|
|
|
|
@ -31,8 +31,7 @@ sub tests { |
|
|
|
|
portalIsInDomain => sub { |
|
|
|
|
return ( |
|
|
|
|
1, |
|
|
|
|
( |
|
|
|
|
index( $conf->{portal}, $conf->{domain} ) > 0 |
|
|
|
|
( index( $conf->{portal}, $conf->{domain} ) > 0 |
|
|
|
|
? '' |
|
|
|
|
: "Portal seems not to be in the domain $conf->{domain}" |
|
|
|
|
) |
|
|
|
|
@ -62,8 +61,7 @@ sub tests { |
|
|
|
|
} |
|
|
|
|
return ( |
|
|
|
|
1, |
|
|
|
|
( |
|
|
|
|
@pb |
|
|
|
|
( @pb |
|
|
|
|
? 'Virtual hosts ' |
|
|
|
|
. join( ', ', @pb ) |
|
|
|
|
. " are not in $conf->{domain} and cross-domain-authentication is not set" |
|
|
|
|
@ -120,8 +118,8 @@ sub tests { |
|
|
|
|
checkAttrAndMacros => sub { |
|
|
|
|
my @tmp; |
|
|
|
|
foreach my $k ( keys %$conf ) { |
|
|
|
|
if ( $k =~ |
|
|
|
|
/^(?:openIdSreg_(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)|whatToTrace)$/ |
|
|
|
|
if ( $k |
|
|
|
|
=~ /^(?:openIdSreg_(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)|whatToTrace)$/ |
|
|
|
|
) |
|
|
|
|
{ |
|
|
|
|
my $v = $conf->{$k}; |
|
|
|
|
@ -139,8 +137,7 @@ sub tests { |
|
|
|
|
} |
|
|
|
|
return ( |
|
|
|
|
1, |
|
|
|
|
( |
|
|
|
|
@tmp |
|
|
|
|
( @tmp |
|
|
|
|
? 'Values of parameter(s) "' |
|
|
|
|
. join( ', ', @tmp ) |
|
|
|
|
. '" are not defined in exported attributes or macros' |
|
|
|
|
@ -155,15 +152,15 @@ sub tests { |
|
|
|
|
if ( $conf->{userDB} =~ /^Google$/ ) { |
|
|
|
|
foreach my $k ( keys %{ $conf->{exportedVars} } ) { |
|
|
|
|
my $v = $conf->{exportedVars}->{$k}; |
|
|
|
|
if ( $v !~ Lemonldap::NG::Common::Regexp::GOOGLEAXATTR() ) { |
|
|
|
|
if ( $v !~ Lemonldap::NG::Common::Regexp::GOOGLEAXATTR() ) |
|
|
|
|
{ |
|
|
|
|
push @tmp, $v; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
return ( |
|
|
|
|
1, |
|
|
|
|
( |
|
|
|
|
@tmp |
|
|
|
|
( @tmp |
|
|
|
|
? 'Values of parameter(s) "' |
|
|
|
|
. join( ', ', @tmp ) |
|
|
|
|
. '" are not exported by Google' |
|
|
|
|
@ -178,7 +175,8 @@ sub tests { |
|
|
|
|
if ( $conf->{userDB} =~ /^OpenID$/ ) { |
|
|
|
|
foreach my $k ( keys %{ $conf->{exportedVars} } ) { |
|
|
|
|
my $v = $conf->{exportedVars}->{$k}; |
|
|
|
|
if ( $v !~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() ) |
|
|
|
|
if ( $v |
|
|
|
|
!~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() ) |
|
|
|
|
{ |
|
|
|
|
push @tmp, $v; |
|
|
|
|
} |
|
|
|
|
@ -186,8 +184,7 @@ sub tests { |
|
|
|
|
} |
|
|
|
|
return ( |
|
|
|
|
1, |
|
|
|
|
( |
|
|
|
|
@tmp |
|
|
|
|
( @tmp |
|
|
|
|
? 'Values of parameter(s) "' |
|
|
|
|
. join( ', ', @tmp ) |
|
|
|
|
. '" are not exported by OpenID SREG' |
|
|
|
|
@ -199,11 +196,12 @@ sub tests { |
|
|
|
|
# Try to use Apache::Session module |
|
|
|
|
testApacheSession => sub { |
|
|
|
|
my ( $id, %h ); |
|
|
|
|
my $gc = Lemonldap::NG::Handler::Main->tsv->{sessionStorageModule}; |
|
|
|
|
my $gc |
|
|
|
|
= Lemonldap::NG::Handler::Main->tsv->{sessionStorageModule}; |
|
|
|
|
return 1 |
|
|
|
|
if ( ( $gc and $gc eq $conf->{globalStorage} ) |
|
|
|
|
or $conf->{globalStorage} =~ |
|
|
|
|
/^Lemonldap::NG::Common::Apache::Session::/ ); |
|
|
|
|
or $conf->{globalStorage} |
|
|
|
|
=~ /^Lemonldap::NG::Common::Apache::Session::/ ); |
|
|
|
|
eval "use $conf->{globalStorage}"; |
|
|
|
|
return ( -1, "Unknown package $conf->{globalStorage}" ) if ($@); |
|
|
|
|
eval { |
|
|
|
|
@ -241,8 +239,7 @@ sub tests { |
|
|
|
|
my $cn = Lemonldap::NG::Handler::Main->tsv->{cookieName}; |
|
|
|
|
return ( |
|
|
|
|
1, |
|
|
|
|
( |
|
|
|
|
$cn |
|
|
|
|
( $cn |
|
|
|
|
and $cn ne $conf->{cookieName} |
|
|
|
|
? 'Cookie name has changed, you must restart all your web servers' |
|
|
|
|
: () |
|
|
|
|
@ -295,8 +292,8 @@ sub tests { |
|
|
|
|
"Activity timeout interval must be lower than session activity timeout" |
|
|
|
|
) |
|
|
|
|
if ($conf->{timeoutActivity} |
|
|
|
|
and $conf->{timeoutActivity} <= |
|
|
|
|
$conf->{timeoutActivityInterval} ); |
|
|
|
|
and $conf->{timeoutActivity} |
|
|
|
|
<= $conf->{timeoutActivityInterval} ); |
|
|
|
|
|
|
|
|
|
# Return |
|
|
|
|
return 1; |
|
|
|
|
@ -306,8 +303,7 @@ sub tests { |
|
|
|
|
managerProtection => sub { |
|
|
|
|
return ( |
|
|
|
|
1, |
|
|
|
|
( |
|
|
|
|
$conf->{cfgAuthor} eq 'anonymous' |
|
|
|
|
( $conf->{cfgAuthor} eq 'anonymous' |
|
|
|
|
? 'Your manager seems to be unprotected' |
|
|
|
|
: '' |
|
|
|
|
) |
|
|
|
|
@ -357,9 +353,8 @@ sub tests { |
|
|
|
|
my $res = 1; |
|
|
|
|
my %entityIds; |
|
|
|
|
foreach my $idpId ( keys %{ $conf->{samlIDPMetaDataXML} } ) { |
|
|
|
|
unless ( |
|
|
|
|
$conf->{samlIDPMetaDataXML}->{$idpId}->{samlIDPMetaDataXML} |
|
|
|
|
=~ /entityID=(['"])(.+?)\1/si ) |
|
|
|
|
unless ( $conf->{samlIDPMetaDataXML}->{$idpId} |
|
|
|
|
->{samlIDPMetaDataXML} =~ /entityID=(['"])(.+?)\1/si ) |
|
|
|
|
{ |
|
|
|
|
push @msg, "$idpId SAML metadata has no EntityID"; |
|
|
|
|
$res = 0; |
|
|
|
|
@ -385,8 +380,8 @@ sub tests { |
|
|
|
|
my %entityIds; |
|
|
|
|
foreach my $spId ( keys %{ $conf->{samlSPMetaDataXML} } ) { |
|
|
|
|
unless ( |
|
|
|
|
$conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML} =~ |
|
|
|
|
/entityID=(['"])(.+?)\1/si ) |
|
|
|
|
$conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML} |
|
|
|
|
=~ /entityID=(['"])(.+?)\1/si ) |
|
|
|
|
{ |
|
|
|
|
push @msg, "$spId SAML metadata has no EntityID"; |
|
|
|
|
$res = 0; |
|
|
|
|
@ -420,8 +415,8 @@ sub tests { |
|
|
|
|
); |
|
|
|
|
} |
|
|
|
|
eval { |
|
|
|
|
Lemonldap::NG::Common::Combination::Parser->parse( $moduleList, |
|
|
|
|
$conf->{combination} ); |
|
|
|
|
Lemonldap::NG::Common::Combination::Parser->parse( |
|
|
|
|
$moduleList, $conf->{combination} ); |
|
|
|
|
}; |
|
|
|
|
return ( 0, $@ ) if ($@); |
|
|
|
|
|
|
|
|
|
@ -500,8 +495,8 @@ sub tests { |
|
|
|
|
return 1 unless ( defined $conf->{totp2fDigits} ); |
|
|
|
|
return ( |
|
|
|
|
1, |
|
|
|
|
( ( |
|
|
|
|
$conf->{totp2fDigits} == 6 |
|
|
|
|
( |
|
|
|
|
( $conf->{totp2fDigits} == 6 |
|
|
|
|
or $conf->{totp2fDigits} == 8 |
|
|
|
|
) |
|
|
|
|
? '' |
|
|
|
|
@ -531,8 +526,7 @@ sub tests { |
|
|
|
|
&& defined $conf->{yubikey2fClientID} ); |
|
|
|
|
return ( |
|
|
|
|
1, |
|
|
|
|
( |
|
|
|
|
( $conf->{yubikey2fPublicIDSize} == 12 ) |
|
|
|
|
( ( $conf->{yubikey2fPublicIDSize} == 12 ) |
|
|
|
|
? '' |
|
|
|
|
: 'Yubikey public ID size should be 12 digits long' |
|
|
|
|
) |
|
|
|
|
@ -564,7 +558,8 @@ sub tests { |
|
|
|
|
$ok ||= $conf->{'utotp2fActivation'} |
|
|
|
|
&& ( $conf->{'u2fSelfRegistration'} |
|
|
|
|
|| $conf->{'totp2fSelfRegistration'} ); |
|
|
|
|
$msg = "A self registrable module should be enabled to require 2FA" |
|
|
|
|
$msg |
|
|
|
|
= "A self registrable module should be enabled to require 2FA" |
|
|
|
|
unless ($ok); |
|
|
|
|
|
|
|
|
|
return ( 1, $msg ); |
|
|
|
|
@ -573,9 +568,12 @@ sub tests { |
|
|
|
|
# Error if external 2F Send or Validate command is missing |
|
|
|
|
ext2fCommands => sub { |
|
|
|
|
return 1 unless ( $conf->{ext2fActivation} ); |
|
|
|
|
return ( 0, "External 2F Send or Validate command must be set" ) |
|
|
|
|
unless ( defined $conf->{ext2FSendCommand} |
|
|
|
|
&& defined $conf->{ext2FValidateCommand} ); |
|
|
|
|
return ( 0, "External 2F Send command must be set" ) |
|
|
|
|
unless ( defined $conf->{ext2FSendCommand} ); |
|
|
|
|
unless ( defined $conf->{ext2fCodeActivation} ) { |
|
|
|
|
return ( 0, "External 2F Validate command must be set" ) |
|
|
|
|
unless ( defined $conf->{ext2FValidateCommand} ); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
# Return |
|
|
|
|
return 1; |
|
|
|
|
@ -596,7 +594,8 @@ sub tests { |
|
|
|
|
# Warn if number of password reset retries is null |
|
|
|
|
passwordResetRetries => sub { |
|
|
|
|
return 1 unless ( $conf->{portalDisplayResetPassword} ); |
|
|
|
|
return ( 1, "Number of reset password retries should not be null" ) |
|
|
|
|
return ( 1, |
|
|
|
|
"Number of reset password retries should not be null" ) |
|
|
|
|
unless ( $conf->{passwordResetAllowedRetries} ); |
|
|
|
|
|
|
|
|
|
# Return |
|
|
|
|
|
Christophe Maudoux
6 years ago