display empty values",
"choiceParams":"Choice parameters", "choiceParams":"Choice parameters",
"chooseLogo":"Choose logo", "chooseLogo":"Choose logo",
"chooseSkin":"Choose skin", "chooseSkin":"Choose skin",
...@@ -243,7 +248,7 @@ ...@@ -243,7 +248,7 @@
"exportedVars":"Exported Variables", "exportedVars":"Exported Variables",
"external2f":"External second factor", "external2f":"External second factor",
"ext2fActivation":"激活", "ext2fActivation":"激活",
"ext2fCodeActivation":"2F code generated by Portal", "ext2fCodeActivation":"Code regex",
"ext2fAuthnLevel":"认证级别", "ext2fAuthnLevel":"认证级别",
"ext2fLogo":"Logo", "ext2fLogo":"Logo",
"ext2FSendCommand":"Send comand", "ext2FSendCommand":"Send comand",
...@@ -964,5 +969,6 @@ ...@@ -964,5 +969,6 @@
"samlCommonDomainCookieReader":"Reader URL", "samlCommonDomainCookieReader":"Reader URL",
"samlCommonDomainCookieWriter":"Writer URL", "samlCommonDomainCookieWriter":"Writer URL",
"samlRelayStateTimeout":"RelayState session timeout", "samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method" "samlUseQueryStringSpecific":"Use specific query_string method",
} "samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
\ No newline at end of file }
This source diff could not be displayed because it is too large. You can view the blob instead.
...@@ -329,6 +329,7 @@ site/templates/bootstrap/customhead.tpl ...@@ -329,6 +329,7 @@ site/templates/bootstrap/customhead.tpl
site/templates/bootstrap/customheader.tpl site/templates/bootstrap/customheader.tpl
site/templates/bootstrap/customLoginFooter.tpl site/templates/bootstrap/customLoginFooter.tpl
site/templates/bootstrap/customLoginHeader.tpl site/templates/bootstrap/customLoginHeader.tpl
site/templates/bootstrap/error.json.example
site/templates/bootstrap/error.tpl site/templates/bootstrap/error.tpl
site/templates/bootstrap/ext2fcheck.tpl site/templates/bootstrap/ext2fcheck.tpl
site/templates/bootstrap/footer.tpl site/templates/bootstrap/footer.tpl
...@@ -337,6 +338,7 @@ site/templates/bootstrap/header.tpl ...@@ -337,6 +338,7 @@ site/templates/bootstrap/header.tpl
site/templates/bootstrap/idpchoice.tpl site/templates/bootstrap/idpchoice.tpl
site/templates/bootstrap/info.tpl site/templates/bootstrap/info.tpl
site/templates/bootstrap/ldapPpGrace.tpl site/templates/bootstrap/ldapPpGrace.tpl
site/templates/bootstrap/login.json
site/templates/bootstrap/login.tpl site/templates/bootstrap/login.tpl
site/templates/bootstrap/mail.tpl site/templates/bootstrap/mail.tpl
site/templates/bootstrap/menu.tpl site/templates/bootstrap/menu.tpl
...@@ -394,6 +396,7 @@ site/templates/common/oidc_checksession.tpl ...@@ -394,6 +396,7 @@ site/templates/common/oidc_checksession.tpl
site/templates/common/redirect.tpl site/templates/common/redirect.tpl
site/templates/common/registerBrowser.tpl site/templates/common/registerBrowser.tpl
site/templates/common/script.tpl site/templates/common/script.tpl
site/templates/common/trover.tpl
site/templates/localeTranslations.txt site/templates/localeTranslations.txt
t/01-AuthDemo.t t/01-AuthDemo.t
t/01-pdata.t t/01-pdata.t
...@@ -496,21 +499,22 @@ t/66-CDA-already-auth.t ...@@ -496,21 +499,22 @@ t/66-CDA-already-auth.t
t/66-CDA-with-REST.t t/66-CDA-with-REST.t
t/66-CDA-with-SOAP.t t/66-CDA-with-SOAP.t
t/66-CDA.t t/66-CDA.t
t/70-2F-TOTP-with-HISTORY.t t/70-2F-TOTP-with-History.t
t/70-2F-TOTP.t t/70-2F-TOTP.t
t/70-2F-TOTP_8.t t/70-2F-TOTP_8.t
t/71-2F-U2F-with-HISTORY.t t/71-2F-U2F-with-History.t
t/71-2F-U2F.t t/71-2F-U2F.t
t/72-2F-REST-with-HISTORY.t t/72-2F-REST-with-HISTORY.t
t/73-2F-UTOTP-TOTP-and-U2F-with-HISTORY.t t/73-2F-UTOTP-TOTP-and-U2F-with-History.t
t/73-2F-UTOTP-TOTP-and-U2F.t t/73-2F-UTOTP-TOTP-and-U2F.t
t/73-2F-UTOTP-TOTP-only-with-HISTORY.t t/73-2F-UTOTP-TOTP-only-with-History.t
t/73-2F-UTOTP-TOTP-only.t t/73-2F-UTOTP-TOTP-only.t
t/74-2F-Required.t t/74-2F-Required.t
t/75-2F-Registers.t t/75-2F-Registers.t
t/76-2F-Ext-with-BruteForce.t t/76-2F-Ext-with-BruteForce.t
t/76-2F-Ext-with-CodeActivation.t
t/76-2F-Ext-with-GrantSession.t t/76-2F-Ext-with-GrantSession.t
t/76-2F-Ext-with-HISTORY.t t/76-2F-Ext-with-History.t
t/77-2F-Mail.t t/77-2F-Mail.t
t/90-Translations.t t/90-Translations.t
t/99-pod.t t/99-pod.t
...@@ -525,6 +529,7 @@ t/lmConf-1.json ...@@ -525,6 +529,7 @@ t/lmConf-1.json
t/pdata.pm t/pdata.pm
t/README.md t/README.md
t/saml-lib.pm t/saml-lib.pm
t/sendCode.pl
t/sendOTP.pl t/sendOTP.pl
t/sessions/lock/.exists t/sessions/lock/.exists
t/sessions/saml/lock/.exists t/sessions/saml/lock/.exists
......
...@@ -33,9 +33,11 @@ sub init { ...@@ -33,9 +33,11 @@ sub init {
if ( $self->conf->{ext2fLogo} ); if ( $self->conf->{ext2fLogo} );
return $self->SUPER::init(); return $self->SUPER::init();
} }
if ( $self->conf->{ext2fCodeActivation} if ( $self->conf->{ext2fCodeActivation} ) {
and $self->conf->{ext2FSendCommand} ) unless ( $self->conf->{ext2FSendCommand} ) {
{ $self->error("Missing 'ext2FSendCommand' parameter, aborting");
return 0;
}
$self->random( String::Random->new ); $self->random( String::Random->new );
$self->logo( $self->conf->{ext2fLogo} ) $self->logo( $self->conf->{ext2fLogo} )
if ( $self->conf->{ext2fLogo} ); if ( $self->conf->{ext2fLogo} );
...@@ -52,10 +54,11 @@ sub run { ...@@ -52,10 +54,11 @@ sub run {
my $checkLogins = $req->param('checkLogins'); my $checkLogins = $req->param('checkLogins');
$self->logger->debug("Ext2F checkLogins set") if ($checkLogins); $self->logger->debug("Ext2F checkLogins set") if ($checkLogins);
# Generate OTP to send # Generate Code to send
if ( $self->{random} ) { my $code;
my $code if ( $self->conf->{ext2fCodeActivation} ) {
= $self->random->randregex( $self->conf->{ext2fOTPActivation} ); $code
= $self->random->randregex( $self->conf->{ext2fCodeActivation} );
$self->logger->debug("Generated ext2f code : $code"); $self->logger->debug("Generated ext2f code : $code");
$self->ott->updateToken( $token, __ext2fcode => $code ); $self->ott->updateToken( $token, __ext2fcode => $code );
} }
...@@ -63,8 +66,9 @@ sub run { ...@@ -63,8 +66,9 @@ sub run {
# Prepare command and launch it # Prepare command and launch it
$self->logger->debug( 'Launching "Send" external 2F command -> ' $self->logger->debug( 'Launching "Send" external 2F command -> '
. $self->conf->{ext2FSendCommand} ); . $self->conf->{ext2FSendCommand} );
if ( my $c if (my $c = $self->launch(
= $self->launch( $req->sessionInfo, $self->conf->{ext2FSendCommand} ) $req->sessionInfo, $self->conf->{ext2FSendCommand}, $code
)
) )
{ {
$self->logger->error("External send command failed (code $c)"); $self->logger->error("External send command failed (code $c)");
...@@ -92,7 +96,7 @@ sub verify { ...@@ -92,7 +96,7 @@ sub verify {
my ( $self, $req, $session ) = @_; my ( $self, $req, $session ) = @_;
my $usercode; my $usercode;
unless ( $usercode = $req->param('code') ) { unless ( $usercode = $req->param('code') ) {
$self->userLogger->error('External 2F: no code'); $self->userLogger->error('External 2F: no code found');
return PE_FORMEMPTY; return PE_FORMEMPTY;
} }
......
...@@ -91,6 +91,11 @@ qr/^($saml_sso_get_url|$saml_sso_get_url_ret|$saml_sso_post_url|$saml_sso_post_u ...@@ -91,6 +91,11 @@ qr/^($saml_sso_get_url|$saml_sso_get_url_ret|$saml_sso_post_url|$saml_sso_post_u
); );
return 0 unless ($res); return 0 unless ($res);
if ( $self->conf->{samlOverrideIDPEntityID} ) {
$self->lassoServer->ProviderID(
$self->conf->{samlOverrideIDPEntityID} );
}
# Single logout routes # Single logout routes
$self->addUnauthRouteFromMetaDataURL( $self->addUnauthRouteFromMetaDataURL(
"samlIDPSSODescriptorSingleLogoutServiceSOAP", "samlIDPSSODescriptorSingleLogoutServiceSOAP",
......
...@@ -97,14 +97,16 @@ sub init { ...@@ -97,14 +97,16 @@ sub init {
); );
# Load override messages from file and lemonldap-ng.ini # Load override messages from file and lemonldap-ng.ini
if ( $self->{localConfig}->{translations} ) { if ( $self->{localConfig}->{translations}
and -r $self->{localConfig}->{translations} )
{
open my $tr_file, '<', $self->{localConfig}->{translations} open my $tr_file, '<', $self->{localConfig}->{translations}
or die "Can't open" or die "Can't open"
. $self->{localConfig}->{translations} . " : $!"; . $self->{localConfig}->{translations} . " : $!";
while (<$tr_file>) { while (<$tr_file>) {
chomp; chomp;
$_ =~ /^([\w_]+)\s+=\s+(.+)$/; $_ =~ /^([\w_]+)\s+=\s+(.+)$/;
$self->{localConfig}->{ $1 } = $2; $self->{localConfig}->{$1} = $2;
} }
close $tr_file or die "Can't close $tr_file : $!"; close $tr_file or die "Can't close $tr_file : $!";
} }
......
...@@ -25,6 +25,7 @@ our @pList = ( ...@@ -25,6 +25,7 @@ our @pList = (
autoSigninRules => '::Plugins::AutoSignin', autoSigninRules => '::Plugins::AutoSignin',
checkState => '::Plugins::CheckState', checkState => '::Plugins::CheckState',
portalForceAuthn => '::Plugins::ForceAuthn', portalForceAuthn => '::Plugins::ForceAuthn',
checkUser => '::Plugins::CheckUser',
); );
##@method list enabledPlugins ##@method list enabledPlugins
......
package Lemonldap::NG::Portal::Plugins::CheckUser;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_BADCREDENTIALS
PE_TOKENEXPIRED
PE_NOTOKEN
);
our $VERSION = '2.0.3';
extends 'Lemonldap::NG::Portal::Main::Plugin';
# INITIALIZATION
has ott => (
is => 'rw',
lazy => 1,
default => sub {
my $ott = $_[0]->{p}
->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
$ott->timeout( $_[0]->{conf}->{formTimeout} );
return $ott;
}
);
sub hAttr {
$_[0]->{conf}->{checkUserHiddenAttributes} . ' '
. $_[0]->{conf}->{hiddenAttributes};
}
sub init {
my ($self) = @_;
$self->addAuthRoute( checkuser => 'check', ['POST'] );
$self->addAuthRoute( checkuser => 'display', ['GET'] );
return 1;
}
# RUNNING METHOD
sub check {
my ( $self, $req ) = @_;
my ( $attrs, $array_attrs, $array_hdrs ) = ( {}, [], [] );
my $msg = my $auth = '';
# Check token
if ( $self->conf->{requireToken} ) {
my $token = $req->param('token');
unless ($token) {
$self->userLogger->warn('CheckUser try without token');
$msg = PE_NOTOKEN;
$token = $self->ott->createToken( $req->sessionInfo );
}
unless ( $self->ott->getToken($token) ) {
$self->userLogger->warn('Ask try with expired/bad token');
$msg = PE_TOKENEXPIRED;
$token = $self->ott->createToken( $req->sessionInfo );
}
return $self->p->sendHtml(
$req,
'checkuser',
params => {
PORTAL => $self->conf->{portal},
MAIN_LOGO => $self->conf->{portalMainLogo},
LANGS => $self->conf->{showLanguages},
MSG => "PE$msg",
ALERTE => 'alert-warning',
TOKEN => $token,
}
) if $msg;
}
## Check user session datas
# Use submitted attribute if exists
my $url = $req->param('url') || '';
$req->{user} = $req->param('user') if ( $req->param('user') );
$self->logger->debug("Check requested for $req->{user}");
$attrs = $self->_userDatas($req);
if ( $req->error ) {
$msg = 'PE' . $req->{error};
$attrs = {};
}
else {
# Create an array of hashes for template loop
$self->logger->debug("Delete hidden or empty attributes");
foreach my $k ( sort keys %$attrs ) {
# Ignore hidden attributes or empty values
if ( $self->conf->{checkUserDisplayEmptyValues} ) {
push @$array_attrs, { key => $k, value => $attrs->{$k} }
unless ( $self->hAttr =~ /\b$k\b/ );
}
else {
push @$array_attrs, { key => $k, value => $attrs->{$k} }
unless ( $self->hAttr =~ /\b$k\b/ or !$attrs->{$k} );
}
}
$msg = 'checkUser';
}
# Check if user is allowed to access submitted URL and compute headers
if ( $url and %$attrs ) {
# User is allowed ?
$auth = $self->_authorization( $req, $url );
$self->logger->debug(
"checkUser requested for user: $req->{user} and URL: $url");
$auth = $auth ? "allowed" : "forbidden";
$self->userLogger->notice( "checkUser -> $req->{user} is "
. uc($auth)
. " to access: $url" );
# Return VirtualHost headers
$array_hdrs = $self->_headers( $req, $url );
}
my $token = $self->ott->createToken( $req->sessionInfo );
# Display form
return $self->p->sendHtml(
$req,
'checkuser',
params => {
PORTAL => $self->conf->{portal},
MAIN_LOGO => $self->conf->{portalMainLogo},
LANGS => $self->conf->{showLanguages},
MSG => $msg,
ALERTE =>
( $msg eq 'checkUser' ? 'alert-info' : 'alert-warning' ),
LOGIN => (
$self->p->checkXSSAttack( 'LOGIN', $req->{user} ) ? ""
: $req->{user}
),
URL => (
$self->p->checkXSSAttack( 'URL', $url ) ? ""
: $url
),
ALLOWED => $auth,
ALERTE_AUTH =>
( $auth eq 'allowed' ? 'alert-success' : 'alert-danger' ),
HEADERS => $array_hdrs,
ATTRIBUTES => $array_attrs,
TOKEN => $token,
}
);
}
sub display {
my ( $self, $req ) = @_;
my $token = $self->ott->createToken( $req->sessionInfo );
# Display form
return $self->p->sendHtml(
$req,
'checkuser',
params => {
PORTAL => $self->conf->{portal},
MAIN_LOGO => $self->conf->{portalMainLogo},
LANGS => $self->conf->{showLanguages},
MSG => 'checkUser',
ALERTE => 'alert-info',
LOGIN => (
$self->p->checkXSSAttack( 'LOGIN', $req->{user} )
? ""
: $req->{user}
),
TOKEN => $token,
}
);
}
sub _userDatas {
my ( $self, $req ) = @_;
# Search user in database
my $steps = [ 'getUser', 'setSessionInfo', 'setMacros', 'setGroups' ];
$self->conf->{checkUserDisplayPersistentInfo}
? push @$steps, 'setPersistentSessionInfo', 'setLocalGroups'
: push @$steps, 'setLocalGroups';
$req->steps($steps);
if ( my $error = $self->p->process($req) ) {
if ( $error == PE_BADCREDENTIALS ) {
$self->userLogger->warn( 'Check requested for an unvalid user ('
. $req->{user}
. ")" );
}
$self->logger->debug("Process returned error: $error");
return $req->error($error);
}
return $req->{sessionInfo};
}
sub _authorization {
my ( $self, $req, $uri ) = @_;
# Check rights
my ( $vhost, $appuri ) = $uri =~ m#^https?://([^/]*)(.*)#;
$vhost =~ s/:\d+$//;
$vhost = $self->p->HANDLER->resolveAlias($vhost);
$appuri ||= '/';
return $self->p->HANDLER->grant( $req, $req->{sessionInfo}, $appuri,
undef, $vhost );
}
sub _headers {
my ( $self, $req, $uri ) = @_;
my ( $vhost, $appuri ) = $uri =~ m#^https?://([^/]*)(.*)#;
$vhost =~ s/:\d+$//;
$req->{env}->{HTTP_HOST} = $vhost;
$self->p->HANDLER->headersInit( $self->{conf} );
return $self->p->HANDLER->checkHeaders( $req, $req->{sessionInfo} );
}
1;
...@@ -29,6 +29,9 @@ translatePage = (lang) -> ...@@ -29,6 +29,9 @@ translatePage = (lang) ->
$(this).text txt $(this).text txt
$("[trmsg]").each -> $("[trmsg]").each ->
$(this).text translate "PE#{$(this).attr 'trmsg'}" $(this).text translate "PE#{$(this).attr 'trmsg'}"
msg = translate "PE#{$(this).attr 'trmsg'}"
if msg.match /_hide_/
$(this).parent().hide()
$("[trplaceholder]").each -> $("[trplaceholder]").each ->
$(this).attr 'placeholder', translate($(this).attr('trplaceholder')) $(this).attr 'placeholder', translate($(this).attr('trplaceholder'))
$("[localtime]").each -> $("[localtime]").each ->
...@@ -53,6 +56,7 @@ getValues = () -> ...@@ -53,6 +56,7 @@ getValues = () ->
catch e catch e
console.log 'Parsing error', e console.log 'Parsing error', e
console.log 'JSON', $(this).text() console.log 'JSON', $(this).text()
console.log values
values values
# Code from http://snipplr.com/view/29434/ # Code from http://snipplr.com/view/29434/
......
...@@ -37,7 +37,12 @@ LemonLDAP::NG Portal jQuery scripts ...@@ -37,7 +37,12 @@ LemonLDAP::NG Portal jQuery scripts
return $(this).text(txt); return $(this).text(txt);
}); });
$("[trmsg]").each(function() { $("[trmsg]").each(function() {
return $(this).text(translate("PE" + ($(this).attr('trmsg')))); var msg;
$(this).text(translate("PE" + ($(this).attr('trmsg'))));
msg = translate("PE" + ($(this).attr('trmsg')));
if (msg.match(/_hide_/)) {
return $(this).parent().hide();
}
}); });
$("[trplaceholder]").each(function() { $("[trplaceholder]").each(function() {
return $(this).attr('placeholder', translate($(this).attr('trplaceholder'))); return $(this).attr('placeholder', translate($(this).attr('trplaceholder')));
...@@ -78,6 +83,7 @@ LemonLDAP::NG Portal jQuery scripts ...@@ -78,6 +83,7 @@ LemonLDAP::NG Portal jQuery scripts
return console.log('JSON', $(this).text()); return console.log('JSON', $(this).text());
} }
}); });
console.log(values);
return values; return values;
}; };
......
...@@ -98,10 +98,12 @@ ...@@ -98,10 +98,12 @@
"accountCreated":"تم إنشاء حسابك و إرسال كلمة المرور المؤقتة إلى بريدك الإلكتروني.", "accountCreated":"تم إنشاء حسابك و إرسال كلمة المرور المؤقتة إلى بريدك الإلكتروني.",
"accountCreationSuccess":"تم إنشاء حسابك بنجاح.", "accountCreationSuccess":"تم إنشاء حسابك بنجاح.",
"action":"Action", "action":"Action",
"allowed":"Access ALLOWED",
"anotherInformation":"معلومات أخرى:", "anotherInformation":"معلومات أخرى:",
"areYouSure":"هل أنت واثق؟", "areYouSure":"هل أنت واثق؟",
"askToRenew":"This application needs a more recent authentication. Do you want to reauthenticate?", "askToRenew":"This application needs a more recent authentication. Do you want to reauthenticate?",
"askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate?", "askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate?",
"attributes":"ATTRIBUTES",
"authPortal":"بوابة إثبات الهوية", "authPortal":"بوابة إثبات الهوية",
"authRemaining":"٪ s المصادقة المتبقية، غيير كلمة المرور الخاصة بك!", "authRemaining":"٪ s المصادقة المتبقية، غيير كلمة المرور الخاصة بك!",
"autoAccept":"تقبل تلقائيا في 30 ثانية", "autoAccept":"تقبل تلقائيا في 30 ثانية",
...@@ -114,6 +116,7 @@ ...@@ -114,6 +116,7 @@
"changeKey":"Generate new key", "changeKey":"Generate new key",
"changePwd":"غير كلمة المرور الخاصة بك", "changePwd":"غير كلمة المرور الخاصة بك",
"checkLastLogins":"تحقق من آخر تسجيلات دخول الخاصة بي", "checkLastLogins":"تحقق من آخر تسجيلات دخول الخاصة بي",
"checkUser":"Check user session",
"choose2f":"Choose your second factor", "choose2f":"Choose your second factor",
"chooseApp":"اختر أحد التطبيقات المسموح لك بالدخول إليها", "chooseApp":"اختر أحد التطبيقات المسموح لك بالدخول إليها",
"clickHere":"الرجاء الضغط هنا", "clickHere":"الرجاء الضغط هنا",
...@@ -137,15 +140,18 @@ ...@@ -137,15 +140,18 @@
"errorMsg":"رسالة خاطئة", "errorMsg":"رسالة خاطئة",
"fillTheForm":"Fill the form", "fillTheForm":"Fill the form",
"firstName":"الاسم الاول", "firstName":"الاسم الاول",
"forbidden":"Access FORBIDDEN",
"forgotPwd":"نسيت كلمة المرور؟", "forgotPwd":"نسيت كلمة المرور؟",
"generatePwd":"إنشاء كلمة المرور تلقائيا", "generatePwd":"إنشاء كلمة المرور تلقائيا",
"gotNewMessages":"لديك بعض الرسائل الجديدة", "gotNewMessages":"لديك بعض الرسائل الجديدة",
"goToPortal":"انتقل إلى البوابة", "goToPortal":"انتقل إلى البوابة",
"gplSoft":"البرمجيات الحرة التي تغطيها رخصة GPL", "gplSoft":"البرمجيات الحرة التي تغطيها رخصة GPL",
"headers":"HEADERS",
"id":"Id", "id":"Id",
"imSure":"انا متاكد", "imSure":"انا متاكد",
"info":"معلومات", "info":"معلومات",
"ipAddr":"عنوان الأي بي", "ipAddr":"عنوان الأي بي",
"key":"Key",
"lastFailedLogins":"عمليات تسجيل الدخول الأخيرة الغير الناجحة", "lastFailedLogins":"عمليات تسجيل الدخول الأخيرة الغير الناجحة",
"lastLogins":"آخر تسجيلات دخول", "lastLogins":"آخر تسجيلات دخول",
"lastName":"اسم العائلة", "lastName":"اسم العائلة",
...@@ -227,6 +233,7 @@ ...@@ -227,6 +233,7 @@
"upgradeSession":"ترقية الجلسة", "upgradeSession":"ترقية الجلسة",
"user":"المستخدم", "user":"المستخدم",
"useYubikey":"استخدم اليوبي كي الخاص بك", "useYubikey":"استخدم اليوبي كي الخاص بك",
"value":"Value",
"verify":"التحقق", "verify":"التحقق",
"wait":"انتظر", "wait":"انتظر",
"warning":"تحذير", "warning":"تحذير",
......
...@@ -98,10 +98,12 @@ ...@@ -98,10 +98,12 @@
"accountCreated":"Ihr Konto wurde erstellt, das temporäre Passwort wurde an Ihre E-Mail-Adresse gesendet.", "accountCreated":"Ihr Konto wurde erstellt, das temporäre Passwort wurde an Ihre E-Mail-Adresse gesendet.",
"accountCreationSuccess":"Ihr Account wurde erfolgreich erstellt.", "accountCreationSuccess":"Ihr Account wurde erfolgreich erstellt.",
"action":"Aktion", "action":"Aktion",
"allowed":"Access ALLOWED",
"anotherInformation":"Eine weitere Information:", "anotherInformation":"Eine weitere Information:",
"areYouSure":"Sind Sie sicher ?", "areYouSure":"Sind Sie sicher ?",
"askToRenew":"Diese Anwendung benötigt eine neuere Authentifizierung. Möchten Sie sich erneut authentifizieren?", "askToRenew":"Diese Anwendung benötigt eine neuere Authentifizierung. Möchten Sie sich erneut authentifizieren?",
"askToUpgrade":"Diese Anwendung benötigt eine höhere Authentifizierungsstufe. Möchten Sie sich erneut authentifizieren?", "askToUpgrade":"Diese Anwendung benötigt eine höhere Authentifizierungsstufe. Möchten Sie sich erneut authentifizieren?",
"attributes":"ATTRIBUTES",
"authPortal":"Authentifizierungsportal", "authPortal":"Authentifizierungsportal",
"authRemaining":"%sverbleibende Authentifizierungen, bitte Passwort ändern!", "authRemaining":"%sverbleibende Authentifizierungen, bitte Passwort ändern!",
"autoAccept":"Automatisch in 30 Sekunden annehmen", "autoAccept":"Automatisch in 30 Sekunden annehmen",
...@@ -114,6 +116,7 @@ ...@@ -114,6 +116,7 @@
"changeKey":"Neuen Schlüssel erzeugen", "changeKey":"Neuen Schlüssel erzeugen",
"changePwd":"Ändere dein Passwort", "changePwd":"Ändere dein Passwort",
"checkLastLogins":"Überprüfe meine letzten Logins", "checkLastLogins":"Überprüfe meine letzten Logins",
"checkUser":"Check user session",
"choose2f":"Wählen deinen Ihren zweiten Faktor", "choose2f":"Wählen deinen Ihren zweiten Faktor",
"chooseApp":"Wählen Sie eine Anwendung aus, auf die du zugreifen darfst", "chooseApp":"Wählen Sie eine Anwendung aus, auf die du zugreifen darfst",
"clickHere":"Bitte hier klicken", "clickHere":"Bitte hier klicken",
...@@ -137,15 +140,18 @@ ...@@ -137,15 +140,18 @@
"errorMsg":"Fehlermeldung", "errorMsg":"Fehlermeldung",
"fillTheForm":"Fülle das Formular aus", "fillTheForm":"Fülle das Formular aus",
"firstName":"Vorname", "firstName":"Vorname",
"forbidden":"Access FORBIDDEN",
"forgotPwd":"Passwort vergessen ?", "forgotPwd":"Passwort vergessen ?",
"generatePwd":"Passwort automatisch generieren", "generatePwd":"Passwort automatisch generieren",
"gotNewMessages":"Du hast neue Nachrichten", "gotNewMessages":"Du hast neue Nachrichten",
"goToPortal":"Zum Portal", "goToPortal":"Zum Portal",
"gplSoft":"Freie Software, die von der GPL-Lizenz abgedeckt wird", "gplSoft":"Freie Software, die von der GPL-Lizenz abgedeckt wird",
"headers":"HEADERS",
"id":"ID", "id":"ID",
"imSure":"Ich bin sicher", "imSure":"Ich bin sicher",
"info":"Information", "info":"Information",
"ipAddr":"IP Adresse", "ipAddr":"IP Adresse",
"key":"Key",
"lastFailedLogins":"Letzte fehlgeschlagene Anmeldungen", "lastFailedLogins":"Letzte fehlgeschlagene Anmeldungen",
"lastLogins":"Letzte Anmeldungen", "lastLogins":"Letzte Anmeldungen",
"lastName":"Nachname", "lastName":"Nachname",
...@@ -227,6 +233,7 @@ ...@@ -227,6 +233,7 @@
"upgradeSession":"Upgrade session", "upgradeSession":"Upgrade session",
"user":"Benutzer", "user":"Benutzer",
"useYubikey":"use your Yubikey", "useYubikey":"use your Yubikey",
"value":"Value",
"verify":"Verify", "verify":"Verify",
"wait":"Warten", "wait":"Warten",
"warning":"Warnung", "warning":"Warnung",
......
...@@ -98,10 +98,12 @@ ...@@ -98,10 +98,12 @@
"accountCreated":"Your account has been created, your temporary password has been sent to your mail address.", "accountCreated":"Your account has been created, your temporary password has been sent to your mail address.",
"accountCreationSuccess":"Your account was successfully created.", "accountCreationSuccess":"Your account was successfully created.",
"action":"Action", "action":"Action",
"allowed":"Access ALLOWED",
"anotherInformation":"Another information:", "anotherInformation":"Another information:",
"areYouSure":"Are you sure?", "areYouSure":"Are you sure?",
"askToRenew":"This application needs a more recent authentication. Do you want to reauthenticate?", "askToRenew":"This application needs a more recent authentication. Do you want to reauthenticate?",
"askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate?", "askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate?",
"attributes":"ATTRIBUTES",
"authPortal":"Authentication portal", "authPortal":"Authentication portal",
"authRemaining":"%s authentications remaining, change your password!", "authRemaining":"%s authentications remaining, change your password!",
"autoAccept":"Automatically accept in 30 seconds", "autoAccept":"Automatically accept in 30 seconds",
...@@ -114,6 +116,7 @@ ...@@ -114,6 +116,7 @@
"changeKey": "Generate new key", "changeKey": "Generate new key",
"changePwd":"Change your password", "changePwd":"Change your password",
"checkLastLogins":"Check my last logins", "checkLastLogins":"Check my last logins",
"checkUser":"Check user session",
"choose2f":"Choose your second factor", "choose2f":"Choose your second factor",
"chooseApp":"Choose an application your are allowed to access to", "chooseApp":"Choose an application your are allowed to access to",
"clickHere":"Please click here", "clickHere":"Please click here",
...@@ -137,15 +140,18 @@ ...@@ -137,15 +140,18 @@
"errorMsg":"Error Message", "errorMsg":"Error Message",
"fillTheForm":"Fill the form", "fillTheForm":"Fill the form",
"firstName":"First name", "firstName":"First name",
"forbidden":"Access FORBIDDEN",
"forgotPwd":"Forgot your password?", "forgotPwd":"Forgot your password?",
"generatePwd":"Generate the password automatically", "generatePwd":"Generate the password automatically",
"gotNewMessages":"You have some new messages", "gotNewMessages":"You have some new messages",
"goToPortal":"Go to portal", "goToPortal":"Go to portal",
"gplSoft":"free software covered by the GPL license", "gplSoft":"free software covered by the GPL license",
"headers":"HEADERS",
"id":"Id", "id":"Id",
"imSure":"I'm sure", "imSure":"I'm sure",
"info":"Information", "info":"Information",
"ipAddr":"IP address", "ipAddr":"IP address",
"key":"Key",
"lastFailedLogins":"Last failed logins", "lastFailedLogins":"Last failed logins",
"lastLogins":"Last logins", "lastLogins":"Last logins",
"lastName":"Last name", "lastName":"Last name",
...@@ -227,6 +233,7 @@ ...@@ -227,6 +233,7 @@
"upgradeSession":"Upgrade session", "upgradeSession":"Upgrade session",
"user":"User", "user":"User",
"useYubikey":"use your Yubikey", "useYubikey":"use your Yubikey",
"value":"Value",
"verify": "Verify", "verify": "Verify",
"wait":"Wait", "wait":"Wait",
"warning":"Warning", "warning":"Warning",
......
...@@ -98,10 +98,12 @@ ...@@ -98,10 +98,12 @@
"accountCreated":"Your account has been created, your temporary password has been sent to your mail address.", "accountCreated":"Your account has been created, your temporary password has been sent to your mail address.",
"accountCreationSuccess":"Your account was successfully created.", "accountCreationSuccess":"Your account was successfully created.",
"action":"Action", "action":"Action",
"allowed":"Access ALLOWED",
"anotherInformation":"Another information:", "anotherInformation":"Another information:",
"areYouSure":"Are you sure?", "areYouSure":"Are you sure?",
"askToRenew":"This application needs a more recent authentication. Do you want to reauthenticate?", "askToRenew":"This application needs a more recent authentication. Do you want to reauthenticate?",
"askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate?", "askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate?",
"attributes":"ATTRIBUTES",
"authPortal":"Authentication portal", "authPortal":"Authentication portal",
"authRemaining":"%s authentications remaining, change your password!", "authRemaining":"%s authentications remaining, change your password!",
"autoAccept":"Automatically accept in 30 seconds", "autoAccept":"Automatically accept in 30 seconds",
...@@ -114,6 +116,7 @@ ...@@ -114,6 +116,7 @@
"changeKey":"Generate new key", "changeKey":"Generate new key",
"changePwd":"Change your password", "changePwd":"Change your password",
"checkLastLogins":"Check my last logins", "checkLastLogins":"Check my last logins",
"checkUser":"Check user session",
"choose2f":"Choose your second factor", "choose2f":"Choose your second factor",
"chooseApp":"Choose an application your are allowed to access to", "chooseApp":"Choose an application your are allowed to access to",
"clickHere":"Please click here", "clickHere":"Please click here",
...@@ -137,15 +140,18 @@ ...@@ -137,15 +140,18 @@
"errorMsg":"Error Message", "errorMsg":"Error Message",
"fillTheForm":"Fill the form", "fillTheForm":"Fill the form",
"firstName":"First name", "firstName":"First name",
"forbidden":"Access FORBIDDEN",
"forgotPwd":"Forgot your password?", "forgotPwd":"Forgot your password?",
"generatePwd":"Generate the password automatically", "generatePwd":"Generate the password automatically",
"gotNewMessages":"You have some new messages", "gotNewMessages":"You have some new messages",
"goToPortal":"Go to portal", "goToPortal":"Go to portal",
"gplSoft":"free software covered by the GPL license", "gplSoft":"free software covered by the GPL license",
"headers":"HEADERS",
"id":"Id", "id":"Id",
"imSure":"I'm sure", "imSure":"I'm sure",
"info":"Information", "info":"Information",
"ipAddr":"IP address", "ipAddr":"IP address",
"key":"Key",
"lastFailedLogins":"Last failed logins", "lastFailedLogins":"Last failed logins",
"lastLogins":"Last logins", "lastLogins":"Last logins",
"lastName":"Last name", "lastName":"Last name",
...@@ -227,6 +233,7 @@ ...@@ -227,6 +233,7 @@
"upgradeSession":"Upgrade session", "upgradeSession":"Upgrade session",
"user":"User", "user":"User",
"useYubikey":"use your Yubikey", "useYubikey":"use your Yubikey",
"value":"Value",
"verify":"Verify", "verify":"Verify",
"wait":"Wait", "wait":"Wait",
"warning":"Warning", "warning":"Warning",
......
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
"PE2":"Identifiant ou mot de passe non renseigné", "PE2":"Identifiant ou mot de passe non renseigné",
"PE3":"Compte ou mot de passe LDAP de l'application incorrect", "PE3":"Compte ou mot de passe LDAP de l'application incorrect",
"PE4":"Utilisateur inexistant", "PE4":"Utilisateur inexistant",
"PE5":"Mot de passe ou identifiant incorrect", "PE5":"Identifiant ou mot de passe incorrect",
"PE6":"Connexion impossible au serveur LDAP", "PE6":"Connexion impossible au serveur LDAP",
"PE7":"Erreur anormale du serveur LDAP", "PE7":"Erreur anormale du serveur LDAP",
"PE8":"Erreur du module Apache::Session choisi", "PE8":"Erreur du module Apache::Session choisi",
...@@ -98,10 +98,12 @@ ...@@ -98,10 +98,12 @@
"accountCreated":"Votre compte a été créé, un mot de passe temporaire a été envoyé à votre adresse mail.", "accountCreated":"Votre compte a été créé, un mot de passe temporaire a été envoyé à votre adresse mail.",
"accountCreationSuccess":"Votre compte a bien été créé.", "accountCreationSuccess":"Votre compte a bien été créé.",
"action":"Action", "action":"Action",
"allowed":"Accès AUTORISE",
"anotherInformation":"Une autre information :", "anotherInformation":"Une autre information :",
"areYouSure":"Êtes-vous sûr ?", "areYouSure":"Êtes-vous sûr ?",
"askToRenew":"Cette application nécessite une authentification plus récente. Voulez-vous vous réauthentifier ?", "askToRenew":"Cette application nécessite une authentification plus récente. Voulez-vous vous réauthentifier ?",
"askToUpgrade":"Cette application nécessite un plus haut niveau d'authentification. Voulez-vous vous réauthentifier ?", "askToUpgrade":"Cette application nécessite un plus haut niveau d'authentification. Voulez-vous vous réauthentifier ?",
"attributes":"ATTRIBUTS",
"authPortal":"Portail d'authentification", "authPortal":"Portail d'authentification",
"authRemaining":"%s authentifications restantes, changez votre mot de passe !", "authRemaining":"%s authentifications restantes, changez votre mot de passe !",
"autoAccept":"Acceptation automatique dans 30 secondes", "autoAccept":"Acceptation automatique dans 30 secondes",
...@@ -114,6 +116,7 @@ ...@@ -114,6 +116,7 @@
"changeKey": "Générer une nouvelle clef", "changeKey": "Générer une nouvelle clef",
"changePwd":"Changez votre mot de passe", "changePwd":"Changez votre mot de passe",
"checkLastLogins":"Voir mes dernières connexions", "checkLastLogins":"Voir mes dernières connexions",
"checkUser":"Vérifier la session d'un utilisateur",
"choose2f":"Choisissez votre second facteur", "choose2f":"Choisissez votre second facteur",
"chooseApp":"Choisissez une application à laquelle vous êtes autorisé à accéder", "chooseApp":"Choisissez une application à laquelle vous êtes autorisé à accéder",
"clickHere":"Cliquez ici", "clickHere":"Cliquez ici",
...@@ -136,16 +139,19 @@ ...@@ -136,16 +139,19 @@
"enterYubikey":"Utilisez votre Yubikey", "enterYubikey":"Utilisez votre Yubikey",
"errorMsg":"Message d'erreur", "errorMsg":"Message d'erreur",
"fillTheForm":"Remplissez le formulaire", "fillTheForm":"Remplissez le formulaire",
"forbidden":"Accès INTERDIT",
"firstName":"Prénom", "firstName":"Prénom",
"forgotPwd":"Mot de passe oublié ?", "forgotPwd":"Mot de passe oublié ?",
"generatePwd":"Générer le mot de passe automatiquement", "generatePwd":"Générer le mot de passe automatiquement",
"gotNewMessages":"Vous avez de nouveaux messages", "gotNewMessages":"Vous avez de nouveaux messages",
"goToPortal":"Aller au portail", "goToPortal":"Aller au portail",
"gplSoft":"logiciel libre protégé par la licence GPL", "gplSoft":"logiciel libre protégé par la licence GPL",
"headers":"ENTETES",
"id":"Id", "id":"Id",
"imSure":"Je suis sûr", "imSure":"Je suis sûr",
"info":"Information", "info":"Information",
"ipAddr":"Adresse IP", "ipAddr":"Adresse IP",
"key":"Clef",
"lastFailedLogins":"Dernières connexions refusées", "lastFailedLogins":"Dernières connexions refusées",
"lastLogins":"Dernières connexions", "lastLogins":"Dernières connexions",
"lastName":"Nom", "lastName":"Nom",
...@@ -227,6 +233,7 @@ ...@@ -227,6 +233,7 @@
"upgradeSession":"Se réauthentifier", "upgradeSession":"Se réauthentifier",
"user":"Utilisateur", "user":"Utilisateur",
"useYubikey":"Utilisez votre Yubikey", "useYubikey":"Utilisez votre Yubikey",
"value":"Valeur",
"verify": "Vérifier", "verify": "Vérifier",
"wait":"Attendre", "wait":"Attendre",
"warning":"Attention", "warning":"Attention",
......
...@@ -98,10 +98,12 @@ ...@@ -98,10 +98,12 @@
"accountCreated":"Il tuo account è stato creato, la tua password temporanea è stata inviata all'indirizzo email.",