Commit 6e1efc8b authored by Christophe Maudoux's avatar Christophe Maudoux 🐛
Browse files

WIP: CheckDevOps plugin skeleton (#2458)

parent d6fa0dfb
......@@ -30,7 +30,7 @@ use constant DEFAULTCONFBACKENDOPTIONS => (
dirName => '/usr/local/lemonldap-ng/data/conf',
);
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:DevOps|State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/;
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
......
......@@ -20,6 +20,7 @@ sub portalConsts {
'101' => 'PE_PP_NOT_ALLOWED_CHARACTERS',
'102' => 'PE_UPGRADESESSION',
'103' => 'PE_NO_SECOND_FACTORS',
'104' => 'PE_BAD_DEVOPS_FILE',
'2' => 'PE_FORMEMPTY',
'20' => 'PE_NO_PASSWORD_BE',
'21' => 'PE_PP_ACCOUNT_LOCKED',
......
......@@ -862,6 +862,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'cfgVersion' => {
'type' => 'text'
},
'checkDevOps' => {
'default' => 0,
'type' => 'bool'
},
'checkState' => {
'default' => 0,
'type' => 'bool'
......
......@@ -464,6 +464,12 @@ sub attributes {
type => 'text',
documentation => 'Secret token for CheckState plugin',
},
checkDevOps => {
default => 0,
type => 'bool',
documentation => 'Enable check DevOps',
flags => 'p',
},
checkUser => {
default => 0,
type => 'bool',
......
......@@ -111,7 +111,8 @@ sub portalConstants {
PE_PP_NOT_ALLOWED_CHARACTER => 100,
PE_PP_NOT_ALLOWED_CHARACTERS => 101,
PE_UPGRADESESSION => 102,
PE_NO_SECOND_FACTORS => 103
PE_NO_SECOND_FACTORS => 103,
PE_BAD_DEVOPS_FILE => 104
};
}
......
......@@ -638,7 +638,8 @@ sub tree {
},
{
title => 'soapServices',
help => 'portalservers.html#SOAP_(deprecated)',
help =>
'portalservers.html#SOAP_(deprecated)',
form => 'simpleInputContainer',
nodes => [
'soapSessionServer',
......@@ -774,6 +775,12 @@ sub tree {
form => 'simpleInputContainer',
nodes => [ 'checkState', 'checkStateSecret', ],
},
{
title => 'devOpsCheck',
help => 'checkdevops.html',
form => 'simpleInputContainer',
nodes => ['checkDevOps'],
},
{
title => 'checkUsers',
help => 'checkuser.html',
......
......@@ -197,6 +197,7 @@
"clickHereToForce":"انقر هنا لإجبار",
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkState":"تفعيل",
"checkStateSecret":"سر مشترك",
"checkUsers":"SSO profile check",
......@@ -287,6 +288,7 @@
"description":"التفاصيل",
"dest":"Recipient",
"diffViewer":"المشاهد المختلف",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"الفرق مع السابق",
"disabled":"معطلة",
"displaySessionId":"Display session identifier",
......
......@@ -197,6 +197,7 @@
"clickHereToForce":"Click here to force",
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"SSO profile check",
......@@ -287,6 +288,7 @@
"description":"Beschreibung",
"dest":"Recipient",
"diffViewer":"Difference viewer",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"difference with previous",
"disabled":"Disabled",
"displaySessionId":"Display session identifier",
......
......@@ -197,6 +197,7 @@
"clickHereToForce":"Click here to force",
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"SSO profile check",
......@@ -286,6 +287,7 @@
"demoParams":"Demonstration parameters",
"description":"Description",
"dest":"Recipient",
"devOpsCheck":"Check DevOps handler file",
"diffViewer":"Difference viewer",
"diffWithPrevious":"difference with previous",
"disabled":"Disabled",
......
......@@ -197,6 +197,7 @@
"clickHereToForce":"Haga click aquí para forzar",
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkState":"Activación",
"checkStateSecret":"Secreto compartido",
"checkUsers":"Comprobación de perfil SSO",
......@@ -287,6 +288,7 @@
"description":"Descripción",
"dest":"Recipient",
"diffViewer":"Visor de diferencias",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"Diferencia con anterior",
"disabled":"Deshabilitado",
"displaySessionId":"Display session identifier",
......
......@@ -197,6 +197,7 @@
"clickHereToForce":"Cliquer ici pour forcer",
"claimName":"Nom de la revendication",
"checkboxes":"Cases à cocher",
"checkDevOps":"Activation",
"checkState":"Activation",
"checkStateSecret":"Secret partagé",
"checkUsers":"Vérification des profils SSO",
......@@ -286,6 +287,7 @@
"demoParams":"Paramètres démonstration",
"description":"Description",
"dest":"Destinataire",
"devOpsCheck":"Vérification des fichiers DevOps",
"diffViewer":"Visualisateur de différence",
"diffWithPrevious":"différence avec la précédente",
"disabled":"Désactivé",
......
......@@ -197,6 +197,7 @@
"clickHereToForce":"Clicca qui per forzare",
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkState":"Attivazione",
"checkStateSecret":"Segreto condiviso",
"checkUsers":"Controllo del profilo SSO",
......@@ -287,6 +288,7 @@
"description":"Descrizione",
"dest":"Recipient",
"diffViewer":"Visualizzatore di differenza",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"differenza con il precedente",
"disabled":"Disabilitato",
"displaySessionId":"Display session identifier",
......
......@@ -197,6 +197,7 @@
"clickHereToForce":"Kliknij tutaj, aby wymusić",
"claimName":"Nazwa roszczenia",
"checkboxes":"Pola wyboru",
"checkDevOps":"Activation",
"checkState":"Aktywacja",
"checkStateSecret":"Współdzielony sekret",
"checkUsers":"Sprawdź Profil SSO",
......@@ -287,6 +288,7 @@
"description":"Opis",
"dest":"Odbiorca",
"diffViewer":"Przeglądarka różnic",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"różnica w stosunku do poprzednich",
"disabled":"Wyłączone",
"displaySessionId":"Wyświetl identyfikator sesji",
......
......@@ -197,6 +197,7 @@
"clickHereToForce":"Zorlamak için buraya tıklayın",
"claimName":"İstek adı",
"checkboxes":"Onay kutuları",
"checkDevOps":"Activation",
"checkState":"Aktivasyon",
"checkStateSecret":"Paylaşılan sır",
"checkUsers":"TOA profil Kontrolü",
......@@ -287,6 +288,7 @@
"description":"Açıklama",
"dest":"Alıcı",
"diffViewer":"Fark görüntüleyici",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"önceki ile farkı",
"disabled":"Devre dışı",
"displaySessionId":"Oturum kimliğini görüntüle",
......
......@@ -197,6 +197,7 @@
"clickHereToForce":"Nhấp vào đây để bắt buộc",
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkState":"Kích hoạt",
"checkStateSecret":"Chia sẻ bí mật",
"checkUsers":"SSO profile check",
......@@ -287,6 +288,7 @@
"description":"Mô tả",
"dest":"Recipient",
"diffViewer":"Người xem khác ",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"khác biệt với cái trước",
"disabled":"Tắt",
"displaySessionId":"Display session identifier",
......
......@@ -197,6 +197,7 @@
"clickHereToForce":"Click here to force",
"claimName":"Claim name",
"checkboxes":"Checkboxes",
"checkDevOps":"Activation",
"checkState":"激活",
"checkStateSecret":"Shared secret",
"checkUsers":"SSO profile check",
......@@ -287,6 +288,7 @@
"description":"Description",
"dest":"Recipient",
"diffViewer":"Difference viewer",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"difference with previous",
"disabled":"Disabled",
"displaySessionId":"Display session identifier",
......
......@@ -197,6 +197,7 @@
"clickHereToForce":"點擊此處強制",
"claimName":"要求名稱",
"checkboxes":"勾選框",
"checkDevOps":"Activation",
"checkState":"啟用",
"checkStateSecret":"已分享的祕密",
"checkUsers":"SSO 設定檔檢查",
......@@ -287,6 +288,7 @@
"description":"描述",
"dest":"接收者",
"diffViewer":"差異檢視器",
"devOpsCheck":"Check DevOps handler file",
"diffWithPrevious":"與先前的差異",
"disabled":"已停用",
"displaySessionId":"顯示工作階段識別符號",
......
......@@ -108,6 +108,7 @@ use constant {
PE_PP_NOT_ALLOWED_CHARACTERS => 101,
PE_UPGRADESESSION => 102,
PE_NO_SECOND_FACTORS => 103,
PE_BAD_DEVOPS_FILE => 104,
};
sub portalConsts {
......@@ -124,6 +125,7 @@ sub portalConsts {
'101' => 'PE_PP_NOT_ALLOWED_CHARACTERS',
'102' => 'PE_UPGRADESESSION',
'103' => 'PE_NO_SECOND_FACTORS',
'104' => 'PE_BAD_DEVOPS_FILE',
'2' => 'PE_FORMEMPTY',
'20' => 'PE_NO_PASSWORD_BE',
'21' => 'PE_PP_ACCOUNT_LOCKED',
......@@ -319,7 +321,8 @@ our @EXPORT_OK = (
'PE_PP_NOT_ALLOWED_CHARACTER',
'PE_PP_NOT_ALLOWED_CHARACTERS',
'PE_UPGRADESESSION',
'PE_NO_SECOND_FACTORS'
'PE_NO_SECOND_FACTORS',
'PE_BAD_DEVOPS_FILE'
);
our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment