worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Tidy

Browse Source
Moo
Christophe Maudoux 5 years ago
parent 372b95fba9
commit bb9e03d1e5
90 changed files with 394 additions and 613 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/File.pm
  2. 2
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/YAMLFile.pm
  3. 20
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
  4. 10
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm
  5. 165
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
  6. 6
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm
  7. 4
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/File.pm
  8. 2
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/JSON.pm
  9. 2
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm
  10. 4
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Safelib.pm
  11. 2
      lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm
  12. 2
      lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm
  13. 2
      lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
  14. 4
      lemonldap-ng-handler/t/12-Lemonldap-NG-Handler-Jail.t
  15. 4
      lemonldap-ng-handler/t/63-Lemonldap-NG-Handler-PSGI-Try.t
  16. 2
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm
  17. 33
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
  18. 4
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
  19. 2
      lemonldap-ng-manager/t/05-rest-api.t
  20. 2
      lemonldap-ng-manager/t/06-rest-api-RSA.t
  21. 2
      lemonldap-ng-manager/t/11-save-changed-conf-with-confirmation.t
  22. 2
      lemonldap-ng-manager/t/12-save-changed-conf.t
  23. 2
      lemonldap-ng-manager/t/14-bad-changes-in-conf.t
  24. 2
      lemonldap-ng-manager/t/15-combination.t
  25. 21
      lemonldap-ng-manager/t/16-cli.t
  26. 2
      lemonldap-ng-manager/t/17-extra2f.t
  27. 2
      lemonldap-ng-manager/t/40-sessions.t
  28. 2
      lemonldap-ng-manager/t/50-notifications-DBI.t
  29. 2
      lemonldap-ng-manager/t/60-2ndfa.t
  30. 4
      lemonldap-ng-manager/t/80-attributes.t
  31. 4
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm
  32. 2
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/Get.pm
  33. 2
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm
  34. 2
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Captcha.pm
  35. 4
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm
  36. 4
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/XML.pm
  37. 6
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
  38. 35
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
  39. 4
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm
  40. 19
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
  41. 7
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
  42. 2
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/REST.pm
  43. 5
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
  44. 2
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckState.pm
  45. 3
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
  46. 9
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm
  47. 2
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/History.pm
  48. 4
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
  49. 2
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm
  50. 12
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Notifications.pm
  51. 2
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/PublicPages.pm
  52. 2
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SOAPServer.pm
  53. 2
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SingleSession.pm
  54. 4
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
  55. 20
      lemonldap-ng-portal/t/01-AuthDemo.t
  56. 11
      lemonldap-ng-portal/t/01-Handler-redirection-and-URL-check-by-portal.t
  57. 6
      lemonldap-ng-portal/t/02-Password-Demo-Local-Ppolicy.t
  58. 7
      lemonldap-ng-portal/t/28-AuthChoice-with-captcha.t
  59. 7
      lemonldap-ng-portal/t/28-AuthChoice-with-token.t
  60. 6
      lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Metadata.t
  61. 296
      lemonldap-ng-portal/t/30-SAML-POST-Logout-when-expired.t
  62. 10
      lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-hybrid.t
  63. 2
      lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit-no-token.t
  64. 4
      lemonldap-ng-portal/t/34-Auth-Proxy-and-REST-Server.t
  65. 4
      lemonldap-ng-portal/t/34-Auth-Proxy-and-REST-sessions.t
  66. 2
      lemonldap-ng-portal/t/35-SOAP-config-backend.t
  67. 3
      lemonldap-ng-portal/t/40-Notifications-Explorer-XML-File.t
  68. 6
      lemonldap-ng-portal/t/40-Notifications-JSON-Server.t
  69. 24
      lemonldap-ng-portal/t/57-GlobalLogout-with-Double-cookies-Single-session.t
  70. 24
      lemonldap-ng-portal/t/57-GlobalLogout-with-Double-cookies.t
  71. 23
      lemonldap-ng-portal/t/57-LogoutForward.t
  72. 2
      lemonldap-ng-portal/t/59-Double-cookies-Refresh-and-Logout.t
  73. 2
      lemonldap-ng-portal/t/59-Secured-cookie-Refresh-and-Logout.t
  74. 8
      lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes-and-TOTP.t
  75. 7
      lemonldap-ng-portal/t/61-GrantSession.t
  76. 2
      lemonldap-ng-portal/t/61-Session-ActivityTimeout.t
  77. 2
      lemonldap-ng-portal/t/61-Session-Timeout.t
  78. 2
      lemonldap-ng-portal/t/62-Refresh-plugin.t
  79. 6
      lemonldap-ng-portal/t/62-SingleSession.t
  80. 12
      lemonldap-ng-portal/t/67-CheckUser-with-Impersonation-and-Macros.t
  81. 3
      lemonldap-ng-portal/t/67-CheckUser.t
  82. 20
      lemonldap-ng-portal/t/68-ContextSwitching.t
  83. 2
      lemonldap-ng-portal/t/68-Impersonation-with-UnrestrictedUser.t
  84. 4
      lemonldap-ng-portal/t/68-Impersonation-with-doubleCookies.t
  85. 8
      lemonldap-ng-portal/t/68-Impersonation.t
  86. 2
      lemonldap-ng-portal/t/70-2F-TOTP-8-with-global-storage.t
  87. 2
      lemonldap-ng-portal/t/70-2F-TOTP-with-History-and-Refresh.t
  88. 3
      lemonldap-ng-portal/t/91-Memory-Leak.t
  89. 4
      lemonldap-ng-portal/t/99-Dont-load-Dumper.t
  90. 6
      lemonldap-ng-portal/t/test-ldap.pm

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/File.pm
Unescape View File

@ -40,7 +40,7 @@ sub available {
closedir D;
@conf =
sort { $a <=> $b }
map { /lmConf-(\d+)(?:\.js(?:on))?/ ? ( $1 + 0 ) : () } @conf;
map { /lmConf-(\d+)(?:\.js(?:on))?/ ? ( $1 + 0 ) : () } @conf;
return @conf;
}

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/YAMLFile.pm
Unescape View File

@ -41,7 +41,7 @@ sub available {
closedir D;
@conf =
sort { $a <=> $b }
map { /lmConf-(\d+)\.yaml/ ? ( $1 + 0 ) : () } @conf;
map { /lmConf-(\d+)\.yaml/ ? ( $1 + 0 ) : () } @conf;
return @conf;
}

20
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
Unescape View File

@ -23,16 +23,20 @@ use constant HANDLERSECTION => "handler";
use constant MANAGERSECTION => "manager";
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
use constant APPLYSECTION => "apply";
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|o(?:ntextSwitchingStopWithLogout|mpactConf|rsEnabled)|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
our $hashParameters =
qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
our $boolKeys =
qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|o(?:ntextSwitchingStopWithLogout|mpactConf|rsEnabled)|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
our @sessionTypes = (
'remoteGlobal', 'global', 'localSession', 'persistent',
'saml', 'oidc', 'cas'
);
sub NO {qr/^(?:off|no|0)?$/i}
sub NO { qr/^(?:off|no|0)?$/i }
our %EXPORT_TAGS = (
'all' => [
qw(
'all' => [ qw(
CONFIG_WAS_CHANGED
UNKNOWN_ERROR
DATABASE_LOCKED
@ -54,7 +58,7 @@ our %EXPORT_TAGS = (
)
]
);
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
our @EXPORT = ( @{ $EXPORT_TAGS{'all'} } );
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
our @EXPORT = ( @{ $EXPORT_TAGS{'all'} } );
1;

10
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm
Unescape View File

@ -710,9 +710,9 @@ sub combModules {
my $res = [];
foreach my $mod ( keys %$val ) {
my $tmp;
$tmp->{title} = $mod;
$tmp->{id} = "combModules/$mod";
$tmp->{type} = 'cmbModule';
$tmp->{title} = $mod;
$tmp->{id} = "combModules/$mod";
$tmp->{type} = 'cmbModule';
$tmp->{data}->{$_} = $val->{$mod}->{$_} foreach (qw(type for));
my $over = $val->{$mod}->{over} // {};
$tmp->{data}->{over} = [ map { [ $_, $over->{$_} ] } keys %$over ];
@ -786,8 +786,8 @@ sub metadata {
}
# Find next and previous conf
my @a = $self->confAcc->available;
my $id = -1;
my @a = $self->confAcc->available;
my $id = -1;
my ($ind) = map { $id++; $_ == $res->{cfgNum} ? ($id) : () } @a;
if ($ind) { $res->{prev} = $a[ $ind - 1 ]; }
if ( defined $ind and $ind < $#a ) {

165
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
Unescape View File

@ -7,68 +7,127 @@ use base qw(Exporter);
our $VERSION = '2.0.9';
our %EXPORT_TAGS = ( 'all' => [qw($simpleHashKeys $doubleHashKeys $specialNodeKeys $casAppMetaDataNodeKeys $casSrvMetaDataNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters $casServiceParameters)] );
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
our @EXPORT = ( @{ $EXPORT_TAGS{'all'} } );
our %EXPORT_TAGS = (
'all' => [
qw($simpleHashKeys $doubleHashKeys $specialNodeKeys $casAppMetaDataNodeKeys $casSrvMetaDataNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters $casServiceParameters)
]
);
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
our @EXPORT = ( @{ $EXPORT_TAGS{'all'} } );
our $specialNodeHash = {
virtualHosts => [qw(exportedHeaders locationRules post vhostOptions)],
samlIDPMetaDataNodes => [qw(samlIDPMetaDataXML samlIDPMetaDataExportedAttributes samlIDPMetaDataOptions)],
samlSPMetaDataNodes => [qw(samlSPMetaDataXML samlSPMetaDataExportedAttributes samlSPMetaDataOptions samlSPMetaDataMacros)],
oidcOPMetaDataNodes => [qw(oidcOPMetaDataJSON oidcOPMetaDataJWKS oidcOPMetaDataOptions oidcOPMetaDataExportedVars)],
oidcRPMetaDataNodes => [qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims oidcRPMetaDataMacros)],
casSrvMetaDataNodes => [qw(casSrvMetaDataOptions casSrvMetaDataExportedVars)],
casAppMetaDataNodes => [qw(casAppMetaDataOptions casAppMetaDataExportedVars casAppMetaDataMacros)],
virtualHosts => [qw(exportedHeaders locationRules post vhostOptions)],
samlIDPMetaDataNodes => [
qw(samlIDPMetaDataXML samlIDPMetaDataExportedAttributes samlIDPMetaDataOptions)
],
samlSPMetaDataNodes => [
qw(samlSPMetaDataXML samlSPMetaDataExportedAttributes samlSPMetaDataOptions samlSPMetaDataMacros)
],
oidcOPMetaDataNodes => [
qw(oidcOPMetaDataJSON oidcOPMetaDataJWKS oidcOPMetaDataOptions oidcOPMetaDataExportedVars)
],
oidcRPMetaDataNodes => [
qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims oidcRPMetaDataMacros)
],
casSrvMetaDataNodes =>
[qw(casSrvMetaDataOptions casSrvMetaDataExportedVars)],
casAppMetaDataNodes => [
qw(casAppMetaDataOptions casAppMetaDataExportedVars casAppMetaDataMacros)
],
};
our $doubleHashKeys = 'issuerDBGetParameters';
our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustom(?:Plugins|Add)Param|ombModule)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|macro)s|o(?:idcS(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember|fExtra)|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:UserAttribut|Servic|Rul)e|(?:ExportedVar|Macro)s)';
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)';
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:(?:uthorizationCode|ccessToken)Expiration|llow(?:PasswordGrant|Offline)|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|(?:ExportedVar|Macro)s)';
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|(?:ExportedAttribute|Macro)s|XML)';
our $virtualHostKeys = '(?:vhost(?:A(?:uthnLevel|liases)|(?:Maintenanc|Typ)e|ServiceTokenTTL|Https|Port)|(?:exportedHeader|locationRule)s|post)';
our $simpleHashKeys =
'(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustom(?:Plugins|Add)Param|ombModule)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|macro)s|o(?:idcS(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember|fExtra)|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
our $specialNodeKeys =
'(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
our $casAppMetaDataNodeKeys =
'casAppMetaData(?:Options(?:UserAttribut|Servic|Rul)e|(?:ExportedVar|Macro)s)';
our $casSrvMetaDataNodeKeys =
'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)';
our $oidcOPMetaDataNodeKeys =
'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
our $oidcRPMetaDataNodeKeys =
'oidcRPMetaData(?:Options(?:A(?:(?:uthorizationCode|ccessToken)Expiration|llow(?:PasswordGrant|Offline)|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|(?:ExportedVar|Macro)s)';
our $samlIDPMetaDataNodeKeys =
'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
our $samlSPMetaDataNodeKeys =
'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|(?:ExportedAttribute|Macro)s|XML)';
our $virtualHostKeys =
'(?:vhost(?:A(?:uthnLevel|liases)|(?:Maintenanc|Typ)e|ServiceTokenTTL|Https|Port)|(?:exportedHeader|locationRule)s|post)';
our $authParameters = {
adParams => [qw(ADPwdMaxAge ADPwdExpireWarning)],
apacheParams => [qw(apacheAuthnLevel)],
casParams => [qw(casAuthnLevel)],
choiceParams => [qw(authChoiceParam authChoiceModules authChoiceAuthBasic)],
combinationParams => [qw(combination combModules)],
customParams => [qw(customAuth customUserDB customPassword customRegister customResetCertByMail customAddParams)],
dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash dbiDynamicHashEnabled dbiDynamicHashValidSchemes dbiDynamicHashValidSaltedSchemes dbiDynamicHashNewPasswordScheme)],
demoParams => [qw(demoExportedVars)],
facebookParams => [qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret facebookUserField)],
githubParams => [qw(githubAuthnLevel githubClientID githubClientSecret githubUserField githubScope)],
gpgParams => [qw(gpgAuthnLevel gpgDb)],
kerberosParams => [qw(krbAuthnLevel krbKeytab krbByJs krbRemoveDomain)],
ldapParams => [qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupDecodeSearchedValue ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue ldapAllowResetExpiredPassword ldapITDS)],
linkedinParams => [qw(linkedInAuthnLevel linkedInClientID linkedInClientSecret linkedInFields linkedInUserField linkedInScope)],
nullParams => [qw(nullAuthnLevel)],
oidcParams => [qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)],
openidParams => [qw(openIdAuthnLevel openIdExportedVars openIdSecret openIdIDPList)],
pamParams => [qw(pamAuthnLevel pamService)],
proxyParams => [qw(proxyAuthnLevel proxyAuthService proxySessionService remoteCookieName proxyUseSoap)],
radiusParams => [qw(radiusAuthnLevel radiusSecret radiusServer)],
remoteParams => [qw(remotePortal remoteCookieName remoteGlobalStorage remoteGlobalStorageOptions)],
restParams => [qw(restAuthnLevel restAuthUrl restUserDBUrl restPwdConfirmUrl restPwdModifyUrl)],
slaveParams => [qw(slaveAuthnLevel slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent slaveDisplayLogo slaveExportedVars)],
sslParams => [qw(SSLAuthnLevel SSLVar SSLVarIf sslByAjax sslHost)],
twitterParams => [qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName twitterUserField)],
webidParams => [qw(webIDAuthnLevel webIDExportedVars webIDWhitelist)],
adParams => [qw(ADPwdMaxAge ADPwdExpireWarning)],
apacheParams => [qw(apacheAuthnLevel)],
casParams => [qw(casAuthnLevel)],
choiceParams => [qw(authChoiceParam authChoiceModules authChoiceAuthBasic)],
combinationParams => [qw(combination combModules)],
customParams => [
qw(customAuth customUserDB customPassword customRegister customResetCertByMail customAddParams)
],
dbiParams => [
qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash dbiDynamicHashEnabled dbiDynamicHashValidSchemes dbiDynamicHashValidSaltedSchemes dbiDynamicHashNewPasswordScheme)
],
demoParams => [qw(demoExportedVars)],
facebookParams => [
qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret facebookUserField)
],
githubParams => [
qw(githubAuthnLevel githubClientID githubClientSecret githubUserField githubScope)
],
gpgParams => [qw(gpgAuthnLevel gpgDb)],
kerberosParams => [qw(krbAuthnLevel krbKeytab krbByJs krbRemoveDomain)],
ldapParams => [
qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupDecodeSearchedValue ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue ldapAllowResetExpiredPassword ldapITDS)
],
linkedinParams => [
qw(linkedInAuthnLevel linkedInClientID linkedInClientSecret linkedInFields linkedInUserField linkedInScope)
],
nullParams => [qw(nullAuthnLevel)],
oidcParams =>
[qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)],
openidParams =>
[qw(openIdAuthnLevel openIdExportedVars openIdSecret openIdIDPList)],
pamParams => [qw(pamAuthnLevel pamService)],
proxyParams => [
qw(proxyAuthnLevel proxyAuthService proxySessionService remoteCookieName proxyUseSoap)
],
radiusParams => [qw(radiusAuthnLevel radiusSecret radiusServer)],
remoteParams => [
qw(remotePortal remoteCookieName remoteGlobalStorage remoteGlobalStorageOptions)
],
restParams => [
qw(restAuthnLevel restAuthUrl restUserDBUrl restPwdConfirmUrl restPwdModifyUrl)
],
slaveParams => [
qw(slaveAuthnLevel slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent slaveDisplayLogo slaveExportedVars)
],
sslParams => [qw(SSLAuthnLevel SSLVar SSLVarIf sslByAjax sslHost)],
twitterParams => [
qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName twitterUserField)
],
webidParams => [qw(webIDAuthnLevel webIDExportedVars webIDWhitelist)],
};
our $issuerParameters = {
issuerDBCAS => [qw(issuerDBCASActivation issuerDBCASPath issuerDBCASRule)],
issuerDBGet => [qw(issuerDBGetActivation issuerDBGetPath issuerDBGetRule issuerDBGetParameters)],
issuerDBOpenID => [qw(issuerDBOpenIDActivation issuerDBOpenIDPath issuerDBOpenIDRule openIdIssuerSecret openIdAttr openIdSPList openIdSreg_fullname openIdSreg_nickname openIdSreg_language openIdSreg_postcode openIdSreg_timezone openIdSreg_country openIdSreg_gender openIdSreg_email openIdSreg_dob)],
issuerDBOpenIDConnect => [qw(issuerDBOpenIDConnectActivation issuerDBOpenIDConnectPath issuerDBOpenIDConnectRule)],
issuerDBSAML => [qw(issuerDBSAMLActivation issuerDBSAMLPath issuerDBSAMLRule)],
issuerOptions => [qw(issuersTimeout)],
issuerDBCAS => [qw(issuerDBCASActivation issuerDBCASPath issuerDBCASRule)],
issuerDBGet => [
qw(issuerDBGetActivation issuerDBGetPath issuerDBGetRule issuerDBGetParameters)
],
issuerDBOpenID => [
qw(issuerDBOpenIDActivation issuerDBOpenIDPath issuerDBOpenIDRule openIdIssuerSecret openIdAttr openIdSPList openIdSreg_fullname openIdSreg_nickname openIdSreg_language openIdSreg_postcode openIdSreg_timezone openIdSreg_country openIdSreg_gender openIdSreg_email openIdSreg_dob)
],
issuerDBOpenIDConnect => [
qw(issuerDBOpenIDConnectActivation issuerDBOpenIDConnectPath issuerDBOpenIDConnectRule)
],
issuerDBSAML =>
[qw(issuerDBSAMLActivation issuerDBSAMLPath issuerDBSAMLRule)],
issuerOptions => [qw(issuersTimeout)],
};
our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlMetadataForceUTF8 samlRelayStateTimeout samlUseQueryStringSpecific samlOverrideIDPEntityID samlStorage samlStorageOptions samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive)];
our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataIntrospectionURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcServiceAuthorizationCodeExpiration oidcServiceAccessTokenExpiration oidcServiceIDTokenExpiration oidcServiceOfflineSessionExpiration oidcStorage oidcStorageOptions oidcServiceDynamicRegistrationExportedVars oidcServiceDynamicRegistrationExtraClaims)];
our $samlServiceParameters = [
qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlMetadataForceUTF8 samlRelayStateTimeout samlUseQueryStringSpecific samlOverrideIDPEntityID samlStorage samlStorageOptions samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive)
];
our $oidcServiceParameters = [
qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataIntrospectionURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcServiceAuthorizationCodeExpiration oidcServiceAccessTokenExpiration oidcServiceIDTokenExpiration oidcServiceOfflineSessionExpiration oidcStorage oidcStorageOptions oidcServiceDynamicRegistrationExportedVars oidcServiceDynamicRegistrationExtraClaims)
];
1;

6
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm
Unescape View File

@ -166,9 +166,9 @@ sub serviceToXML {
foreach (@param_assertion) {
my @_tab = split( /;/, $self->getValue( $_, $conf ) );
$template->param( $_ . 'Default', $_tab[0] ? 'true' : 'false' );
$template->param( $_ . 'Index', $_tab[1] );
$template->param( $_ . 'Binding', $_tab[2] );
$template->param( $_ . 'Default', $_tab[0] ? 'true' : 'false' );
$template->param( $_ . 'Index', $_tab[1] );
$template->param( $_ . 'Binding', $_tab[2] );
$template->param( $_ . 'Location', $_tab[3] );
}

4
lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/File.pm
Unescape View File

@ -36,7 +36,7 @@ has fileNameSeparator => ( is => 'rw', default => '_' );
sub get {
my ( $self, $uid, $ref ) = @_;
return () unless ($uid);
my $ext = $self->extension;
my $ext = $self->extension;
my $fns = $self->{fileNameSeparator};
my $identifier = &getIdentifier( $self, $uid, $ref );
@ -61,7 +61,7 @@ sub get {
sub getAccepted {
my ( $self, $uid, $ref ) = @_;
return () unless ($uid);
my $ext = $self->extension;
my $ext = $self->extension;
my $fns = $self->{fileNameSeparator};
my $identifier = &getIdentifier( $self, $uid, $ref );

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/JSON.pm
Unescape View File

@ -21,7 +21,7 @@ sub newNotification {
foreach my $notif (@$json) {
my @data;
$notif->{reference} =~ s/_/-/g; # Remove underscores (#2135)
$notif->{reference} =~ s/_/-/g; # Remove underscores (#2135)
# Mandatory information
foreach (qw(date uid reference)) {

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm
Unescape View File

@ -33,7 +33,7 @@ sub newNotification {
my $notif ( $xml->documentElement->getElementsByTagName('notification') )
{
my @data = ();
$notif->{reference} =~ s/_/-/g; # Remove underscores (#2135)
$notif->{reference} =~ s/_/-/g; # Remove underscores (#2135)
# Mandatory information
foreach (qw(date uid reference)) {

4
lemonldap-ng-common/lib/Lemonldap/NG/Common/Safelib.pm
Unescape View File

@ -64,8 +64,8 @@ sub checkLogonHours {
# Use time_correction
if ($time_correction) {
my ( $sign, $time ) = ( $time_correction =~ /([+|-]?)(\d+)/ );
if ( $sign =~ /-/ ) { $hourpos -= $time; }
else { $hourpos += $time; }
if ( $sign =~ /-/ ) { $hourpos -= $time; }
else { $hourpos += $time; }
}
# Get the corresponding byte

2
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm
Unescape View File

@ -66,7 +66,7 @@ q"I refuse to compile rules.json when useSafeJail isn't activated! Yes I know, I
$json->{rules} ||= { default => 1 };
$json->{headers} //= { 'Auth-User' => '$uid' };
$class->locationRulesInit( undef, { $vhost => $json->{rules} } );
$class->headersInit( undef, { $vhost => $json->{headers} } );
$class->headersInit( undef, { $vhost => $json->{headers} } );
$class->tsv->{lastVhostUpdate}->{$vhost} = time;
return;
}

2
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm
Unescape View File

@ -36,7 +36,7 @@ our @builtCustomFunctions;
sub build_jail {
my ( $self, $api, $require, $dontDie ) = @_;
my $build = 1;
return $self->jail
if ( $self->jail
and $self->jail->useSafeJail

2
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
Unescape View File

@ -451,7 +451,7 @@ sub fetchId {
my $value =
$lookForHttpCookie
? ( $t =~ /${cn}http=([^,; ]+)/o ? $1 : 0 )
: ( $t =~ /$cn=([^,; ]+)/o ? $1 : 0 );
: ( $t =~ /$cn=([^,; ]+)/o ? $1 : 0 );
if ( $value && $lookForHttpCookie && $class->tsv->{securedCookie} == 3 ) {
$value = $class->tsv->{cipher}->decryptHex( $value, "http" );

4
lemonldap-ng-handler/t/12-Lemonldap-NG-Handler-Jail.t
Unescape View File

@ -36,7 +36,7 @@ ok(
( defined($code) and ref($code) eq 'CODE' ),
'encode_base64 function is defined'
);
ok( $res = &$code, "Function works" );
ok( $res = &$code, "Function works" );
ok( $res eq 'dGVzdA==', 'Get good result' );
$sub = "sub { return ( listMatch('ABC; DEF; GHI','abc',1) ) }";
@ -58,5 +58,5 @@ ok(
'checkDate extended function is defined'
);
ok( $res = &$code, "Function works" );
ok( $res == 1, 'Get good result' );
ok( $res == 1, 'Get good result' );

4
lemonldap-ng-handler/t/63-Lemonldap-NG-Handler-PSGI-Try.t
Unescape View File

@ -39,7 +39,7 @@ my $res;
# Unauth tests
ok( $res = $client->_get('/test'), 'Get response' );
ok( $res->[0] == 200, 'Response code is 200' )
ok( $res->[0] == 200, 'Response code is 200' )
or print "Expect 200, got $res->[0]\n";
ok( $res->[2]->[0] eq 'Unauth', 'Get unauth result' )
or print "Expect Unauth, got $res->[2]->[0]\n";
@ -64,7 +64,7 @@ count(3);
# Bad path test
ok( $res = $client->_get('/[]/test'), 'Try a bad path' );
ok( $res->[0] == 400, 'Response is 400' );
ok( $res->[0] == 400, 'Response is 400' );
count(2);
clean();

2
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm
Unescape View File

@ -570,7 +570,7 @@ sub scanTree {
# Subnode
elsif ( ref($leaf) ) {
$jleaf->{title} = $jleaf->{id} = $leaf->{title};
$jleaf->{type} = $leaf->{form} if ( $leaf->{form} );
$jleaf->{type} = $leaf->{form} if ( $leaf->{form} );
if ( $leaf->{title} =~ /^((?:oidc|saml|cas)Service)MetaData$/ ) {
no strict 'refs';
my @tmp = $self->scanLeaf( $leaf->{nodes} );

33
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
Unescape View File

@ -1442,9 +1442,10 @@ sub attributes {
documentation => 'Send a mail when password is changed',
},
portalRequireOldPassword => {
default => 1,
type => 'boolOrExpr',
documentation => 'Rule to require old password to change the password',
default => 1,
type => 'boolOrExpr',
documentation =>
'Rule to require old password to change the password',
},
hideOldPassword => {
default => 0,
@ -2114,16 +2115,16 @@ sub attributes {
},
msgFail => '__badExpression__',
},
keyTest => qr/^\S+$/,
keyTest => qr/^\S+$/,
keyMsgFail => '__badHostname__',
default => { default => 'deny', },
documentation => 'Virtualhost rules',
flags => 'h',
},
exportedHeaders => {
type => 'keyTextContainer',
help => 'writingrulesand_headers.html#headers',
keyTest => qr/^\S+$/,
type => 'keyTextContainer',
help => 'writingrulesand_headers.html#headers',
keyTest => qr/^\S+$/,
keyMsgFail => '__badHostname__',
test => {
keyTest => qr/^(?=[^\-])[\w\-]+(?<=[^-])$/,
@ -2134,10 +2135,10 @@ sub attributes {
flags => 'h',
},
post => {
type => 'postContainer',
help => 'formreplay.html',
test => sub { 1 },
keyTest => qr/^\S+$/,
type => 'postContainer',
help => 'formreplay.html',
test => sub { 1 },
keyTest => qr/^\S+$/,
keyMsgFail => '__badHostname__',
documentation => 'Virtualhost urls/Data to post',
},
@ -3003,11 +3004,10 @@ sub attributes {
documentation => 'Second factor required',
},
sfManagerRule => {
type => 'boolOrExpr',
default => 1,
help => 'secondfactor.html',
documentation =>
'Rule to display second factor Manager link',
type => 'boolOrExpr',
default => 1,
help => 'secondfactor.html',
documentation => 'Rule to display second factor Manager link',
},
sfRemovedMsgRule => {
type => 'boolOrExpr',
@ -4021,6 +4021,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
type => 'select',
select => [
{ k => 'front', v => 'Front Channel' },
#TODO #1194
# { k => 'back', v => 'Back Channel' },
],

4
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
Unescape View File

@ -568,8 +568,8 @@ sub tree {
form => 'simpleInputContainer',
nodes => [
'singleSession', 'singleIP',
'singleUserByIP',
'notifyDeleted', 'notifyOther'
'singleUserByIP', 'notifyDeleted',
'notifyOther'
]
},
{

2
lemonldap-ng-manager/t/05-rest-api.t
Unescape View File

@ -58,7 +58,7 @@ while (<F>) {
close F;
ok( $hstruct = from_json($hstruct), 'struct.json is JSON' );
ok( ref $hstruct eq 'ARRAY', 'struct.json is an array' )
ok( ref $hstruct eq 'ARRAY', 'struct.json is an array' )
or print STDERR "Expected: ARRAY, got: " . ( ref $hstruct ) . "\n";
count(2);

2
lemonldap-ng-manager/t/06-rest-api-RSA.t
Unescape View File

@ -25,7 +25,7 @@ ok(
),
"Request succeed"
);
ok( $res->[0] == 200, "Result code is 200" );
ok( $res->[0] == 200, "Result code is 200" );
ok( $key = from_json( $res->[2]->[0] ), 'Response is JSON' );
count(3);

2
lemonldap-ng-manager/t/11-save-changed-conf-with-confirmation.t
Unescape View File

@ -20,7 +20,7 @@ mkdir 't/sessions';
my ( $res, $resBody );
ok( $res = &client->_post( '/confs/', 'cfgNum=1', &body, 'application/json' ),
"Request succeed" );
ok( $res->[0] == 200, "Result code is 200" );
ok( $res->[0] == 200, "Result code is 200" );
ok( $resBody = from_json( $res->[2]->[0] ), "Result body contains JSON text" );
ok( $resBody->{result} == 0, "JSON response contains \"result:0\"" )

2
lemonldap-ng-manager/t/12-save-changed-conf.t
Unescape View File

@ -20,7 +20,7 @@ mkdir 't/sessions';
my ( $res, $resBody );
ok( $res = &client->_post( '/confs/', 'cfgNum=1', &body, 'application/json' ),
"Request succeed" );
ok( $res->[0] == 200, "Result code is 200" );
ok( $res->[0] == 200, "Result code is 200" );
ok( $resBody = from_json( $res->[2]->[0] ), "Result body contains JSON text" );
ok( $resBody->{result} == 1, "JSON response contains \"result:1\"" )
or print STDERR Dumper($resBody);

2
lemonldap-ng-manager/t/14-bad-changes-in-conf.t
Unescape View File

@ -16,7 +16,7 @@ unlink 't/conf/lmConf-2.json';
my ( $res, $resBody );
ok( $res = &client->_post( '/confs/', 'cfgNum=1', &body, 'application/json' ),
"Request succeed" );
ok( $res->[0] == 200, "Result code is 200" );
ok( $res->[0] == 200, "Result code is 200" );
ok( $resBody = from_json( $res->[2]->[0] ), "Result body contains JSON text" );
ok( $resBody->{result} == 0, "JSON response contains \"result:0\"" )
or print STDERR Dumper($res);

2
lemonldap-ng-manager/t/15-combination.t
Unescape View File

@ -17,7 +17,7 @@ mkdir 't/sessions';
my ( $res, $resBody );
ok( $res = &client->_post( '/confs/', 'cfgNum=1', &body, 'application/json' ),
"Request succeed" );
ok( $res->[0] == 200, "Result code is 200" );
ok( $res->[0] == 200, "Result code is 200" );
ok( $resBody = from_json( $res->[2]->[0] ), "Result body contains JSON text" );
ok( $resBody->{result} == 1, "JSON response contains \"result:1\"" )
or print STDERR Dumper($res);

21
lemonldap-ng-manager/t/16-cli.t
Unescape View File

@ -23,11 +23,7 @@ my $res;
# Test 'set' command
@cmd = qw(-yes 1 set notification 1);
combined_like(
sub { llclient->run(@cmd) },
qr/Saved under/,
'"addKey" OK'
);
combined_like( sub { llclient->run(@cmd) }, qr/Saved under/, '"addKey" OK' );
# Test 'get' command
@cmd = qw(get notification);
@ -37,11 +33,7 @@ ok( $res =~ /^notification\s+=\s+1$/, '"get notification" OK' )
# Test 'addKey' command
@cmd = qw(-yes 1 addKey locationRules/test1.example.com ^/reject deny);
combined_like(
sub { llclient->run(@cmd) },
qr/Saved under/,
'"addKey" OK'
);
combined_like( sub { llclient->run(@cmd) }, qr/Saved under/, '"addKey" OK' );
# Test 'delKey' command
@cmd = qw(-yes 1 delKey locationRules/test1.example.com ^/reject);
@ -59,11 +51,7 @@ ok( $res =~ m#accept#, '"get key/subkey" OK' )
# Test 'set' command with key/subkey
@cmd = qw(-yes 1 set locationRules/test1.example.com/default deny);
combined_like(
sub { llclient->run(@cmd) },
qr/Saved under/,
'"addKey" OK'
);
combined_like( sub { llclient->run(@cmd) }, qr/Saved under/, '"addKey" OK' );
# Test 'save' command
@cmd = qw(-cfgNum 1 save);
@ -96,8 +84,7 @@ combined_like(
qr#\bAuthor IP\b#s,
'"Author IP" OK'
);
combined_like( sub { llcommonClient->run(@cmd) },
qr#\bLog\b#s, '"Log" OK' );
combined_like( sub { llcommonClient->run(@cmd) }, qr#\bLog\b#s, '"Log" OK' );
combined_like( sub { llcommonClient->run(@cmd) },
qr#\bVersion\b#s, '"Version" OK' );

2
lemonldap-ng-manager/t/17-extra2f.t
Unescape View File

@ -17,7 +17,7 @@ mkdir 't/sessions';
my ( $res, $resBody );
ok( $res = &client->_post( '/confs/', 'cfgNum=1', &body, 'application/json' ),
"Request succeed" );
ok( $res->[0] == 200, "Result code is 200" );
ok( $res->[0] == 200, "Result code is 200" );
ok( $resBody = from_json( $res->[2]->[0] ), "Result body contains JSON text" );
ok( $resBody->{result} == 1, "JSON response contains \"result:1\"" )
or print STDERR Dumper($res);

2
lemonldap-ng-manager/t/40-sessions.t
Unescape View File

@ -148,7 +148,7 @@ count(5);
foreach (@ids) {
my $res;
ok( $res = &client->_del("/sessions/global/$_"), "Delete $_" );
ok( $res->[0] == 200, 'Result code is 200' );
ok( $res->[0] == 200, 'Result code is 200' );
ok( from_json( $res->[2]->[0] )->{result} == 1,
'Body is JSON and result==1' );
count(3);

2
lemonldap-ng-manager/t/50-notifications-DBI.t
Unescape View File

@ -100,7 +100,7 @@ SKIP: {
$res =
$client->jsonResponse( 'notifications/done', 'groupBy=substr(uid,1)' );
ok( $res->{result} == 1, 'Result = 1' );
ok( $res->{count} == 0, 'Count = 0' ) or diag Dumper($res);
ok( $res->{count} == 0, 'Count = 0' ) or diag Dumper($res);
#print STDERR Dumper($res);
}

2
lemonldap-ng-manager/t/60-2ndfa.t
Unescape View File

@ -277,7 +277,7 @@ $res = &client->jsonResponse( '/sfa/persistent',
'uid=*&groupBy=substr(uid,0)&U2FCheck=2&TOTPCheck=2&UBKCheck=2' );
ok( $res->{result} == 1,
'Search "uid"=* & UBK & TOTP & UBK - Result code = 1' );
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
ok( $res->{count} == 1, 'Found 1 result' ) or print STDERR Dumper($res);
ok( @{ $res->{values} } == 1, 'List 1 result' );
ok( $res->{values}->[0]->{value} && $res->{values}->[0]->{value} eq 'd',
'Result match "uid=d"' )

4
lemonldap-ng-manager/t/80-attributes.t
Unescape View File

@ -64,8 +64,8 @@ my @notManagedAttributes = (
'zimbraUrl',
# Other ini-only prms
'checkTime', 'status', 'soapProxyUrn',
'impersonationPrefix', 'pdataDomain',
'checkTime', 'status', 'soapProxyUrn',
'impersonationPrefix', 'pdataDomain',
'mySessionAuthorizedRWKeys', 'contextSwitchingPrefix'
);

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/TOTP.pm
Unescape View File

@ -111,8 +111,8 @@ sub verify {
return PE_OK;
}
else {
$self->userLogger->notice( 'Invalid TOTP for '
. $session->{ $self->conf->{whatToTrace} } );
$self->userLogger->notice(
'Invalid TOTP for ' . $session->{ $self->conf->{whatToTrace} } );
return PE_BADOTP;
}
}

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/Get.pm
Unescape View File

@ -25,7 +25,7 @@ sub init {
$hd->buildSub( $hd->substitute( $self->conf->{issuerDBGetRule} ) );
unless ($rule) {
my $error = $hd->tsv->{jail}->error || '???';
$self->error( "Bad GET activation rule -> $error" );
$self->error("Bad GET activation rule -> $error");
return 0;
}
$self->{rule} = $rule;

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm
Unescape View File

@ -65,7 +65,7 @@ sub init {
$hd->buildSub( $hd->substitute( $self->conf->{issuerDBOpenIDRule} ) );
unless ($rule) {
my $error = $hd->tsv->{jail}->error || '???';
$self->error( "Bad OpenID activation rule -> $error" );
$self->error("Bad OpenID activation rule -> $error");
return 0;
}
$self->{rule} = $rule;

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Captcha.pm
Unescape View File

@ -76,7 +76,7 @@ sub getCaptcha {
$image->random;
$image->create( 'normal', 'default', $self->fgColor, $self->bgColor );
my ( $imageData, $mimeType, $rdm ) = $image->out( force => 'png' );
my $img = 'data:image/png;base64,' . encode_base64( $imageData, '' );
my $img = 'data:image/png;base64,' . encode_base64( $imageData, '' );
my $token = $self->ott->createToken( { captcha => $rdm } );
return ( $token, $img );
}

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm
Unescape View File

@ -35,7 +35,7 @@ sub checkForNotifications {
unless ($notifs) {
$self->logger->info("No notification found");
return 0;
};
}
# Transform notifications
my $i = 0; # Files count
@ -125,7 +125,7 @@ sub viewNotification {
unless ($notifs) {
$self->logger->info("No accepted notification found");
return 0;
};
}
# Transform notifications
my $i = 0; # Files count

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/XML.pm
Unescape View File

@ -66,7 +66,7 @@ sub checkForNotifications {
unless ($notifs) {
$self->logger->info("No notification found");
return 0;
};
}
# Transform notifications
my $i = 0; # Files count
@ -173,7 +173,7 @@ sub viewNotification {
unless ($notifs) {
$self->logger->info("No accepted notification found");
return 0;
};
}
# Transform notifications
my $i = 0; # Files count

6
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
Unescape View File

@ -1743,8 +1743,10 @@ sub replayProtection {
return 0;
}
}
} else {
$self->logger->warn( "No assertion session found for request ID ".$samlID);
}
else {
$self->logger->warn(
"No assertion session found for request ID " . $samlID );
}
return 0;

35
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
Unescape View File

@ -145,12 +145,12 @@ sub display {
AUTH_ERROR => $self->error,
AUTH_ERROR_TYPE => $req->error_type,
MSG => $info,
URL => $req->{urldc} || $self->conf->{portal}, # Fix 2158
HIDDEN_INPUTS => $self->buildOutgoingHiddenForm( $req, $method ),
ACTIVE_TIMER => $req->data->{activeTimer},
CHOICE_PARAM => $self->conf->{authChoiceParam},
CHOICE_VALUE => $req->data->{_authChoice},
FORM_METHOD => $method,
URL => $req->{urldc} || $self->conf->{portal}, # Fix 2158
HIDDEN_INPUTS => $self->buildOutgoingHiddenForm( $req, $method ),
ACTIVE_TIMER => $req->data->{activeTimer},
CHOICE_PARAM => $self->conf->{authChoiceParam},
CHOICE_VALUE => $req->data->{_authChoice},
FORM_METHOD => $method,
(
( not $req->{urldc} ) ? ( SEND_PARAMS => 1 )
: ()
@ -228,17 +228,18 @@ sub display {
LANGS => $self->conf->{showLanguages},
AUTH_USER => $req->{sessionInfo}->{ $self->conf->{portalUserAttr} },
NEWWINDOW => $self->conf->{portalOpenLinkInNewWindow},
LOGOUT_URL => $self->conf->{portal} . "?logout=1",
APPSLIST_ORDER => $req->{sessionInfo}->{'_appsListOrder'},
PING => $self->conf->{portalPingInterval},
REQUIRE_OLDPASSWORD => $self->requireOldPwd->($req, $req->userData),
HIDE_OLDPASSWORD => 0,
DISPLAY_PPOLICY => $self->conf->{portalDisplayPasswordPolicy},
PPOLICY_MINSIZE => $self->conf->{passwordPolicyMinSize},
PPOLICY_MINLOWER => $self->conf->{passwordPolicyMinLower},
PPOLICY_MINUPPER => $self->conf->{passwordPolicyMinUpper},
PPOLICY_MINDIGIT => $self->conf->{passwordPolicyMinDigit},
PPOLICY_NOPOLICY => !$isPP,
LOGOUT_URL => $self->conf->{portal} . "?logout=1",
APPSLIST_ORDER => $req->{sessionInfo}->{'_appsListOrder'},
PING => $self->conf->{portalPingInterval},
REQUIRE_OLDPASSWORD =>
$self->requireOldPwd->( $req, $req->userData ),
HIDE_OLDPASSWORD => 0,
DISPLAY_PPOLICY => $self->conf->{portalDisplayPasswordPolicy},
PPOLICY_MINSIZE => $self->conf->{passwordPolicyMinSize},
PPOLICY_MINLOWER => $self->conf->{passwordPolicyMinLower},
PPOLICY_MINUPPER => $self->conf->{passwordPolicyMinUpper},
PPOLICY_MINDIGIT => $self->conf->{passwordPolicyMinDigit},
PPOLICY_NOPOLICY => !$isPP,
PPOLICY_ALLOWEDSPECHAR => $speChars,
(
$speChars

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm
Unescape View File

@ -99,7 +99,7 @@ sub _redirect {
$self->logger->debug(
'Add ' . $self->ipath . ', ' . $self->ipath . 'Path in keepPdata' );
push @{ $req->pdata->{keepPdata} }, $self->ipath, $self->ipath . 'Path';
$req->{urldc} = $self->conf->{portal} . '/' . $self->path;
$req->{urldc} = $self->conf->{portal} . '/' . $self->path;
$req->pdata->{_url} = encode_base64( $req->urldc, '' );
$req->pdata->{issuerTs} = time;
}
@ -152,7 +152,7 @@ sub _forAuthUser {
# In case a confirm form is shown, we need it to POST on the
# current Path
$req->data->{confirmFormAction} = URI->new($req->uri)->path;
$req->data->{confirmFormAction} = URI->new( $req->uri )->path;
}
# Clean pdata: keepPdata has been set, so pdata must be cleaned here

19
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
Unescape View File

@ -42,14 +42,17 @@ sub _modifyPassword {
return PE_PASSWORD_MISMATCH
unless ( $req->data->{newpassword} eq $req->param('confirmpassword') );
my $rule =
$self->p->HANDLER->buildSub( $self->p->HANDLER->substitute( $self->conf->{portalRequireOldPassword} ) );
my $rule = $self->p->HANDLER->buildSub(
$self->p->HANDLER->substitute(
$self->conf->{portalRequireOldPassword}
)
);
unless ($rule) {
my $error = $self->p->HANDLER->tsv->{jail}->error || '???';
}
# Check if portal require old password
if ( $rule->($req, $req->userData) or $requireOldPwd ) {
if ( $rule->( $req, $req->userData ) or $requireOldPwd ) {
# TODO: verify oldpassword
unless ( $req->data->{oldpassword} = $req->param('oldpassword') ) {
@ -157,9 +160,13 @@ sub checkPasswordQuality {
# Fobidden special characters
$password =~ s/[\Q$speChars\E\w]//g;
if ($password) {
$self->logger->error(
'Password contains ' . length($password) . " forbidden character(s): $password");
return length($password) > 1 ? PE_PP_NOT_ALLOWED_CHARACTERS : PE_PP_NOT_ALLOWED_CHARACTER;
$self->logger->error( 'Password contains '
. length($password)
. " forbidden character(s): $password" );
return
length($password) > 1
? PE_PP_NOT_ALLOWED_CHARACTERS
: PE_PP_NOT_ALLOWED_CHARACTER;
}
return PE_OK;

7
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
Unescape View File

@ -39,12 +39,12 @@ sub modifyPassword {
my $error = $self->p->HANDLER->tsv->{jail}->error || '???';
}
if ( $req->data->{dn} ) {
$dn = $req->data->{dn};
$dn = $req->data->{dn};
$requireOldPassword = $rule->( $req, $req->userData );
$self->logger->debug("Get DN from request data: $dn");
}
else {
$dn = $req->sessionInfo->{_dn};
$dn = $req->sessionInfo->{_dn};
$requireOldPassword = $rule->( $req, $req->sessionInfo );
$self->logger->debug("Get DN from session data: $dn");
}
@ -59,7 +59,8 @@ sub modifyPassword {
# Call the modify password method
my $code =
$self->ldap->userModifyPassword( $dn, $pwd, $req->data->{oldpassword}, 0 , $requireOldPassword );
$self->ldap->userModifyPassword( $dn, $pwd, $req->data->{oldpassword},
0, $requireOldPassword );
unless ( $code == PE_PASSWORD_OK ) {
return $code;

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/REST.pm
Unescape View File

@ -46,7 +46,7 @@ sub modifyPassword {
$self->conf->{restPwdModifyUrl},
{
( $useMail ? 'mail' : 'user' ) => $req->user,
useMail => ( $useMail ? JSON::true : JSON::false ),
useMail => ( $useMail ? JSON::true : JSON::false ),
password => $pwd,
}
);

5
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
Unescape View File

@ -56,7 +56,7 @@ sub init {
@{ $self->lockTimes } = ( 5, 15, 60, 300, 600 );
$lockTimes = 5;
}
if ( $lockTimes > $self->conf->{failedLoginNumber} ) {
$self->logger->warn( 'Number of incremental lock time values ('
. "$lockTimes) is higher than failed logins history ("
@ -66,7 +66,8 @@ sub init {
$lockTimes = $self->conf->{failedLoginNumber};
}
my $sum = $self->conf->{bruteForceProtectionMaxAge} * ( 1 + $self->conf->{failedLoginNumber} - $lockTimes );
my $sum = $self->conf->{bruteForceProtectionMaxAge} *
( 1 + $self->conf->{failedLoginNumber} - $lockTimes );
$sum += $_ foreach @{ $self->lockTimes };
$self->maxAge($sum);
}

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckState.pm
Unescape View File

@ -37,7 +37,7 @@ sub check {
if ( $res > 0 ) {
push @rep, "Bad result before auth: $res";
}
if ( my $user = $req->param('user') and my $pwd = $req->param('password') )
{
$req->user($user);

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
Unescape View File

@ -277,7 +277,8 @@ sub check {
"checkUser requested for an unvalid user ($user)");
$req->{sessionInfo} = {};
$self->logger->debug('Identity not authorized');
$req->error(PE_BADCREDENTIALS); # Catch error to preserve protected Id
$req->error(PE_BADCREDENTIALS)
; # Catch error to preserve protected Id
}
}

9
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm
Unescape View File

@ -34,9 +34,9 @@ has ott => (
return $ott;
}
);
has rule => ( is => 'rw', default => sub { 0 } );
has idRule => ( is => 'rw', default => sub { 1 } );
has unrestrictedUsersRule => ( is => 'rw', default => sub { 0 } );
has rule => ( is => 'rw', default => sub { 0 } );
has idRule => ( is => 'rw', default => sub { 1 } );
has unrestrictedUsersRule => ( is => 'rw', default => sub { 0 } );
sub init {
my ($self) = @_;
@ -191,7 +191,8 @@ sub run {
# Main session
$self->p->updateSession( $req, $req->sessionInfo );
$self->userLogger->notice(
"ContextSwitching: Update \"$realId\" session with \"$spoofId\" session data");
"ContextSwitching: Update \"$realId\" session with \"$spoofId\" session data"
);
return $self->p->do( $req, [ sub { $statut } ] );
}

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/History.pm
Unescape View File

@ -19,7 +19,7 @@ sub init { 1 }
sub run {
my ( $self, $req ) = @_;
if ( $req->param('checkLogins') ) {
$self->logger->debug('History asked');
$req->info( (

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
Unescape View File

@ -131,7 +131,7 @@ sub run {
if ( $req->error ) {
$self->setSecurity($req);
if ( $req->error == PE_BADCREDENTIALS ) {
$statut = PE_BADCREDENTIALS; # Catch error to preserve protected Id
$statut = PE_BADCREDENTIALS; # Catch error to preserve protected Id
}
else {
return $req->error;
@ -200,7 +200,7 @@ sub run {
sub _userData {
my ( $self, $req, $spoofId, $realSession, $unUser ) = @_;
my $realId = $req->{user};
my $raz = 0;
my $raz = 0;
$req->{user} = $spoofId;
# Compute Macros and Groups with real and spoof sessions

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm
Unescape View File

@ -529,7 +529,7 @@ sub display {
$speChars =~ s/\s+/ /g;
$speChars =~ s/(?:^\s|\s$)//g;
$self->logger->debug( 'Display called with code: ' . $req->error );
my %tplPrm = (
SKIN_PATH => $self->conf->{staticPrefix},
SKIN => $self->p->getSkin($req),

12
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Notifications.pm
Unescape View File

@ -167,7 +167,8 @@ sub myNotifs {
my ( $self, $req, $ref ) = @_;
if ($ref) {
return $self->sendJSONresponse( $req, { error => 'Missing epoch parameter' } )
return $self->sendJSONresponse( $req,
{ error => 'Missing epoch parameter' } )
unless $req->param('epoch');
# Retrieve notification reference=$ref with epoch
@ -212,14 +213,14 @@ sub retrieveNotifs {
my @_notifications = sort {
$b->{epoch} <=> $a->{epoch}
or $a->{reference} cmp $b->{reference}
} (
} (
map {
/^notification_(.+)$/
? { reference => $1, epoch => $req->{userData}->{$_} }
: ()
}
keys %{ $req->{userData} }
);
);
splice @_notifications, $self->conf->{notificationsMaxRetrieve};
return \@_notifications;
@ -228,10 +229,11 @@ sub retrieveNotifs {
sub _viewNotif {
my ( $self, $req, $ref, $epoch ) = @_;
$self->logger->debug( "Retrieve notification with reference: \"$ref\" and epoch: \"$epoch\"" );
$self->logger->debug(
"Retrieve notification with reference: \"$ref\" and epoch: \"$epoch\"");
my $notif = eval { $self->module->viewNotification( $req, $ref, $epoch ); };
if ($@) {
$self->logger->debug( "Notification not found" );
$self->logger->debug("Notification not found");
$self->logger->error($@);
return '';
}

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/PublicPages.pm
Unescape View File

@ -9,7 +9,7 @@ our $VERSION = '2.0.0';
sub init {
my ($self) = @_;
$self->addAuthRoute( public => { ':tpl' => 'run' }, ['GET'] );
$self->addAuthRoute( public => { ':tpl' => 'run' }, ['GET'] );
$self->addUnauthRoute( public => { ':tpl' => 'run' }, ['GET'] );
return 1;
}

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SOAPServer.pm
Unescape View File

@ -132,7 +132,7 @@ sub init {
}
if ( $self->conf->{wsdlServer} ) {
$self->addUnauthRoute( 'portal.wsdl' => 'getWsdl', ['GET'] );
$self->addAuthRoute( 'portal.wsdl' => 'getWsdl', ['GET'] );
$self->addAuthRoute( 'portal.wsdl' => 'getWsdl', ['GET'] );
}
1;
}

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SingleSession.pm
Unescape View File

@ -133,7 +133,7 @@ sub run {
sub removeOther {
my ( $self, $req ) = @_;
my $res = PE_OK;
my $res = PE_OK;
my $count = 0;
$req->{urldc} = decode_base64( $req->param('url') );

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
Unescape View File

@ -89,8 +89,8 @@ sub setSessionInfo {
# @return Lemonldap::NG::Portal constant
sub setGroups {
my ( $self, $req ) = @_;
my $user = $req->user;
my $groups = $req->sessionInfo->{groups} || '';
my $user = $req->user;
my $groups = $req->sessionInfo->{groups} || '';
my $hGroups = $req->sessionInfo->{hGroups} || {};
for my $grp ( keys %demoGroups ) {
if ( grep { $_ eq $user } @{ $demoGroups{$grp} } ) {

20
lemonldap-ng-portal/t/01-AuthDemo.t
Unescape View File

@ -25,8 +25,7 @@ ok(
),
'Get Menu'
);
ok( $res->[2]->[0] =~ /<span trmsg="37">/,
'Rejected with PE_BADURL' )
ok( $res->[2]->[0] =~ /<span trmsg="37">/, 'Rejected with PE_BADURL' )
or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )
or print STDERR Dumper( $res->[2]->[0] );
@ -41,8 +40,7 @@ ok(
),
'Get Menu'
);
ok( $res->[2]->[0] =~ /<span trmsg="9">/,
'Rejected with PE_FIRSTACCESS' )
ok( $res->[2]->[0] =~ /<span trmsg="9">/, 'Rejected with PE_FIRSTACCESS' )
or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )
or print STDERR Dumper( $res->[2]->[0] );
@ -73,9 +71,10 @@ ok(
),
'Auth query'
);
ok( $res->[2]->[0] =~ /<span trmsg="5">/,
'jdoe rejected with PE_BADCREDENTIALS' )
or print STDERR Dumper( $res->[2]->[0] );
ok(
$res->[2]->[0] =~ /<span trmsg="5">/,
'jdoe rejected with PE_BADCREDENTIALS'
) or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%<span trspan="connect">Connect</span>%,
'Found connect button' )
or print STDERR Dumper( $res->[2]->[0] );
@ -93,9 +92,10 @@ ok(
'Auth query'
);
count(1);
ok( $res->[2]->[0] =~ /<span trmsg="5">/,
'dwho rejected with PE_BADCREDENTIALS' )
or print STDERR Dumper( $res->[2]->[0] );
ok(
$res->[2]->[0] =~ /<span trmsg="5">/,
'dwho rejected with PE_BADCREDENTIALS'
) or print STDERR Dumper( $res->[2]->[0] );
count(1);
ok( $res->[2]->[0] =~ m%<span trspan="connect">Connect</span>%,
'Found connect button' )

11
lemonldap-ng-portal/t/01-Handler-redirection-and-URL-check-by-portal.t
Unescape View File

@ -10,8 +10,7 @@ require 't/test-lib.pm';
my $res;
my $client = LLNG::Manager::Test->new(
{
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
useSafeJail => 1,
@ -31,8 +30,7 @@ ok( $app = Lemonldap::NG::Handler::Server->run( $client->ini ), 'App' );
count(1);
ok(
$res = $app->(
{
$res = $app->( {
'HTTP_ACCEPT' => 'text/html',
'SCRIPT_NAME' => '/',
'SERVER_NAME' => '127.0.0.1',
@ -69,8 +67,7 @@ expectForm( $res, undef, undef, 'url' );
count(1);
ok(
$res = $app->(
{
$res = $app->( {
'HTTP_ACCEPT' => 'text/html',
'SCRIPT_NAME' => '/',
'SERVER_NAME' => '127.0.0.1',
@ -88,7 +85,7 @@ ok(
'HTTP_HOST' => 'courriel.example.com',
}
),
'Standard Handler with host value that contains a + character after base64 encoding'
'Standard Handler with host value that contains a + character after base64 encoding'
);
count(1);

6
lemonldap-ng-portal/t/02-Password-Demo-Local-Ppolicy.t
Unescape View File

@ -300,7 +300,7 @@ ok(
$res->[2]->[0] =~
m%<li><span trspan="passwordPolicyMinSize">Minimal size:</span> 6</li>%,
' passwordPolicyMinSize'
) or print STDERR Dumper( $res->[2]->[0], 'passwordPolicyMinSize');
) or print STDERR Dumper( $res->[2]->[0], 'passwordPolicyMinSize' );
ok(
$res->[2]->[0] =~
m%<li><span trspan="passwordPolicyMinLower">Minimal lower characters:</span> 3</li>%,
@ -320,7 +320,7 @@ ok(
$res->[2]->[0] =~
m%<li><span trspan="passwordPolicyMinSpeChar">Minimal special characters:</span> 2</li>%,
' passwordPolicyMinSpeChar'
) or print STDERR Dumper( $res->[2]->[0], 'passwordPolicyMinSpeChar');
) or print STDERR Dumper( $res->[2]->[0], 'passwordPolicyMinSpeChar' );
ok(
$res->[2]->[0] =~
m%\Q<li><span trspan="passwordPolicySpecialChar">Allowed special characters:</span> [ } \</li>\E%,
@ -328,7 +328,7 @@ m%\Q<li><span trspan="passwordPolicySpecialChar">Allowed special characters:</sp
) or print STDERR Dumper( $res->[2]->[0], 'passwordPolicySpecialChar' );
ok(
$res->[2]->[0] =~
m%<span id=\'show-hide-icon-button\' class="fa fa-eye"></span>%,
m%<span id=\'show-hide-icon-button\' class="fa fa-eye"></span>%,
'Show/Hide toogle button'
) or print STDERR Dumper( $res->[2]->[0], 'Toogle button' );
count(8);

7
lemonldap-ng-portal/t/28-AuthChoice-with-captcha.t
Unescape View File

@ -70,9 +70,10 @@ m#<img class="renewcaptchaclick" src="/static/common/icons/arrow_refresh.png" al
( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'password', 'token' );
ok( $res->[2]->[0] =~ /<span trmsg="5">/,
'dalek rejected with PE_BADCREDENTIALS' )
or print STDERR Dumper( $res->[2]->[0] );
ok(
$res->[2]->[0] =~ /<span trmsg="5">/,
'dalek rejected with PE_BADCREDENTIALS'
) or print STDERR Dumper( $res->[2]->[0] );
# Try to authenticate
# -------------------

7
lemonldap-ng-portal/t/28-AuthChoice-with-token.t
Unescape View File

@ -50,9 +50,10 @@ ok(
( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'password', 'token' );
ok( $res->[2]->[0] =~ /<span trmsg="5">/,
'dalek rejected with PE_BADCREDENTIALS' )
or print STDERR Dumper( $res->[2]->[0] );
ok(
$res->[2]->[0] =~ /<span trmsg="5">/,
'dalek rejected with PE_BADCREDENTIALS'
) or print STDERR Dumper( $res->[2]->[0] );
# Try to authenticate
# -------------------

6
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Metadata.t
Unescape View File

@ -21,10 +21,10 @@ SKIP: {
# Initialization
$issuer = register( 'issuer', \&issuer );
ok( $res = $issuer->_get('/saml/metadata'), 'Get metadata' );
ok( $res = $issuer->_get('/saml/metadata'), 'Get metadata' );
ok( $res->[2]->[0] =~ m#^<\?xml version="1.0"\?>#s, 'Metadata is XML' );
ok( $res = $issuer->_get('/saml/metadata/idp'), 'Get IDP metadata' );
ok( $res = $issuer->_get('/saml/metadata/idp'), 'Get IDP metadata' );
ok( $res->[2]->[0] =~ m#^<\?xml version="1.0"\?>#s, 'Metadata is XML' );
ok(
$res->[2]->[0] !~ m#<SPSSODescriptor#s,
@ -33,7 +33,7 @@ SKIP: {
ok( $res->[2]->[0] =~ m#entityID="urn:example\.com"#s,
'IDP EntityID is overriden' );
ok( $res = $issuer->_get('/saml/metadata/sp'), 'Get SP metadata' );
ok( $res = $issuer->_get('/saml/metadata/sp'), 'Get SP metadata' );
ok( $res->[2]->[0] =~ m#^<\?xml version="1.0"\?>#s, 'Metadata is XML' );
ok(
$res->[2]->[0] !~ m#<IDPSSODescriptor#s,

296
lemonldap-ng-portal/t/30-SAML-POST-Logout-when-expired.t
Unescape View File

@ -1,296 +0,0 @@
use lib 'inc';
use Test::More;
use strict;
use IO::String;
use LWP::UserAgent;
use LWP::Protocol::PSGI;
use MIME::Base64;
BEGIN {
require 't/test-lib.pm';
require 't/saml-lib.pm';
}
my $maintests = 14;
my $debug = 'error';
my $timeout = 72000;
my ( $issuer, $sp, $res );
# Redefine LWP methods for tests
LWP::Protocol::PSGI->register(
sub {
my $req = Plack::Request->new(@_);
fail('POST should not launch SOAP requests');
count(1);
return [ 500, [], [] ];
}
);
SKIP: {
eval "use Lasso";
if ($@) {
skip 'Lasso not found', $maintests;
}
# Initialization
$issuer = register( 'issuer', \&issuer );
$sp = register( 'sp', \&sp );
# Simple SP access
my $res;
ok(
$res = $sp->_get(
'/', accept => 'text/html',
),
'Unauth SP request'
);
expectOK($res);
my ( $host, $url, $s ) =
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
'SAMLRequest' );
# Push SAML request to IdP
switch ('issuer');
ok(
$res = $issuer->_post(
$url,
IO::String->new($s),
accept => 'text/html',
length => length($s)
),
'Post SAML request to IdP'
);
expectOK($res);
my $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
# Try to authenticate with an unauthorized user to IdP
$s = "user=dwho&password=dwho&$s";
ok(
$res = $issuer->_post(
$url,
IO::String->new($s),
accept => 'text/html',
cookie => $pdata,
length => length($s),
),
'Post authentication'
);
ok( $res->[2]->[0] =~ /trmsg="89"/, 'Reject reason is 89' )
or print STDERR Dumper( $res->[2]->[0] );
# Simple SP access
ok(
$res = $sp->_get(
'/', accept => 'text/html',
),
'Unauth SP request'
);
expectOK($res);
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
'SAMLRequest' );
# Push SAML request to IdP
ok(
$res = $issuer->_post(
$url,
IO::String->new($s),
accept => 'text/html',
length => length($s)
),
'Post SAML request to IdP'
);
expectOK($res);
$pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
# Try to authenticate with an authorized user to IdP
$s = "user=french&password=french&$s";
ok(
$res = $issuer->_post(
$url,
IO::String->new($s),
accept => 'text/html',
cookie => $pdata,
length => length($s),
),
'Post authentication'
);
my $idpId = expectCookie($res);
# Expect pdata to be cleared
$pdata = expectCookie( $res, 'lemonldappdata' );
ok( $pdata !~ 'issuerRequestsaml', 'SAML request cleared from pdata' );
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.sp.com', '/saml/proxySingleSignOnPost',
'SAMLResponse' );
# Post SAML response to SP
switch ('sp');
ok(
$res = $sp->_post(
$url, IO::String->new($s),
accept => 'text/html',
length => length($s),
),
'Post SAML response to SP'
);
# Verify authentication on SP
expectRedirection( $res, 'http://auth.sp.com' );
my $spId = expectCookie($res);
ok( $res = $sp->_get( '/', cookie => "lemonldap=$spId" ), 'Get / on SP' );
expectOK($res);
expectAuthenticatedAs( $res, 'fa@badwolf.org@idp' );
# Logout initiated by SP
ok(
$res = $sp->_get(
'/',
query => 'logout',
cookie => "lemonldap=$spId",
accept => 'text/html'
),
'Query SP for logout'
);
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.idp.com', '/saml/singleLogout',
'SAMLRequest' );
# Jump ahead in time
Time::Fake->offset( "+" . ( $timeout * 1.5 ) . "s" );
# Push SAML logout request to IdP
switch ('issuer');
ok(
$res = $issuer->_post(
$url,
IO::String->new($s),
accept => 'text/html',
cookie => "lemonldap=$idpId",
length => length($s)
),
'Post SAML logout request to IdP'
);
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.sp.com', '/saml/proxySingleLogoutReturn',
'SAMLResponse' );
# Post SAML response to SP
switch ('sp');
ok(
$res = $sp->_post(
$url, IO::String->new($s),
accept => 'text/html',
length => length($s),
),
'Post SAML response to SP'
);
ok( $res->[2]->[0] =~ /trmsg="56"/, 'Found SLO error' );
}
count($maintests);
clean_sessions();
done_testing( count() );
sub issuer {
return LLNG::Manager::Test->new( {
ini => {
timeout => $timeout,
logLevel => $debug,
domain => 'idp.com',
portal => 'http://auth.idp.com',
authentication => 'Demo',
userDB => 'Same',
issuerDBSAMLActivation => 1,
issuerDBSAMLRule => '$uid eq "french"',
samlSPMetaDataOptions => {
'sp.com' => {
samlSPMetaDataOptionsEncryptionMode => 'none',
samlSPMetaDataOptionsSignSSOMessage => 1,
samlSPMetaDataOptionsSignSLOMessage => 1,
samlSPMetaDataOptionsCheckSSOMessageSignature => 1,
samlSPMetaDataOptionsCheckSLOMessageSignature => 1,
}
},
samlSPMetaDataExportedAttributes => {
'sp.com' => {
cn =>
'1;cn;urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
uid =>
'1;uid;urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
}
},
samlOrganizationDisplayName => "IDP",
samlOrganizationName => "IDP",
samlOrganizationURL => "http://www.idp.com/",
samlServicePrivateKeyEnc => saml_key_idp_private_enc,
samlServicePrivateKeySig => saml_key_idp_private_sig,
samlServicePublicKeyEnc => saml_key_idp_public_enc,
samlServicePublicKeySig => saml_key_idp_public_sig,
samlSPMetaDataXML => {
"sp.com" => {
samlSPMetaDataXML =>
samlSPMetaDataXML( 'sp', 'HTTP-POST' )
},
},
}
}
);
}
sub sp {
return LLNG::Manager::Test->new( {
ini => {
logLevel => $debug,
timeout => $timeout,
domain => 'sp.com',
portal => 'http://auth.sp.com',
authentication => 'SAML',
userDB => 'Same',
issuerDBSAMLActivation => 0,
restSessionServer => 1,
samlIDPMetaDataExportedAttributes => {
idp => {
mail => "0;mail;;",
uid => "1;uid",
cn => "0;cn"
}
},
samlIDPMetaDataOptions => {
idp => {
samlIDPMetaDataOptionsEncryptionMode => 'none',
samlIDPMetaDataOptionsSSOBinding => 'post',
samlIDPMetaDataOptionsSLOBinding => 'post',
samlIDPMetaDataOptionsSignSSOMessage => 1,
samlIDPMetaDataOptionsSignSLOMessage => 1,
samlIDPMetaDataOptionsCheckSSOMessageSignature => 1,
samlIDPMetaDataOptionsCheckSLOMessageSignature => 1,
samlIDPMetaDataOptionsForceUTF8 => 1,
}
},
samlIDPMetaDataExportedAttributes => {
idp => {
"uid" => "0;uid;;",
"cn" => "1;cn;;",
},
},
samlIDPMetaDataXML => {
idp => {
samlIDPMetaDataXML =>
samlIDPMetaDataXML( 'idp', 'HTTP-POST' )
}
},
samlOrganizationDisplayName => "SP",
samlOrganizationName => "SP",
samlOrganizationURL => "http://www.sp.com",
samlServicePublicKeySig => saml_key_sp_public_sig,
samlServicePrivateKeyEnc => saml_key_sp_private_enc,
samlServicePrivateKeySig => saml_key_sp_private_sig,
samlServicePublicKeyEnc => saml_key_sp_public_enc,
samlSPSSODescriptorAuthnRequestsSigned => 1,
},
}
);
}

10
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-hybrid.t
Unescape View File

@ -198,16 +198,16 @@ ok( $prms{state}, ' state found' );
ok( $prms{session_state}, ' session_state found' );
count(6);
my $id_token_payload = id_token_payload($prms{id_token});
ok( $id_token_payload->{c_hash}, "ID token contains c_hash");
ok( $id_token_payload->{at_hash}, "ID token contains at_hash");
is( $id_token_payload->{nonce}, "qwerty", "ID token contains nonce");
my $id_token_payload = id_token_payload( $prms{id_token} );
ok( $id_token_payload->{c_hash}, "ID token contains c_hash" );
ok( $id_token_payload->{at_hash}, "ID token contains at_hash" );
is( $id_token_payload->{nonce}, "qwerty", "ID token contains nonce" );
count(3);
my $at;
ok( $at = $rp->p->_userDB->getUserInfo( 'op', $prms{access_token} ),
'Get access token' );
ok( $at = JSON::from_json($at), ' Decode JSON' );
ok( $at = JSON::from_json($at), ' Decode JSON' );
ok( $at->{name} eq 'Doctor Who', ' Get name' );
ok( $at->{family_name} eq 'Doctor Who', ' Get family_name' );
ok( $at->{sub} eq 'dwho', ' Get sub' );

2
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit-no-token.t
Unescape View File

@ -144,7 +144,7 @@ ok( $prms{state}, ' state found' );
count(5);
# Check attributes in ID Token
my $id_token_decoded = id_token_payload($prms{id_token});
my $id_token_decoded = id_token_payload( $prms{id_token} );
ok( $id_token_decoded->{sub} eq "dwho", 'Check sub value' );
ok( $id_token_decoded->{name} eq "Doctor Who", 'Check name value' );
count(2);

4
lemonldap-ng-portal/t/34-Auth-Proxy-and-REST-Server.t
Unescape View File

@ -126,7 +126,7 @@ my $newId = $res->{session}->{_session_id};
# Verify a key
ok( $res = $issuer->_get("/sessions/global/$newId/uid"), 'Verify uid' );
ok( $res->[2]->[0] eq 'zz', ' Uid is good' );
ok( $res->[2]->[0] eq 'zz', ' Uid is good' );
count(4);
# Update a key
@ -159,7 +159,7 @@ count(3);
# Verify new key
ok( $res = $issuer->_get("/sessions/global/$newId/cn"), 'Verify cn' );
ok( $res->[2]->[0] eq 'CN', ' CN is good' );
ok( $res->[2]->[0] eq 'CN', ' CN is good' );
count(2);
use_ok('Lemonldap::NG::Common::Apache::Session::REST');

4
lemonldap-ng-portal/t/34-Auth-Proxy-and-REST-sessions.t
Unescape View File

@ -144,11 +144,11 @@ sub sp {
portal => 'http://auth.sp.com',
authentication => 'Proxy',
userDB => 'Same',
secret => 'abc',
secret => 'abc',
proxyAuthService => 'http://auth.idp.com',
proxyUseSoap => 0,
whatToTrace => '_whatToTrace',
globalStorage => 'Lemonldap::NG::Common::Apache::Session::REST',
globalStorage => 'Lemonldap::NG::Common::Apache::Session::REST',
globalStorageOptions => {
'baseUrl' => 'http://auth.idp.com/sessions/global',
}

2
lemonldap-ng-portal/t/35-SOAP-config-backend.t
Unescape View File

@ -63,7 +63,7 @@ SKIP: {
my $res;
ok( $res = $soap->call('getConfig')->result(), 'Get configuration' );
ok( $res->{cfgNum} == 1, 'cfgNum is 1' );
ok( $res->{cfgNum} == 1, 'cfgNum is 1' );
$sp = register( 'sp', \&sp );

3
lemonldap-ng-portal/t/40-Notifications-Explorer-XML-File.t
Unescape View File

@ -235,7 +235,8 @@ m%<span notif=\'testref\' epoch=\'(\d{10})\' class="btn btn-success" role="butto
);
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
or print STDERR "$@\n" . Dumper($res);
ok( $json->{error} eq 'Missing epoch parameter', ' Missing epoch parameter' )
ok( $json->{error} eq 'Missing epoch parameter',
' Missing epoch parameter' )
or explain( $json, "Missing epoch parameter" );
# Bad request

6
lemonldap-ng-portal/t/40-Notifications-JSON-Server.t
Unescape View File

@ -183,7 +183,7 @@ ok(
'List all pending notifications'
);
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' );
ok( scalar @{ $json->{result} } == 3, 'Three notifications found' )
ok( scalar @{ $json->{result} } == 3, 'Three notifications found' )
or print STDERR Dumper($json);
foreach ( @{ $json->{result} } ) {
@ -341,7 +341,7 @@ ok(
'List all existing notifications'
);
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' );
ok( scalar @{ $json->{result} } == 5, 'Five notifications found' )
ok( scalar @{ $json->{result} } == 5, 'Five notifications found' )
or print STDERR Dumper($json);
count(3);
@ -454,7 +454,7 @@ ok(
'List all pending notifications'
);
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' );
ok( scalar @{ $json->{result} } == 3, 'Three notifications found' )
ok( scalar @{ $json->{result} } == 3, 'Three notifications found' )
or print STDERR Dumper($json);
count(3);

24
lemonldap-ng-portal/t/57-GlobalLogout-with-Double-cookies-Single-session.t
Unescape View File

@ -13,15 +13,15 @@ my $res;
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
loginHistoryEnabled => 0,
bruteForceProtection => 0,
requireToken => 0,
securedCookie => 3,
restSessionServer => 1,
globalLogoutRule => 1,
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
loginHistoryEnabled => 0,
bruteForceProtection => 0,
requireToken => 0,
securedCookie => 3,
restSessionServer => 1,
globalLogoutRule => 1,
}
}
);
@ -38,7 +38,7 @@ ok(
);
count(1);
expectCookie($res);
my $id = expectCookie($res, 'lemonldaphttp');
my $id = expectCookie( $res, 'lemonldaphttp' );
expectRedirection( $res, 'http://auth.example.com/' );
## Second successful connection for "dwho"
@ -53,7 +53,7 @@ ok(
);
count(1);
expectCookie($res);
expectCookie($res, 'lemonldaphttp');
expectCookie( $res, 'lemonldaphttp' );
expectRedirection( $res, 'http://auth.example.com/' );
## Third successful connection for 'dwho'
@ -68,7 +68,7 @@ ok(
);
count(1);
expectCookie($res);
expectCookie($res, 'lemonldaphttp');
expectCookie( $res, 'lemonldaphttp' );
expectRedirection( $res, 'http://auth.example.com/' );
## Logout request for 'dwho'

24
lemonldap-ng-portal/t/57-GlobalLogout-with-Double-cookies.t
Unescape View File

@ -13,15 +13,15 @@ my $res;
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
loginHistoryEnabled => 0,
bruteForceProtection => 0,
requireToken => 0,
securedCookie => 2,
restSessionServer => 1,
globalLogoutRule => 1,
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
loginHistoryEnabled => 0,
bruteForceProtection => 0,
requireToken => 0,
securedCookie => 2,
restSessionServer => 1,
globalLogoutRule => 1,
}
}
);
@ -38,7 +38,7 @@ ok(
);
count(1);
expectCookie($res);
my $id = expectCookie($res, 'lemonldaphttp');
my $id = expectCookie( $res, 'lemonldaphttp' );
expectRedirection( $res, 'http://auth.example.com/' );
## Second successful connection for "dwho"
@ -53,7 +53,7 @@ ok(
);
count(1);
expectCookie($res);
expectCookie($res, 'lemonldaphttp');
expectCookie( $res, 'lemonldaphttp' );
expectRedirection( $res, 'http://auth.example.com/' );
## Third successful connection for 'dwho'
@ -68,7 +68,7 @@ ok(
);
count(1);
expectCookie($res);
expectCookie($res, 'lemonldaphttp');
expectCookie( $res, 'lemonldaphttp' );
expectRedirection( $res, 'http://auth.example.com/' );
## Logout request for 'dwho'

23
lemonldap-ng-portal/t/57-LogoutForward.t
Unescape View File

@ -11,14 +11,14 @@ my $res;
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
loginHistoryEnabled => 0,
bruteForceProtection => 0,
requireToken => 0,
restSessionServer => 1,
logoutServices => { 'mytest' => 'http://auth.example.com/' }
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
loginHistoryEnabled => 0,
bruteForceProtection => 0,
requireToken => 0,
restSessionServer => 1,
logoutServices => { 'mytest' => 'http://auth.example.com/' }
}
}
);
@ -50,8 +50,11 @@ ok(
);
count(1);
ok( $res->[2]->[0] =~ m%<h3 trspan="logoutFromOtherApp">logoutFromOtherApp</h3>%, 'Found Logout Forward page' )
or explain( $res->[2]->[0], "PE_LOGOUT_OK" );
ok(
$res->[2]->[0] =~
m%<h3 trspan="logoutFromOtherApp">logoutFromOtherApp</h3>%,
'Found Logout Forward page'
) or explain( $res->[2]->[0], "PE_LOGOUT_OK" );
count(1);
$client->logout( $idd[0] );

2
lemonldap-ng-portal/t/59-Double-cookies-Refresh-and-Logout.t
Unescape View File

@ -211,7 +211,7 @@ expectOK($res);
ok(
$res->[2]->[0] =~
m%<div class="message message-positive alert"><span trmsg="47">%,
m%<div class="message message-positive alert"><span trmsg="47">%,
'Dwho has been well disconnected'
) or print STDERR Dumper( $res->[2]->[0] );
count(1);

2
lemonldap-ng-portal/t/59-Secured-cookie-Refresh-and-Logout.t
Unescape View File

@ -121,7 +121,7 @@ expectOK($res);
ok(
$res->[2]->[0] =~
m%<div class="message message-positive alert"><span trmsg="47">%,
m%<div class="message message-positive alert"><span trmsg="47">%,
'Dwho has been well disconnected'
) or print STDERR Dumper( $res->[2]->[0] );
count(1);

8
lemonldap-ng-portal/t/61-BruteForceProtection-with-Incremental-lockTimes-and-TOTP.t
Unescape View File

@ -113,9 +113,8 @@ SKIP: {
accept => 'text/html',
),
'Auth query'
);
ok( $res->[2]->[0] =~ /<span trspan="enterTotpCode">/,
'Enter TOTP code' )
);
ok( $res->[2]->[0] =~ /<span trspan="enterTotpCode">/, 'Enter TOTP code' )
or print STDERR Dumper( $res->[2]->[0] );
count(2);
@ -170,8 +169,7 @@ SKIP: {
),
'Auth query'
);
ok( $res->[2]->[0] =~ /<span trspan="enterTotpCode">/,
'Enter TOTP code' )
ok( $res->[2]->[0] =~ /<span trspan="enterTotpCode">/, 'Enter TOTP code' )
or print STDERR Dumper( $res->[2]->[0] );
count(2);

7
lemonldap-ng-portal/t/61-GrantSession.t
Unescape View File

@ -51,9 +51,10 @@ ok(
'Auth query'
);
count(1);
ok( $res->[2]->[0] =~ /<span trmsg="5">/,
'dwho rejected with PE_BADCREDENTIALS' )
or print STDERR Dumper( $res->[2]->[0] );
ok(
$res->[2]->[0] =~ /<span trmsg="5">/,
'dwho rejected with PE_BADCREDENTIALS'
) or print STDERR Dumper( $res->[2]->[0] );
count(1);
ok( $res->[2]->[0] =~ m%<span trspan="connect">Connect</span>%,
'Found connect button' )

2
lemonldap-ng-portal/t/61-Session-ActivityTimeout.t
Unescape View File

@ -62,7 +62,7 @@ ok(
);
ok(
$res->[2]->[0] =~
m%<div class="message message-warning alert"><span trmsg="1">%,
m%<div class="message message-warning alert"><span trmsg="1">%,
'Found PE_SESSIONEXPIRED code'
) or print STDERR Dumper( $res->[2]->[0] );
count(2);

2
lemonldap-ng-portal/t/61-Session-Timeout.t
Unescape View File

@ -61,7 +61,7 @@ ok(
);
ok(
$res->[2]->[0] =~
m%<div class="message message-warning alert"><span trmsg="1">%,
m%<div class="message message-warning alert"><span trmsg="1">%,
'Found PE_SESSIONEXPIRED code'
) or print STDERR Dumper( $res->[2]->[0] );
count(2);

2
lemonldap-ng-portal/t/62-Refresh-plugin.t
Unescape View File

@ -51,7 +51,7 @@ count(1);
foreach (@ids) {
ok( $res = $client->_get("/sessions/global/$_"), 'Get session content' );
ok( $res->[2]->[0] =~ /"uid":"Dr Who"/, ' Content is updated' );
ok( $res->[2]->[0] =~ /"uid":"Dr Who"/, ' Content is updated' );
count(2);
}

6
lemonldap-ng-portal/t/62-SingleSession.t
Unescape View File

@ -204,10 +204,8 @@ ok(
m%<a href="http://auth.example.com/removeOther\?token=\d{10}_\d+" onclick="_go=0" trspan="removeOtherSessions"></a>%,
'Link found'
) or explain( $res->[2]->[0], 'Link found' );
ok(
$res->[2]->[0] =~ m%action="http://test1.example.com/"%,
'action found'
) or explain( $res->[2]->[0], 'action found' );
ok( $res->[2]->[0] =~ m%action="http://test1.example.com/"%, 'action found' )
or explain( $res->[2]->[0], 'action found' );
count(4);
clean_sessions();

12
lemonldap-ng-portal/t/67-CheckUser-with-Impersonation-and-Macros.t
Unescape View File

@ -26,13 +26,13 @@ my $client = LLNG::Manager::Test->new( {
userControl => '^[\w\.\-/\s]+$',
whatToTrace => '_whatToTrace',
macros => {
authLevel => '"Macro_$authenticationLevel"',
authLevel => '"Macro_$authenticationLevel"',
realAuthLevel => '"realMacro_$real_authenticationLevel"',
_whatToTrace =>
'$real__user ? "$_user / $real__user" : "$_user / $_user"',
},
groups => {
authGroup => '$authenticationLevel == 1',
groups => {
authGroup => '$authenticationLevel == 1',
realAuthGroup => '$real_authenticationLevel == 1',
},
}
@ -177,9 +177,11 @@ ok( $res->[2]->[0] =~ m%<td scope="row">Macro_1</td>%, 'Found uid' )
ok( $nbr = ( $res->[2]->[0] =~ s%<td scope="row">Macro_1</td>%%g ),
'Found two well computed macros' )
or explain( $res->[2]->[0], 'Macros not well computed' );
ok( $res->[2]->[0] =~ m%<div class="col">authGroup</div>%, 'Found group "authGroup"' )
ok( $res->[2]->[0] =~ m%<div class="col">authGroup</div>%,
'Found group "authGroup"' )
or explain( $res->[2]->[0], 'Group "authgroup"' );
ok( $res->[2]->[0] =~ m%<div class="col">realAuthGroup</div>%, 'Found group "realAuthGroup"' )
ok( $res->[2]->[0] =~ m%<div class="col">realAuthGroup</div>%,
'Found group "realAuthGroup"' )
or explain( $res->[2]->[0], 'Found group "realAuthGroup"' );
count(7);

3
lemonldap-ng-portal/t/67-CheckUser.t
Unescape View File

@ -253,7 +253,8 @@ ok( $res->[2]->[0] =~ m%<td scope="row">dwho</td>%, 'Found dwho' )
or explain( $res->[2]->[0], 'Macro Value dwho' );
ok( $res->[2]->[0] =~ m%<td scope="row">array</td>%, 'Found empty macro' )
or explain( $res->[2]->[0], 'Macro: empty' );
ok( $res->[2]->[0] =~ m%<td scope="row">real_array</td>%, 'Found empty real_macro' )
ok( $res->[2]->[0] =~ m%<td scope="row">real_array</td>%,
'Found empty real_macro' )
or explain( $res->[2]->[0], 'Macro: empty real' );
count(9);

20
lemonldap-ng-portal/t/68-ContextSwitching.t
Unescape View File

@ -61,13 +61,19 @@ ok( $res->[2]->[0] =~ qr%<span id="languages"></span>%, 'Found language flags' )
expectAuthenticatedAs( $res, 'rtyler' );
ok( $res->[2]->[0] !~ m%contextSwitching_ON%, 'Connected as dwho' )
or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ qr%href="http://test1\.example\.com/" title="Application Test 1"%, 'Found test1 & title' )
or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ qr%href="http://test2\.example\.com/" title="A nice application!"%, 'Found test2 & title' )
or print STDERR Dumper( $res->[2]->[0] );
ok(
$res->[2]->[0] =~
qr%href="http://test1\.example\.com/" title="Application Test 1"%,
'Found test1 & title'
) or print STDERR Dumper( $res->[2]->[0] );
ok(
$res->[2]->[0] =~
qr%href="http://test2\.example\.com/" title="A nice application!"%,
'Found test2 & title'
) or print STDERR Dumper( $res->[2]->[0] );
my @appdesc = ($res->[2]->[0] =~ qr%class="appdesc%);
ok( @appdesc == 1 , 'Found only one description' )
my @appdesc = ( $res->[2]->[0] =~ qr%class="appdesc% );
ok( @appdesc == 1, 'Found only one description' )
or print STDERR Dumper( $res->[2]->[0] );
count(6);
@ -406,7 +412,7 @@ expectOK($res);
ok(
$res->[2]->[0] =~
m%<div class="message message-positive alert"><span trmsg="47">%,
m%<div class="message message-positive alert"><span trmsg="47">%,
'Dwho has been well disconnected'
) or print STDERR Dumper( $res->[2]->[0] );
count(2);

2
lemonldap-ng-portal/t/68-Impersonation-with-UnrestrictedUser.t
Unescape View File

@ -77,7 +77,7 @@ ok(
);
ok(
$res->[2]->[0] =~
m%<div class="message message-negative alert"><span trmsg="5">%,
m%<div class="message message-negative alert"><span trmsg="5">%,
' PE5 found'
) or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
count(2);

4
lemonldap-ng-portal/t/68-Impersonation-with-doubleCookies.t
Unescape View File

@ -83,7 +83,7 @@ ok(
);
ok(
$res->[2]->[0] =~
m%<div class="message message-negative alert"><span trmsg="5">%,
m%<div class="message message-negative alert"><span trmsg="5">%,
' PE5 found'
) or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
count(2);
@ -112,7 +112,7 @@ ok(
);
ok(
$res->[2]->[0] =~
m%<div class="message message-negative alert"><span trmsg="93">%,
m%<div class="message message-negative alert"><span trmsg="93">%,
' PE93 found'
) or explain( $res->[2]->[0], "PE93 - Impersonation service not allowed" );
count(2);

8
lemonldap-ng-portal/t/68-Impersonation.t
Unescape View File

@ -83,7 +83,7 @@ ok(
);
ok(
$res->[2]->[0] =~
m%<div class="message message-negative alert"><span trmsg="5">%,
m%<div class="message message-negative alert"><span trmsg="5">%,
' PE5 found'
) or explain( $res->[2]->[0], "PE5 - Forbidden identity" );
count(2);
@ -112,7 +112,7 @@ ok(
);
ok(
$res->[2]->[0] =~
m%<div class="message message-negative alert"><span trmsg="93">%,
m%<div class="message message-negative alert"><span trmsg="93">%,
' PE93 found'
) or explain( $res->[2]->[0], "PE93 - Impersonation service not allowed" );
count(2);
@ -329,8 +329,8 @@ count(17);
my %attributes = map /<td scope="row">(.+)?<\/td>/g, $res->[2]->[0];
ok( keys %attributes == 34, 'Found 34 attributes' )
or print STDERR ( keys %attributes < 34 )
? "Missing attributes -> " . scalar keys (%attributes) . "\n"
: "Too much attributes -> " . scalar keys (%attributes). "\n";
? "Missing attributes -> " . scalar keys(%attributes) . "\n"
: "Too much attributes -> " . scalar keys(%attributes) . "\n";
ok( $attributes{'_auth'} eq 'Demo', '_auth' )
or print STDERR Dumper( \%attributes );
ok( $attributes{'uid'}, 'uid' ) or print STDERR Dumper( \%attributes );

2
lemonldap-ng-portal/t/70-2F-TOTP-8-with-global-storage.t
Unescape View File

@ -137,7 +137,7 @@ SKIP: {
# Generate TOTP with an external application to validate LLNG TOTP formula
my $oath = Authen::OATH->new( digits => 8 );
ok( $code = $oath->totp($key), 'Ext. App Code' );
ok( $code == $totp, 'Both TOTP match' )
ok( $code == $totp, 'Both TOTP match' )
or explain( [ $code, $totp ], 'LLNG and Ext. App TOTP mismatch' );
$query =~ s/code=/code=$code/;

2
lemonldap-ng-portal/t/70-2F-TOTP-with-History-and-Refresh.t
Unescape View File

@ -160,7 +160,7 @@ SKIP: {
);
expectRedirection( $res, 'http://auth.example.com/' );
Time::Fake->offset("+20s"); # Go through handler internal cache
Time::Fake->offset("+20s"); # Go through handler internal cache
ok(
$res = $client->_post(

3
lemonldap-ng-portal/t/91-Memory-Leak.t
Unescape View File

@ -32,6 +32,7 @@ TODO: {
local $TODO = "Not yet fully cleaned";
fail "Unable to really destroy a portal object for now";
# Test with initialization
#my $p = Lemonldap::NG::Portal::Main->new();
#$p->init($ini);
@ -45,6 +46,6 @@ TODO: {
my $p = Lemonldap::NG::Portal::Main->new();
$p->init($ini);
leaks_cmp_ok {
$p->reloadConf($p->conf);
$p->reloadConf( $p->conf );
}
'<', 1;

4
lemonldap-ng-portal/t/99-Dont-load-Dumper.t
Unescape View File

@ -50,8 +50,8 @@ my $ini = {
};
ok( $p = Lemonldap::NG::Portal::Main->new, 'Portal object' );
ok( $p->init($ini), 'Init' );
ok( $app = $p->run, 'App' );
ok( $p->init($ini), 'Init' );
ok( $app = $p->run, 'App' );
eval { Data::Dumper::Dumper( {} ) };
ok( $@, "Portal doesn't depend on Data::Dumper" );

6
lemonldap-ng-portal/t/test-ldap.pm
Unescape View File

@ -3,9 +3,9 @@
use Time::HiRes qw/usleep/;
sub _ldap_cleanup {
system 'rm -rf t/testslapd/slapd.d';
system 'rm -rf t/testslapd/data';
system 'rm -rf t/testslapd/slapd-test.ldif';
system 'rm -rf t/testslapd/slapd.d';
system 'rm -rf t/testslapd/data';
system 'rm -rf t/testslapd/slapd-test.ldif';
}
my $slapd_bin;

Write Preview
Loading…
Cancel
Save