Commit 1f66e039 authored by Christophe Maudoux's avatar Christophe Maudoux 🐛
Browse files

Append an option to download rules.json file from remote server (#2458)

parent e477a1ce
......@@ -19,7 +19,7 @@ dirName=__pwd__/e2e-tests/conf
[portal]
checkXSS = 0
checkXSS = 1
portalSkin = bootstrap
staticPrefix = /static
languages = fr, en, vi, it, ar, de, zh, nl, es, pt, ro, tr, zh_TW
......
......@@ -5,7 +5,7 @@ use strict;
use Exporter 'import';
use base qw(Exporter);
our $VERSION = '2.0.11';
our $VERSION = '2.0.12';
# CONSTANTS
......@@ -30,7 +30,7 @@ use constant DEFAULTCONFBACKENDOPTIONS => (
dirName => '/usr/local/lemonldap-ng/data/conf',
);
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:DevOps|State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:DevOps(?:Download)?|State|User|XSS)|da)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/;
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
......
# This file is generated by Lemonldap::NG::Manager::Build. Don't modify it by hand
package Lemonldap::NG::Common::Conf::DefaultValues;
our $VERSION = '2.0.11';
our $VERSION = '2.0.12';
sub defaultValues {
return {
......@@ -35,6 +35,7 @@ sub defaultValues {
'certificateResetByMailURL' =>
'http://auth.example.com/certificateReset',
'certificateResetByMailValidityDelay' => 0,
'checkDevOpsDownload' => 1,
'checkTime' => 600,
'checkUserDisplayComputedSession' => 1,
'checkUserDisplayEmptyHeaders' => 0,
......
......@@ -5,7 +5,7 @@ use strict;
use Exporter 'import';
use base qw(Exporter);
our $VERSION = '2.0.11';
our $VERSION = '2.0.12';
our %EXPORT_TAGS = ( 'all' => [qw($simpleHashKeys $doubleHashKeys $specialNodeKeys $casAppMetaDataNodeKeys $casSrvMetaDataNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters $casServiceParameters)] );
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
......
......@@ -4,7 +4,7 @@ package Lemonldap::NG::Handler::Lib::StatusConstants;
use strict;
use Exporter 'import';
our $VERSION = '2.0.11';
our $VERSION = '2.0.12';
sub portalConsts {
return {
......
# This file is generated by Lemonldap::NG::Manager::Build. Don't modify it by hand
package Lemonldap::NG::Manager::Attributes;
our $VERSION = '2.0.11';
our $VERSION = '2.0.12';
sub perlExpr {
my ( $val, $conf ) = @_;
......@@ -866,6 +866,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 0,
'type' => 'bool'
},
'checkDevOpsDownload' => {
'default' => 1,
'type' => 'bool'
},
'checkState' => {
'default' => 0,
'type' => 'bool'
......
......@@ -6,7 +6,7 @@
package Lemonldap::NG::Manager::Build::Attributes;
our $VERSION = '2.0.11';
our $VERSION = '2.0.12';
use strict;
use Regexp::Common qw/URI/;
......@@ -470,6 +470,12 @@ sub attributes {
documentation => 'Enable check DevOps',
flags => 'p',
},
checkDevOpsDownload => {
default => 1,
type => 'bool',
documentation => 'Enable check DevOps download field',
flags => 'p',
},
checkUser => {
default => 0,
type => 'bool',
......
......@@ -803,7 +803,7 @@ sub tree {
title => 'devOpsCheck',
help => 'checkdevops.html',
form => 'simpleInputContainer',
nodes => ['checkDevOps'],
nodes => [ 'checkDevOps', 'checkDevOpsDownload' ],
},
{
title => 'impersonation',
......
......@@ -198,6 +198,7 @@
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkDevOpsDownload":"Download file",
"checkState":"تفعيل",
"checkStateSecret":"سر مشترك",
"checkUsers":"SSO profile check",
......
......@@ -198,6 +198,7 @@
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkDevOpsDownload":"Download file",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"SSO profile check",
......
......@@ -198,6 +198,7 @@
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkDevOpsDownload":"Download file",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"SSO profile check",
......
......@@ -198,6 +198,7 @@
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkDevOpsDownload":"Download file",
"checkState":"Activación",
"checkStateSecret":"Secreto compartido",
"checkUsers":"Comprobación de perfil SSO",
......
......@@ -198,6 +198,7 @@
"claimName":"Nom de la revendication",
"checkboxes":"Cases à cocher",
"checkDevOps":"Activation",
"checkDevOpsDownload":"Télécharger un fichier",
"checkState":"Activation",
"checkStateSecret":"Secret partagé",
"checkUsers":"Vérification des profils SSO",
......
......@@ -198,6 +198,7 @@
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkDevOpsDownload":"Download file",
"checkState":"Attivazione",
"checkStateSecret":"Segreto condiviso",
"checkUsers":"Controllo del profilo SSO",
......
......@@ -198,6 +198,7 @@
"claimName":"Nazwa roszczenia",
"checkboxes":"Pola wyboru",
"checkDevOps":"Activation",
"checkDevOpsDownload":"Download file",
"checkState":"Aktywacja",
"checkStateSecret":"Współdzielony sekret",
"checkUsers":"Sprawdź Profil SSO",
......
......@@ -198,6 +198,7 @@
"claimName":"İstek adı",
"checkboxes":"Onay kutuları",
"checkDevOps":"Activation",
"checkDevOpsDownload":"Download file",
"checkState":"Aktivasyon",
"checkStateSecret":"Paylaşılan sır",
"checkUsers":"TOA profil Kontrolü",
......
......@@ -198,6 +198,7 @@
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkDevOpsDownload":"Download file",
"checkState":"Kích hoạt",
"checkStateSecret":"Chia sẻ bí mật",
"checkUsers":"SSO profile check",
......
......@@ -198,6 +198,7 @@
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkDevOpsDownload":"Download file",
"checkState":"激活",
"checkStateSecret":"Shared secret",
"checkUsers":"SSO profile check",
......
......@@ -198,6 +198,7 @@
"claimName":"要求名稱",
"checkboxes":"勾選框",
"checkDevOps":"Activation",
"checkDevOpsDownload":"Download file",
"checkState":"啟用",
"checkStateSecret":"已分享的祕密",
"checkUsers":"SSO 設定檔檢查",
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment