WIP - checkUser hide secret attributes (#1658)

6 years ago · 557539805a
parent 30148caf2d
commit 557539805a
5 changed files with 19 additions and 19 deletions
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
@ -29,7 +29,7 @@ sub defaultValues {
        'casAuthnLevel'                 => 1,
        'checkTime'                     => 600,
        'checkUser'                     => 1,
-        'checkUserHiddenAttributes'     => 'UA',
+        'checkUserHiddenAttributes'     => 'UA _2fDevices',
        'checkXSS'                      => 1,
        'confirmFormMethod'             => 'post',
        'cookieName'                    => 'lemonldap',
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@ -772,7 +772,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
            'type'    => 'bool'
        },
        'checkUserHiddenAttributes' => {
-            'default' => 'UA',
+            'default' => 'UA _2fDevices',
            'type'    => 'text'
        },
        'checkXSS' => {
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@ -586,7 +586,7 @@ sub attributes {
        },
        checkUserHiddenAttributes => {
            type          => 'text',
-            default       => 'UA',
+            default       => 'UA _2fDevices',
            documentation => 'Attributes to hide in CheckUser plugin',
            flags         => 'p',
        },
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
@ -63,11 +63,9 @@ sub check {
    while ( my ( $k, $v ) = each %$attrs ) {

        # Ignore hidden attributes
-        push @$array_attrs, { key => $k, value => $v } unless ( $self->hAttr =~ /\b$k\b/ );
-
+        push @$array_attrs, { key => $k, value => $v } unless ( $self->hAttr =~ /\b$k\b/ or !$v );
    }
    @$array_attrs =  sort { $a->{key} cmp $b->{key} } @$array_attrs;
-    $self->logger->debug( "******** " . Dumper($array_attrs) );

    # Check if user is allowed to access submitted URL and compute headers
    if ( $url and %$attrs ) {
@ -85,9 +83,9 @@ sub check {
        while ( my ( $k, $v ) = each %$hdrs ) {
            push @$array_hdrs, { key => $k, value => $v };
        }
+        @$array_hdrs =  sort { $a->{key} cmp $b->{key} } @$array_hdrs;

        $self->logger->debug( "+++++++++++++ " . Dumper($array_hdrs) );
-
    }

    # Display form
--- a/lemonldap-ng-portal/site/templates/bootstrap/checkuser.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/checkuser.tpl
@ -20,18 +20,7 @@
    </div>
    <input name="url" type="text" class="form-control" value="<TMPL_VAR NAME="URL">" trplaceholder="URL" aria-required="true"/>
  </div>
-  <div class="buttons">
-    <button type="submit" class="btn btn-success">
-      <span class="fa fa-sign-in"></span>
-      <span trspan="checkUser">Check user</span>
-    </button>
-    <a href="<TMPL_VAR NAME="PORTAL_URL">" class="btn btn-primary" role="button">
-      <span class="fa fa-home"></span>
-      <span trspan="goToPortal">Go to portal</span>
-    </a>
-  </div>
-</form>
-</div>
+

 <TMPL_IF NAME="ALLOWED">
 <div class="message message-positive alert"><span trspan="<TMPL_VAR NAME="ALLOWED">"></span></div>
@ -83,4 +72,17 @@
  </div>
 </TMPL_IF>

+  <div class="buttons">
+    <button type="submit" class="btn btn-success">
+      <span class="fa fa-sign-in"></span>
+      <span trspan="checkUser">Check user</span>
+    </button>
+    <a href="<TMPL_VAR NAME="PORTAL_URL">" class="btn btn-primary" role="button">
+      <span class="fa fa-home"></span>
+      <span trspan="goToPortal">Go to portal</span>
+    </a>
+  </div>
+</form>
+</div>
+
 <TMPL_INCLUDE NAME="footer.tpl">