Commit 5886cbe2 authored by Xavier Guimard's avatar Xavier Guimard

Tidy

parent e2b026b7
......@@ -16,8 +16,10 @@ BEGIN { use_ok('Lemonldap::NG::Common::Conf') }
my $h;
ok( $h = new Lemonldap::NG::Common::Conf(
{ type => 'File',
ok(
$h = new Lemonldap::NG::Common::Conf(
{
type => 'File',
dirName => "t/",
}
),
......@@ -37,7 +39,7 @@ my @test = (
{ cfgNum => 1, test => 'éà' }
);
for ( my $i = 0; $i < @test; $i++ ) {
for ( my $i = 0 ; $i < @test ; $i++ ) {
ok( $h->store( $test[$i] ) == 1, "Test $i is stored" )
or print STDERR "$Lemonldap::NG::Common::Conf::msg $!";
$count++;
......
......@@ -109,7 +109,7 @@ sub statusInit {
exec $perl_exec, '-MLemonldap::NG::Handler::Lib::Status',
# Insert @INC in Perl path
map( {"-I$_"} @INC ),
map( { "-I$_" } @INC ),
# Command to launch
'-e', '&Lemonldap::NG::Handler::Lib::Status::run()',
......
......@@ -5,21 +5,22 @@ use Data::Dumper;
require 't/test-psgi-lib.pm';
init('Lemonldap::NG::Handler::PSGI', {
init(
'Lemonldap::NG::Handler::PSGI',
{
vhostOptions => {
'test1.example.com' => {
vhostHttps => 1,
vhostPort => 443,
},
},
locationRules => {
},
exportedHeaders => {
},
locationRules => {},
exportedHeaders => {},
https => undef,
port => undef,
maintenance => undef,
});
}
);
my $res;
......
......@@ -2565,8 +2565,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
ldapGroupDecodeSearchedValue => {
default => 0,
type => 'bool',
documentation =>
'Decode value before searching it in LDAP groups',
documentation => 'Decode value before searching it in LDAP groups',
},
ldapGroupRecursive => {
default => 0,
......
......@@ -140,12 +140,11 @@ sub prx {
return $self->sendError( $req,
$response->code . " (" . $response->message . ")", 400 );
}
unless ( $response->header('Content-Type')
=~ m#^(?:application/json|(?:application|text)/.*xml).*$# )
unless ( $response->header('Content-Type') =~
m#^(?:application/json|(?:application|text)/.*xml).*$# )
{
return $self->sendError( $req,
'Content refused for security reason (neither XML or JSON)',
400 );
'Content refused for security reason (neither XML or JSON)', 400 );
}
return $self->sendJSONresponse( $req, { content => $response->content } );
}
......@@ -235,8 +234,7 @@ sub newConf {
$res->{details}->{'__errors__'} = $parser->{errors}
if ( @{ $parser->{errors} } );
unless ( @{ $parser->{errors} } ) {
$res->{details}->{'__needConfirmation__'}
= $parser->{needConfirmation}
$res->{details}->{'__needConfirmation__'} = $parser->{needConfirmation}
if ( @{ $parser->{needConfirmation} } && !$req->params('force') );
$res->{message} = $parser->{message};
foreach my $t (qw(warnings changes)) {
......@@ -339,8 +337,8 @@ sub applyConf {
$self->api->checkConf();
# Get apply section values
my %reloadUrls
= %{ $self->confAcc->getLocalConf( APPLYSECTION, undef, 0 ) };
my %reloadUrls =
%{ $self->confAcc->getLocalConf( APPLYSECTION, undef, 0 ) };
if ( !%reloadUrls && $newConf->{reloadUrls} ) {
%reloadUrls = %{ $newConf->{reloadUrls} };
}
......@@ -356,7 +354,8 @@ sub applyConf {
my $targetUrl = $url->scheme . "://" . $host;
$targetUrl .= ":" . $url->port if defined( $url->port );
$targetUrl .= $url->full_path;
$r = HTTP::Request->new( 'GET', $targetUrl,
$r =
HTTP::Request->new( 'GET', $targetUrl,
HTTP::Headers->new( Host => $url->host ) );
if ( defined $url->userinfo
&& $url->userinfo =~ /^([^:]+):(.*)$/ )
......@@ -367,10 +366,8 @@ sub applyConf {
my $response = $self->ua->request($r);
if ( $response->code != 200 ) {
$status->{$host}
= "Error "
. $response->code . " ("
. $response->message . ")";
$status->{$host} =
"Error " . $response->code . " (" . $response->message . ")";
$self->logger->error( "Apply configuration for $host: error "
. $response->code . " ("
. $response->message
......@@ -389,13 +386,13 @@ sub diff {
my ( $self, $req, @path ) = @_;
return $self->sendError( $req, 'to many arguments in path info', 400 )
if (@path);
my @cfgNum
= ( scalar( $req->param('conf1') ), scalar( $req->param('conf2') ) );
my @cfgNum =
( scalar( $req->param('conf1') ), scalar( $req->param('conf2') ) );
my @conf;
$self->logger->debug(" Loading confs");
# Load the 2 configurations
for ( my $i = 0; $i < 2; $i++ ) {
for ( my $i = 0 ; $i < 2 ; $i++ ) {
if ( %{ $self->currentConf }
and $cfgNum[$i] == $self->currentConf->{cfgNum} )
{
......@@ -406,7 +403,7 @@ sub diff {
{ cfgNum => $cfgNum[$i], raw => 1, noCache => 1 } );
return $self->sendError(
$req,
"Configuration $cfgNum[$i] not available $Lemonldap::NG::Common::Conf::msg",
"Configuration $cfgNum[$i] not available $Lemonldap::NG::Common::Conf::msg",
400
) unless ( $conf[$i] );
}
......@@ -414,7 +411,8 @@ sub diff {
require Lemonldap::NG::Manager::Conf::Diff;
return $self->sendJSONresponse(
$req,
[ $self->Lemonldap::NG::Manager::Conf::Diff::diff(
[
$self->Lemonldap::NG::Manager::Conf::Diff::diff(
$conf[0], $conf[1]
)
]
......
......@@ -19,11 +19,9 @@ mkdir 't/sessions';
my ( $res, $resBody );
ok( $res = &client->_post( '/confs/', 'cfgNum=1', &body, 'application/json' ),
"Request succeed"
);
"Request succeed" );
ok( $res->[0] == 200, "Result code is 200" );
ok( $resBody = from_json( $res->[2]->[0] ),
"Result body contains JSON text" );
ok( $resBody = from_json( $res->[2]->[0] ), "Result body contains JSON text" );
ok( $resBody->{result} == 0, "JSON response contains \"result:0\"" )
or print STDERR Dumper($resBody);
......@@ -31,32 +29,40 @@ ok( $resBody->{result} == 0, "JSON response contains \"result:0\"" )
ok( $resBody->{needConfirm} == 1, "JSON response contains \"needConfirm:1\"" )
or print STDERR Dumper($resBody);
ok( @{ $resBody->{details}->{__warnings__} } == 3,
ok(
@{ $resBody->{details}->{__warnings__} } == 3,
'JSON response contains 3 warnings'
) or print STDERR Dumper($resBody);
foreach my $i (0 .. 2) {
ok( $resBody->{details}->{__warnings__}->[$i]->{message}
=~ /\b(unprotected|cross-domain-authentication|retries)\b/,
foreach my $i ( 0 .. 2 ) {
ok(
$resBody->{details}->{__warnings__}->[$i]->{message} =~
/\b(unprotected|cross-domain-authentication|retries)\b/,
"Warning with 'unprotect', 'CDA' or 'retries' found"
) or print STDERR Dumper($resBody);
}
count(4);
ok( @{ $resBody->{details}->{__needConfirmation__} } == 1,
ok(
@{ $resBody->{details}->{__needConfirmation__} } == 1,
'JSON response contains 1 needConfirmation'
) or print STDERR Dumper($resBody);
ok( $resBody->{details}->{__needConfirmation__}->[0]->{message}
=~ /\bplugin is enabled without CSRF Token neither Captcha required\b/,
ok(
$resBody->{details}->{__needConfirmation__}->[0]->{message} =~
/\bplugin is enabled without CSRF Token neither Captcha required\b/,
"Warning with confirmation needed found"
) or print STDERR Dumper($resBody);
ok( @{ $resBody->{details}->{__changes__} } == 22,
ok(
@{ $resBody->{details}->{__changes__} } == 22,
'JSON response contains 24 changes'
) or print STDERR Dumper($resBody);
#print STDERR Dumper($resBody);
ok( $res = &client->_post( '/confs/', 'cfgNum=1&force=1', &body, 'application/json' ),
ok(
$res = &client->_post(
'/confs/', 'cfgNum=1&force=1', &body, 'application/json'
),
"Request succeed"
);
......@@ -124,89 +130,112 @@ done_testing( count() );
sub changes {
return [
{ 'key' => 'portal',
{
'key' => 'portal',
'new' => 'http://auth2.example.com/',
'old' => 'http://auth.example.com/'
},
{ 'new' => 0,
{
'new' => 0,
'old' => 1,
'key' => 'portalDisplayLogout'
},
{ 'key' =>
{
'key' =>
'applicationList, Sample applications, Application Test 1, uri',
'old' => 'http://test1.example.com/',
'new' => 'http://testex.example.com/'
},
{ 'new' => 'Application Test 3',
{
'new' => 'Application Test 3',
'key' => 'applicationList, Sample applications'
},
{ 'new' => 'Changes in cat(s)/app(s)',
{
'new' => 'Changes in cat(s)/app(s)',
'key' => 'applicationList',
},
{ 'key' => 'applicationList',
{
'key' => 'applicationList',
'old' => 'Documentation',
'new' => 'Administration',
},
{ 'key' => 'applicationList',
{
'key' => 'applicationList',
'old' => 'Administration',
'new' => 'Sample applications',
},
{ 'key' => 'applicationList',
{
'key' => 'applicationList',
'old' => 'Sample applications',
'new' => 'Documentation',
},
{ 'key' => 'userDB',
{
'key' => 'userDB',
'new' => 'LDAP',
'old' => 'Demo'
},
{ 'key' => 'passwordDB',
{
'key' => 'passwordDB',
'new' => 'LDAP',
'old' => 'Demo'
},
{ 'key' => 'openIdSPList',
{
'key' => 'openIdSPList',
'new' => '1;bad.com'
},
{ 'new' => 'Uid',
{
'new' => 'Uid',
'key' => 'exportedVars'
},
{ 'key' =>
{
'key' =>
'locationRules, test1.example.com, (?#Logout comment)^/logout',
'new' => 'logout_sso',
'old' => undef
},
{ 'old' => '^/logout',
{
'old' => '^/logout',
'key' => 'locationRules, test1.example.com'
},
{ 'key' => 'locationRules, test3.example.com, ^/logout',
{
'key' => 'locationRules, test3.example.com, ^/logout',
'new' => 'logout_sso',
'old' => undef
},
{ 'key' => 'locationRules, test3.example.com, default',
{
'key' => 'locationRules, test3.example.com, default',
'old' => undef,
'new' => 'accept'
},
{ 'key' => 'locationRules',
{
'key' => 'locationRules',
'new' => 'test3.example.com'
},
{ 'key' => 'exportedHeaders, test3.example.com, Auth-User',
{
'key' => 'exportedHeaders, test3.example.com, Auth-User',
'old' => undef,
'new' => '$uid'
},
{ 'new' => 'test3.example.com',
{
'new' => 'test3.example.com',
'key' => 'exportedHeaders'
},
{ 'key' => 'locationRules, test.ex.com, default',
{
'key' => 'locationRules, test.ex.com, default',
'old' => undef,
'new' => 'deny'
},
{ 'key' => 'locationRules',
{
'key' => 'locationRules',
'new' => 'test.ex.com'
},
{ 'key' => 'virtualHosts',
{
'key' => 'virtualHosts',
'new' => 'test3.example.com',
'old' => 'test2.example.com'
},
{ 'key' => 'virtualHosts',
{
'key' => 'virtualHosts',
'old' => 'test2.example.com'
},
{
......
......@@ -19,27 +19,29 @@ mkdir 't/sessions';
my ( $res, $resBody );
ok( $res = &client->_post( '/confs/', 'cfgNum=1', &body, 'application/json' ),
"Request succeed"
);
"Request succeed" );
ok( $res->[0] == 200, "Result code is 200" );
ok( $resBody = from_json( $res->[2]->[0] ),
"Result body contains JSON text" );
ok( $resBody = from_json( $res->[2]->[0] ), "Result body contains JSON text" );
ok( $resBody->{result} == 1, "JSON response contains \"result:1\"" )
or print STDERR Dumper($resBody);
ok( @{ $resBody->{details}->{__warnings__} } == 2,
ok(
@{ $resBody->{details}->{__warnings__} } == 2,
'JSON response contains 2 warnings'
) or print STDERR Dumper($resBody);
foreach my $i (0 .. 1) {
ok( $resBody->{details}->{__warnings__}->[$i]->{message}
=~ /\b(unprotected|cross-domain-authentication)\b/,
foreach my $i ( 0 .. 1 ) {
ok(
$resBody->{details}->{__warnings__}->[$i]->{message} =~
/\b(unprotected|cross-domain-authentication)\b/,
"Warning with 'unprotect', 'CDA' or 'retries' found"
) or print STDERR Dumper($resBody);
}
ok( @{ $resBody->{details}->{__changes__} } == 20,
ok(
@{ $resBody->{details}->{__changes__} } == 20,
'JSON response contains 24 changes'
) or print STDERR Dumper($resBody);
#print STDERR Dumper($resBody);
ok( -f $confFiles->[1], 'File is created' );
......@@ -106,89 +108,112 @@ done_testing( count() );
sub changes {
return [
{ 'key' => 'portal',
{
'key' => 'portal',
'new' => 'http://auth2.example.com/',
'old' => 'http://auth.example.com/'
},
{ 'new' => 0,
{
'new' => 0,
'old' => 1,
'key' => 'portalDisplayLogout'
},
{ 'key' =>
{
'key' =>
'applicationList, Sample applications, Application Test 1, uri',
'old' => 'http://test1.example.com/',
'new' => 'http://testex.example.com/'
},
{ 'new' => 'Application Test 3',
{
'new' => 'Application Test 3',
'key' => 'applicationList, Sample applications'
},
{ 'new' => 'Changes in cat(s)/app(s)',
{
'new' => 'Changes in cat(s)/app(s)',
'key' => 'applicationList',
},
{ 'key' => 'applicationList',
{
'key' => 'applicationList',
'old' => 'Documentation',
'new' => 'Administration',
},
{ 'key' => 'applicationList',
{
'key' => 'applicationList',
'old' => 'Administration',
'new' => 'Sample applications',
},
{ 'key' => 'applicationList',
{
'key' => 'applicationList',
'old' => 'Sample applications',
'new' => 'Documentation',
},
{ 'key' => 'userDB',
{
'key' => 'userDB',
'new' => 'LDAP',
'old' => 'Demo'
},
{ 'key' => 'passwordDB',
{
'key' => 'passwordDB',
'new' => 'LDAP',
'old' => 'Demo'
},
{ 'key' => 'openIdSPList',
{
'key' => 'openIdSPList',
'new' => '1;bad.com'
},
{ 'new' => 'Uid',
{
'new' => 'Uid',
'key' => 'exportedVars'
},
{ 'key' =>
{
'key' =>
'locationRules, test1.example.com, (?#Logout comment)^/logout',
'new' => 'logout_sso',
'old' => undef
},
{ 'old' => '^/logout',
{
'old' => '^/logout',
'key' => 'locationRules, test1.example.com'
},
{ 'key' => 'locationRules, test3.example.com, ^/logout',
{
'key' => 'locationRules, test3.example.com, ^/logout',
'new' => 'logout_sso',
'old' => undef
},
{ 'key' => 'locationRules, test3.example.com, default',
{
'key' => 'locationRules, test3.example.com, default',
'old' => undef,
'new' => 'accept'
},
{ 'key' => 'locationRules',
{
'key' => 'locationRules',
'new' => 'test3.example.com'
},
{ 'key' => 'exportedHeaders, test3.example.com, Auth-User',
{
'key' => 'exportedHeaders, test3.example.com, Auth-User',
'old' => undef,
'new' => '$uid'
},
{ 'new' => 'test3.example.com',
{
'new' => 'test3.example.com',
'key' => 'exportedHeaders'
},
{ 'key' => 'locationRules, test.ex.com, default',
{
'key' => 'locationRules, test.ex.com, default',
'old' => undef,
'new' => 'deny'
},
{ 'key' => 'locationRules',
{
'key' => 'locationRules',
'new' => 'test.ex.com'
},
{ 'key' => 'virtualHosts',
{
'key' => 'virtualHosts',
'new' => 'test3.example.com',
'old' => 'test2.example.com'
},
{ 'key' => 'virtualHosts',
{
'key' => 'virtualHosts',
'old' => 'test2.example.com'
}
];
......
......@@ -24,7 +24,8 @@ my @notManagedAttributes = (
'sfEngine', 'available2FSelfRegistration', 'available2F',
# Brute force attack protection parameters
'bruteForceProtectionMaxAge', 'bruteForceProtectionTempo', 'bruteForceProtectionMaxFailed',
'bruteForceProtectionMaxAge', 'bruteForceProtectionTempo',
'bruteForceProtectionMaxFailed',
# Metadatas (added by manager itself)
'cfgAuthor', 'cfgAuthorIP', 'cfgNum', 'cfgDate', 'cfgLog', 'cfgVersion',
......
......@@ -36,8 +36,8 @@ has ott => (
is => 'rw',
lazy => 1,
default => sub {
my $ott = $_[0]->{p}
->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
my $ott =
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
$ott->timeout( $_[0]->{conf}->{formTimeout} );
return $ott;
}
......@@ -67,9 +67,8 @@ sub init {
# Unless $rule, skip loading
if ( $self->conf->{$ap} ) {
$self->logger->debug("Trying to load $_ 2F");
my $m
= $self->p->loadPlugin(
$i ? "::2F::Register::$_" : "::2F::$_" )
my $m =
$self->p->loadPlugin( $i ? "::2F::Register::$_" : "::2F::$_" )
or return 0;
# Rule and prefix may be modified by 2F module, reread them
......@@ -164,12 +163,13 @@ sub run {
if ( $self->sfReq->( $req, $req->sessionInfo ) ) {
$self->logger->debug("2F is required...");
$self->logger->debug(" -> Register 2F");
$req->pdata->{sfRegToken}
= $self->ott->createToken( $req->sessionInfo );
$req->pdata->{sfRegToken} =
$self->ott->createToken( $req->sessionInfo );
$self->logger->debug("Just one 2F is enabled");
$self->logger->debug(" -> Redirect to 2fregisters/");
$req->response(
[ 302,
[
302,
[ Location => $self->conf->{portal} . '2fregisters/' ], []
]
);
......@@ -206,8 +206,7 @@ sub run {
MAIN_LOGO => $self->conf->{portalMainLogo},
SKIN => $self->conf->{portalSkin},
TOKEN => $token,
MODULES =>
[ map { { CODE => $_->prefix, LOGO => $_->logo } } @am ],
MODULES => [ map { { CODE => $_->prefix, LOGO => $_->logo } } @am ],
CHECKLOGINS => $checkLogins
}
);
......@@ -233,16 +232,15 @@ sub _choice {
# Restore session
unless ( $token = $req->param('token') ) {
$self->userLogger->error(
$self->prefix . ' 2F access without token' );
$self->userLogger->error( $self->prefix . ' 2F access without token' );
$req->mustRedirect(1);
return $self->p->do( $req, [ sub {PE_NOTOKEN} ] );
return $self->p->do( $req, [ sub { PE_NOTOKEN } ] );
}
my $session;
unless ( $session = $self->ott->getToken($token) ) {
$self->userLogger->info('Token expired');
return $self->p->do( $req, [ sub {PE_TOKENEXPIRED} ] );
return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] );
}
$req->sessionInfo($session);
......@@ -257,7 +255,8 @@ sub _choice {
$req->authResult($res);
return $self->p->do(
$req,
[ sub {$res}, 'controlUrl',
[
sub { $res }, 'controlUrl',
'buildCookie', @{ $self->p->endAuth },
]
);
......@@ -272,8 +271,7 @@ sub _redirect {
my $arg = $req->env->{QUERY_STRING};
$self->logger->debug('Call sfEngine _redirect method');
return [
302, [ Location => $self->conf->{portal} . ( $arg ? "?$arg" : '' ) ],
[]
302, [ Location => $self->conf->{portal} . ( $arg ? "?$arg" : '' ) ], []
];
}
......@@ -284,8 +282,8 @@ sub _displayRegister {
# - display template if $tpl
# - else display choice template
if ($tpl) {
my ($m)
= grep { $_->{m}->prefix eq $tpl } @{ $self->sfRModules };
my ($m) =
grep { $_->{m}->prefix eq $tpl } @{ $self->sfRModules };
unless ($m) {
return $self->p->sendError( $req,
'Inexistent register module', 400 );
......@@ -312,7 +310,8 @@ sub _displayRegister {
};
}
}
if (@am == 1
if (
@am == 1
and not( $req->userData->{_2fDevices}
or $req->data->{sfRegRequired} )
)
......@@ -322,10 +321,10 @@ sub _displayRegister {
}
# Retrieve user all second factors
my $_2fDevices = $req->userData->{_2fDevices}
my $_2fDevices =
$req->userData->{_2fDevices}
? eval {
from_json( $req->userData->{_2fDevices}, { allow_nonref => 1 } );
}
from_json( $req->userData->{_2fDevices}, { allow_nonref => 1 } ); }
: undef;
unless ($_2fDevices) {
$self->logger->debug("No 2F Device found");
......@@ -344,8 +343,8 @@ sub _displayRegister {
my $t = lc($type);
$t =~ s/2f$//i;