Commit 8a500c9e authored by Christophe Maudoux's avatar Christophe Maudoux 🐛

Merge branch 'master' of gitlab.ow2.org:lemonldap-ng/lemonldap-ng

Perltidy
parents a79d66f4 13320e64
......@@ -541,9 +541,10 @@ sub authChoiceModules {
my @res;
foreach my $k ( sort keys %$value ) {
my $data = [ split /;/, $value->{$k} ];
eval {$data->[5] = from_json($data->[5]) if $data->[5] };
if($@){
$self->logger->error("Bad value in choice over parameters, deleted ($@)");
eval { $data->[5] = from_json( $data->[5] ) if $data->[5] };
if ($@) {
$self->logger->error(
"Bad value in choice over parameters, deleted ($@)");
}
push @res,
{
......
......@@ -107,7 +107,7 @@ sub statusInit {
exec $perl_exec, '-MLemonldap::NG::Handler::Lib::Status',
# Insert @INC in Perl path
map( { "-I$_" } @INC ),
map( {"-I$_"} @INC ),
# Command to launch
'-e', '&Lemonldap::NG::Handler::Lib::Status::run()',
......
......@@ -21,7 +21,7 @@ ok(
cookieName => 'lemonldap',
securedCookie => 0,
https => 0,
userLogger => 'Lemonldap::NG::Common::Logger::Null',
userLogger => 'Lemonldap::NG::Common::Logger::Null',
}
),
'initialization'
......
......@@ -29,7 +29,7 @@ sub init {
cookieName => 'lemonldap',
securedCookie => 0,
https => 0,
logger => 'Lemonldap::NG::Common::Logger::Std',
logger => 'Lemonldap::NG::Common::Logger::Std',
%$prms
);
ok(
......
......@@ -8,17 +8,17 @@ sub types {
'array' => {
'test' => sub {
1;
}
}
},
'authParamsText' => {
'test' => sub {
1;
}
}
},
'blackWhiteList' => {
'test' => sub {
1;
}
}
},
'bool' => {
'msgFail' => '__notABoolean__',
......@@ -36,17 +36,17 @@ sub types {
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}
}
},
'catAndAppList' => {
'test' => sub {
1;
}
}
},
'file' => {
'test' => sub {
1;
}
}
},
'hostname' => {
'form' => 'text',
......@@ -80,48 +80,48 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
if $_ =~ /exportedvars$/i and defined $conf->{$_}{$val};
}
return 1, "__unknownAttrOrMacro__: $val";
}
}
},
'longtext' => {
'test' => sub {
1;
}
}
},
'menuApp' => {
'test' => sub {
1;
}
}
},
'menuCat' => {
'test' => sub {
1;
}
}
},
'oidcmetadatajson' => {
'test' => sub {
1;
}
}
},
'oidcmetadatajwks' => {
'test' => sub {
1;
}
}
},
'oidcOPMetaDataNode' => {
'test' => sub {
1;
}
}
},
'oidcRPMetaDataNode' => {
'test' => sub {
1;
}
}
},
'password' => {
'msgFail' => '__malformedValue__',
'test' => sub {
1;
}
}
},
'pcre' => {
'form' => 'text',
......@@ -132,7 +132,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
}
};
return $@ ? ( 0, "__badRegexp__: $@" ) : 1;
}
}
},
'PerlModule' => {
'form' => 'text',
......@@ -142,17 +142,17 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
'portalskin' => {
'test' => sub {
1;
}
}
},
'portalskinbackground' => {
'test' => sub {
1;
}
}
},
'post' => {
'test' => sub {
1;
}
}
},
'RSAPrivateKey' => {
'test' => sub {
......@@ -160,7 +160,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?(?:Proc-Type:.*\r?\nDEK-Info:.*\r?\n[\r\n]*)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:RSA\s+)PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s
? 1
: ( 1, '__badPemEncoding__' );
}
}
},
'RSAPublicKey' => {
'test' => sub {
......@@ -168,7 +168,7 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?(?:Proc-Type:.*\r?\n
m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$]s
? 1
: ( 1, '__badPemEncoding__' );
}
}
},
'RSAPublicKeyOrCertificate' => {
'test' => sub {
......@@ -176,37 +176,37 @@ m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\
m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$]s
? 1
: ( 1, '__badPemEncoding__' );
}
}
},
'rule' => {
'test' => sub {
1;
}
}
},
'samlAssertion' => {
'test' => sub {
1;
}
}
},
'samlAttribute' => {
'test' => sub {
1;
}
}
},
'samlIDPMetaDataNode' => {
'test' => sub {
1;
}
}
},
'samlService' => {
'test' => sub {
1;
}
}
},
'samlSPMetaDataNode' => {
'test' => sub {
1;
}
}
},
'select' => {
'test' => sub {
......@@ -216,19 +216,19 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\
return $test
? 1
: ( 1, "Invalid value '$_[0]' for this select" );
}
}
},
'subContainer' => {
'keyTest' => qr/\w/,
'test' => sub {
1;
}
}
},
'text' => {
'msgFail' => '__malformedValue__',
'test' => sub {
1;
}
}
},
'trool' => {
'msgFail' => '__authorizedValues__: -1, 0, 1',
......@@ -1050,7 +1050,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}
}
},
'type' => 'keyTextContainer'
},
......@@ -1219,7 +1219,7 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
and defined $conf->{$_}{$val};
}
return 1, "__unknownAttrOrMacro__: $val";
}
}
},
'type' => 'doubleHash'
},
......@@ -1502,7 +1502,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}
}
},
'type' => 'ruleContainer'
},
......
......@@ -69,7 +69,7 @@ has confChanged => (
);
# Properties required during build
has refConf => ( is => 'ro', isa => 'HashRef', required => 1 );
has refConf => ( is => 'ro', isa => 'HashRef', required => 1 );
has req => ( is => 'ro', required => 1 );
has newConf => ( is => 'rw', isa => 'HashRef' );
has tree => ( is => 'rw', isa => 'ArrayRef' );
......@@ -158,7 +158,7 @@ sub _scanNodes {
hdebug("Looking to $name");
# subnode
my $subNodes = $leaf->{nodes} // $leaf->{_nodes};
my $subNodes = $leaf->{nodes} // $leaf->{_nodes};
my $subNodesCond = $leaf->{nodes_cond} // $leaf->{_nodes_cond};
##################################
......@@ -763,11 +763,12 @@ sub _scanNodes {
foreach my $n (@$subNodes) {
hdebug(" looking at $n subnode");
if ( ref $n->{data} and ref $n->{data} eq 'ARRAY' ) {
# authChoiceModules
if ( $name eq 'authChoiceModules' ) {
hdebug(' combModules');
$n->{data}->[5] ||= {};
$n->{data}->[5] = to_json($n->{data}->[5]);
$n->{data}->[5] = to_json( $n->{data}->[5] );
}
$n->{data} = join ';', @{ $n->{data} };
......@@ -1059,15 +1060,15 @@ sub _unitTest {
or $attr->{type} =~ /Container$/ )
{
my $keyMsg = $attr->{keyMsgFail} // $type->{keyMsgFail};
my $msg = $attr->{msgFail} // $type->{msgFail};
my $msg = $attr->{msgFail} // $type->{msgFail};
$res = 0
unless (
$self->_execTest(
{
keyTest => $attr->{keyTest} // $type->{keyTest},
keyTest => $attr->{keyTest} // $type->{keyTest},
keyMsgFail => $attr->{keyMsgFail}
// $type->{keyMsgFail},
test => $attr->{test} // $type->{test},
test => $attr->{test} // $type->{test},
msgFail => $attr->{msgFail} // $type->{msgFail},
},
$conf->{$key},
......
......@@ -24,7 +24,7 @@ delete $forms{restore};
my ( @types, $attr, $tree, $ctrees );
ok( $tree = Lemonldap::NG::Manager::Build::Tree::tree(), 'Get tree' );
ok( $ctrees = Lemonldap::NG::Manager::Build::CTrees::cTrees(), 'Get cTrees' );
ok( $attr = Lemonldap::NG::Manager::Build::Attributes::attributes(),
ok( $attr = Lemonldap::NG::Manager::Build::Attributes::attributes(),
'Get attributes' );
$count += 4;
......
......@@ -39,11 +39,12 @@ sub run {
$self->logger->debug("Ext2F checkLogins set") if ($checkLogins);
# Prepare command and launch it
$self->logger->debug('Launching "Send" external 2F command -> ' . $self->conf->{ext2FSendCommand});
$self->logger->debug( 'Launching "Send" external 2F command -> '
. $self->conf->{ext2FSendCommand} );
if ( my $c =
$self->launch( $req->sessionInfo, $self->conf->{ext2FSendCommand} ) )
{
$self->logger->error("External send command failed (code $c)");
$self->logger->error("External send command failed (code $c)");
return $self->p->do( $req, [ sub { PE_ERROR } ] );
}
......@@ -73,7 +74,8 @@ sub verify {
}
# Prepare command and launch it
$self->logger->debug('Launching "Validate" external 2F command -> ' . $self->conf->{ext2FValidateCommand});
$self->logger->debug( 'Launching "Validate" external 2F command -> '
. $self->conf->{ext2FValidateCommand} );
$self->logger->debug(" code -> $code");
if ( my $c =
$self->launch( $session, $self->conf->{ext2FValidateCommand}, $code ) )
......
......@@ -7,7 +7,8 @@ use JSON qw(from_json to_json);
our $VERSION = '2.0.0';
extends 'Lemonldap::NG::Portal::Main::Plugin', 'Lemonldap::NG::Portal::Lib::U2F';
extends 'Lemonldap::NG::Portal::Main::Plugin',
'Lemonldap::NG::Portal::Lib::U2F';
# INITIALIZATION
......
......@@ -16,7 +16,7 @@ extends 'Lemonldap::NG::Portal::Main::Auth',
# INTERFACE
has opList => ( is => 'rw', default => sub { [] } );
has opList => ( is => 'rw', default => sub { [] } );
has opNumber => ( is => 'rw', default => 0 );
has path => ( is => 'rw', default => 'oauth2' );
......
......@@ -174,7 +174,7 @@ sub send_mail {
foreach ( keys %cid ) {
$message->attach(
Type => "image/" . ( $cid{$_} =~ m/\.(\w+)/ )[0],
Id => $_,
Id => $_,
Path => $self->p->{templateDir} . "/" . $cid{$_},
);
}
......
......@@ -84,8 +84,9 @@ sub init {
my ( $self, $args ) = @_;
$args ||= {};
$self->localConfig(
{ %{ Lemonldap::NG::Common::Conf->new( $args->{configStorage} )
->getLocalConf('portal')
{
%{ Lemonldap::NG::Common::Conf->new( $args->{configStorage} )
->getLocalConf('portal')
},
%$args
}
......@@ -109,33 +110,33 @@ sub init {
# Handle requests (other path may be declared in enabled plugins)
$self
# "/" or undeclared paths
->addUnauthRoute( '*' => 'login', ['GET'] )
->addUnauthRoute( '*' => 'postLogin', ['POST'] )
->addAuthRoute( '*' => 'authenticatedRequest', ['GET'] )
->addAuthRoute( '*' => 'postAuthenticatedRequest', ['POST'] )
# "/" or undeclared paths
->addUnauthRoute( '*' => 'login', ['GET'] )
->addUnauthRoute( '*' => 'postLogin', ['POST'] )
->addAuthRoute( '*' => 'authenticatedRequest', ['GET'] )
->addAuthRoute( '*' => 'postAuthenticatedRequest', ['POST'] )
# psgi.js
->addUnauthRoute( 'psgi.js' => 'sendJs', ['GET'] )
->addAuthRoute( 'psgi.js' => 'sendJs', ['GET'] )
# psgi.js
->addUnauthRoute( 'psgi.js' => 'sendJs', ['GET'] )
->addAuthRoute( 'psgi.js' => 'sendJs', ['GET'] )
# portal.css
->addUnauthRoute( 'portal.css' => 'sendCss', ['GET'] )
->addAuthRoute( 'portal.css' => 'sendCss', ['GET'] )
# portal.css
->addUnauthRoute( 'portal.css' => 'sendCss', ['GET'] )
->addAuthRoute( 'portal.css' => 'sendCss', ['GET'] )
# lmerror
->addUnauthRoute( lmerror => { ':code' => 'lmError' }, ['GET'] )
->addAuthRoute( lmerror => { ':code' => 'lmError' }, ['GET'] )
# lmerror
->addUnauthRoute( lmerror => { ':code' => 'lmError' }, ['GET'] )
->addAuthRoute( lmerror => { ':code' => 'lmError' }, ['GET'] )
# Core REST API
->addUnauthRoute( ping => 'pleaseAuth', ['GET'] )
->addAuthRoute( ping => 'authenticated', ['GET'] )
# Core REST API
->addUnauthRoute( ping => 'pleaseAuth', ['GET'] )
->addAuthRoute( ping => 'authenticated', ['GET'] )
# Refresh session
->addAuthRoute( refresh => 'refresh', ['GET'] )
# Refresh session
->addAuthRoute( refresh => 'refresh', ['GET'] )
# Logout
->addAuthRoute( logout => 'logout', ['GET'] );
# Logout
->addAuthRoute( logout => 'logout', ['GET'] );
# Default routes must point to routines declared above
$self->defaultAuthRoute('');
......@@ -169,8 +170,8 @@ sub reloadConf {
$self->csp($csp);
# Initialize templateDir
$self->{templateDir}
= $self->conf->{templateDir} . '/' . $self->conf->{portalSkin};
$self->{templateDir} =
$self->conf->{templateDir} . '/' . $self->conf->{portalSkin};
unless ( -d $self->{templateDir} ) {
$self->error("Template dir $self->{templateDir} doesn't exist");
return $self->fail;
......@@ -190,8 +191,8 @@ sub reloadConf {
# Initialize persistent session DB
unless ( $self->conf->{persistentStorage} ) {
$self->conf->{persistentStorage} = $self->conf->{globalStorage};
$self->conf->{persistentStorageOptions}
= $self->conf->{globalStorageOptions};
$self->conf->{persistentStorageOptions} =
$self->conf->{globalStorageOptions};
}
# Initialize cookie domain
......@@ -215,19 +216,19 @@ sub reloadConf {
return $self->fail;
}
$mod = $self->conf->{$type}
unless ( $self->conf->{$type} eq 'Same' );
unless ( $self->conf->{$type} eq 'Same' );
my $module = '::' . ucfirst($type) . '::' . $mod;
$module =~ s/Authentication/Auth/;
# Launch and initialize module
return $self->fail
unless ( $self->{"_$type"} = $self->loadPlugin($module) );
unless ( $self->{"_$type"} = $self->loadPlugin($module) );
}
# Load second-factor engine
return $self->fail
unless $self->{_sfEngine}
= $self->loadPlugin( $self->conf->{'sfEngine'} );
unless $self->{_sfEngine} =
$self->loadPlugin( $self->conf->{'sfEngine'} );
# Initialize trusted domain regexp
if ( $self->conf->{trustedDomains}
......@@ -250,8 +251,8 @@ sub reloadConf {
# - $domainlabel.$td
# $domainlabel is build looking RFC2396
# (see Regexp::Common::URI::RFC2396)
$_
=~ s/\*\\\./(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9]\\.)*/g;
$_ =~
s/\*\\\./(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9]\\.)*/g;
$re->add("$_");
}
}
......@@ -262,8 +263,8 @@ sub reloadConf {
$self->logger->debug("Vhost $vhost added in trusted domains");
$re->add( quotemeta($vhost) );
$self->conf->{vhostOptions} ||= {};
if ( my $tmp
= $self->conf->{vhostOptions}->{$vhost}->{vhostAliases} )
if ( my $tmp =
$self->conf->{vhostOptions}->{$vhost}->{vhostAliases} )
{
foreach my $alias ( split /\s+/, $tmp ) {
$self->logger->debug(
......@@ -281,22 +282,22 @@ sub reloadConf {
$self->{"_$type"} = {};
if ( $self->conf->{$type} ) {
for my $name ( sort keys %{ $self->conf->{$type} } ) {
my $sub = HANDLER->buildSub(
my $sub =
HANDLER->buildSub(
HANDLER->substitute( $self->conf->{$type}->{$name} ) );
if ($sub) {
$self->{"_$type"}->{$name} = $sub;
}
else {
$self->logger->error( "$type $name returns an error: "
. HANDLER->tsv->{jail}->error );
. HANDLER->tsv->{jail}->error );
}
}
}
}
$self->{_jsRedirect}
= HANDLER->buildSub(
HANDLER->substitute( $self->conf->{jsRedirect} ) )
or $self->logger->error(
$self->{_jsRedirect} =
HANDLER->buildSub( HANDLER->substitute( $self->conf->{jsRedirect} ) )
or $self->logger->error(
'jsRedirect returns an error: ' . HANDLER->tsv->{jail}->error );
# Load plugins
......@@ -332,7 +333,7 @@ sub loadPlugin {
}
my $obj;
return 0
unless ( $obj = $self->loadModule("$plugin") );
unless ( $obj = $self->loadModule("$plugin") );
return $self->findEP( $plugin, $obj );
}
......@@ -361,7 +362,7 @@ sub findEP {
if ( $obj->can('spRules') ) {
foreach my $k ( keys %{ $obj->{spRules} } ) {
$self->logger->info(
"$k is defined more than one time, it can have some bad effect on Menu display"
"$k is defined more than one time, it can have some bad effect on Menu display"
) if ( $self->spRules->{$k} );
$self->spRules->{$k} = $obj->{spRules}->{$k};
}
......
......@@ -111,7 +111,7 @@ sub _redirect {
# Restore urldc if auth doesn't need to dial with browser
$self->restoreRequest( $req, $ir );
return $self->run( @_, @path );
}
}
: ()
)
]
......
......@@ -3,11 +3,11 @@ package Lemonldap::NG::Portal::Main::SecondFactor;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_SENDRESPONSE
PE_OK
PE_NOTOKEN
PE_TOKENEXPIRED
PE_BADCREDENTIALS
PE_SENDRESPONSE
PE_OK
PE_NOTOKEN
PE_TOKENEXPIRED
PE_BADCREDENTIALS
);
our $VERSION = '2.0.0';
......@@ -19,8 +19,8 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
has ott => (
is => 'rw',
default => sub {
my $ott = $_[0]->{p}
->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
my $ott =
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
$ott->timeout( $_[0]->{conf}->{formTimeout} );
return $ott;
}
......@@ -52,8 +52,7 @@ sub _redirect {
my ( $self, $req ) = @_;
my $arg = $req->env->{QUERY_STRING};
return [
302, [ Location => $self->conf->{portal} . ( $arg ? "?$arg" : '' ) ],
[]
302, [ Location => $self->conf->{portal} . ( $arg ? "?$arg" : '' ) ], []
];
}
......@@ -66,16 +65,15 @@ sub _verify {
# Check token
my $token;
unless ( $token = $req->param('token') ) {
$self->userLogger->error(
$self->prefix . ' 2F access without token' );
$self->userLogger->error( $self->prefix . ' 2F access without token' );
$req->mustRedirect(1);
return $self->p->do( $req, [ sub {PE_NOTOKEN} ] );
return $self->p->do( $req, [ sub { PE_NOTOKEN } ] );
}
my $session;
unless ( $session = $self->ott->getToken($token) ) {
$self->userLogger->info('Token expired');
return $self->p->do( $req, [ sub {PE_TOKENEXPIRED} ] );
return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] );
}
# Launch second factor verification
......@@ -90,7 +88,7 @@ sub _verify {
$req->{sessionInfo}->{_utime} = delete $req->{sessionInfo}->{_2fUtime};
$req->authResult(PE_BADCREDENTIALS);
return $self->p->do( $req,
[ $self->p->storeHistory($req), sub {$res} ] );
[ $self->p->storeHistory($req), sub { $res } ] );
}
# Else restore session
......@@ -101,15 +99,22 @@ sub _verify {
$self->p->rebuildCookies($req);
$req->mustRedirect(1);
$self->userLogger->notice( $self->prefix
. '2F verification for '
. $req->sessionInfo->{ $self->conf->{whatToTrace} } );
. '2F verification for '
. $req->sessionInfo->{ $self->conf->{whatToTrace} } );
if ( my $l = $self->conf->{ $self->prefix . '2fAuthnLevel' } ) {
$self->p->updateSession( $req, { authenticationLevel => $l } );
}
$req->authResult(PE_SENDRESPONSE);
return $self->p->do( $req,
[ @{ $self->p->afterData }, $self->p->validSession, @{ $self->p->endAuth }, sub {PE_OK} ] );
return $self->p->do(
$req,
[
@{ $self->p->afterData },