Attributes.pm 111 KB
Newer Older
1 2 3 4
# This file contains the description of all configuration parameters
# It may be included only by batch files, never in portal or handler chain
# for performances reasons

Xavier Guimard's avatar
Xavier Guimard committed
5
# DON'T FORGET TO RUN "make json" AFTER EACH CHANGE
6 7 8

package Lemonldap::NG::Manager::Build::Attributes;

9
our $VERSION = '2.0.0';
10 11 12 13
use strict;
use Regexp::Common qw/URI/;

my $perlExpr = sub {
14
    my ( $val, $conf ) = @_;
15
    my $s = '';
Xavier Guimard's avatar
Xavier Guimard committed
16
    no warnings( 'redefine', 'uninitialized' );
17
    eval "$s $val";
18 19 20
    my $err = join( '',
        grep { $_ =~ /Undefined subroutine/ ? () : $_ } split( /\n/, $@ ) );
    return $err ? ( 1, "__badExpression__: $err" ) : (1);
21 22
};

Xavier Guimard's avatar
Xavier Guimard committed
23
my $url = $RE{URI}{HTTP}{ -scheme => "https?" };
Xavier Guimard's avatar
Xavier Guimard committed
24 25 26
$url =~ s/(?<=[^\\])\$/\\\$/g;
$url = qr/$url/;

27 28 29 30 31
sub types {
    return {

        # Simple text types
        text => {
Xavier Guimard's avatar
Xavier Guimard committed
32
            test    => sub { 1 },
33 34 35
            msgFail => '__malformedValue__',
        },
        password => {
Xavier Guimard's avatar
Xavier Guimard committed
36
            test    => sub { 1 },
37 38 39 40 41 42 43
            msgFail => '__malformedValue__',
        },
        longtext => {
            test => sub { 1 }
        },
        url => {
            form    => 'text',
Xavier Guimard's avatar
Xavier Guimard committed
44
            test    => $url,
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
            msgFail => '__badUrl__',
        },
        PerlModule => {
            form    => 'text',
            test    => qr/^[a-zA-Z][a-zA-Z0-9]*(?:::[a-zA-Z][a-zA-Z0-9]*)*$/,
            msgFail => '__badPerlPackageName__',
        },
        hostname => {
            form    => 'text',
            test    => qr/^(?:$Regexp::Common::URI::RFC2396::host)?$/,
            msgFail => '__badHostname__',
        },
        pcre => {
            form => 'text',
            test => sub {
                eval { qr/$_[0]/ };
                return $@ ? ( 0, "__badRegexp__: $@" ) : (1);
            },
        },
        lmAttrOrMacro => {
            form => 'text',
Xavier Guimard's avatar
Xavier Guimard committed
66 67
            test => sub {
                my ( $val, $conf ) = @_;
68 69 70 71 72 73
                return 1
                  if ( defined $conf->{macros}->{$val} or $val eq '_timezone' );
                foreach ( keys %$conf ) {
                    return 1
                      if ( $_ =~ /exportedvars$/i
                        and defined $conf->{$_}->{$val} );
Xavier Guimard's avatar
Xavier Guimard committed
74
                }
75
                return ( 1, "__unknownAttrOrMacro__: $val" );
Xavier Guimard's avatar
Xavier Guimard committed
76
            },
77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95
        },

        # Other types
        int => {
            test    => qr/^\-?\d+$/,
            msgFail => '__notAnInteger__',
        },
        bool => {
            test    => qr/^[01]$/,
            msgFail => '__notABoolean__',
        },
        trool => {
            test    => qr/^(?:-1|0|1)$/,
            msgFail => '__authorizedValues__: -1, 0, 1',
        },
        boolOrExpr => {
            test    => $perlExpr,
            msgFail => '__notAValidPerlExpression__',
        },
Xavier Guimard's avatar
Xavier Guimard committed
96 97
        keyTextContainer => {
            test       => qr/./,
Xavier Guimard's avatar
Xavier Guimard committed
98
            msgFail    => '__emptyValueNotAllowed__',
Xavier Guimard's avatar
Xavier Guimard committed
99
            keyTest    => qr/^\w[\w\.\-]*$/,
Xavier Guimard's avatar
Xavier Guimard committed
100
            keyMsgFail => '__badKeyName__',
Xavier Guimard's avatar
Xavier Guimard committed
101 102 103 104 105
        },
        subContainer => {
            keyTest => qr/\w/,
            test    => sub { 1 },
        },
Xavier Guimard's avatar
Xavier Guimard committed
106 107 108
        select => {
            test => sub {
                my $test =
Xavier Guimard's avatar
Xavier Guimard committed
109 110
                  grep ( { $_ eq $_[0] }
                    map ( { $_->{k} } @{ $_[2]->{select} } ) );
Xavier Guimard's avatar
Xavier Guimard committed
111 112
                return $test
                  ? 1
113
                  : ( 1, "Invalid value '$_[0]' for this select" );
Xavier Guimard's avatar
Xavier Guimard committed
114 115
            },
        },
116 117 118 119 120 121

        # Files type (long text)
        file => {
            test => sub { 1 }
        },
        RSAPublicKey => {
122
            test => sub {
123 124
                return (
                    $_[0] =~
125 126
/^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9\/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$/s
                    ? (1)
127 128
                    : ( 1, '__badPemEncoding__' )
                );
129
            },
130
        },
131
        'RSAPublicKeyOrCertificate' => {
132
            'test' => sub {
133 134
                return (
                    $_[0] =~
135 136
/^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9\/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$/s
                    ? (1)
137 138
                    : ( 1, '__badPemEncoding__' )
                );
139
            },
140
        },
141
        RSAPrivateKey => {
142
            test => sub {
143 144
                return (
                    $_[0] =~
145 146
/^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9\/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:RSA\s+)PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$/s
                    ? (1)
147 148
                    : ( 1, '__badPemEncoding__' )
                );
149
            },
150 151 152 153 154 155 156 157 158 159 160 161 162
        },

        authParamsText => {
            test => sub { 1 }
        },
        blackWhiteList => {
            test => sub { 1 }
        },
        catAndAppList => {
            test => sub { 1 }
        },
        keyText => {
            keyTest => qr/^[a-zA-Z0-9_]+$/,
Xavier Guimard's avatar
Xavier Guimard committed
163
            test    => qr/^.*$/,
164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217
            msgFail => '__badValue__',
        },
        menuApp => {
            test => sub { 1 }
        },
        menuCat => {
            test => sub { 1 }
        },
        oidcOPMetaDataNode => {
            test => sub { 1 }
        },
        oidcRPMetaDataNode => {
            test => sub { 1 }
        },
        oidcmetadatajson => {
            test => sub { 1 }
        },
        oidcmetadatajwks => {
            test => sub { 1 }
        },
        portalskin => {
            test => sub { 1 }
        },
        portalskinbackground => {
            test => sub { 1 }
        },
        post => {
            test => sub { 1 }
        },
        rule => {
            test => sub { 1 }
        },
        samlAssertion => {
            test => sub { 1 }
        },
        samlAttribute => {
            test => sub { 1 }
        },
        samlIDPMetaDataNode => {
            test => sub { 1 }
        },
        samlSPMetaDataNode => {
            test => sub { 1 }
        },
        samlService => {
            test => sub { 1 }
        },
    };
}

sub attributes {
    return {

        # Other
Xavier Guimard's avatar
Xavier Guimard committed
218 219 220 221 222 223 224 225 226 227 228 229
        configStorage => {
            type          => 'text',
            documentation => 'Configuration storage',
            flags         => 'hmp',
        },
        localStorage => {
            type          => 'text',
            documentation => 'Local cache',
            flags         => 'hmp',
        },
        localStorageOptions => {
            type          => 'keyTextContainer',
Xavier Guimard's avatar
Xavier Guimard committed
230
            documentation => 'Local cache parameters',
Xavier Guimard's avatar
Xavier Guimard committed
231 232
            flags         => 'hmp',
        },
233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253
        cfgNum => {
            type          => 'int',
            default       => 0,
            documentation => 'Enable Cross Domain Authentication',
        },
        cfgAuthor => {
            type          => 'text',
            documentation => 'Name of the author of the current configuration',
        },
        cfgAuthorIP => {
            type          => 'text',
            documentation => 'Uploader IP address of the current configuration',
        },
        cfgDate => {
            type          => 'int',
            documentation => 'Timestamp of the current configuration',
        },
        cfgLog => {
            type          => 'longtext',
            documentation => 'Configuration update log',
        },
254 255 256 257
        cfgVersion => {
            type          => 'text',
            documentation => 'Version of LLNG which build configuration',
        },
Xavier Guimard's avatar
Xavier Guimard committed
258 259 260 261 262
        status => {
            type          => 'bool',
            documentation => 'Status daemon activation',
            flags         => 'h',
        },
263 264 265 266 267 268 269
        confirmFormMethod => {
            type => "select",
            select =>
              [ { k => 'get', v => 'GET' }, { k => 'post', v => 'POST' }, ],
            default       => 'post',
            documentation => 'HTTP method for confirm page form',
        },
270 271
        customFunctions => {
            type          => 'text',
272
            test          => qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/,
273
            msgFail       => "__badCustomFuncName__",
Xavier Guimard's avatar
Xavier Guimard committed
274 275
            documentation => 'List of custom functions',
            flags         => 'hmp',
276 277
        },
        https => {
278 279 280
            default       => 0,
            type          => 'bool',
            documentation => 'Use HTTPS for redirection from portal',
Xavier Guimard's avatar
Xavier Guimard committed
281
            flags         => 'h',
282 283 284 285 286 287 288 289
        },
        infoFormMethod => {
            type => "select",
            select =>
              [ { k => 'get', v => 'GET' }, { k => 'post', v => 'POST' }, ],
            default       => 'get',
            documentation => 'HTTP method for info page form',
        },
Xavier Guimard's avatar
Xavier Guimard committed
290 291 292 293 294
        port => {
            type          => 'int',
            documentation => 'Force port in redirection',
            flags         => 'h',
        },
295 296 297 298 299 300 301 302 303 304 305 306 307 308 309
        jsRedirect => {
            type          => 'boolOrExpr',
            default       => 0,
            documentation => 'Use javascript for redirections',
        },
        logoutServices => {
            type          => 'keyTextContainer',
            help          => 'logoutforward.html',
            default       => {},
            documentation => 'Send logout trough GET request to these services',
        },
        maintenance => {
            default       => 0,
            type          => 'bool',
            documentation => 'Maintenance mode for all virtual hosts',
Xavier Guimard's avatar
Xavier Guimard committed
310
            flags         => 'h',
311
        },
Xavier Guimard's avatar
Xavier Guimard committed
312 313 314 315 316
        nginxCustomHandlers => {
            type    => 'keyTextContainer',
            keyTest => qr/^\w+$/,
            test    => qr/^[a-zA-Z][a-zA-Z0-9]*(?:::[a-zA-Z][a-zA-Z0-9]*)*$/,
            msgFail => '__badPerlPackageName__',
Xavier Guimard's avatar
Xavier Guimard committed
317
            documentation => 'Custom Nginx handler (deprecated)',
Xavier Guimard's avatar
Xavier Guimard committed
318
        },
319 320 321 322 323
        noAjaxHook => {
            default       => 0,
            type          => 'bool',
            documentation => 'Avoid replacing 302 by 401 for Ajax responses',
        },
324 325 326 327
        portal => {
            type          => 'url',
            default       => 'http://auth.example.com/',
            documentation => 'Portal URL',
Xavier Guimard's avatar
Xavier Guimard committed
328
            flags         => 'hmp',
329
        },
330 331 332 333 334
        portalStatus => {
            type          => 'bool',
            default       => 0,
            documentation => 'Enable portal status',
        },
335 336 337
        portalUserAttr => {
            type    => 'text',
            default => '_user',
338
            help    => 'monitoring.html',
339 340 341 342 343 344 345 346 347 348 349
            documentation =>
              'Session parameter to display connected user in portal',
        },
        redirectFormMethod => {
            type => "select",
            select =>
              [ { k => 'get', v => 'GET' }, { k => 'post', v => 'POST' }, ],
            default       => 'get',
            documentation => 'HTTP method for redirect page form',
        },
        reloadUrls => {
Xavier Guimard's avatar
Xavier Guimard committed
350 351 352 353 354 355
            type          => 'keyTextContainer',
            help          => 'configlocation.html#configuration_reload',
            keyTest       => qr/^$Regexp::Common::URI::RFC2396::host(?::\d+)?$/,
            test          => $url,
            msgFail       => '__badUrl__',
            documentation => 'URL to call on reload',
356 357 358 359 360
        },
        staticPrefix => {
            type          => 'text',
            documentation => 'Prefix of static files for HTML templates',
        },
361 362 363 364
        multiValuesSeparator => {
            type          => 'authParamsText',
            default       => '; ',
            documentation => 'Separator for multiple values',
Xavier Guimard's avatar
Xavier Guimard committed
365
            flags         => 'hmp',
366
        },
367 368 369 370
        stayConnected => {
            type          => 'bool',
            documentation => 'Enable StayConnected plugin',
        },
371 372 373 374 375 376 377 378
        checkState => {
            type => 'bool',
            documentation => 'Enable CheckState plugin',
        },
        checkStateSecret => {
            type => 'text',
            documentation => 'Secret token for CheckState plugin',
        },
379

380 381 382 383 384 385 386 387 388
        # Loggers (ini only)
        logLevel => {
            type          => 'text',
            documentation => 'Log level, must be set in .ini',
            flags         => 'hmp',
        },
        logger => {
            type          => 'text',
            documentation => 'technical logger',
389
            flags         => 'hmp',
390 391 392 393
        },
        userLogger => {
            type          => 'text',
            documentation => 'User actions logger',
394
            flags         => 'hmp',
395 396 397 398
        },
        log4perlConfFile => {
            type          => 'text',
            documentation => 'Log4Perl logger configuration file',
399
            flags         => 'hmp',
400 401 402 403
        },
        sentryDsn => {
            type          => 'text',
            documentation => 'Sentry logger DSN',
404
            flags         => 'hmp',
405 406 407 408
        },
        syslogFacility => {
            type          => 'text',
            documentation => 'Syslog logger technical facility',
409
            flags         => 'hmp',
410 411 412 413
        },
        userSyslogFacility => {
            type          => 'text',
            documentation => 'Syslog logger user-actions facility',
414
            flags         => 'hmp',
415 416 417
        },

        # Manager or PSGI protected apps
418 419 420 421 422
        protection => {
            type          => 'text',
            test          => qr/^(?:none|authenticate|manager|)$/,
            msgFail       => '__authorizedValues__: none authenticate manager',
            documentation => 'Manager protection method',
Xavier Guimard's avatar
Xavier Guimard committed
423
            flags         => 'hm',
424 425 426 427 428 429 430 431 432 433
        },

        # Menu
        activeTimer => {
            type          => 'bool',
            default       => 1,
            documentation => 'Enable timers on portal pages',
        },
        applicationList => {
            type    => 'catAndAppList',
434
            keyTest => qr/\w/,
435 436 437 438 439 440
            help    => 'portalmenu.html#categories_and_applications',
            default => {
                default => { catname => 'Default category', type => "category" }
            },
            documentation => 'Applications list',
        },
441 442 443 444 445
        portalErrorOnExpiredSession => {
            type          => 'bool',
            default       => 1,
            documentation => 'Show error if session is expired',
        },
446
        portalErrorOnMailNotFound => {
dcoutadeur dcoutadeur's avatar
dcoutadeur dcoutadeur committed
447 448 449 450
            type    => 'bool',
            default => 0,
            documentation =>
              'Show error if mail is not found in password reset process',
451
        },
452 453 454 455 456 457 458 459 460 461 462 463 464 465
        portalOpenLinkInNewWindow => {
            type          => 'bool',
            default       => 0,
            documentation => 'Open applications in new windows',
        },
        portalPingInterval => {
            type          => 'int',
            default       => 60000,
            documentation => 'Interval in ms between portal Ajax pings ',
        },
        portalSkin => {
            type          => 'portalskin',
            default       => 'bootstrap',
            documentation => 'Name of portal skin',
Xavier Guimard's avatar
Xavier Guimard committed
466
            select        => [ { k => 'bootstrap', v => 'Bootstrap' }, ],
467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494
        },
        portalSkinBackground => {
            type          => 'portalskinbackground',
            documentation => 'Background image of portal skin',
            select        => [
                { k => "", v => 'None' },
                {
                    k => "1280px-Anse_Source_d'Argent_2-La_Digue.jpg",
                    v => 'Anse'
                },
                {
                    k =>
"1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg",
                    v => 'Waterfall'
                },
                { k => "1280px-BrockenSnowedTrees.jpg", v => 'Snowed Trees' },
                {
                    k => "1280px-Cedar_Breaks_National_Monument_partially.jpg",
                    v => 'National Monument'
                },
                {
                    k => "1280px-Parry_Peak_from_Winter_Park.jpg",
                    v => 'Winter'
                },
                { k => "Aletschgletscher_mit_Pinus_cembra1.jpg", v => 'Pinus' },
            ],
        },
        portalSkinRules => {
Xavier Guimard's avatar
Xavier Guimard committed
495 496 497 498 499 500 501
            type          => 'keyTextContainer',
            help          => 'portalcustom.html',
            keyTest       => $perlExpr,
            keyMsgFail    => '__badSkinRule__',
            test          => qr/^\w+$/,
            msgFail       => '__badValue__',
            documentation => 'Rules to choose portal skin',
502 503 504
        },

        # Security
505
        formTimeout => {
Xavier Guimard's avatar
Xavier Guimard committed
506 507
            default       => 120,
            type          => 'int',
508 509 510
            documentation => 'Token timeout for forms',
        },
        requireToken => {
Xavier Guimard's avatar
Xavier Guimard committed
511 512
            default       => 1,
            type          => 'bool',
513 514
            documentation => 'Enable token for forms',
        },
515 516 517 518 519
        tokenUseGlobalStorage => {
            default       => 0,
            type          => 'bool',
            documentation => 'Enable global token storage',
        },
520 521 522 523
        cda => {
            default       => 0,
            type          => 'bool',
            documentation => 'Enable Cross Domain Authentication',
Xavier Guimard's avatar
Xavier Guimard committed
524
            flags         => 'hp',
525 526 527 528 529 530 531
        },
        checkXSS => {
            default       => 1,
            type          => 'bool',
            documentation => 'Check XSS',
        },
        grantSessionRules => {
Xavier Guimard's avatar
Xavier Guimard committed
532 533 534 535
            type          => 'grantContainer',
            keyTest       => $perlExpr,
            test          => sub { 1 },
            documentation => 'Rules to grant sessions',
536 537 538 539 540 541 542 543 544 545
        },
        hiddenAttributes => {
            type          => 'text',
            default       => '_password',
            documentation => 'Name of attributes to hide in logs',
        },
        key => {
            type          => 'password',
            documentation => 'Secret key',
        },
546 547
        cspDefault => {
            type          => 'text',
Xavier Guimard's avatar
Xavier Guimard committed
548
            default       => "'self'",
549 550 551 552
            documentation => 'Default value for Content-Security-Policy',
        },
        cspImg => {
            type          => 'text',
553
            default       => "'self' data:",
554 555 556 557 558 559 560 561 562
            documentation => 'Image source for Content-Security-Policy',
        },
        cspScript => {
            type          => 'text',
            default       => "'self'",
            documentation => 'Javascript source for Content-Security-Policy',
        },
        cspStyle => {
            type          => 'text',
563
            default       => "'self'",
564 565 566 567 568 569 570 571 572 573 574 575 576
            documentation => 'Style source for Content-Security-Policy',
        },
        cspConnect => {
            type    => 'text',
            default => "'self'",
            documentation =>
              'Authorizated Ajax destination for Content-Security-Policy',
        },
        cspFont => {
            type          => 'text',
            default       => "'self'",
            documentation => 'Font source for Content-Security-Policy',
        },
577 578 579 580 581
        portalAntiFrame => {
            default       => 1,
            type          => 'bool',
            documentation => 'Avoid portal to be displayed inside frames',
        },
582

583 584 585 586 587 588 589
        portalCheckLogins => {
            default       => 1,
            type          => 'bool',
            documentation => 'Display login history checkbox in portal',
        },
        portalForceAuthnInterval => {
            type    => 'int',
590
            default => 5,
591 592 593 594 595 596 597 598
            documentation =>
'Minimum number of seconds since last authentifcation to force reauthentication',
        },
        randomPasswordRegexp => {
            type          => 'pcre',
            default       => '[A-Z]{3}[a-z]{5}.\d{2}',
            documentation => 'Regular expression to create a random password',
        },
Xavier Guimard's avatar
Xavier Guimard committed
599 600 601
        trustedDomains =>
          { type => 'text', documentation => 'Trusted domains', },
        storePassword => {
602 603 604 605 606 607
            default       => 0,
            type          => 'bool',
            documentation => 'Store password in session',
        },
        timeout => {
            type          => 'int',
Xavier Guimard's avatar
Xavier Guimard committed
608
            test          => sub { $_[0] > 0 },
609 610 611 612
            default       => 72000,
            documentation => 'Session timeout on server side',
        },
        timeoutActivity => {
613
            type          => 'int',
Xavier Guimard's avatar
Xavier Guimard committed
614
            test          => sub { $_[0] >= 0 },
615 616 617
            default       => 0,
            documentation => 'Session activity timeout on server side',
        },
618 619 620 621 622 623
        timeoutActivityInterval => {
            type          => 'int',
            test          => sub { $_[0] >= 0 },
            default       => 60,
            documentation => 'Update session timeout interval on server side',
        },
624 625 626 627 628 629 630 631 632 633 634 635 636 637
        trustedProxies => {
            type          => 'text',
            default       => '',
            documentation => 'Trusted proxies',
        },
        userControl => {
            type          => 'pcre',
            default       => '^[\w\.\-@]+$',
            documentation => 'Regular expression to validate login',
        },
        useRedirectOnError => {
            type          => 'bool',
            default       => 1,
            documentation => 'Use 302 redirect code for error (500)',
Xavier Guimard's avatar
Xavier Guimard committed
638
            flags         => 'h',
639 640 641 642 643 644 645 646 647
        },
        useRedirectOnForbidden => {
            default       => 0,
            type          => 'bool',
            documentation => 'Use 302 redirect code for forbidden (403)',
        },
        useSafeJail => {
            default       => 1,
            type          => 'bool',
Xavier Guimard's avatar
Xavier Guimard committed
648
            help          => 'safejail.html',
649
            documentation => 'Activate Safe jail',
Xavier Guimard's avatar
Xavier Guimard committed
650
            flags         => 'hp',
651 652 653 654 655
        },
        whatToTrace => {
            type          => 'lmAttrOrMacro',
            default       => 'uid',
            documentation => 'Session parameter used to fill REMOTE_USER',
Xavier Guimard's avatar
Xavier Guimard committed
656
            flags         => 'hp',
657
        },
658
        lwpOpts => {
Xavier Guimard's avatar
Xavier Guimard committed
659 660 661
            type          => 'keyTextContainer',
            documentation => 'Options given to LWP::UserAgent',
        },
662 663 664 665
        lwpSslOpts => {
            type          => 'keyTextContainer',
            documentation => 'SSL options given to LWP::UserAgent',
        },
666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710

        # History
        failedLoginNumber => {
            default       => 5,
            type          => 'int',
            documentation => 'Number of failures stored in login history',
        },
        loginHistoryEnabled => {
            default       => 0,
            type          => 'bool',
            documentation => 'Enable login history',
        },
        portalDisplayLoginHistory => {
            type          => 'boolOrExpr',
            default       => 1,
            documentation => 'Display login history tab in portal',
        },
        successLoginNumber => {
            default       => 5,
            type          => 'int',
            documentation => 'Number of success stored in login history',
        },

        # Other displays
        portalDisplayAppslist => {
            type          => 'boolOrExpr',
            default       => 1,
            documentation => 'Display applications tab in portal',
        },
        portalDisplayChangePassword => {
            type          => 'boolOrExpr',
            default       => '$_auth =~ /^(LDAP|DBI|Demo)$/',
            documentation => 'Display password tab in portal',
        },
        portalDisplayLogout => {
            default       => 1,
            type          => 'boolOrExpr',
            documentation => 'Display logout tab in portal',
        },
        portalDisplayRegister => {
            default       => 1,
            type          => 'bool',
            documentation => 'Display register button in portal',
        },
        portalDisplayResetPassword => {
711
            default       => 0,
712 713 714
            type          => 'bool',
            documentation => 'Display reset password button in portal',
        },
715 716
        portalDisplayOidcConsents => {
            type          => 'boolOrExpr',
717
            default       => '$_oidcConnectedRP',
718 719
            documentation => 'Display OIDC consent tab in portal',
        },
720 721

        # Cookies
Xavier Guimard's avatar
Xavier Guimard committed
722 723 724 725 726
        cookieExpiration => {
            type          => 'text',
            documentation => 'Cookie expiration',
            flags         => 'hp',
        },
Xavier Guimard's avatar
Xavier Guimard committed
727
        cookieName => {
728 729 730 731 732
            type          => 'text',
            test          => qr/^[a-zA-Z][a-zA-Z0-9_-]*$/,
            msgFail       => '__badCookieName__',
            default       => 'lemonldap',
            documentation => 'Name of the main cookie',
Xavier Guimard's avatar
Xavier Guimard committed
733
            flags         => 'hp',
734 735 736
        },
        domain => {
            type          => 'text',
Xavier Guimard's avatar
Xavier Guimard committed
737
            test          => qr/^(?:$Regexp::Common::URI::RFC2396::hostname)?$/,
738 739 740
            msgFail       => '__badDomainName__',
            default       => 'example.com',
            documentation => 'DNS domain',
Xavier Guimard's avatar
Xavier Guimard committed
741
            flags         => 'hp',
742 743 744 745 746
        },
        httpOnly => {
            default       => 1,
            type          => 'bool',
            documentation => 'Enable httpOnly flag in cookie',
Xavier Guimard's avatar
Xavier Guimard committed
747
            flags         => 'hp',
748 749 750 751 752 753 754 755 756 757 758
        },
        securedCookie => {
            type   => 'select',
            select => [
                { k => '0', v => 'unsecuredCookie' },
                { k => '1', v => 'securedCookie' },
                { k => '2', v => 'doubleCookie' },
                { k => '3', v => 'doubleCookieForSingleSession' },
            ],
            default       => 0,
            documentation => 'Cookie securisation method',
Xavier Guimard's avatar
Xavier Guimard committed
759
            flags         => 'hp',
760 761 762
        },

        # Notification
763
        oldNotifFormat => {
Xavier Guimard's avatar
Xavier Guimard committed
764 765
            type          => 'bool',
            default       => 0,
Xavier Guimard's avatar
Xavier Guimard committed
766
            documentation => 'Use old XML format for notifications',
767
        },
768 769 770 771 772
        notificationWildcard => {
            type          => 'text',
            default       => 'allusers',
            documentation => 'Notification string to match all users',
        },
Xavier Guimard's avatar
Xavier Guimard committed
773 774 775 776 777
        notificationXSLTfile => {
            type          => 'text',
            documentation => 'Custom XSLT document for notifications',
        },
        notification => {
778 779 780 781
            default       => 0,
            type          => 'bool',
            documentation => 'Notification activation',
        },
782 783 784 785 786
        notificationServer => {
            default       => 0,
            type          => 'bool',
            documentation => 'Notification server activation',
        },
787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804
        notificationStorage => {
            type          => 'PerlModule',
            default       => 'File',
            documentation => 'Notification backend',
        },
        notificationStorageOptions => {
            type    => 'keyTextContainer',
            default => { dirName => '/var/lib/lemonldap-ng/notifications', },
            documentation => 'Notification backend options',
        },

        # Captcha
        captcha_login_enabled => {
            default       => 0,
            type          => 'bool',
            documentation => 'Captcha on login page',
        },
        captcha_mail_enabled => {
805
            default       => 1,
806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824
            type          => 'bool',
            documentation => 'Captcha on password reset page',
        },
        captcha_register_enabled => {
            default       => 1,
            type          => 'bool',
            documentation => 'Captcha on account creation page',
        },
        captcha_size => {
            type          => 'int',
            default       => 6,
            documentation => 'Captcha size',
        },

        # Variables
        exportedVars => {
            type          => 'keyTextContainer',
            help          => 'exportedvars.html',
            keyTest       => qr/^!?[_a-zA-Z][a-zA-Z0-9_]*$/,
Xavier Guimard's avatar
Xavier Guimard committed
825
            keyMsgFail    => '__badVariableName__',
826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843
            test          => qr/^[_a-zA-Z][a-zA-Z0-9_:\-]*$/,
            msgFail       => '__badValue__',
            default       => { 'UA' => 'HTTP_USER_AGENT' },
            documentation => 'Main exported variables',
        },
        groups => {
            type => 'keyTextContainer',
            help =>
              'exportedvars.html#extend_variables_using_macros_and_groups',
            test          => $perlExpr,
            default       => {},
            documentation => 'Groups',
        },
        macros => {
            type => 'keyTextContainer',
            help =>
              'exportedvars.html#extend_variables_using_macros_and_groups',
            keyTest       => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/,
Xavier Guimard's avatar
Xavier Guimard committed
844
            keyMsgFail    => '__badMacroName__',
845 846 847 848 849 850 851 852 853 854
            test          => $perlExpr,
            default       => {},
            documentation => 'Macros',
        },

        # Storage
        globalStorage => {
            type          => 'PerlModule',
            default       => 'Apache::Session::File',
            documentation => 'Session backend module',
Xavier Guimard's avatar
Xavier Guimard committed
855
            flags         => 'hp',
856 857 858 859 860 861 862 863 864 865
        },
        globalStorageOptions => {
            type    => 'keyTextContainer',
            default => {
                'Directory'     => '/var/lib/lemonldap-ng/sessions/',
                'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/',
                'generateModule' =>
                  'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
            },
            documentation => 'Session backend module options',
Xavier Guimard's avatar
Xavier Guimard committed
866
            flags         => 'hp',
867 868
        },
        localSessionStorage => {
Xavier Guimard's avatar
Xavier Guimard committed
869 870
            type          => 'PerlModule',
            default       => 'Cache::FileCache',
Xavier Guimard's avatar
Xavier Guimard committed
871
            documentation => 'Local sessions cache module',
872 873 874 875 876 877 878 879 880 881 882 883 884 885
        },
        localSessionStorageOptions => {
            type    => 'keyTextContainer',
            default => {
                'namespace'          => 'lemonldap-ng-sessions',
                'default_expires_in' => 600,
                'directory_umask'    => '007',
                'cache_root'         => '/tmp',
                'cache_depth'        => 3,
            },
            documentation => 'Sessions cache module options',
        },

        # Persistent storage
Xavier Guimard's avatar
Xavier Guimard committed
886 887 888 889 890 891 892 893 894 895 896 897 898
        persistentStorage => {
            type          => 'PerlModule',
            documentation => 'Storage module for persistent sessions'
        },
        persistentStorageOptions => {
            type          => 'keyTextContainer',
            documentation => 'Options for persistent sessions storage module'
        },
        sessionDataToRemember => {
            type          => 'keyTextContainer',
            keyTest       => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/,
            keyMsgFail    => '__invalidSessionData__',
            documentation => 'Data to remember in login history',
899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920
        },

        # SAML issuer
        issuerDBSAMLActivation => {
            default       => 0,
            type          => 'bool',
            documentation => 'SAML IDP activation',
        },
        issuerDBSAMLPath => {
            type          => 'pcre',
            default       => '^/saml/',
            documentation => 'SAML IDP request path',
        },
        issuerDBSAMLRule => {
            type          => 'boolOrExpr',
            default       => 1,
            documentation => 'SAML IDP rule',
        },

        # OpenID-Connect issuer
        issuerDBOpenIDConnectActivation => {
            type          => 'bool',
921
            default       => 0,
922 923 924 925 926 927 928 929 930 931 932 933 934
            documentation => 'OpenID Connect server activation',
        },
        issuerDBOpenIDConnectPath => {
            type          => 'text',
            default       => '^/oauth2/',
            documentation => 'OpenID Connect server request path',
        },
        issuerDBOpenIDConnectRule => {
            type          => 'boolOrExpr',
            default       => 1,
            documentation => 'OpenID Connect server rule',
        },

935 936 937
        # GET issuer
        issuerDBGetActivation => {
            type          => 'bool',
938
            default       => 0,
939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960
            documentation => 'Get issuer activation',
        },
        issuerDBGetPath => {
            type          => 'text',
            default       => '^/get/',
            documentation => 'Get issuer request path',
        },
        issuerDBGetRule => {
            type          => 'boolOrExpr',
            default       => 1,
            documentation => 'Get issuer rule',
        },
        issuerDBGetParameters => {
            type       => 'doubleHash',
            default    => {},
            keyTest    => qr/^$Regexp::Common::URI::RFC2396::hostname$/,
            keyMsgFail => '__badHostname__',
            test       => {
                keyTest    => qr/^(?=[^\-])[\w\-]+(?<=[^-])$/,
                keyMsgFail => '__badKeyName__',
                test       => sub {
                    my ( $val, $conf ) = @_;
961 962 963 964 965 966 967
                    return 1
                      if ( defined $conf->{macros}->{$val}
                        or $val eq '_timezone' );
                    foreach ( keys %$conf ) {
                        return 1
                          if ( $_ =~ /exportedvars$/i
                            and defined $conf->{$_}->{$val} );
968
                    }
969
                    return ( 1, "__unknownAttrOrMacro__: $val" );
970 971 972 973 974
                },
            },
            documentation => 'List of virtualHosts with their get parameters',
        },

975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992
        # Password
        mailOnPasswordChange => {
            default       => 0,
            type          => 'bool',
            documentation => 'Send a mail when password is changed',
        },
        portalRequireOldPassword => {
            default       => 1,
            type          => 'bool',
            documentation => 'Old password is required to change the password',
        },
        hideOldPassword => {
            default       => 0,
            type          => 'bool',
            documentation => 'Hide old password in portal',
        },

        # Mails
Xavier Guimard's avatar
Xavier Guimard committed
993 994
        mailBody =>
          { type => 'longtext', documentation => 'Custom mail body', },
995 996 997 998 999
        mailCharset => {
            type          => 'text',
            default       => 'utf-8',
            documentation => 'Mail charset',
        },
Xavier Guimard's avatar
Xavier Guimard committed
1000 1001
        mailConfirmBody =>
          { type => 'longtext', documentation => 'Custom confirm mail body', },
1002 1003 1004 1005 1006 1007 1008 1009 1010
        mailConfirmSubject => {
            type          => 'text',
            documentation => 'Mail subject for reset confirmation',
        },
        mailFrom => {
            type          => 'text',
            default       => 'noreply@example.com',
            documentation => 'Sender email',
        },
Xavier Guimard's avatar
Xavier Guimard committed
1011
        mailReplyTo => { type => 'text', documentation => 'Reply-To address' },
1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027
        mailSessionKey => {
            type          => 'text',
            default       => 'mail',
            documentation => 'Session parameter where mail is stored',
        },
        mailSubject => {
            type          => 'text',
            documentation => 'Mail subject for new password email',
        },
        mailTimeout => {
            type          => 'int',
            default       => 0,
            documentation => 'Mail session timeout',
        },
        mailUrl => {
            type          => 'url',
1028
            default       => 'http://auth.example.com/resetpwd',
1029 1030 1031
            documentation => 'URL of password reset page',
        },
        SMTPServer => {
1032 1033 1034
            type    => 'text',
            default => '',
            test    => qr/^(?:$Regexp::Common::URI::RFC2396::host(?::\d+)?)?$/,
1035 1036
            documentation => 'SMTP Server',
        },
1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054
        SMTPPort => {
            type          => 'int',
            documentation => 'Fix SMTP port',
        },
        SMTPTLS => {
            type    => 'select',
            default => '',
            select  => [
                { k => '',         v => 'none' },
                { k => 'starttls', v => 'SMTP + STARTTLS' },
                { k => 'ssl',      v => 'SMTPS' },
            ],
            documentation => 'TLS protocol to use with SMTP',
        },
        SMTPTLSOpts => {
            type          => 'keyTextContainer',
            documentation => 'TLS/SSL options for SMTP',
        },
Xavier Guimard's avatar
Xavier Guimard committed
1055 1056 1057 1058 1059 1060 1061 1062
        SMTPAuthUser => {
            type          => 'text',
            documentation => 'Login to use to send mails',
        },
        SMTPAuthPass => {
            type          => 'password',
            documentation => 'Password to use to send mails',
        },
1063 1064 1065 1066 1067 1068 1069 1070 1071

        # Registration
        registerConfirmSubject => {
            type          => 'text',
            documentation => 'Mail subject for register confirmation',
        },
        registerDB => {
            type   => 'select',
            select => [
1072 1073 1074 1075 1076
                { k => 'AD',     v => 'Active Directory' },
                { k => 'Demo',   v => 'Demonstration' },
                { k => 'LDAP',   v => 'LDAP' },
                { k => 'Null',   v => 'None' },
                { k => 'Custom', v => 'customModule' },
1077
            ],
1078
            default       => 'Null',
1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089
            documentation => 'Register module',
        },
        registerDoneSubject => {
            type          => 'text',
            documentation => 'Mail subject when register is done',
        },
        registerTimeout => {
            default       => 0,
            type          => 'int',
            documentation => 'Register session timeout',
        },
1090 1091
        registerUrl => {
            type          => 'text',
1092
            default       => 'http://auth.example.com/register',
1093 1094
            documentation => 'URL of register page',
        },
1095

1096 1097 1098
        # Upgrade session
        upgradeSession => {
            type          => 'bool',
1099
            default       => 1,
1100 1101
            documentation => 'Upgrade session activation',
        },
1102

1103 1104 1105 1106
        # 2F
        max2FDevices => {
            default       => 10,
            type          => 'int',
1107
            documentation => 'Maximum registered 2F devices',
1108 1109 1110 1111
        },
        max2FDevicesNameLength => {
            default       => 20,
            type          => 'int',
1112
            documentation => 'Maximum 2F devices name length',
1113
        },
1114

Xavier Guimard's avatar
Xavier Guimard committed
1115 1116
        # U2F
        u2fActivation => {
Xavier Guimard's avatar
Xavier Guimard committed
1117
            type          => 'boolOrExpr',
Xavier Guimard's avatar
Xavier Guimard committed
1118 1119 1120
            default       => 0,
            documentation => 'U2F activation',
        },
1121
        u2fSelfRegistration => {
1122
            type          => 'boolOrExpr',
1123 1124
            default       => 0,
            documentation => 'U2F self registration activation',
Xavier Guimard's avatar
Xavier Guimard committed
1125
        },
Xavier Guimard's avatar
Xavier Guimard committed
1126 1127 1128 1129 1130
        u2fAuthnLevel => {
            type => 'int',
            documentation =>
              'Authentication level for users authentified by password+U2F'
        },
1131 1132 1133 1134 1135
        u2fUserCanRemoveKey => {
            type          => 'bool',
            default       => 1,
            documentation => 'Authorize users to remove existing U2F key',
        },
Xavier Guimard's avatar
Xavier Guimard committed
1136

Xavier Guimard's avatar
Xavier Guimard committed
1137 1138 1139 1140 1141 1142
        # TOTP second factor
        totp2fActivation => {
            type          => 'boolOrExpr',
            default       => 0,
            documentation => 'TOTP activation',
        },
1143
        totp2fSelfRegistration => {
1144
            type          => 'boolOrExpr',
Xavier Guimard's avatar
Xavier Guimard committed
1145 1146 1147 1148 1149 1150 1151 1152
            default       => 0,
            documentation => 'TOTP self registration activation',
        },
        totp2fAuthnLevel => {
            type => 'int',
            documentation =>
              'Authentication level for users authentified by password+TOTP'
        },
Xavier Guimard's avatar
Xavier Guimard committed
1153 1154 1155 1156
        totp2fIssuer => {
            type          => 'text',
            documentation => 'TOTP Issuer',
        },
Xavier Guimard's avatar
Xavier Guimard committed
1157 1158 1159 1160 1161 1162 1163 1164 1165 1166
        totp2fInterval => {
            type          => 'int',
            default       => 30,
            documentation => 'TOTP interval',
        },
        totp2fRange => {
            type          => 'int',
            default       => 1,
            documentation => 'TOTP range (number of interval to test)',
        },
Xavier Guimard's avatar
Xavier Guimard committed
1167 1168 1169 1170 1171
        totp2fDigits => {
            type          => 'int',
            default       => 6,
            documentation => 'Number of digits for TOTP code',
        },
1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182
        totp2fDisplayExistingSecret => {
            type    => 'bool',
            default => 0,
            documentation =>
              'Display existing TOTP secret in registration form',
        },
        totp2fUserCanChangeKey => {
            type          => 'bool',
            default       => 0,
            documentation => 'Authorize users to change existing TOTP secret',
        },
1183 1184 1185 1186 1187
        totp2fUserCanRemoveKey => {
            type          => 'bool',
            default       => 1,
            documentation => 'Authorize users to remove existing TOTP secret',
        },
Xavier Guimard's avatar
Xavier Guimard committed
1188

Xavier Guimard's avatar
Xavier Guimard committed
1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200
        # UTOTP 2F
        utotp2fActivation => {
            type          => 'boolOrExpr',
            default       => 0,
            documentation => 'UTOTP activation (mixed U2F/TOTP module)',
        },
        utotp2fAuthnLevel => {
            type => 'int',
            documentation =>
'Authentication level for users authentified by password+(U2F or TOTP)'
        },

1201 1202
        # External second factor
        ext2fActivation => {
Xavier Guimard's avatar
Xavier Guimard committed
1203
            type          => 'boolOrExpr',
1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219
            default       => 0,
            documentation => 'External second factor activation',
        },
        ext2FSendCommand => {
            type          => 'text',
            documentation => 'Send command of External second factor',
        },
        ext2FValidateCommand => {
            type          => 'text',
            documentation => 'Validation command of External second factor',
        },
        ext2fAuthnLevel => {
            type => 'int',
            documentation =>
'Authentication level for users authentified by External second factor'
        },
Xavier Guimard's avatar
Xavier Guimard committed
1220 1221 1222 1223
        ext2fLogo => {
            type          => 'text',
            documentation => 'Custom logo for External 2F',
        },
1224

1225 1226 1227 1228 1229 1230 1231
        #  REST External second factor
        rest2fActivation => {
            type          => 'boolOrExpr',
            default       => 0,
            documentation => 'REST second factor activation',
        },
        rest2fInitUrl => {
Xavier Guimard's avatar
Xavier Guimard committed
1232
            type          => 'url',
1233 1234 1235
            documentation => 'REST 2F init URL',
        },
        rest2fInitArgs => {
Xavier Guimard's avatar
Xavier Guimard committed
1236 1237 1238 1239 1240
            type          => 'keyTextContainer',
            keyTest       => qr/^\w+$/,
            keyMsgFail    => '__badKeyName__',
            test          => qr/^\w+$/,
            msgFail       => '__badValue__',
1241 1242 1243
            documentation => 'Args for REST 2F init',
        },
        rest2fVerifyUrl => {
Xavier Guimard's avatar
Xavier Guimard committed
1244 1245 1246 1247 1248
            type          => 'url',
            keyTest       => qr/^\w+$/,
            keyMsgFail    => '__badKeyName__',
            test          => qr/^\w+$/,
            msgFail       => '__badValue__',
1249 1250 1251
            documentation => 'REST 2F init URL',
        },
        rest2fVerifyArgs => {
Xavier Guimard's avatar
Xavier Guimard committed
1252
            type          => 'keyTextContainer',
1253 1254 1255 1256 1257 1258 1259
            documentation => 'Args for REST 2F init',
        },
        rest2fAuthnLevel => {
            type => 'int',
            documentation =>
'Authentication level for users authentified by REST second factor'
        },
Xavier Guimard's avatar
Xavier Guimard committed
1260 1261 1262 1263
        rest2fLogo => {
            type          => 'text',
            documentation => 'Custom logo for REST 2F',
        },
1264

1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281
        # Yubikey 2FA
        yubikey2fActivation => {
            type          => 'boolOrExpr',
            default       => 0,
            documentation => 'Yubikey second factor activation',
        },
        yubikey2fSelfRegistration => {
            type          => 'boolOrExpr',
            default       => 0,
            documentation => 'Yubikey self registration activation',
        },
        yubikey2fAuthnLevel => {
            type => 'int',
            documentation =>
'Authentication level for users authentified by Yubikey second factor'
        },
        yubikey2fClientID => {
1282
            type          => 'text',
1283 1284 1285
            documentation => 'Yubico client ID',
        },
        yubikey2fSecretKey => {
1286
            type          => 'text',
1287 1288 1289
            documentation => 'Yubico secret key',
        },
        yubikey2fNonce => {
1290
            type          => 'text',
1291 1292 1293
            documentation => 'Yubico nonce',
        },
        yubikey2fUrl => {
1294
            type          => 'text',
1295 1296 1297
            documentation => 'Yubico server',
        },
        yubikey2fPublicIDSize => {
1298 1299
            type          => 'int',
            default       => 12,
1300 1301
            documentation => 'Yubikey public ID size',
        },
1302 1303 1304 1305 1306
        yubikey2fUserCanRemoveKey => {
            type          => 'bool',
            default       => 1,
            documentation => 'Authorize users to remove existing Yubikey',
        },
1307

1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329
        # Single session
        notifyDeleted => {
            default       => 1,
            type          => 'bool',
            documentation => 'Show deleted sessions in portal',
        },
        notifyOther => {
            default       => 0,
            type          => 'bool',
            documentation => 'Show other sessions in portal',
        },
        singleSession => {
            default       => 0,
            type          => 'bool',
            documentation => 'Allow only one session per user',
        },
        singleIP => {
            default       => 0,
            type          => 'bool',
            documentation => 'Allow only one session per IP',
        },
        singleUserByIP => {
Xavier Guimard's avatar
Xavier Guimard committed
1330 1331 1332
            default       => 0,
            type          => 'bool',
            documentation => 'Allow only one user per IP',
1333 1334 1335 1336 1337 1338 1339
        },
        singleSessionUserByIP => {
            default       => 0,
            type          => 'bool',
            documentation => 'Allow only one session per user on an IP',
        },

Xavier Guimard's avatar
Xavier Guimard committed
1340
        # REST server
1341
        restSessionServer => {
Xavier Guimard's avatar
Xavier Guimard committed
1342 1343
            default       => 0,
            type          => 'bool',
1344 1345 1346 1347 1348 1349
            documentation => 'Enable REST session server',
        },
        restConfigServer => {
            default       => 0,
            type          => 'bool',
            documentation => 'Enable REST config server',
Xavier Guimard's avatar
Xavier Guimard committed
1350 1351
        },

1352
        # SOAP server
1353
        soapSessionServer => {
1354 1355
            default       => 0,
            type          => 'bool',
Xavier Guimard's avatar
Xavier Guimard committed
1356
            help          => 'soapservices.html',
1357 1358 1359
            documentation => 'Enable SOAP session server',
        },
        soapConfigServer => {
Xavier Guimard's avatar
Xavier Guimard committed
1360 1361
            default       => 0,
            type          => 'bool',
Xavier Guimard's avatar
Xavier Guimard committed
1362
            help          => 'soapservices.html',
1363
            documentation => 'Enable SOAP config server',
1364
        },
Xavier Guimard's avatar
Xavier Guimard committed
1365 1366 1367 1368 1369
        exportedAttr => {
            type => 'text',
            documentation =>
              'List of attributes to export by SOAP or REST servers',
        },
1370

1371 1372 1373 1374 1375 1376
        # AutoSignin
        autoSigninRules => {
            type          => 'keyTextContainer',
            documentation => 'List of auto signin rules',
        },

1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387
        ## Virtualhosts

        # Fake attribute: used by manager REST API to agglomerate all other
        # nodes
        virtualHosts => {
            type     => 'virtualHostContainer',
            help     => 'configvhost.html',
            template => 'virtualHost',
        },

        locationRules => {
1388 1389 1390 1391 1392 1393 1394 1395 1396
            type => 'ruleContainer',
            help => 'writingrulesand_headers.html#rules',
            test => {
                keyTest => sub {
                    eval { qr/$_[0]/ };
                    return $@ ? 0 : 1;
                },
                keyMsgFail => '__badRegexp__',
                test       => sub {
1397 1398
                    my ( $val, $conf ) = @_;
                    my $s = $val;
Xavier Guimard's avatar
#996  
Xavier Guimard committed
1399
                    if ( $s =~ s/^logout(?:_(?:sso|app(?:_sso)?))?\s*// ) {
1400 1401 1402
                        return $s =~ m{^(?:https?://.*)?$}
                          ? (1)
                          : ( 0, '__badUrl__' );
Xavier Guimard's avatar
Xavier Guimard committed
1403
                    }
Xavier Guimard's avatar
Xavier Guimard committed
1404
                    $s =~ s/\b(accept|deny|unprotect|skip)\b/1/g;
Xavier Guimard's avatar
Xavier Guimard committed
1405
                    no warnings( 'redefine', 'uninitialized' );
1406
                    eval $s;
1407 1408 1409 1410
                    my $err = join( '',
                        grep { $_ =~ /Undefined subroutine/ ? () : $_ }
                          split( /\n/, $@ ) );
                    return $err ? ( 1, "__badExpression__: $err" ) : (1);
1411
                },
1412
                msgFail => '__badExpression__',
1413
            },
1414
            keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
Xavier Guimard's avatar
Xavier Guimard committed
1415 1416
            keyMsgFail => '__badHostname__',
            default    => {
1417 1418 1419
                default => 'deny',
            },
            documentation => 'Virtualhost rules',
Xavier Guimard's avatar
Xavier Guimard committed
1420
            flags         => 'h',
1421 1422
        },
        exportedHeaders => {
1423 1424 1425
            type    => 'keyTextContainer',
            help    => 'writingrulesand_headers.html#headers',
            keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
1426 1427 1428 1429 1430 1431 1432
            keyMsgFail => '__badHostname__',
            test       => {
                keyTest    => qr/^(?=[^\-])[\w\-]+(?<=[^-])$/,
                keyMsgFail => '__badHeaderName__',
                test       => sub {
                    my ( $val, $conf ) = @_;
                    my $s = $val;
Xavier Guimard's avatar
Xavier Guimard committed
1433
                    no warnings( 'redefine', 'uninitialized' );
1434
                    eval $s;
1435 1436 1437 1438
                    my $err = join( '',
                        grep { $_ =~ /Undefined subroutine/ ? () : $_ }
                          split( /\n/, $@ ) );
                    return $err ? ( 1, "__badExpression__: $err" ) : (1);
Xavier Guimard's avatar
Xavier Guimard committed
1439
                }
1440
            },
1441
            documentation => 'Virtualhost headers',
Xavier Guimard's avatar
Xavier Guimard committed
1442
            flags         => 'h',
1443 1444
        },
        post => {
1445 1446 1447 1448
            type    => 'postContainer',
            help    => 'formreplay.html',
            test    => sub { 1 },
            keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470
            keyMsgFail    => '__badHostname__',
            documentation => 'Virtualhost urls/Datas to post',
        },

        vhostOptions => {
            type => 'subContainer',
        },
        vhostPort => {
            type    => 'int',
            default => -1,
        },
        vhostHttps => {
            type    => 'trool',
            default => -1,
        },
        vhostMaintenance => {
            type    => 'bool',
            default => 0,
        },
        vhostAliases => {
            type => 'text',
        },
1471 1472 1473
        vhostType => {
            type   => 'select',
            select => [
1474 1475 1476 1477 1478 1479 1480
                { k => 'Main',         v => 'Main' },
                { k => 'Zimbra',       v => 'ZimbraPreAuth' },
                { k => 'AuthBasic',    v => 'AuthBasic' },
                { k => 'SecureToken',  v => 'SecureToken' },
                { k => 'CDA',          v => 'CDA' },
                { k => 'DevOps',       v => 'DevOps' },
                { k => 'ServiceToken', v => 'ServiceToken' },
1481 1482 1483 1484
            ],
            default       => 'Main',
            documentation => 'Handler type',
        },
1485 1486 1487
        vhostAuthnLevel => {
            type => 'int',
        },
1488

Xavier Guimard's avatar
Xavier Guimard committed
1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547
        # SecureToken parameters
        secureTokenAllowOnError => {
            type          => 'text',
            documentation => 'Secure Token allow requests in error',
            flags         => 'h',
        },
        secureTokenAttribute => {
            type          => 'text',
            documentation => 'Secure Token attribute',
            flags         => 'h',
        },
        secureTokenExpiration => {
            type