Commit 86e88da4 authored by Clément OUDOT's avatar Clément OUDOT

Merge branch 'v2.0' of gitlab.ow2.org:lemonldap-ng/lemonldap-ng into v2.0

parents a349c310 2b51cf0c
......@@ -46,8 +46,7 @@ has warnings => (
hdebug( 'warnings contains', $_[0]->{warnings} );
}
);
has changes =>
( is => 'rw', isa => 'ArrayRef', default => sub { return [] } );
has changes => ( is => 'rw', isa => 'ArrayRef', default => sub { return [] } );
has message => (
is => 'rw',
isa => 'Str',
......@@ -125,15 +124,14 @@ sub scanTree {
# Set cfgNum to ref cfgNum (will be changed when saving), set other
# metadata and set a value to the key if empty
$self->newConf->{cfgNum} = $self->req->params('cfgNum');
$self->newConf->{cfgAuthor}
= $self->req->userData
->{ &Lemonldap::NG::Handler::Main::tsv->{whatToTrace}
$self->newConf->{cfgAuthor} =
$self->req->userData->{ Lemonldap::NG::Handler::Main->tsv->{whatToTrace}
|| '_whatToTrace' } // "anonymous";
$self->newConf->{cfgAuthorIP} = $self->req->address;
$self->newConf->{cfgDate} = time;
$self->newConf->{cfgVersion} = $VERSION;
$self->newConf->{key}
||= join( '', map { chr( int( rand(94) ) + 33 ) } ( 1 .. 16 ) );
$self->newConf->{key} ||=
join( '', map { chr( int( rand(94) ) + 33 ) } ( 1 .. 16 ) );
return 1;
}
......@@ -218,11 +216,11 @@ sub _scanNodes {
}
# Other sub levels
elsif ( $leaf->{id}
=~ /^($specialNodeKeys)\/([^\/]+)\/([^\/]+)(?:\/(.*))?$/io )
elsif ( $leaf->{id} =~
/^($specialNodeKeys)\/([^\/]+)\/([^\/]+)(?:\/(.*))?$/io )
{
my ( $base, $key, $oldName, $target, $h )
= ( $1, $newNames{$2}, $2, $3, $4 );
my ( $base, $key, $oldName, $target, $h ) =
( $1, $newNames{$2}, $2, $3, $4 );
hdebug(
"Special node chield subnode detected $leaf->{id}",
" base $base, key $key, target $target, h "
......@@ -235,16 +233,16 @@ sub _scanNodes {
if ( $target =~ /^(?:locationRules|exportedHeaders|post)$/ ) {
if ( $leaf->{cnodes} ) {
hdebug(' unopened subnode');
$self->newConf->{$target}->{$key}
= $self->refConf->{$target}->{$oldName} // {};
$self->newConf->{$target}->{$key} =
$self->refConf->{$target}->{$oldName} // {};
}
elsif ($h) {
hdebug(' 4 levels');
if ( $target eq 'locationRules' ) {
hdebug(' locationRules');
my $k
= $leaf->{comment}
my $k =
$leaf->{comment}
? "(?#$leaf->{comment})$leaf->{re}"
: $leaf->{re};
$self->set( $target, $key, $k, $leaf->{data} );
......@@ -314,12 +312,11 @@ sub _scanNodes {
hdebug(" SAML data is an array, serializing");
$leaf->{data} = join ';', @{ $leaf->{data} };
}
if ( $target =~ /^saml(?:S|ID)PMetaDataExportedAttributes$/ )
{
if ( $target =~ /^saml(?:S|ID)PMetaDataExportedAttributes$/ ) {
if ( $leaf->{cnodes} ) {
hdebug(" $target: unopened node");
$self->newConf->{$target}->{$key}
= $self->refConf->{$target}->{$oldName} // {};
$self->newConf->{$target}->{$key} =
$self->refConf->{$target}->{$oldName} // {};
}
elsif ($h) {
hdebug(" $target: opened node");
......@@ -334,16 +331,14 @@ sub _scanNodes {
}
elsif ( $target =~ /^saml(?:S|ID)PMetaDataXML$/ ) {
hdebug(" $target");
$self->set(
$target, [ $oldName, $key ],
$target, $leaf->{data}
);
$self->set( $target, [ $oldName, $key ],
$target, $leaf->{data} );
}
elsif ( $target =~ /^saml(?:ID|S)PMetaDataOptions/ ) {
my $optKey = $&;
hdebug(" $base sub key: $target");
if ( $target
=~ /^(?:$samlIDPMetaDataNodeKeys|$samlSPMetaDataNodeKeys)/o
if ( $target =~
/^(?:$samlIDPMetaDataNodeKeys|$samlSPMetaDataNodeKeys)/o
)
{
$self->set(
......@@ -353,8 +348,7 @@ sub _scanNodes {
}
else {
push @{ $self->errors },
{ message =>
"Unknown SAML metadata option $target" };
{ message => "Unknown SAML metadata option $target" };
return 0;
}
}
......@@ -372,8 +366,7 @@ sub _scanNodes {
if ( $target =~ /^oidc(?:O|R)PMetaDataOptions$/ ) {
hdebug(" $target: looking for subnodes");
$self->_scanNodes($subNodes);
$self->set( $target, $key, $leaf->{title},
$leaf->{data} );
$self->set( $target, $key, $leaf->{title}, $leaf->{data} );
}
elsif ( $target =~ /^oidcOPMetaData(?:JSON|JWKS)$/ ) {
hdebug(" $target");
......@@ -383,8 +376,8 @@ sub _scanNodes {
hdebug(" $target");
if ( $leaf->{cnodes} ) {
hdebug(' unopened');
$self->newConf->{$target}->{$key}
= $self->refConf->{$target}->{$oldName} // {};
$self->newConf->{$target}->{$key} =
$self->refConf->{$target}->{$oldName} // {};
}
elsif ($h) {
hdebug(' opened');
......@@ -402,8 +395,8 @@ sub _scanNodes {
if ( $target eq 'oidcRPMetaDataOptionsExtraClaims' ) {
if ( $leaf->{cnodes} ) {
hdebug(' unopened');
$self->newConf->{$target}->{$key}
= $self->refConf->{$target}->{$oldName} // {};
$self->newConf->{$target}->{$key} =
$self->refConf->{$target}->{$oldName} // {};
}
elsif ($h) {
hdebug(' opened');
......@@ -415,8 +408,8 @@ sub _scanNodes {
$self->_scanNodes($subNodes);
}
}
elsif ( $target
=~ /^(?:$oidcOPMetaDataNodeKeys|$oidcRPMetaDataNodeKeys)/o
elsif ( $target =~
/^(?:$oidcOPMetaDataNodeKeys|$oidcRPMetaDataNodeKeys)/o
)
{
$self->set(
......@@ -426,8 +419,7 @@ sub _scanNodes {
}
else {
push @{ $self->errors },
{ message =>
"Unknown OIDC metadata option $target" };
{ message => "Unknown OIDC metadata option $target" };
return 0;
}
}
......@@ -446,15 +438,14 @@ sub _scanNodes {
if ( $target =~ /^cas(?:App|Srv)MetaDataOptions$/ ) {
hdebug(" $target: looking for subnodes");
$self->_scanNodes($subNodes);
$self->set( $target, $key, $leaf->{title},
$leaf->{data} );
$self->set( $target, $key, $leaf->{title}, $leaf->{data} );
}
elsif ( $target =~ /^cas(?:App|Srv)MetaDataExportedVars$/ ) {
hdebug(" $target");
if ( $leaf->{cnodes} ) {
hdebug(' unopened');
$self->newConf->{$target}->{$key}
= $self->refConf->{$target}->{$oldName} // {};
$self->newConf->{$target}->{$key} =
$self->refConf->{$target}->{$oldName} // {};
}
elsif ($h) {
hdebug(' opened');
......@@ -472,8 +463,8 @@ sub _scanNodes {
if ( $target eq 'casSrvMetaDataOptionsProxiedServices' ) {
if ( $leaf->{cnodes} ) {
hdebug(' unopened');
$self->newConf->{$target}->{$key}
= $self->refConf->{$target}->{$oldName} // {};
$self->newConf->{$target}->{$key} =
$self->refConf->{$target}->{$oldName} // {};
}
elsif ($h) {
hdebug(' opened');
......@@ -485,8 +476,8 @@ sub _scanNodes {
$self->_scanNodes($subNodes);
}
}
elsif ( $target
=~ /^(?:$casSrvMetaDataNodeKeys|$casAppMetaDataNodeKeys)/o
elsif ( $target =~
/^(?:$casSrvMetaDataNodeKeys|$casAppMetaDataNodeKeys)/o
)
{
$self->set(
......@@ -496,8 +487,7 @@ sub _scanNodes {
}
else {
push @{ $self->errors },
{ message =>
"Unknown CAS metadata option $target" };
{ message => "Unknown CAS metadata option $target" };
return 0;
}
}
......@@ -524,20 +514,21 @@ sub _scanNodes {
hdebug( $leaf->{title} );
if ( $leaf->{cnodes} ) {
hdebug(' unopened');
$self->newConf->{applicationList}
= $self->refConf->{applicationList} // {};
$self->newConf->{applicationList} =
$self->refConf->{applicationList} // {};
}
else {
$self->_scanNodes($subNodes) or return 0;
# Check for deleted
my @listCatRef
= map { $self->refConf->{applicationList}->{$_}->{catname} }
my @listCatRef =
map { $self->refConf->{applicationList}->{$_}->{catname} }
keys %{ $self->refConf->{applicationList} };
my @listCatNew
= map { $self->newConf->{applicationList}->{$_}->{catname} }
my @listCatNew =
map { $self->newConf->{applicationList}->{$_}->{catname} }
keys(
%{ ref $self->newConf->{applicationList}
%{
ref $self->newConf->{applicationList}
? $self->newConf->{applicationList}
: {}
}
......@@ -547,7 +538,7 @@ sub _scanNodes {
@listCatNew = sort @listCatNew;
hdebug( '# @listCatRef : ' . \@listCatRef );
hdebug( '# @listCatNew : ' . \@listCatNew );
for ( my $i = 0; $i < @listCatNew; $i++ ) {
for ( my $i = 0 ; $i < @listCatNew ; $i++ ) {
if ( not( defined $listCatRef[$i] )
or $listCatRef[$i] ne $listCatNew[$i] )
{
......@@ -582,8 +573,7 @@ sub _scanNodes {
unless ( defined $knownCat->{$cat} ) {
push @{ $self->{errors} },
{ message =>
"Fatal: sub cat/app before parent ($leaf->{id})"
};
"Fatal: sub cat/app before parent ($leaf->{id})" };
return 0;
}
$cn = $cn->{ $knownCat->{$cat} };
......@@ -608,8 +598,9 @@ sub _scanNodes {
$self->confChanged(1);
push @{ $self->changes },
{
key => join( ', ',
'applicationList', @path, $leaf->{title} ),
key => join(
', ', 'applicationList', @path, $leaf->{title}
),
new => $cn->{$s}->{catname},
old => ( $cn->{$s} ? $cn->{$s}->{catname} : undef )
};
......@@ -636,8 +627,8 @@ sub _scanNodes {
hdebug(' new app');
$knownCat->{__id}++;
my $name = sprintf( '%04d-app', $knownCat->{__id} );
$cn->{$name}
= { type => 'application', options => $leaf->{data} };
$cn->{$name} =
{ type => 'application', options => $leaf->{data} };
$cn->{$name}->{options}->{name} = $leaf->{title};
unless ( $cmp->{$app} ) {
$self->confChanged(1);
......@@ -683,8 +674,8 @@ sub _scanNodes {
$self->newConf->{grantSessionRules} = {};
foreach my $n (@$subNodes) {
hdebug(" looking at $n subnode");
my $k = $n->{re}
. ( $n->{comment} ? "##$n->{comment}" : '' );
my $k =
$n->{re} . ( $n->{comment} ? "##$n->{comment}" : '' );
$self->newConf->{grantSessionRules}->{$k} = $n->{data};
$count++;
unless ( defined $ref->{$k} ) {
......@@ -720,8 +711,7 @@ sub _scanNodes {
if ( $leaf->{data} ) {
unless ( ref $leaf->{data} eq 'ARRAY' ) {
push @{ $self->{errors} },
{ message => 'Malformed openIdIDPList '
. $leaf->{data} };
{ message => 'Malformed openIdIDPList ' . $leaf->{data} };
return 0;
}
$self->set( $name, join( ';', @{ $leaf->{data} } ) );
......@@ -754,8 +744,7 @@ sub _scanNodes {
$self->newConf->{$name} = {};
foreach my $node ( @{ $leaf->{nodes} } ) {
my $tmp;
$tmp->{$_} = $node->{data}->{$_}
foreach (qw(type for));
$tmp->{$_} = $node->{data}->{$_} foreach (qw(type for));
$tmp->{over} = {};
foreach ( @{ $node->{data}->{over} } ) {
$tmp->{over}->{ $_->[0] } = $_->[1];
......@@ -791,15 +780,14 @@ sub _scanNodes {
}
$self->newConf->{$name}->{ $n->{title} } = $n->{data};
$count++;
unless (
defined $self->refConf->{$name}->{ $n->{title} } )
unless ( defined $self->refConf->{$name}->{ $n->{title} } )
{
$self->confChanged(1);
push @{ $self->changes },
{ key => $name, new => $n->{title}, };
}
elsif ( $self->refConf->{$name}->{ $n->{title} } ne
$n->{data} )
elsif (
$self->refConf->{$name}->{ $n->{title} } ne $n->{data} )
{
$self->confChanged(1);
push @{ $self->changes },
......@@ -851,13 +839,13 @@ sub _scanNodes {
@oldKeys = keys %{ $self->refConf->{$name}->{$host} };
}
foreach my $prm ( @{ $getHost->{h} } ) {
$self->newConf->{$name}->{$host}->{ $prm->{k} }
= $prm->{v};
if (!$change
$self->newConf->{$name}->{$host}->{ $prm->{k} } =
$prm->{v};
if (
!$change
and (
not defined(
$self->refConf->{$name}->{$host}
->{ $prm->{k} }
$self->refConf->{$name}->{$host}->{ $prm->{k} }
)
or $self->newConf->{$name}->{$host}->{ $prm->{k} }
ne $self->refConf->{$name}->{$host}->{ $prm->{k} }
......@@ -979,8 +967,7 @@ sub set {
push @{ $self->changes },
{
key => join( ', ', @path, $target ),
old => $confs[0]->{$target}
// $self->defaultValue($target),
old => $confs[0]->{$target} // $self->defaultValue($target),
new => $confs[1]->{$target}
};
}
......@@ -1055,8 +1042,7 @@ sub _unitTest {
# Check if key exists
unless ($attr) {
push @{ $self->errors },
{ message => "__unknownKey__: $key" };
push @{ $self->errors }, { message => "__unknownKey__: $key" };
$res = 0;
next;
}
......@@ -1083,7 +1069,8 @@ sub _unitTest {
$res = 0
unless (
$self->_execTest(
{ keyTest => $attr->{keyTest} // $type->{keyTest},
{
keyTest => $attr->{keyTest} // $type->{keyTest},
keyMsgFail => $attr->{keyMsgFail}
// $type->{keyMsgFail},
test => $attr->{test} // $type->{test},
......@@ -1121,7 +1108,7 @@ sub _execTest {
my ( $self, $test, $value, $key, $attr, $msg, $conf ) = @_;
my $ref;
die
"Malformed test for $key: only regexp ref or sub are accepted (type \"$ref\")"
"Malformed test for $key: only regexp ref or sub are accepted (type \"$ref\")"
unless ( $ref = ref($test) and $ref =~ /^(CODE|Regexp|HASH)$/ );
if ( $ref eq 'CODE' ) {
my ( $r, $m ) = ( $test->( $value, $conf, $attr ) );
......
......@@ -30,7 +30,8 @@ sub tests {
portalIsInDomain => sub {
return (
1,
( index( $conf->{portal}, $conf->{domain} ) > 0
(
index( $conf->{portal}, $conf->{domain} ) > 0
? ''
: "Portal seems not to be in the domain $conf->{domain}"
)
......@@ -60,7 +61,8 @@ sub tests {
}
return (
1,
( @pb
(
@pb
? 'Virtual hosts '
. join( ', ', @pb )
. " are not in $conf->{domain} and cross-domain-authentication is not set"
......@@ -105,9 +107,9 @@ sub tests {
my $type (qw(Facebook Google OpenID OpenIDConnect SAML WebID))
{
return ( 0,
"\"$type\" can not be used as user database without using \"$type\" for authentication"
"\"$type\" can not be used as user database without using \"$type\" for authentication"
)
if ($conf->{userDB} =~ /$type/
if ( $conf->{userDB} =~ /$type/
and $conf->{authentication} !~ /$type/ );
}
return 1;
......@@ -117,8 +119,8 @@ sub tests {
checkAttrAndMacros => sub {
my @tmp;
foreach my $k ( keys %$conf ) {
if ( $k
=~ /^(?:openIdSreg_(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)|whatToTrace)$/
if ( $k =~
/^(?:openIdSreg_(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)|whatToTrace)$/
)
{
my $v = $conf->{$k};
......@@ -136,7 +138,8 @@ sub tests {
}
return (
1,
( @tmp
(
@tmp
? 'Values of parameter(s) "'
. join( ', ', @tmp )
. '" are not defined in exported attributes or macros'
......@@ -151,15 +154,15 @@ sub tests {
if ( $conf->{userDB} =~ /^Google$/ ) {
foreach my $k ( keys %{ $conf->{exportedVars} } ) {
my $v = $conf->{exportedVars}->{$k};
if ( $v !~ Lemonldap::NG::Common::Regexp::GOOGLEAXATTR() )
{
if ( $v !~ Lemonldap::NG::Common::Regexp::GOOGLEAXATTR() ) {
push @tmp, $v;
}
}
}
return (
1,
( @tmp
(
@tmp
? 'Values of parameter(s) "'
. join( ', ', @tmp )
. '" are not exported by Google'
......@@ -174,8 +177,7 @@ sub tests {
if ( $conf->{userDB} =~ /^OpenID$/ ) {
foreach my $k ( keys %{ $conf->{exportedVars} } ) {
my $v = $conf->{exportedVars}->{$k};
if ( $v
!~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() )
if ( $v !~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() )
{
push @tmp, $v;
}
......@@ -183,7 +185,8 @@ sub tests {
}
return (
1,
( @tmp
(
@tmp
? 'Values of parameter(s) "'
. join( ', ', @tmp )
. '" are not exported by OpenID SREG'
......@@ -195,12 +198,11 @@ sub tests {
# Try to use Apache::Session module
testApacheSession => sub {
my ( $id, %h );
my $gc = $Lemonldap::NG::Handler::PSGI::Main::tsv
->{sessionStorageModule};
my $gc = Lemonldap::NG::Handler::Main->tsv->{sessionStorageModule};
return 1
if ( ( $gc and $gc eq $conf->{globalStorage} )
or $conf->{globalStorage}
=~ /^Lemonldap::NG::Common::Apache::Session::/ );
or $conf->{globalStorage} =~
/^Lemonldap::NG::Common::Apache::Session::/ );
eval "use $conf->{globalStorage}";
return ( -1, "Unknown package $conf->{globalStorage}" ) if ($@);
eval {
......@@ -228,17 +230,18 @@ sub tests {
eval { tied(%h)->delete; };
return ( -1, "Unable to delete session ($@)" ) if ($@);
return ( -1,
'All sessions may be lost and you must restart all your Apache servers'
'All sessions may be lost and you must restart all your Apache servers'
) if ( $gc and $conf->{globalStorage} ne $gc );
return 1;
},
# Warn if cookie name has changed
cookieNameChanged => sub {
my $cn = $Lemonldap::NG::Handler::PSGI::API::tsv->{cookieName};
my $cn = Lemonldap::NG::Handler::Main->tsv->{cookieName};
return (
1,
( $cn
(
$cn
and $cn ne $conf->{cookieName}
? 'Cookie name has changed, you must restart all your web servers'
: ()
......@@ -250,7 +253,8 @@ sub tests {
cookieTTL => sub {
return 1 unless ( defined $conf->{cookieExpiration} );
return ( 0, "Cookie TTL must be higher than one minute" )
unless ( $conf->{cookieExpiration} == 0 || $conf->{cookieExpiration} > 60 );
unless ( $conf->{cookieExpiration} == 0
|| $conf->{cookieExpiration} > 60 );
return ( 1, "Cookie TTL should be higher or equal than one hour" )
unless ( $conf->{cookieExpiration} >= 3600
|| $conf->{cookieExpiration} == 0 );
......@@ -274,7 +278,7 @@ sub tests {
sessionTimeoutActivity => sub {
return 1 unless ( defined $conf->{timeoutActivity} );
return ( 0,
"Session activity timeout must be higher or equal than one minute"
"Session activity timeout must be higher or equal than one minute"
)
unless ( $conf->{timeoutActivity} > 59
|| $conf->{timeoutActivity} == 0 );
......@@ -287,11 +291,11 @@ sub tests {
timeoutActivityInterval => sub {
return 1 unless ( defined $conf->{timeoutActivityInterval} );
return ( 0,
"Activity timeout interval must be lower than session activity timeout"
"Activity timeout interval must be lower than session activity timeout"
)
if ($conf->{timeoutActivity}
and $conf->{timeoutActivity}
<= $conf->{timeoutActivityInterval} );
if ( $conf->{timeoutActivity}
and $conf->{timeoutActivity} <=
$conf->{timeoutActivityInterval} );
# Return
return 1;
......@@ -301,7 +305,8 @@ sub tests {
managerProtection => sub {
return (
1,
( $conf->{cfgAuthor} eq 'anonymous'
(
$conf->{cfgAuthor} eq 'anonymous'
? 'Your manager seems to be unprotected'
: ''
)
......@@ -347,8 +352,9 @@ sub tests {
my $res = 1;
my %entityIds;
foreach my $idpId ( keys %{ $conf->{samlIDPMetaDataXML} } ) {
unless ( $conf->{samlIDPMetaDataXML}->{$idpId}
->{samlIDPMetaDataXML} =~ /entityID=(['"])(.+?)\1/si )
unless (
$conf->{samlIDPMetaDataXML}->{$idpId}->{samlIDPMetaDataXML}
=~ /entityID=(['"])(.+?)\1/si )
{
push @msg, "$idpId SAML metadata has no EntityID";
$res = 0;
......@@ -374,8 +380,8 @@ sub tests {
my %entityIds;
foreach my $spId ( keys %{ $conf->{samlSPMetaDataXML} } ) {
unless (
$conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML}
=~ /entityID=(['"])(.+?)\1/si )
$conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML} =~
/entityID=(['"])(.+?)\1/si )
{
push @msg, "$spId SAML metadata has no EntityID";
$res = 0;
......@@ -409,8 +415,8 @@ sub tests {
);
}
eval {
Lemonldap::NG::Common::Combination::Parser->parse(
$moduleList, $conf->{combination} );
Lemonldap::NG::Common::Combination::Parser->parse( $moduleList,
$conf->{combination} );
};
return ( 0, $@ ) if ($@);
......@@ -456,7 +462,7 @@ sub tests {
{
eval "use Crypt::U2F::Server::Simple";
return ( 1,
"Crypt::U2F::Server::Simple module is required to enable U2F"
"Crypt::U2F::Server::Simple module is required to enable U2F"
) if ($@);
}
......@@ -464,7 +470,7 @@ sub tests {
if ( $conf->{yubikey2fActivation} ) {
eval "use Auth::Yubikey_WebClient";
return ( 1,
"Auth::Yubikey_WebClient module is required to enable Yubikey"
"Auth::Yubikey_WebClient module is required to enable Yubikey"
) if ($@);
}
......@@ -489,7 +495,9 @@ sub tests {
return 1 unless ( defined $conf->{totp2fDigits} );
return (
1,
( ( $conf->{totp2fDigits} == 6
(
(
$conf->{totp2fDigits} == 6
or $conf->{totp2fDigits} == 8
)
? ''
......@@ -519,7 +527,8 @@ sub tests {
&& defined $conf->{yubikey2fClientID} );
return (
1,
( ( $conf->{yubikey2fPublicIDSize} == 12 )
(
( $conf->{yubikey2fPublicIDSize} == 12 )
? ''
: 'Yubikey public ID size should be 12 digits long'
)
......@@ -551,8 +560,7 @@ sub tests {
$ok ||= $conf->{'utotp2fActivation'}
&& ( $conf->{'u2fSelfRegistration'}
|| $conf->{'totp2fSelfRegistration'} );
$msg
= "A self registrable module should be enabled to require 2FA"
$msg = "A self registrable module should be enabled to require 2FA"
unless ($ok);
return ( 1, $msg );
......@@ -584,8 +592,7 @@ sub tests {
# Warn if number of password reset retries is null
passwordResetRetries => sub {
return 1 unless ( $conf->{portalDisplayResetPassword} );
return ( 1,
"Number of reset password retries should not be null" )
return ( 1, "Number of reset password retries should not be null" )
unless ( $conf->{passwordResetAllowedRetries} );
# Return
......@@ -596,10 +603,10 @@ sub tests {
bruteForceProtection => sub {
return 1 unless ( $conf->{bruteForceProtection} );
return ( 1,
'"History" plugin is required to enable "BruteForceProtection" plugin'
'"History" plugin is required to enable "BruteForceProtection" plugin'
) unless ( $conf->{loginHistoryEnabled} );
return ( 1,
'Number of failed logins must be higher than 2 to enable "BruteForceProtection" plugin'
'Number of failed logins must be higher than 2 to enable "BruteForceProtection" plugin'
) unless ( $conf->{failedLoginNumber} > 2 );
# Return
......@@ -610,7 +617,7 @@ sub tests {
checkMailResetSecurity => sub {
return 1 unless ( $conf->{portalDisplayResetPassword} );
return ( -1,
'"passwordMailReset" plugin is enabled without CSRF Token neither Captcha required !!!'
'"passwordMailReset" plugin is enabled without CSRF Token neither Captcha required !!!'
)
unless ( $conf->{requireToken}
or $conf->{captcha_mail_enabled} );
......
......@@ -103,7 +103,7 @@ sub sessions {
# Case 2: list of sessions
my $whatToTrace = Lemonldap::NG::Handler::PSGI::Main->tsv->{whatToTrace};
my $whatToTrace = Lemonldap::NG::Handler::Main->tsv->{whatToTrace};
# 2.1 Get fields to require
my @fields = ( '_httpSessionType', $self->{ipField}, $whatToTrace );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment