From 8b7cc1e225aefefb1704da59635e31985c714b76 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= <clement@oodo.net>
Date: Fri, 22 Oct 2010 10:03:42 +0000
Subject: [PATCH] Add an anti frame protection (#195)

---
 .../lib/Lemonldap/NG/Manager/_Struct.pm       |  5 +-
 .../lib/Lemonldap/NG/Manager/_i18n.pm         |  2 +
 .../example/skins/common/portal.js            | 53 +++++++++++--------
 .../example/skins/impact/header.tpl           |  3 +-
 .../example/skins/pastel/header.tpl           |  1 +
 .../lib/Lemonldap/NG/Portal/Display.pm        |  8 +++
 6 files changed, 47 insertions(+), 25 deletions(-)

diff --git a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
index c5815410d..984681402 100644
--- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
+++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
@@ -270,7 +270,7 @@ sub struct {
 
                 portalCustomization => {
                     _nodes => [
-                        qw(portalSkin portalDisplayResetPassword portalAutocomplete portalRequireOldPassword portalUserAttr portalOpenLinkInNewWindow)
+                        qw(portalSkin portalDisplayResetPassword portalAutocomplete portalRequireOldPassword portalUserAttr portalOpenLinkInNewWindow portalAntiFrame)
                     ],
 
                     portalSkin => 'text:/portalSkin:portalParams:skinSelect',
@@ -282,6 +282,7 @@ sub struct {
                     portalUserAttr => 'text:/portalUserAttr',
                     portalOpenLinkInNewWindow =>
                       'bool:/portalOpenLinkInNewWindow',
+                    portalAntiFrame => 'bool:/portalAntiFrame',
                 },
             },
 
@@ -1344,6 +1345,7 @@ sub testStruct {
         portalDisplayResetPassword  => $boolean,
         portalForceAuthn            => $boolean,
         portalOpenLinkInNewWindow   => $boolean,
+        portalAntiFrame             => $boolean,
         portalParams                => $testNotDefined,
         portalRequireOldPassword    => $boolean,
         portalSkin                  => {
@@ -1685,6 +1687,7 @@ sub defaultConf {
         portalDisplayChangePassword => '$_auth eq LDAP or $_auth eq DBI',
         portalDisplayLogout         => '1',
         portalDisplayResetPassword  => '1',
+        portalAntiFrame             => '1',
         protection                  => 'none',
         remoteGlobalStorage => 'Lemonldap::NG::Common::Apache::Session::SOAP',
         securedCookie       => '0',
diff --git a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
index 459326638..78ce2ef4f 100644
--- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
+++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
@@ -220,6 +220,7 @@ sub en {
         passwordManagement           => 'Password management',
         port                         => 'Port',
         portal                       => 'URL',
+        portalAntiFrame              => 'Anti frame protection',
         portalAutocomplete           => 'Auto complete',
         portalCustomization          => 'Customization',
         portalDisplayAppslist        => 'Applications list',
@@ -601,6 +602,7 @@ sub fr {
         passwordManagement           => 'Gestion des mots de passe',
         port                         => 'Port',
         portal                       => 'URL',
+        portalAntiFrame              => 'Protection anti frame',
         portalAutocomplete           => 'Auto complétion',
         portalCustomization          => 'Personnalisation',
         portalDisplayAppslist        => 'Liste des applications',
diff --git a/modules/lemonldap-ng-portal/example/skins/common/portal.js b/modules/lemonldap-ng-portal/example/skins/common/portal.js
index 37b14e7ef..44575895c 100644
--- a/modules/lemonldap-ng-portal/example/skins/common/portal.js
+++ b/modules/lemonldap-ng-portal/example/skins/common/portal.js
@@ -1,26 +1,42 @@
 /**
- * Lemonldap::NG Portal jQuery scripts
+ * LemonLDAP::NG Portal jQuery scripts
  */
 
 /* Used variables
  * - displaytab
+ * - choicetab
  * - autocomplete
  * - login
  * - newwindow
+ * - antiframe
  */
 
 /* Set autocomplete real value */
 if(autocomplete.match('1')){autocomplete='on';}
 if(autocomplete.match('0')){autocomplete='off';}
 
+/* Set antiframe value (default is true) */
+if(antiframe.match('0')){antiframe=false;}else{antiframe=true};
+
 /* jQuery */
 $(document).ready(function(){
+
+	/* AntiFrame script */
+	if(antiframe && top!=self){
+		top.location.href = location.href;
+	}
+
+	/* Display message */
 	$("div.message").fadeIn('slow');
+
+	/* Set timezone */
 	$("input[name=timezone]").val( -(new Date().getTimezoneOffset()/60) );
+
+	/* Menu tabs */
 	$("#menu").tabs({ fx: { opacity: 'toggle' } });
 	$("#menu").tabs("select",displaytab);
 
-	/* Authentication choice */
+	/* Authentication choice tabs */
 	$("#authMenu").tabs({
 		fx: {opacity: 'toggle'},
 		cookie: {name: 'lemonldapauthchoice'},
@@ -31,32 +47,17 @@ $(document).ready(function(){
 	});
 	$("#authMenu").tabs("select",choicetab);
 
+	/* Focus on first visible input */
 	$("input[type!=hidden]:first").focus();
-	$("input[type='password']").attr("autocomplete",autocomplete);
+	if(login){ $("input[type=password]:first").focus(); }
 
-	/*
-	$("#appslist li[class!=catname]").hover(
-		function(){
-			var appid = $(this).attr("title");
-			$("div.appsdesc").hide();
-			$("div#" + appid).show();
-		},
-		function() {
-			var appid = $(this).attr("title");
-			// Show parent application if this was a sub application
-			if ( $("#appslist li[title="+appid+"]").parent().parent().hasClass("appname") ) {
-				var parentappid = $("#appslist li[title="+appid+"]").parent().parent().attr("title");
-				$("div.appsdesc").hide();
-				$("div#" + parentappid).show();
-			}
-		}
-	);
-	*/
+	/* Password autocompletion */
+	$("input[type='password']").attr("autocomplete",autocomplete);
 
-	if(login){ $("input[type=password]:first").focus(); }
+	/* Open links in new windows */
 	if(newwindow){ $('#appslist a[href^="http://"]').attr("target", "_blank"); }
 
-	// Complete removeOther link
+	/* Complete removeOther link */
 	if ($("p.removeOther").length) {
 		var action = $("form.login").attr("action");
 		var method = $("form.login").attr("method");
@@ -81,6 +82,11 @@ $(document).ready(function(){
 	}
 });
 
+/* function boolean isHiddenFormValueSet(string option)
+ * Check if an hidden option is set
+ * @param option Option name
+ * @return true if option is set, false else
+ */
 function isHiddenFormValueSet(option){
 	if($('#lmhidden_'+option).length){
 		return true;
@@ -88,3 +94,4 @@ function isHiddenFormValueSet(option){
 		return false;
 	}
 }
+
diff --git a/modules/lemonldap-ng-portal/example/skins/impact/header.tpl b/modules/lemonldap-ng-portal/example/skins/impact/header.tpl
index 9567f3f94..0601711d2 100644
--- a/modules/lemonldap-ng-portal/example/skins/impact/header.tpl
+++ b/modules/lemonldap-ng-portal/example/skins/impact/header.tpl
@@ -23,7 +23,8 @@
             var autocomplete='<TMPL_VAR NAME="AUTOCOMPLETE">';
             var login='<TMPL_VAR NAME="LOGIN">';
             var newwindow='<TMPL_VAR NAME="NEWWINDOW">';
-            var confirmlogoutmsg='<lang en="Are your sure you want to disconnect ?" fr="&Ecirc;tes vous s&ucirc;re de vouloir vous d&eacute;connectez ?" />';
+            var antiframe='<TMPL_VAR NAME="ANTIFRAME">';
+            var confirmlogoutmsg='<lang en="Are your sure you want to disconnect?" fr="&Ecirc;tes vous s&ucirc;r de vouloir vous d&eacute;connecter ?" />';
             var confirmlogouttitle='<lang en="Confirmation" fr="Confirmation" />';
         //]]></script>
         <script type="text/javascript" src="/skins/<TMPL_VAR NAME="SKIN">/impact.js"></script>
diff --git a/modules/lemonldap-ng-portal/example/skins/pastel/header.tpl b/modules/lemonldap-ng-portal/example/skins/pastel/header.tpl
index c08b1714a..dc278526e 100644
--- a/modules/lemonldap-ng-portal/example/skins/pastel/header.tpl
+++ b/modules/lemonldap-ng-portal/example/skins/pastel/header.tpl
@@ -23,6 +23,7 @@
             var autocomplete='<TMPL_VAR NAME="AUTOCOMPLETE">';
             var login='<TMPL_VAR NAME="LOGIN">';
             var newwindow='<TMPL_VAR NAME="NEWWINDOW">';
+            var antiframe='<TMPL_VAR NAME="ANTIFRAME">';
         //]]></script>
         <script type="text/javascript" src="/skins/common/portal.js"></script>
 </head>
diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Display.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Display.pm
index 6e1a272a4..a80c97a9a 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Display.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Display.pm
@@ -37,6 +37,7 @@ sub display {
         %templateParams = (
             PORTAL_URL => $self->{portal},
             LOGOUT_URL => $self->{portal} . "?logout=1",
+            ANTIFRAME  => $self->{portalAntiFrame},
             URL        => $self->{urldc},
             SKIN       => $self->{portalSkin},
             ERROR403   => $error403,
@@ -65,6 +66,7 @@ sub display {
             $skinfile       = 'info.tpl';
             %templateParams = (
                 AUTH_ERROR_TYPE => $self->error_type,
+                ANTIFRAME       => $self->{portalAntiFrame},
                 MSG             => $info,
                 SKIN            => $skin,
                 URL             => $self->{urldc},
@@ -87,6 +89,7 @@ sub display {
             %templateParams = (
                 AUTH_USER       => $auth_user,
                 AUTOCOMPLETE    => $self->{portalAutocomplete},
+                ANTIFRAME       => $self->{portalAntiFrame},
                 SKIN            => $skin,
                 AUTH_ERROR      => $self->error( undef, $self->{menuError} ),
                 AUTH_ERROR_TYPE => $self->error_type( $self->{menuError} ),
@@ -109,6 +112,7 @@ sub display {
         $skinfile       = 'notification.tpl';
         %templateParams = (
             AUTH_ERROR_TYPE => $self->error_type,
+            ANTIFRAME       => $self->{portalAntiFrame},
             NOTIFICATION    => $notif,
             SKIN            => $skin,
             HIDDEN_INPUTS   => $self->buildHiddenForm(),
@@ -124,6 +128,7 @@ sub display {
             AUTH_ERROR      => $self->error,
             AUTH_ERROR_TYPE => $self->error_type,
             AUTH_URL        => $self->get_url,
+            ANTIFRAME       => $self->{portalAntiFrame},
             MSG             => $self->info(),
             SKIN            => $skin,
             HIDDEN_INPUTS   => $self->buildHiddenForm(),
@@ -141,6 +146,7 @@ sub display {
         %templateParams = (
             AUTH_ERROR      => $self->error,
             AUTH_ERROR_TYPE => $self->error_type,
+            ANTIFRAME       => $self->{portalAntiFrame},
             MSG             => $info,
             SKIN            => $skin,
             URL             => $self->{urldc},
@@ -162,6 +168,7 @@ sub display {
         %templateParams = (
             AUTH_ERROR      => $self->error,
             AUTH_ERROR_TYPE => $self->error_type,
+            ANTIFRAME       => $self->{portalAntiFrame},
             SKIN            => $skin,
             PROVIDERURI     => $p,
             ID              => $self->{_openidPortal}
@@ -179,6 +186,7 @@ sub display {
             AUTH_ERROR            => $self->error,
             AUTH_ERROR_TYPE       => $self->error_type,
             AUTH_URL              => $self->get_url,
+            ANTIFRAME             => $self->{portalAntiFrame},
             LOGIN                 => $self->get_user,
             AUTOCOMPLETE          => $self->{portalAutocomplete},
             SKIN                  => $skin,