Skip to content

GitLab

Commit ff36b81e authored by Christophe Maudoux's avatar Christophe Maudoux 🐛 Committed by Yadd
Browse files

Append accessor to avoid modify conf (#2451)

parent 61c4150c
Expand all Hide whitespace changes
Inline Side-by-side
doc/sources/admin/crowdsec.rst
View file @ ff36b81e
......@@ -11,7 +11,7 @@ community-powered IP reputation system.
LL::NG provides a **CrowdSec** bouncer that can reject Crowdsec banned-IP
requests or just provide an environment variable that can be used in
another plugin rule. For example, a second factor may be required if user's
IP is CrowdSec bans it.
IP is CrowdSec-banned.
Configuration
-------------
......
doc/sources/admin/start.rst
View file @ ff36b81e
......@@ -276,21 +276,21 @@ Name Description
:doc:`Check user<checkuser>` [6]_ |new| Check access rights, transmitted headers and session attibutes for a specific user and URL
:doc:`Configuration viewer<viewer>` |new| Edit WebSSO configuration in Read Only mode
:doc:`Context switching<contextswitching>` [7]_\ |new| Switch context other users
:doc:`CrowdSec<crowdsec>` [16]_\ |new| CrowdSec bouncer
:doc:`CrowdSec<crowdsec>` [8]_\ |new| CrowdSec bouncer
:doc:`Custom<plugincustom>` Write a custom plugin
:doc:`Decrypt value<decryptvalue>` [8]_\ |image35| Decrypt ciphered values
:doc:`Decrypt value<decryptvalue>` [9]_\ |image35| Decrypt ciphered values
:doc:`Display login history<loginhistory>` Display Success/Fails logins
:doc:`Force Authentication<forcereauthn>` Force authentication to access to Portal
:doc:`Global Logout<globallogout>` [9]_ Suggest to close all opened sessions at logout
:doc:`Global Logout<globallogout>` [10]_ Suggest to close all opened sessions at logout
:doc:`Grant Sessions<grantsession>` Rules to apply before allowing a user to open a session
:doc:`Impersonation<impersonation>` [10]_\ |new| Allow users to use another identity
:doc:`Find user<finduser>` [11]_\ |new| Search for user account
:doc:`Impersonation<impersonation>` [11]_\ |new| Allow users to use another identity
:doc:`Find user<finduser>` [12]_\ |new| Search for user account
:doc:`Notifications system<notifications>` DIsplay a message during log in process
:doc:`Portal Status<status>` Experimental portal status page
:doc:`Public pages<public_pages>` Enable public pages system
:doc:`Refresh session API<refreshsessionapi>` [12]_ Plugin that provides an API to refresh a user session
:doc:`Refresh session API<refreshsessionapi>` [13]_ Plugin that provides an API to refresh a user session
:doc:`Reset password by mail<resetpassword>` Send a mail to reset its password
:doc:`Reset certificate by mail<resetcertificate>` [13]_\ |image37| Allow users to reset their certificate
:doc:`Reset certificate by mail<resetcertificate>` [14]_\ |image37| Allow users to reset their certificate
:doc:`REST services<restservices>` |new| REST server for :doc:`Proxy<authproxy>`
:doc:`SOAP services<soapservices>` |deprecated| SOAP server for :doc:`Proxy<authproxy>`
:doc:`Stay connected<stayconnected>` |new| Enable persistent connection on same browser
......@@ -308,12 +308,12 @@ Handlers are software control agents to be installed on your web servers
==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
Handler type Apache LLNG FastCGI/uWSGI server (Nginx, or :doc:`SSOaaS<ssoaas>`) `Plack servers <https://plackperl.org>`__ Node.js ( `express apps <http://expressjs.com/>`__\ or :doc:`SSOaaS<ssoaas>`) :doc:`Self protected apps<selfmadeapplication>` Comment
==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
Main *(default handler)* ✔ ✔ ✔ :doc:`Partial<nodehandler>` ** [14]_ **
Main *(default handler)* ✔ ✔ ✔ :doc:`Partial<nodehandler>` ** [15]_ ** ✔
:doc:`AuthBasic<handlerauthbasic>` ✔ ✔ ✔ ✔ Designed for some server-to-server applications
:doc:`CDA<cda>` ✔ ✔ ✔ ✔ For Cross Domain Authentication
:doc:`DevOps<devopshandler>` (:doc:`SSOaaS<ssoaas>`) |new| ✔ ✔ ✔ ✔ Allows application developers to define their own rules and headers inside their applications
:doc:`DevOpsST<devopssthandler>` (:doc:`SSOaaS<ssoaas>`) |new| ✔ ✔ ✔ ✔ Enables both :doc:`DevOps<devopshandler>` and :doc:`Service Token<servertoserver>`
:doc:`OAuth2<oauth2handler>` [15]_\ |new| ✔ ✔ ✔ ✔ Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services
:doc:`OAuth2<oauth2handler>` [16]_\ |new| ✔ ✔ ✔ ✔ Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services
:doc:`Secure Token<securetoken>` ✔ ✔ ✔ Designed to secure exchanges between a LLNG reverse-proxy and a remote app
:doc:`Service Token<servertoserver>` |new| *(Server-to-Server)* ✔ ✔ ✔ ✔ ✔ Designed to permit underlying requests *(API-Based Infrastructure)*
:doc:`Zimbra PreAuth<applications/zimbra>` ✔ ✔ ✔
......@@ -579,38 +579,38 @@ by your language code):
LLNG ≥ 2.0.6
.. [8]
:doc:`CrowdSec bouncer <crowdsec>` is available with LLNG ≥ 2.0.12
.. [9]
:doc:`Decrypt value plugin<decryptvalue>` is available with LLNG ≥
2.0.7
.. [9]
.. [10]
:doc:`Global Logout plugin<globallogout>` is available with LLNG ≥
2.0.7
.. [10]
.. [11]
:doc:`Impersonation plugin<impersonation>` is available with LLNG ≥
2.0.3
.. [11]
.. [12]
:doc:`Find user plugin<finduser>` is available with LLNG ≥
2.0.11
.. [12]
.. [13]
:doc:`Refresh session API plugin<refreshsessionapi>` is available
with LLNG ≥ 2.0.7
.. [13]
.. [14]
:doc:`Reset certificate by mail plugin<resetcertificate>` is
available with LLNG ≥ 2.0.7
.. [14]
.. [15]
:doc:`Node.js handler<nodehandler>` has not yet reached the same
level of functionalities
.. [15]
:doc:`OAuth2 Handler<oauth2handler>` is available with LLNG ≥ 2.0.4
.. [16]
:doc:`CrowdSec bouncer <crowdsec>` is available with LLNG ≥ 2.0.12
:doc:`OAuth2 Handler<oauth2handler>` is available with LLNG ≥ 2.0.4
.. |image0| image:: /icons/kthememgr.png
.. |image1| image:: /icons/warehause.png
......
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CrowdSec.pm
View file @ ff36b81e
......@@ -5,12 +5,12 @@ use Mouse;
use JSON qw(from_json);
use Lemonldap::NG::Common::UserAgent;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_ERROR
PE_OK
PE_ERROR
PE_SESSIONNOTGRANTED
);
our $VERSION = '2.0.10';
our $VERSION = '2.0.12';
extends 'Lemonldap::NG::Portal::Main::Plugin';
......@@ -28,18 +28,19 @@ has ua => (
return $ua;
}
);
has crowdsecUrl => ( is => 'rw' );
sub init {
my ($self) = @_;
if ( $self->conf->{crowdsecUrl} ) {
$self->conf->{crowdsecUrl} =~ s#/+$##;
$self->crowdsecUrl( $self->conf->{crowdsecUrl} =~ s#/+$## );
}
else {
$self->logger->warn(
"crowdsecUrl isn't set, fallback to http://localhost:8080");
$self->conf->{crowdsecUrl} = 'http://localhost:8080';
$self->crowdsecUrl('http://localhost:8080');
}
$self->logger->notice( "CrowdSec policy is: "
$self->logger->notice( 'CrowdSec policy is: '
. ( $self->conf->{crowdsecAction} ? 'reject' : 'warn' ) );
return 1;
}
......@@ -48,12 +49,12 @@ sub check {
my ( $self, $req ) = @_;
my $ip = $req->address;
my $resp = $self->ua->get(
$self->conf->{crowdsecUrl} . "/v1/decisions?ip=$ip",
$self->crowdsecUrl . "/v1/decisions?ip=$ip",
'Accept' => 'application/json',
'X-Api-Key' => $self->conf->{crowdsecKey},
);
if ( $resp->is_error ) {
$self->logger->error( "Bad CrowdSec response: " . $resp->message );
$self->logger->error( 'Bad CrowdSec response: ' . $resp->message );
$self->logger->debug( $resp->content );
return PE_ERROR;
}
......
lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
View file @ ff36b81e
......@@ -588,11 +588,11 @@ LemonLDAP::NG Portal jQuery scripts
}
});
$('#resetfinduserform').on('click', function() {
console.log('Clear form');
console.log('Reset form');
return $('#finduserForm').trigger('reset');
});
$('#finduserModal').on('hidden.bs.modal', function() {
console.log('Reset modal');
console.log('Clear modal');
return $('#finduserForm').trigger('reset');
});
return $('#finduserbutton').on('click', function(event) {
......
lemonldap-ng-portal/t/61-CrowdSec-warn.t
View file @ ff36b81e
......@@ -32,7 +32,7 @@ my $res;
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'debug',
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
crowdsec => 1,
......
lemonldap-ng-portal/t/61-CrowdSec.t
View file @ ff36b81e
......@@ -32,7 +32,7 @@ my $res;
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'debug',
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
crowdsec => 1,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment