Fix some warnings (#2538)

4 years ago · 86f46ebc5b
parent e7dde21241
commit 86f46ebc5b
5 changed files with 80 additions and 56 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
@ -21,7 +21,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
  PE_UNAUTHORIZEDPARTNER
 );

-our $VERSION = '2.0.10';
+our $VERSION = '2.0.12';

 extends 'Lemonldap::NG::Portal::Main::Issuer',
  'Lemonldap::NG::Portal::Lib::SAML';
@ -458,7 +458,9 @@ sub run {
                }

                unless ($result) {
-                    $self->logger->error("Could not verify signature of incoming SSO request from $spConfKey");
+                    $self->logger->error(
+"Could not verify signature of incoming SSO request from $spConfKey"
+                    );
                    return PE_SAML_SIGNATURE_ERROR;
                }
                else {
@ -599,7 +601,9 @@ sub run {
            };

            my $nameIDSessionKey =
-              $self->conf->{ $nameIDFormatConfiguration->{$nameIDFormat} };
+                $nameIDFormatConfiguration->{$nameIDFormat}
+              ? $self->conf->{ $nameIDFormatConfiguration->{$nameIDFormat} }
+              : '';

            # Override default NameID Mapping
            if ( $self->conf->{samlSPMetaDataOptions}->{$spConfKey}
@ -700,7 +704,8 @@ sub run {
                }

                $self->logger->debug(
-                    "SAML2 attribute $name will be set with $_ session key ($sp)");
+"SAML2 attribute $name will be set with $_ session key ($sp)"
+                );

                # SAML2 attribute
                my $attribute =
@ -1317,8 +1322,7 @@ sub soapSloServer {
                "SLO response signature according to metadata");
        }

-        $h =
-          $self->p->processHook( $req, 'samlBuildLogoutResponse', $logout );
+        $h = $self->p->processHook( $req, 'samlBuildLogoutResponse', $logout );
        if ( $h != PE_OK ) {
            return $self->p->sendError( $req,
                "SLO: samlBuildLogoutResponse hook returned error", 400 );
@ -1976,7 +1980,9 @@ sub sloServer {

        if ($checkSLOMessageSignature) {
            unless ( $self->checkSignatureStatus($logout) ) {
-                $self->logger->error("Could not verify signature of incoming SLO request from $spConfKey");
+                $self->logger->error(
+"Could not verify signature of incoming SLO request from $spConfKey"
+                );
                $self->imgnok($req);
            }
            else {
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/GlobalLogout.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/GlobalLogout.pm
@ -12,7 +12,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
  PE_SENDRESPONSE
 );

-our $VERSION = '2.0.10';
+our $VERSION = '2.0.12';

 extends qw(
  Lemonldap::NG::Portal::Main::Plugin
@ -172,50 +172,52 @@ sub activeSessions {
    my $customParam    = $self->conf->{globalLogoutCustomParam} || '';

    # Try to retrieve sessions from sessions DB
-    $self->logger->debug('Try to retrieve sessions from DB');
-    my $moduleOptions = $self->conf->{globalStorageOptions} || {};
-    $moduleOptions->{backend} = $self->conf->{globalStorage};
-    $self->logger->debug("Looking for \"$user\" sessions...");
-    $sessions =
-      $self->module->searchOn( $moduleOptions, $self->conf->{whatToTrace},
-        $user );
-
-    $self->logger->debug('Remove non-SSO session(s)...');
-    my $other = 0;
-    foreach ( keys %$sessions ) {
-        unless ( $sessions->{$_}->{_session_kind} eq 'SSO' ) {
-            delete $sessions->{$_};
-            $other++;
+    if ($user) {
+        $self->logger->debug('Try to retrieve sessions from DB');
+        my $moduleOptions = $self->conf->{globalStorageOptions} || {};
+        $moduleOptions->{backend} = $self->conf->{globalStorage};
+        $self->logger->debug("Looking for \"$user\" sessions...");
+        $sessions =
+          $self->module->searchOn( $moduleOptions, $self->conf->{whatToTrace},
+            $user );
+
+        $self->logger->debug('Skip non-SSO session(s)...');
+        my $other = 0;
+        foreach ( keys %$sessions ) {
+            unless ( $sessions->{$_}->{_session_kind} eq 'SSO' ) {
+                delete $sessions->{$_};
+                $other++;
+            }
        }
-    }
-    $self->logger->info("$other non-SSO session(s) removed")
-      if $other;
-
-    $self->logger->debug('Build an array ref with sessions info...');
-    @$activeSessions =
-      map {
-        my $epoch;
-        my $regex = '^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})$';
-        $_->{startTime} =~ /$regex/;
-        $epoch = timelocal( $6, $5, $4, $3, $2 - 1, $1 );
-        $_->{startTime} = $epoch;
-        if ( $_->{updateTime} ) {
-            $_->{updateTime} =~ /$regex/;
+        $self->logger->info("$other non-SSO session(s) skipped")
+          if $other;
+
+        $self->logger->debug('Build an array ref with sessions info...');
+        @$activeSessions =
+          map {
+            my $epoch;
+            my $regex = '^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})$';
+            $_->{startTime} =~ /$regex/;
            $epoch = timelocal( $6, $5, $4, $3, $2 - 1, $1 );
-            $_->{updateTime} = $epoch;
-        }
-        $_;
-      }
-      sort { $b->{startTime} cmp $a->{startTime} } map { {
-            id          => $_,
-            customParam => $sessions->{$_}->{$customParam},
-            ipAddr      => $sessions->{$_}->{ipAddr},
-            authLevel   => $sessions->{$_}->{authenticationLevel},
-            startTime   => $sessions->{$_}->{_startTime},
-            updateTime  => $sessions->{$_}->{_updateTime}
-        };
-      } keys %$sessions;
-
+            $_->{startTime} = $epoch;
+            if ( $_->{updateTime} ) {
+                $_->{updateTime} =~ /$regex/;
+                $epoch = timelocal( $6, $5, $4, $3, $2 - 1, $1 );
+                $_->{updateTime} = $epoch;
+            }
+            $_;
+          }
+          sort { $b->{startTime} cmp $a->{startTime} } map { {
+                id          => $_,
+                customParam => $sessions->{$_}->{$customParam},
+                ipAddr      => $sessions->{$_}->{ipAddr},
+                authLevel   => $sessions->{$_}->{authenticationLevel},
+                startTime   => $sessions->{$_}->{_startTime},
+                updateTime  => $sessions->{$_}->{_updateTime}
+            };
+          } keys %$sessions;
+    }
+    
    return $activeSessions;
 }

--- a/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js
@ -1 +1 @@
-!function(){var o=function(e,r){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning message-danger alert-success alert-warning alert-danger"),$("#color").addClass("message-"+r),"positive"===r&&(r="success"),$("#color").addClass("alert-"+r)},r=function(e,r,t){if(console.log("Error",t),(e=JSON.parse(e.responseText))&&e.error)return e=e.error.replace(/.* /,""),console.log("Returned error",e),o(e,"warning")},t="",e=function(e){return o("yourTotpKey","warning"),$.ajax({type:"POST",url:portal+"/2fregisters/totp/getkey",dataType:"json",data:{newkey:e},error:r,success:function(e){var r;return e.error?(e.error.match(/totpExistingKey/)&&$("#divToHide").hide(),o(e.error,"warning")):e.portal&&e.user&&e.secret?($("#divToHide").show(),r="otpauth://totp/"+escape(e.portal)+":"+escape(e.user)+"?secret="+e.secret+"&issuer="+escape(e.portal),6!==e.digits&&(r+="&digits="+e.digits),30!==e.interval&&(r+="&period="+e.interval),new QRious({element:document.getElementById("qr"),value:r,size:150}),$("#serialized").text(r),e.newkey?o("yourNewTotpKey","warning"):o("yourTotpKey","success"),t=e.token):o("PE24","danger")}})},n=function(){var e=$("#code").val();return e?$.ajax({type:"POST",url:portal+"/2fregisters/totp/verify",dataType:"json",data:{token:t,code:e,TOTPName:$("#TOTPName").val()},error:r,success:function(e){return e.error?e.error.match(/bad(Code|Name)/)?o(e.error,"warning"):o(e.error,"danger"):o("yourKeyIsRegistered","success")}}):o("fillTheForm","warning")};$(document).ready(function(){return e(0),$("#changekey").on("click",function(){return e(1)}),$("#verify").on("click",n)})}.call(this);
+(function(){var r,e,n,t,o;n=function(e,r){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning message-danger alert-success alert-warning alert-danger"),$("#color").addClass("message-"+r),"positive"===r&&(r="success"),$("#color").addClass("alert-"+r)},r=function(e,r,t){var o;if(console.log("Error",t),(o=JSON.parse(e.responseText))&&o.error)return o=o.error.replace(/.* /,""),console.log("Returned error",o),n(o,"warning")},t="",e=function(e){return n("yourTotpKey","warning"),$.ajax({type:"POST",url:portal+"/2fregisters/totp/getkey",dataType:"json",data:{newkey:e},error:r,success:function(e){var r;return e.error?(e.error.match(/totpExistingKey/)&&$("#divToHide").hide(),n(e.error,"warning")):e.portal&&e.user&&e.secret?($("#divToHide").show(),r="otpauth://totp/"+escape(e.portal)+":"+escape(e.user)+"?secret="+e.secret+"&issuer="+escape(e.portal),6!==e.digits&&(r+="&digits="+e.digits),30!==e.interval&&(r+="&period="+e.interval),new QRious({element:document.getElementById("qr"),value:r,size:150}),$("#serialized").text(r),e.newkey?n("yourNewTotpKey","warning"):n("yourTotpKey","success"),t=e.token):n("PE24","danger")}})},o=function(){var e;return(e=$("#code").val())?$.ajax({type:"POST",url:portal+"/2fregisters/totp/verify",dataType:"json",data:{token:t,code:e,TOTPName:$("#TOTPName").val()},error:r,success:function(e){return e.error?e.error.match(/bad(Code|Name)/)?n(e.error,"warning"):n(e.error,"danger"):n("yourKeyIsRegistered","success")}}):n("fillTheForm","warning")},$(document).ready(function(){return e(0),$("#changekey").on("click",function(){return e(1)}),$("#verify").on("click",function(){return o()})})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/totpregistration.min.js.map
@ -1 +1 @@
-{"version":3,"sources":["totpregistration.js"],"names":["setMsg","msg","level","$","html","window","translate","removeClass","addClass","displayError","j","status","err","console","log","res","JSON","parse","responseText","error","replace","token","getKey","reset","ajax","type","url","portal","dataType","data","newkey","success","s","match","hide","user","secret","show","escape","digits","interval","QRious","element","document","getElementById","value","size","text","verify","val","code","TOTPName","ready","on","call","this"],"mappings":"CAMA,WACE,IAEAA,EAAS,SAASC,EAAKC,GAOrB,OANAC,EAAE,QAAQC,KAAKC,OAAOC,UAAUL,IAChCE,EAAE,UAAUI,YAAY,4FACxBJ,EAAE,UAAUK,SAAS,WAAaN,GACpB,aAAVA,IACFA,EAAQ,WAEHC,EAAE,UAAUK,SAAS,SAAWN,IAGzCO,EAAe,SAASC,EAAGC,EAAQC,GAIjC,GAFAC,QAAQC,IAAI,QAASF,IACrBG,EAAMC,KAAKC,MAAMP,EAAEQ,gBACRH,EAAII,MAGb,OAFAJ,EAAMA,EAAII,MAAMC,QAAQ,MAAO,IAC/BP,QAAQC,IAAI,iBAAkBC,GACvBf,EAAOe,EAAK,YAIvBM,EAAQ,GAERC,EAAS,SAASC,GAEhB,OADAvB,EAAO,cAAe,WACfG,EAAEqB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,KAAM,CACJC,OAAQP,GAEVJ,MAAOV,EACPsB,QAAS,SAASF,GAChB,IAAQG,EACR,OAAIH,EAAKV,OACHU,EAAKV,MAAMc,MAAM,oBACnB9B,EAAE,cAAc+B,OAEXlC,EAAO6B,EAAKV,MAAO,YAEtBU,EAAKF,QAAUE,EAAKM,MAAQN,EAAKO,QAGvCjC,EAAE,cAAckC,OAChBL,EAAI,kBAAqBM,OAAOT,EAAKF,QAAW,IAAOW,OAAOT,EAAKM,MAAS,WAAaN,EAAKO,OAAS,WAAcE,OAAOT,EAAKF,QAC7G,IAAhBE,EAAKU,SACPP,GAAK,WAAaH,EAAKU,QAEH,KAAlBV,EAAKW,WACPR,GAAK,WAAaH,EAAKW,UAEpB,IAAIC,OAAO,CACdC,QAASC,SAASC,eAAe,MACjCC,MAAOb,EACPc,KAAM,MAER3C,EAAE,eAAe4C,KAAKf,GAClBH,EAAKC,OACP9B,EAAO,iBAAkB,WAEzBA,EAAO,cAAe,WAEjBqB,EAAQQ,EAAKR,OArBXrB,EAAO,OAAQ,cA0B9BgD,EAAS,WACP,IACAC,EAAM9C,EAAE,SAAS8C,MACjB,OAAKA,EAGI9C,EAAEqB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,KAAM,CACJR,MAAOA,EACP6B,KAAMD,EACNE,SAAUhD,EAAE,aAAa8C,OAE3B9B,MAAOV,EACPsB,QAAS,SAASF,GAChB,OAAIA,EAAKV,MACHU,EAAKV,MAAMc,MAAM,kBACZjC,EAAO6B,EAAKV,MAAO,WAEnBnB,EAAO6B,EAAKV,MAAO,UAGrBnB,EAAO,sBAAuB,cApBpCA,EAAO,cAAe,YA2BjCG,EAAEwC,UAAUS,MAAM,WAKhB,OAJA9B,EAAO,GACPnB,EAAE,cAAckD,GAAG,QAAS,WAC1B,OAAO/B,EAAO,KAETnB,EAAE,WAAWkD,GAAG,QACdL,MAIVM,KAAKC"}
+{"version":3,"sources":["totpregistration.js"],"names":["displayError","getKey","setMsg","token","verify","msg","level","$","html","window","translate","removeClass","addClass","j","status","err","res","console","log","JSON","parse","responseText","error","replace","reset","ajax","type","url","portal","dataType","data","newkey","success","s","match","hide","user","secret","show","escape","digits","interval","QRious","element","document","getElementById","value","size","text","val","code","TOTPName","ready","on","call","this"],"mappings":"CAMA,WACE,IAAIA,EAAcC,EAAQC,EAAQC,EAAOC,EAEzCF,EAAS,SAASG,EAAKC,GAOrB,OANAC,EAAE,QAAQC,KAAKC,OAAOC,UAAUL,IAChCE,EAAE,UAAUI,YAAY,4FACxBJ,EAAE,UAAUK,SAAS,WAAaN,GACpB,aAAVA,IACFA,EAAQ,WAEHC,EAAE,UAAUK,SAAS,SAAWN,IAGzCN,EAAe,SAASa,EAAGC,EAAQC,GACjC,IAAIC,EAGJ,GAFAC,QAAQC,IAAI,QAASH,IACrBC,EAAMG,KAAKC,MAAMP,EAAEQ,gBACRL,EAAIM,MAGb,OAFAN,EAAMA,EAAIM,MAAMC,QAAQ,MAAO,IAC/BN,QAAQC,IAAI,iBAAkBF,GACvBd,EAAOc,EAAK,YAIvBb,EAAQ,GAERF,EAAS,SAASuB,GAEhB,OADAtB,EAAO,cAAe,WACfK,EAAEkB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,KAAM,CACJC,OAAQP,GAEVF,MAAOtB,EACPgC,QAAS,SAASF,GAChB,IAAQG,EACR,OAAIH,EAAKR,OACHQ,EAAKR,MAAMY,MAAM,oBACnB3B,EAAE,cAAc4B,OAEXjC,EAAO4B,EAAKR,MAAO,YAEtBQ,EAAKF,QAAUE,EAAKM,MAAQN,EAAKO,QAGvC9B,EAAE,cAAc+B,OAChBL,EAAI,kBAAqBM,OAAOT,EAAKF,QAAW,IAAOW,OAAOT,EAAKM,MAAS,WAAaN,EAAKO,OAAS,WAAcE,OAAOT,EAAKF,QAC7G,IAAhBE,EAAKU,SACPP,GAAK,WAAaH,EAAKU,QAEH,KAAlBV,EAAKW,WACPR,GAAK,WAAaH,EAAKW,UAEpB,IAAIC,OAAO,CACdC,QAASC,SAASC,eAAe,MACjCC,MAAOb,EACPc,KAAM,MAERxC,EAAE,eAAeyC,KAAKf,GAClBH,EAAKC,OACP7B,EAAO,iBAAkB,WAEzBA,EAAO,cAAe,WAEjBC,EAAQ2B,EAAK3B,OArBXD,EAAO,OAAQ,cA0B9BE,EAAS,WACP,IAAI6C,EAEJ,OADAA,EAAM1C,EAAE,SAAS0C,OAIR1C,EAAEkB,KAAK,CACZC,KAAM,OACNC,IAAKC,OAAS,2BACdC,SAAU,OACVC,KAAM,CACJ3B,MAAOA,EACP+C,KAAMD,EACNE,SAAU5C,EAAE,aAAa0C,OAE3B3B,MAAOtB,EACPgC,QAAS,SAASF,GAChB,OAAIA,EAAKR,MACHQ,EAAKR,MAAMY,MAAM,kBACZhC,EAAO4B,EAAKR,MAAO,WAEnBpB,EAAO4B,EAAKR,MAAO,UAGrBpB,EAAO,sBAAuB,cApBpCA,EAAO,cAAe,YA2BjCK,EAAEqC,UAAUQ,MAAM,WAKhB,OAJAnD,EAAO,GACPM,EAAE,cAAc8C,GAAG,QAAS,WAC1B,OAAOpD,EAAO,KAETM,EAAE,WAAW8C,GAAG,QAAS,WAC9B,OAAOjD,UAIVkD,KAAKC"}
--- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t
+++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t
@ -11,8 +11,8 @@ BEGIN {
    require 't/saml-lib.pm';
 }

-my $maintests = 21;
-my $debug     = 'error';
+my $maintests = 22;
+my $debug     = 'debug';
 my ( $issuer, $sp, $res );

 # Redefine LWP methods for tests
@ -35,8 +35,22 @@ SKIP: {
    $issuer = register( 'issuer', \&issuer );
    $sp     = register( 'sp',     \&sp );

-    # Simple SP access
+    # Try to authenticate
+    # -------------------
+    switch ('issuer');
    my $res;
+    ok(
+        $res = $issuer->_post(
+            '/', IO::String->new('user=french&password=french'),
+            length => 27
+        ),
+        'Auth query'
+    );
+    expectOK($res);
+    my $id = expectCookie($res);
+
+    # Simple SP access
+    switch ('sp');
    ok(
        $res = $sp->_get(
            '/', accept => 'text/html',
@ -140,7 +154,7 @@ SKIP: {

    # Verify authentication on SP
    expectRedirection( $res, 'http://auth.sp.com' );
-    my $spId      = expectCookie($res);
+    my $spId = expectCookie($res);
    $rawCookie = getHeader( $res, 'Set-Cookie' );
    ok( $rawCookie =~ /;\s*SameSite=None/, 'Found SameSite=None' );

@ -236,6 +250,8 @@ sub issuer {
                portal                 => 'http://auth.idp.com',
                authentication         => 'Demo',
                userDB                 => 'Same',
+                globalLogoutRule       => 1,
+                globalLogoutTimer      => 0,
                issuerDBSAMLActivation => 1,
                issuerDBSAMLRule       => '$uid eq "french"',
                samlSPMetaDataOptions  => {