Commit 3383a68a authored by Xavier Guimard's avatar Xavier Guimard

Tidy

parent 84b4b572
......@@ -98,10 +98,11 @@ sub unserialize {
unless ( utf8::is_utf8($v) ) {
$v = encode( 'UTF-8', $v );
}
$conf->{$k} =
( $v =~ /./
$conf->{$k} = (
$v =~ /./
? eval { from_json( $v, { allow_nonref => 1 } ) }
: {} );
: {}
);
if ($@) {
$Lemonldap::NG::Common::Conf::msg .=
"Unable to decode $k, switching to old format.\n";
......
......@@ -93,7 +93,7 @@ sub statusInit {
open STDOUT, ">&$fdout";
my $perl_exec = ( $^X =~ /perl/ ) ? $^X : 'perl';
exec $perl_exec, '-MLemonldap::NG::Handler::Lib::Status',
map( {"-I$_"} @INC ),
map( { "-I$_" } @INC ),
'-e &Lemonldap::NG::Handler::Lib::Status::run()';
}
}
......
......@@ -84,14 +84,18 @@ sub init {
my $portal = $conf->{portal};
$portal =~ s#https?://([^/]*).*#$1#;
$self->csp(
"default-src 'self' $portal;frame-ancestors 'none';form-action 'self';"
"default-src 'self' $portal;frame-ancestors 'none';form-action 'self';"
);
$self->defaultRoute( $working[0]->defaultRoute );
# Find out more glyphicones at https://www.w3schools.com/icons/bootstrap_icons_glyphicons.asp
my $linksIcons =
{ 'conf' => 'cog', 'sessions' => 'duplicate', 'notifications' => 'bell', 'U2F' => 'wrench' };
my $linksIcons = {
'conf' => 'cog',
'sessions' => 'duplicate',
'notifications' => 'bell',
'U2F' => 'wrench'
};
$self->links( [] );
for ( my $i = 0 ; $i < @links ; $i++ ) {
......
......@@ -8,12 +8,12 @@ sub types {
'authParamsText' => {
'test' => sub {
1;
}
}
},
'blackWhiteList' => {
'test' => sub {
1;
}
}
},
'bool' => {
'msgFail' => '__notABoolean__',
......@@ -36,17 +36,17 @@ sub types {
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}
}
},
'catAndAppList' => {
'test' => sub {
1;
}
}
},
'file' => {
'test' => sub {
1;
}
}
},
'hostname' => {
'form' => 'text',
......@@ -80,48 +80,48 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
if $_ =~ /exportedvars$/i and defined $conf->{$_}{$val};
}
return 1, "__unknownAttrOrMacro__: $val";
}
}
},
'longtext' => {
'test' => sub {
1;
}
}
},
'menuApp' => {
'test' => sub {
1;
}
}
},
'menuCat' => {
'test' => sub {
1;
}
}
},
'oidcmetadatajson' => {
'test' => sub {
1;
}
}
},
'oidcmetadatajwks' => {
'test' => sub {
1;
}
}
},
'oidcOPMetaDataNode' => {
'test' => sub {
1;
}
}
},
'oidcRPMetaDataNode' => {
'test' => sub {
1;
}
}
},
'password' => {
'msgFail' => '__malformedValue__',
'test' => sub {
1;
}
}
},
'pcre' => {
'form' => 'text',
......@@ -132,7 +132,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
}
};
return $@ ? ( 0, "__badRegexp__: $@" ) : 1;
}
}
},
'PerlModule' => {
'form' => 'text',
......@@ -142,17 +142,17 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
'portalskin' => {
'test' => sub {
1;
}
}
},
'portalskinbackground' => {
'test' => sub {
1;
}
}
},
'post' => {
'test' => sub {
1;
}
}
},
'RSAPrivateKey' => {
'test' => sub {
......@@ -160,7 +160,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:RSA\s+)PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s
? 1
: ( 1, '__badPemEncoding__' );
}
}
},
'RSAPublicKey' => {
'test' => sub {
......@@ -168,7 +168,7 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+=
m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$]s
? 1
: ( 1, '__badPemEncoding__' );
}
}
},
'RSAPublicKeyOrCertificate' => {
'test' => sub {
......@@ -176,37 +176,37 @@ m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\
m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$]s
? 1
: ( 1, '__badPemEncoding__' );
}
}
},
'rule' => {
'test' => sub {
1;
}
}
},
'samlAssertion' => {
'test' => sub {
1;
}
}
},
'samlAttribute' => {
'test' => sub {
1;
}
}
},
'samlIDPMetaDataNode' => {
'test' => sub {
1;
}
}
},
'samlService' => {
'test' => sub {
1;
}
}
},
'samlSPMetaDataNode' => {
'test' => sub {
1;
}
}
},
'select' => {
'test' => sub {
......@@ -216,19 +216,19 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\
return $test
? 1
: ( 1, "Invalid value '$_[0]' for this select" );
}
}
},
'subContainer' => {
'keyTest' => qr/\w/,
'test' => sub {
1;
}
}
},
'text' => {
'msgFail' => '__malformedValue__',
'test' => sub {
1;
}
}
},
'trool' => {
'msgFail' => '__authorizedValues__: -1, 0, 1',
......@@ -1045,7 +1045,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}
}
},
'type' => 'keyTextContainer'
},
......@@ -1217,7 +1217,7 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
and defined $conf->{$_}{$val};
}
return 1, "__unknownAttrOrMacro__: $val";
}
}
},
'type' => 'doubleHash'
},
......@@ -1505,7 +1505,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}
}
},
'type' => 'ruleContainer'
},
......@@ -3001,19 +3001,19 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 0,
'select' => [
{
'k' => 0,
'k' => '0',
'v' => 'unsecuredCookie'
},
{
'k' => 1,
'k' => '1',
'v' => 'securedCookie'
},
{
'k' => 2,
'k' => '2',
'v' => 'doubleCookie'
},
{
'k' => 3,
'k' => '3',
'v' => 'doubleCookieForSingleSession'
}
],
......
......@@ -5,6 +5,7 @@ use utf8;
use strict;
use Mouse;
use MIME::Base64 qw(encode_base64 decode_base64);
#use Crypt::U2F::Server::Simple;
use Lemonldap::NG::Common::Session;
......@@ -49,7 +50,7 @@ sub addRoutes {
u2f => { ':sessionType' => { ':sessionId' => 'registerU2FKey' } },
['PUT']
)
# VERIFY U2F KEY
->addRoute(
u2f => { ':sessionType' => { ':sessionId' => 'verifyU2FKey' } },
......@@ -63,24 +64,22 @@ sub addRoutes {
$self->{hiddenAttributes} //= "_password";
}
############################
# II. REGISTRATION METHODS #
############################
sub registerU2FKey {
my ( $self, $req, $session, $skey ) = @_;
my ( $self, $req, $session, $skey ) = @_;
eval 'use Crypt::U2F::Server::Simple';
if ($@) {
$self->error("Can't load U2F library: $@");
return 0;
}
return $self->addU2FKey( $req, $session, $skey );
}
eval 'use Crypt::U2F::Server::Simple';
if ($@) {
$self->error("Can't load U2F library: $@");
return 0;
}
return $self->addU2FKey( $req, $session, $skey );
}
########################
# III. DISPLAY METHODS #
......@@ -101,13 +100,14 @@ sub u2f {
$type = ucfirst($type);
my $res;
# Case 2: list of sessions
my $whatToTrace = Lemonldap::NG::Handler::PSGI::Main->tsv->{whatToTrace};
# 2.1 Get fields to require
my @fields = ( '_httpSessionType', $self->{ipField}, $whatToTrace, '_u2fKeyHandle' );
my @fields =
( '_httpSessionType', $self->{ipField}, $whatToTrace, '_u2fKeyHandle' );
if ( my $groupBy = $params->{groupBy} ) {
$groupBy =~ s/^substr\((\w+)(?:,\d+(?:,\d+)?)?\)$/$1/;
$groupBy =~ s/^_whatToTrace$/$whatToTrace/o
......@@ -193,12 +193,13 @@ sub u2f {
}
}
# Display sessions with registered U2F key only
foreach my $session ( keys %$res ) {
delete $res->{$session}
unless ( defined $res->{$session}->{_u2fKeyHandle} and length $res->{$session}->{_u2fKeyHandle} )
}
# Display sessions with registered U2F key only
foreach my $session ( keys %$res ) {
delete $res->{$session}
unless ( defined $res->{$session}->{_u2fKeyHandle}
and length $res->{$session}->{_u2fKeyHandle} );
}
my $total = ( keys %$res );
if ( my $group = $req->params('groupBy') ) {
......
// Generated by CoffeeScript 1.9.3
// Generated by CoffeeScript 1.12.7
/*
* Session explorer
......
......@@ -106,10 +106,11 @@ sub verify {
# Prepare args
my $args;
foreach my $k ( keys %{ $self->{vrfyAttrs} } ) {
$args->{$k} =
( $k eq 'code'
$args->{$k} = (
$k eq 'code'
? $code
: $req->sessionInfo->{ $self->{vrfyAttrs}->{$k} } );
: $req->sessionInfo->{ $self->{vrfyAttrs}->{$k} }
);
}
# Launch REST request
......
......@@ -137,24 +137,16 @@ sub selfRegister {
}
);
}
# Get or generate master key
elsif ( $action eq 'unregister' ) {
$self->p->updatePersistentSession( $req,
{ _totp2fSecret => '' }
);
# Get or generate master key
elsif ( $action eq 'unregister' ) {
$self->p->updatePersistentSession( $req, { _totp2fSecret => '' } );
$self->userLogger->notice('TOTP unregistration succeed');
return [ 200, [ 'Content-Type' => 'application/json' ],
['{"result":1}'] ];
}
}
1;
......@@ -74,18 +74,16 @@ sub run {
return [ 200, [ 'Content-Type' => 'application/json' ], [$challenge] ];
}
if ( $action eq 'unregistration' ) {
$self->p->updatePersistentSession(
$req,
{
_u2fKeyHandle => '',
_u2fUserKey => ''
}
);
$self->userLogger->notice('U2F key unregistration succeed');
return [
200, [ 'Content-Type' => 'application/json' ],
['{"result":1}']
];
$self->p->updatePersistentSession(
$req,
{
_u2fKeyHandle => '',
_u2fUserKey => ''
}
);
$self->userLogger->notice('U2F key unregistration succeed');
return [ 200, [ 'Content-Type' => 'application/json' ],
['{"result":1}'] ];
my $err = Crypt::U2F::Server::Simple::lastError();
$self->userLogger->warn("U2F Unregistration failed: $err");
return $self->p->sendError( $req, $err, 200 );
......@@ -117,6 +115,7 @@ sub run {
}
my $res =
( $req->datas->{crypter}->authenticationVerify($resp) ? 1 : 0 );
#$self->userLogger->notice("res=$res");
return [
200, [ 'Content-Type' => 'application/json' ],
......
......@@ -85,6 +85,7 @@ sub verify {
return $self->fail($req);
}
$self->logger->debug("Get challenge: $challenge");
#eval { $challenge = JSON::from_json($challenge)->{challenge} };
if ( not $req->datas->{crypter}->setChallenge($challenge) ) {
$self->logger->error(
......
......@@ -177,8 +177,7 @@ sub try {
# On error, restart authentication with next scheme
if ( $res > PE_OK ) {
$self->logger->info(
qq'Scheme "$name" returned $res, trying next');
$self->logger->info(qq'Scheme "$name" returned $res, trying next');
$req->datas->{dataKeep}->{combinationTry}++;
$req->steps( [ @{ $req->datas->{combinationSteps} } ] );
$req->continue(1);
......
......@@ -733,7 +733,7 @@ sub extractFormInfo {
my $res = $self->p->deleteSession($req);
return (
$res eq PE_LOGOUT_OK ? PE_SENDRESPONSE : $res );
}
}
]
);
......
......@@ -95,7 +95,7 @@ sub getToken {
$self->logger->notice("Bad (or expired) token $id");
return undef;
}
$self->cache->remove($id) unless($keep);
$self->cache->remove($id) unless ($keep);
return from_json( $data, { allow_nonref => 1 } );
}
else {
......
......@@ -178,24 +178,32 @@ sub sregHook {
# else build message and return 0
else {
my (@mopt,@mreq);
my ( @mopt, @mreq );
# No choice for requested parameters: just an information
foreach my $k (@req) {
utf8::decode( $msg{req}->{$k} );
push @mreq, {k=>$k,m=>$msg{req}->{$k}};
push @mreq, { k => $k, m => $msg{req}->{$k} };
}
# For optional parameters: checkboxes are displayed
foreach my $k (@opt) {
utf8::decode( $msg{opt}->{$k} );
push @mopt,{k=>$k,m=>$msg{opt}->{$k},c=>( $ag{$k} ? 'checked' : '' )};
push @mopt,
{
k => $k,
m => $msg{opt}->{$k},
c => ( $ag{$k} ? 'checked' : '' )
};
}
$req->datas->{_openIdTrustExtMsg} .= $self->loadTemplate('openIdTrust',params => {
required => \@mreq,
optional => \@mopt,
});
$req->datas->{_openIdTrustExtMsg} .= $self->loadTemplate(
'openIdTrust',
params => {
required => \@mreq,
optional => \@mopt,
}
);
$self->logger->debug('Building validation form');
return ( 0, $prm );
......
......@@ -101,7 +101,7 @@ sub _redirect {
# Restore urldc if auth doesn't need to dial with browser
$self->restoreRequest( $req, $ir );
return $self->run( @_, @path );
}
}
]
);
}
......
......@@ -24,9 +24,10 @@ sub init {
if ( my $rules = $self->conf->{autoSigninRules} ) {
my $safe = Safe->new;
foreach my $id ( sort keys %$rules ) {
my $sub = $safe->reval('sub{my($env)=@_;return ('.$rules->{$id}.')}');
my $sub =
$safe->reval( 'sub{my($env)=@_;return (' . $rules->{$id} . ')}' );
if ($@) {
$self->error('Bad Autologin rule "'.$rules->{$id}.': $@');
$self->error( 'Bad Autologin rule "' . $rules->{$id} . ': $@' );
return 0;
}
$id =~ s/^\s*([\w\-\@]+)\s*/$1/;
......
......@@ -24,8 +24,12 @@ SKIP: {
skip 'DBD::SQLite not found', $maintests;
}
my $dbh = DBI->connect("dbi:SQLite:dbname=t/userdb.db");
$dbh->do('CREATE TABLE users (user text,password text,name text,uid text,cn text,mail text)');
$dbh->do("INSERT INTO users VALUES ('dwho','dwho','Doctor who','dwho','Doctor who','dwho\@badwolf.org')");
$dbh->do(
'CREATE TABLE users (user text,password text,name text,uid text,cn text,mail text)'
);
$dbh->do(
"INSERT INTO users VALUES ('dwho','dwho','Doctor who','dwho','Doctor who','dwho\@badwolf.org')"
);
# Initialization
ok( $issuer = issuer(), 'Issuer portal' );
......
......@@ -37,11 +37,12 @@ SKIP: {
krbByJs => 1,
}
}
);
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Simple access' );
ok( $res->[2]->[0] =~ /script.*kerberos\.js/s, 'Found Kerberos JS' );
my ( $host, $url, $query ) = expectForm( $res, '#');
# TODO
);
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Simple access' );
ok( $res->[2]->[0] =~ /script.*kerberos\.js/s, 'Found Kerberos JS' );
my ( $host, $url, $query ) = expectForm( $res, '#' );
# TODO
}
count($maintests);
clean_sessions();
......