From bc2bef4ff4d046380207079fa0d7961a6954adf1 Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Thu, 7 Mar 2019 18:22:16 +0100 Subject: [PATCH] Please use our .perltidyrc --- fastcgi-server/man/llng-fastcgi-server.1p | 22 +- .../Lemonldap/NG/Common/Conf/SAML/Metadata.pm | 8 +- .../lib/Lemonldap/NG/Common/PSGI/Request.pm | 2 +- .../lib/Lemonldap/NG/Handler/Main/Run.pm | 188 +++++++-------- .../lib/Lemonldap/NG/Handler/PSGI/Try.pm | 1 + .../lib/Lemonldap/NG/Manager/Build/CTrees.pm | 70 +++--- .../lib/Lemonldap/NG/Manager/Build/Tree.pm | 5 +- .../lib/Lemonldap/NG/Manager/Conf/Tests.pm | 218 +++++++++--------- .../lib/Lemonldap/NG/Portal/2F/Ext2F.pm | 37 +-- .../lib/Lemonldap/NG/Portal/2F/Mail2F.pm | 26 +-- .../lib/Lemonldap/NG/Portal/Auth/LDAP.pm | 2 +- .../lib/Lemonldap/NG/Portal/Auth/_WebForm.pm | 32 ++- .../lib/Lemonldap/NG/Portal/Issuer/Get.pm | 9 +- .../lib/Lemonldap/NG/Portal/Issuer/OpenID.pm | 3 +- .../lib/Lemonldap/NG/Portal/Lib/SAML.pm | 8 +- .../lib/Lemonldap/NG/Portal/Main/Constants.pm | 178 +++++++------- .../lib/Lemonldap/NG/Portal/Main/Init.pm | 2 +- .../lib/Lemonldap/NG/Portal/Main/Plugin.pm | 4 +- .../Lemonldap/NG/Portal/Plugins/CheckUser.pm | 74 +++--- .../NG/Portal/Plugins/Impersonation.pm | 32 +-- lemonldap-ng-portal/t/02-Password-Demo.t | 16 +- lemonldap-ng-portal/t/21-Auth-LDAP-Policy.t | 3 +- .../t/30-Auth-and-issuer-SAML-POST.t | 3 +- .../t/31-Auth-and-issuer-CAS-declared-app.t | 5 +- .../t/32-Auth-and-issuer-OIDC-hybrid.t | 2 +- .../t/33-Auth-and-issuer-OpenID2.t | 2 +- lemonldap-ng-portal/t/50-IssuerGet.t | 2 +- .../t/67-CheckUser-with-token.t | 105 ++++----- .../t/68-Impersonation-with-merge.t | 87 ++++--- lemonldap-ng-portal/t/68-Impersonation.t | 108 ++++----- .../t/76-2F-Ext-with-CodeActivation.t | 12 +- lemonldap-ng-portal/t/sendCode.pl | 5 +- 32 files changed, 637 insertions(+), 634 deletions(-) diff --git a/fastcgi-server/man/llng-fastcgi-server.1p b/fastcgi-server/man/llng-fastcgi-server.1p index 0a1749a3d..bf310522e 100644 --- a/fastcgi-server/man/llng-fastcgi-server.1p +++ b/fastcgi-server/man/llng-fastcgi-server.1p @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "llng-fastcgi-server 1" -.TH llng-fastcgi-server 1 "2018-08-03" "perl v5.26.2" "User Contributed Perl Documentation" +.TH llng-fastcgi-server 1 "2019-03-05" "perl v5.28.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm index 98a1100a8..e9835ffc9 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm @@ -41,12 +41,12 @@ sub serviceToXML { samlOrganizationURL ); - if ($type and $type eq 'idp') { - $template->param( 'hideSPMetadata', 1); + if ( $type and $type eq 'idp' ) { + $template->param( 'hideSPMetadata', 1 ); } - if ($type and $type eq 'sp') { - $template->param( 'hideIDPMetadata', 1); + if ( $type and $type eq 'sp' ) { + $template->param( 'hideIDPMetadata', 1 ); } foreach (@param_auto) { diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm index 5f0b0ffad..e7cdf19d7 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm @@ -32,7 +32,7 @@ sub new { } $self->env->{PATH_INFO} ||= '/'; $self->env->{REQUEST_URI} =~ s|^//+|/|g; - $self->{uri} = uri_unescape( $self->env->{REQUEST_URI} ); + $self->{uri} = uri_unescape( $self->env->{REQUEST_URI} ); $self->{data} = {}; $self->{error} = 0; $self->{respHeaders} = []; diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm index 7aa966f97..702c1ca99 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm @@ -44,20 +44,20 @@ sub getStatus { if ( $ENV{LLNGSTATUSHOST} ) { require IO::Socket::INET; foreach ( 64322 .. 64331 ) { - if ( $statusOut - = IO::Socket::INET->new( Proto => 'udp', LocalPort => $_ ) ) + if ( $statusOut = + IO::Socket::INET->new( Proto => 'udp', LocalPort => $_ ) ) { - $args = ' host=' - . ( $ENV{LLNGSTATUSCLIENT} || 'localhost' ) . ":$_"; + $args = + ' host=' . ( $ENV{LLNGSTATUSCLIENT} || 'localhost' ) . ":$_"; last; } } return $class->abort( $req, - "$class: status page can not be displayed, unable to open socket" - ) unless ($statusOut); + "$class: status page can not be displayed, unable to open socket" ) + unless ($statusOut); } return $class->abort( $req, "$class: status page can not be displayed" ) - unless ( $statusPipe and $statusOut ); + unless ( $statusPipe and $statusOut ); my $q = $req->{env}->{QUERY_STRING} || ''; if ( $q =~ /\s/ ) { $class->logger->error("Bad characters in query"); @@ -84,12 +84,12 @@ sub checkType { if ( time() - $class->lastCheck > $class->checkTime ) { die("$class: No configuration found") - unless ( $class->checkConf ); + unless ( $class->checkConf ); } my $vhost = $class->resolveAlias($req); return ( defined $class->tsv->{type}->{$vhost} ) - ? $class->tsv->{type}->{$vhost} - : 'Main'; + ? $class->tsv->{type}->{$vhost} + : 'Main'; } ## @rmethod int run @@ -125,7 +125,7 @@ sub run { my ($cond); ( $cond, $protection ) = $class->conditionSub($rule) if ($rule); $protection = $class->isUnprotected( $req, $uri ) || 0 - unless ( defined $protection ); + unless ( defined $protection ); if ( $protection == $class->SKIP ) { $class->logger->debug("Access control skipped"); @@ -150,7 +150,7 @@ sub run { # AUTHORIZATION return ( $class->forbidden( $req, $session ), $session ) - unless ( $class->grant( $req, $session, $uri, $cond ) ); + unless ( $class->grant( $req, $session, $uri, $cond ) ); $class->updateStatus( $req, 'OK', $session->{ $class->tsv->{whatToTrace} } ); @@ -168,8 +168,8 @@ sub run { # Log access granted $class->logger->debug( "User " - . $session->{ $class->tsv->{whatToTrace} } - . " was granted to access to $uri" ); + . $session->{ $class->tsv->{whatToTrace} } + . " was granted to access to $uri" ); # Catch POST rules $class->postOutputFilter( $req, $session, $uri ); @@ -192,7 +192,7 @@ sub run { # Redirect user to the portal $class->logger->info("No cookie found") - unless ($id); + unless ($id); # if the cookie was fetched, a log is sent by retrieveSession() $class->updateStatus( $req, $id ? 'EXPIRED' : 'REDIRECT' ); @@ -243,10 +243,10 @@ sub lmLog { sub checkMaintenanceMode { my ( $class, $req ) = @_; my $vhost = $class->resolveAlias($req); - my $_maintenance - = ( defined $class->tsv->{maintenance}->{$vhost} ) - ? $class->tsv->{maintenance}->{$vhost} - : $class->tsv->{maintenance}->{_}; + my $_maintenance = + ( defined $class->tsv->{maintenance}->{$vhost} ) + ? $class->tsv->{maintenance}->{$vhost} + : $class->tsv->{maintenance}->{_}; if ($_maintenance) { $class->logger->debug("Maintenance mode enabled"); @@ -272,17 +272,17 @@ sub grant { } } for ( - my $i = 0; - $i < ( $class->tsv->{locationCount}->{$vhost} || 0 ); + my $i = 0 ; + $i < ( $class->tsv->{locationCount}->{$vhost} || 0 ) ; $i++ - ) + ) { if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) { $class->logger->debug( 'Regexp "' - . $class->tsv->{locationConditionText}->{$vhost}->[$i] - . '" match' ); + . $class->tsv->{locationConditionText}->{$vhost}->[$i] + . '" match' ); return $class->tsv->{locationCondition}->{$vhost}->[$i] - ->( $req, $session ); + ->( $req, $session ); } } unless ( $class->tsv->{defaultCondition}->{$vhost} ) { @@ -319,8 +319,8 @@ sub forbidden { # Log forbidding $class->userLogger->notice( "User " - . $session->{ $class->tsv->{whatToTrace} } - . " was forbidden to access to $vhost$uri" ); + . $session->{ $class->tsv->{whatToTrace} } + . " was forbidden to access to $vhost$uri" ); $class->updateStatus( $req, 'REJECT', $session->{ $class->tsv->{whatToTrace} } ); @@ -377,9 +377,9 @@ sub goToPortal { $class->logger->debug( "Redirect $req->{env}->{REMOTE_ADDR} to portal (url was $url)"); $class->set_header_out( $req, - 'Location' => $class->tsv->{portal}->() - . "$path?url=$urlc_init" - . ( $arg ? "&$arg" : "" ) ); + 'Location' => $class->tsv->{portal}->() + . "$path?url=$urlc_init" + . ( $arg ? "&$arg" : "" ) ); return $class->REDIRECT; } @@ -389,9 +389,9 @@ sub goToError { $class->logger->debug( "Redirect $req->{env}->{REMOTE_ADDR} to lmError (url was $url)"); $class->set_header_out( $req, - 'Location' => $class->tsv->{portal}->() - . "/lmerror/$code" - . "?url=$urlc_init" ); + 'Location' => $class->tsv->{portal}->() + . "/lmerror/$code" + . "?url=$urlc_init" ); return $class->REDIRECT; } @@ -403,12 +403,12 @@ sub fetchId { my $t = $req->{env}->{HTTP_COOKIE} or return 0; my $vhost = $class->resolveAlias($req); my $lookForHttpCookie = ( $class->tsv->{securedCookie} =~ /^(2|3)$/ - and not $class->_isHttps( $req, $vhost ) ); + and not $class->_isHttps( $req, $vhost ) ); my $cn = $class->tsv->{cookieName}; - my $value - = $lookForHttpCookie - ? ( $t =~ /${cn}http=([^,; ]+)/o ? $1 : 0 ) - : ( $t =~ /$cn=([^,; ]+)/o ? $1 : 0 ); + my $value = + $lookForHttpCookie + ? ( $t =~ /${cn}http=([^,; ]+)/o ? $1 : 0 ) + : ( $t =~ /$cn=([^,; ]+)/o ? $1 : 0 ); if ( $value && $lookForHttpCookie && $class->tsv->{securedCookie} == 3 ) { $value = $class->tsv->{cipher}->decryptHex( $value, "http" ); @@ -446,8 +446,8 @@ sub retrieveSession { # 2. Get the session from cache or backend my $session = $req->data->{session} = ( - Lemonldap::NG::Common::Session->new( - { storageModule => $class->tsv->{sessionStorageModule}, + Lemonldap::NG::Common::Session->new( { + storageModule => $class->tsv->{sessionStorageModule}, storageModuleOptions => $class->tsv->{sessionStorageOptions}, cacheModule => $class->tsv->{sessionCacheModule}, cacheModuleOptions => $class->tsv->{sessionCacheOptions}, @@ -464,36 +464,36 @@ sub retrieveSession { # Verify that session is valid $class->logger->error( - "_utime is not defined. This should not happen. Check if it is well transmitted to handler" +"_utime is not defined. This should not happen. Check if it is well transmitted to handler" ) unless $session->data->{_utime}; $class->logger->debug("Check session validity from Handler"); - $class->logger->debug( - "Session timeout -> " . $class->tsv->{timeout} ); + $class->logger->debug( "Session timeout -> " . $class->tsv->{timeout} ); $class->logger->debug( "Session timeoutActivity -> " - . $class->tsv->{timeoutActivity} - . "s" ) - if ( $class->tsv->{timeoutActivity} ); + . $class->tsv->{timeoutActivity} + . "s" ) + if ( $class->tsv->{timeoutActivity} ); $class->logger->debug( "Session _utime -> " . $session->data->{_utime} ); $class->logger->debug( "now -> " . $now ); $class->logger->debug( "_lastSeen -> " . $session->data->{_lastSeen} ) - if ( $session->data->{_lastSeen} ); + if ( $session->data->{_lastSeen} ); my $delta = $now - $session->data->{_lastSeen} - if ( $session->data->{_lastSeen} ); + if ( $session->data->{_lastSeen} ); $class->logger->debug( "now - _lastSeen = " . $delta ) - if ( $session->data->{_lastSeen} ); + if ( $session->data->{_lastSeen} ); $class->logger->debug( "Session timeoutActivityInterval -> " - . $class->tsv->{timeoutActivityInterval} ) - if ( $class->tsv->{timeoutActivityInterval} ); + . $class->tsv->{timeoutActivityInterval} ) + if ( $class->tsv->{timeoutActivityInterval} ); my $ttl = $class->tsv->{timeout} - $now + $session->data->{_utime}; $class->logger->debug( "Session TTL = " . $ttl ); - if ($now - $session->data->{_utime} > $class->tsv->{timeout} + if ( + $now - $session->data->{_utime} > $class->tsv->{timeout} or ( $class->tsv->{timeoutActivity} and $session->data->{_lastSeen} and $delta > $class->tsv->{timeoutActivity} ) - ) + ) { $class->logger->info("Session $id expired"); @@ -503,10 +503,11 @@ sub retrieveSession { } # Update the session to notify activity, if necessary - if ($class->tsv->{timeoutActivity} - and ( $now - $session->data->{_lastSeen} - > $class->tsv->{timeoutActivityInterval} ) - ) + if ( + $class->tsv->{timeoutActivity} + and ( $now - $session->data->{_lastSeen} > + $class->tsv->{timeoutActivityInterval} ) + ) { $req->data->{session}->update( { '_lastSeen' => $now } ); $class->data( $session->data ); @@ -593,9 +594,9 @@ sub _buildUrl { my $_https = $class->_isHttps( $req, $vhost ); my $portString = $class->_getPort( $req, $vhost ); $portString = ( - ( $realvhost =~ /:\d+/ ) - or ( $_https && $portString == 443 ) - or ( !$_https && $portString == 80 ) + ( $realvhost =~ /:\d+/ ) + or ( $_https && $portString == 443 ) + or ( !$_https && $portString == 80 ) ) ? '' : ":$portString"; my $url = "http" . ( $_https ? "s" : "" ) . "://$realvhost$portString$s"; $class->logger->debug("Build URL $url"); @@ -611,10 +612,10 @@ sub isUnprotected { my ( $class, $req, $uri ) = @_; my $vhost = $class->resolveAlias($req); for ( - my $i = 0; - $i < ( $class->tsv->{locationCount}->{$vhost} || 0 ); + my $i = 0 ; + $i < ( $class->tsv->{locationCount}->{$vhost} || 0 ) ; $i++ - ) + ) { if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) { return $class->tsv->{locationProtection}->{$vhost}->[$i]; @@ -631,8 +632,8 @@ sub sendHeaders { if ( defined $class->tsv->{forgeHeaders}->{$vhost} ) { # Log headers in debug mode - my %headers - = $class->tsv->{forgeHeaders}->{$vhost}->( $req, $session ); + my %headers = + $class->tsv->{forgeHeaders}->{$vhost}->( $req, $session ); foreach my $h ( sort keys %headers ) { if ( defined( my $v = $headers{$h} ) ) { $class->logger->debug("Send header $h with value $v"); @@ -655,12 +656,12 @@ sub checkHeaders { if ( defined $class->tsv->{forgeHeaders}->{$vhost} ) { # Create array of hashes with headers - my %headers - = $class->tsv->{forgeHeaders}->{$vhost}->( $req, $session ); + my %headers = + $class->tsv->{forgeHeaders}->{$vhost}->( $req, $session ); foreach my $h ( sort keys %headers ) { defined $headers{$h} - ? push @$array_headers, { key => $h, value => $headers{$h} } - : push @$array_headers, { key => $h, value => '' }; + ? push @$array_headers, { key => $h, value => $headers{$h} } + : push @$array_headers, { key => $h, value => '' }; } } return $array_headers; @@ -685,7 +686,7 @@ sub resolveAlias { $vhost =~ s/:\d+//; return $class->tsv->{vhostAlias}->{$vhost} - if ( $class->tsv->{vhostAlias}->{$vhost} ); + if ( $class->tsv->{vhostAlias}->{$vhost} ); return $vhost if ( $class->tsv->{defaultCondition}->{$vhost} ); my $v = $vhost; while ( $v =~ s/[\w\-]+/\*/ ) { @@ -758,8 +759,8 @@ sub postOutputFilter { $class->logger->debug("Filling a html form with fake data"); $class->unset_header_in( $req, "Accept-Encoding" ); - my %postdata = $class->tsv->{outputPostData}->{$vhost}->{$uri} - ->( $req, $session ); + my %postdata = + $class->tsv->{outputPostData}->{$vhost}->{$uri}->( $req, $session ); my $formParams = $class->tsv->{postFormParams}->{$vhost}->{$uri}; my $js = $class->postJavascript( $req, \%postdata, $formParams ); $class->addToHtmlHead( $req, $js ); @@ -776,8 +777,8 @@ sub postInputFilter { if ( defined( $class->tsv->{inputPostData}->{$vhost}->{$uri} ) ) { $class->logger->debug("Replacing fake data with real form data"); - my %data = $class->tsv->{inputPostData}->{$vhost}->{$uri} - ->( $req, $session ); + my %data = + $class->tsv->{inputPostData}->{$vhost}->{$uri}->( $req, $session ); foreach ( keys %data ) { $data{$_} = uri_escape( $data{$_} ); } @@ -797,33 +798,32 @@ sub postJavascript { foreach my $name ( keys %$data ) { use bytes; my $value = "x" x bytes::length( $data->{$name} ); - $filler - .= "form.find('input[name=\"$name\"], select[name=\"$name\"], textarea[name=\"$name\"]').val('$value')\n"; + $filler .= +"form.find('input[name=\"$name\"], select[name=\"$name\"], textarea[name=\"$name\"]').val('$value')\n"; } - my $submitter - = $formParams->{buttonSelector} eq "none" ? "" - : $formParams->{buttonSelector} - ? "form.find('$formParams->{buttonSelector}').click();\n" - : "form.submit();\n"; + my $submitter = + $formParams->{buttonSelector} eq "none" ? "" + : $formParams->{buttonSelector} + ? "form.find('$formParams->{buttonSelector}').click();\n" + : "form.submit();\n"; my $jqueryUrl = $formParams->{jqueryUrl} || ""; - $jqueryUrl - = &{ $class->tsv->{portal} } . "skins/common/js/jquery-1.10.2.js" - if ( $jqueryUrl eq "default" ); + $jqueryUrl = &{ $class->tsv->{portal} } . "skins/common/js/jquery-1.10.2.js" + if ( $jqueryUrl eq "default" ); $jqueryUrl = "\n" - if ($jqueryUrl); + if ($jqueryUrl); return - $jqueryUrl - . "\n"; + $jqueryUrl + . "\n"; } 1; diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Try.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Try.pm index 22edada8a..20b5c7878 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Try.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Try.pm @@ -60,6 +60,7 @@ sub _run { $req->userData( $self->api->data ); } elsif ( $res->[0] != 403 ) { + # Unset headers (handler adds a Location header) $self->logger->debug( "User not authenticated, Try in use, cancel redirection"); diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm index 8245a91a7..0028279c4 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm @@ -22,7 +22,8 @@ sub cTrees { 'locationRules', 'exportedHeaders', 'post', - { title => 'vhostOptions', + { + title => 'vhostOptions', help => 'configvhost.html#options', form => 'simpleInputContainer', nodes => [ @@ -36,7 +37,8 @@ sub cTrees { 'samlIDPMetaDataXML', 'samlIDPMetaDataExportedAttributes', - { title => "samlIDPMetaDataOptionsSession", + { + title => "samlIDPMetaDataOptionsSession", form => 'simpleInputContainer', nodes => [ "samlIDPMetaDataOptionsAdaptSessionUtime", @@ -45,7 +47,8 @@ sub cTrees { "samlIDPMetaDataOptionsUserAttribute" ] }, - { title => "samlIDPMetaDataOptionsSignature", + { + title => "samlIDPMetaDataOptionsSignature", form => 'simpleInputContainer', nodes => [ "samlIDPMetaDataOptionsSignSSOMessage", @@ -54,14 +57,16 @@ sub cTrees { "samlIDPMetaDataOptionsCheckSLOMessageSignature" ] }, - { title => "samlIDPMetaDataOptionsBinding", + { + title => "samlIDPMetaDataOptionsBinding", form => 'simpleInputContainer', nodes => [ "samlIDPMetaDataOptionsSSOBinding", "samlIDPMetaDataOptionsSLOBinding" ] }, - { title => "samlIDPMetaDataOptionsSecurity", + { + title => "samlIDPMetaDataOptionsSecurity", form => 'simpleInputContainer', nodes => [ "samlIDPMetaDataOptionsEncryptionMode", @@ -69,7 +74,8 @@ sub cTrees { "samlIDPMetaDataOptionsCheckAudience" ] }, - { title => 'samlIDPMetaDataOptions', + { + title => 'samlIDPMetaDataOptions', help => 'authsaml.html#options', form => 'simpleInputContainer', nodes => [ @@ -83,7 +89,8 @@ sub cTrees { 'samlIDPMetaDataOptionsRelayStateURL', ], }, - { title => "samlIDPMetaDataOptionsDisplay", + { + title => "samlIDPMetaDataOptionsDisplay", form => 'simpleInputContainer', nodes => [ "samlIDPMetaDataOptionsDisplayName", @@ -94,10 +101,11 @@ sub cTrees { samlSPMetaDataNode => [ "samlSPMetaDataXML", "samlSPMetaDataExportedAttributes", - { title => "samlSPMetaDataOptions", + { + title => "samlSPMetaDataOptions", help => 'idpsaml.html#options', - nodes => [ - { title => "samlSPMetaDataOptionsAuthnResponse", + nodes => [ { + title => "samlSPMetaDataOptionsAuthnResponse", form => 'simpleInputContainer', nodes => [ "samlSPMetaDataOptionsNameIDFormat", @@ -108,7 +116,8 @@ sub cTrees { "samlSPMetaDataOptionsForceUTF8" ] }, - { title => "samlSPMetaDataOptionsSignature", + { + title => "samlSPMetaDataOptionsSignature", form => 'simpleInputContainer', nodes => [ "samlSPMetaDataOptionsSignSSOMessage", @@ -117,7 +126,8 @@ sub cTrees { "samlSPMetaDataOptionsCheckSLOMessageSignature" ] }, - { title => "samlSPMetaDataOptionsSecurity", + { + title => "samlSPMetaDataOptionsSecurity", form => 'simpleInputContainer', nodes => [ "samlSPMetaDataOptionsEncryptionMode", @@ -132,9 +142,10 @@ sub cTrees { 'oidcOPMetaDataJSON', 'oidcOPMetaDataJWKS', 'oidcOPMetaDataExportedVars', - { title => 'oidcOPMetaDataOptions', - nodes => [ - { title => 'oidcOPMetaDataOptionsConfiguration', + { + title => 'oidcOPMetaDataOptions', + nodes => [ { + title => 'oidcOPMetaDataOptionsConfiguration', form => 'simpleInputContainer', nodes => [ 'oidcOPMetaDataOptionsConfigurationURI', @@ -144,7 +155,8 @@ sub cTrees { 'oidcOPMetaDataOptionsStoreIDToken' ] }, - { title => 'oidcOPMetaDataOptionsProtocol', + { + title => 'oidcOPMetaDataOptionsProtocol', form => 'simpleInputContainer', nodes => [ 'oidcOPMetaDataOptionsScope', @@ -161,7 +173,8 @@ sub cTrees { }, ] }, - { title => 'oidcOPMetaDataOptionsDisplayParams', + { + title => 'oidcOPMetaDataOptionsDisplayParams', form => 'simpleInputContainer', nodes => [ 'oidcOPMetaDataOptionsDisplayName', @@ -172,9 +185,10 @@ sub cTrees { oidcRPMetaDataNode => [ 'oidcRPMetaDataExportedVars', 'oidcRPMetaDataOptionsExtraClaims', - { title => 'oidcRPMetaDataOptions', - nodes => [ - { title => 'oidcRPMetaDataOptionsAuthentication', + { + title => 'oidcRPMetaDataOptions', + nodes => [ { + title => 'oidcRPMetaDataOptionsAuthentication', form => 'simpleInputContainer', nodes => [ 'oidcRPMetaDataOptionsClientID', @@ -187,7 +201,8 @@ sub cTrees { 'oidcRPMetaDataOptionsAccessTokenExpiration', 'oidcRPMetaDataOptionsRedirectUris', 'oidcRPMetaDataOptionsBypassConsent', - { title => 'logout', + { + title => 'logout', form => 'simpleInputContainer', nodes => [ 'oidcRPMetaDataOptionsPostLogoutRedirectUris', @@ -199,7 +214,8 @@ sub cTrees { 'oidcRPMetaDataOptionsRule', ] }, - { title => 'oidcRPMetaDataOptionsDisplay', + { + title => 'oidcRPMetaDataOptionsDisplay', form => 'simpleInputContainer', nodes => [ 'oidcRPMetaDataOptionsDisplayName', @@ -210,7 +226,8 @@ sub cTrees { casSrvMetaDataNode => [ 'casSrvMetaDataExportedVars', 'casSrvMetaDataOptionsProxiedServices', - { title => 'casSrvMetaDataOptions', + { + title => 'casSrvMetaDataOptions', form => 'simpleInputContainer', nodes => [ 'casSrvMetaDataOptionsUrl', @@ -218,7 +235,8 @@ sub cTrees { 'casSrvMetaDataOptionsGateway', ] }, - { title => 'casSrvMetaDataOptionsDisplay', + { + title => 'casSrvMetaDataOptionsDisplay', form => 'simpleInputContainer', nodes => [ 'casSrvMetaDataOptionsDisplayName', @@ -226,8 +244,8 @@ sub cTrees { ] }, ], - casAppMetaDataNode => [ - { title => 'casAppMetaDataOptions', + casAppMetaDataNode => [ { + title => 'casAppMetaDataOptions', form => 'simpleInputContainer', nodes => [ 'casAppMetaDataOptionsService', diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm index 2180df99e..9c4cb643b 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm @@ -498,8 +498,7 @@ sub tree { title => 'logParams', help => 'logs.html', form => 'simpleInputContainer', - nodes => - [ 'whatToTrace', 'hiddenAttributes' ] + nodes => [ 'whatToTrace', 'hiddenAttributes' ] }, { title => 'cookieParams', @@ -652,7 +651,7 @@ sub tree { title => 'impersonation', help => 'impersonation.html', form => 'simpleInputContainer', - nodes => [ + nodes => [ 'impersonationRule', 'impersonationPrefix', 'impersonationHiddenAttributes', diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm index 99df20ea0..56ae6550e 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm @@ -31,7 +31,8 @@ sub tests { portalIsInDomain => sub { return ( 1, - ( index( $conf->{portal}, $conf->{domain} ) > 0 + ( + index( $conf->{portal}, $conf->{domain} ) > 0 ? '' : "Portal seems not to be in the domain $conf->{domain}" ) @@ -43,7 +44,7 @@ sub tests { # Checking for ending slash $conf->{portal} .= '/' - unless ( $conf->{portal} =~ qr#/$# ); + unless ( $conf->{portal} =~ qr#/$# ); # Deleting trailing ending slash my $regex = qr#/+$#; @@ -61,10 +62,11 @@ sub tests { } return ( 1, - ( @pb + ( + @pb ? 'Virtual hosts ' - . join( ', ', @pb ) - . " are not in $conf->{domain} and cross-domain-authentication is not set" + . join( ', ', @pb ) + . " are not in $conf->{domain} and cross-domain-authentication is not set" : undef ) ); @@ -78,9 +80,9 @@ sub tests { } if (@pb) { return ( 0, - 'Virtual hosts ' - . join( ', ', @pb ) - . " contain a port, this is not allowed" ); + 'Virtual hosts ' + . join( ', ', @pb ) + . " contain a port, this is not allowed" ); } else { return 1; } }, @@ -93,9 +95,9 @@ sub tests { } if (@pb) { return ( 0, - 'Virtual hosts ' - . join( ', ', @pb ) - . " must be in lower case" ); + 'Virtual hosts ' + . join( ', ', @pb ) + . " must be in lower case" ); } else { return 1; } }, @@ -103,12 +105,12 @@ sub tests { # Check if "userDB" and "authentication" are consistent authAndUserDBConsistency => sub { foreach - my $type (qw(Facebook Google OpenID OpenIDConnect SAML WebID)) + my $type (qw(Facebook Google OpenID OpenIDConnect SAML WebID)) { return ( 0, - "\"$type\" can not be used as user database without using \"$type\" for authentication" - ) - if ($conf->{userDB} =~ /$type/ +"\"$type\" can not be used as user database without using \"$type\" for authentication" + ) + if ( $conf->{userDB} =~ /$type/ and $conf->{authentication} !~ /$type/ ); } return 1; @@ -118,29 +120,30 @@ sub tests { checkAttrAndMacros => sub { my @tmp; foreach my $k ( keys %$conf ) { - if ( $k - =~ /^(?:openIdSreg_(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)|whatToTrace)$/ - ) + if ( $k =~ +/^(?:openIdSreg_(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)|whatToTrace)$/ + ) { my $v = $conf->{$k}; $v =~ s/^$//; next if ( $v =~ /^_/ ); push @tmp, - $k - unless ( + $k + unless ( defined( $conf->{exportedVars}->{$v} - or defined( $conf->{macros}->{$v} ) + or defined( $conf->{macros}->{$v} ) ) - ); + ); } } return ( 1, - ( @tmp + ( + @tmp ? 'Values of parameter(s) "' - . join( ', ', @tmp ) - . '" are not defined in exported attributes or macros' + . join( ', ', @tmp ) + . '" are not defined in exported attributes or macros' : '' ) ); @@ -152,18 +155,18 @@ sub tests { if ( $conf->{userDB} =~ /^Google$/ ) { foreach my $k ( keys %{ $conf->{exportedVars} } ) { my $v = $conf->{exportedVars}->{$k}; - if ( $v !~ Lemonldap::NG::Common::Regexp::GOOGLEAXATTR() ) - { + if ( $v !~ Lemonldap::NG::Common::Regexp::GOOGLEAXATTR() ) { push @tmp, $v; } } } return ( 1, - ( @tmp + ( + @tmp ? 'Values of parameter(s) "' - . join( ', ', @tmp ) - . '" are not exported by Google' + . join( ', ', @tmp ) + . '" are not exported by Google' : '' ) ); @@ -175,8 +178,7 @@ sub tests { if ( $conf->{userDB} =~ /^OpenID$/ ) { foreach my $k ( keys %{ $conf->{exportedVars} } ) { my $v = $conf->{exportedVars}->{$k}; - if ( $v - !~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() ) + if ( $v !~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() ) { push @tmp, $v; } @@ -184,10 +186,11 @@ sub tests { } return ( 1, - ( @tmp + ( + @tmp ? 'Values of parameter(s) "' - . join( ', ', @tmp ) - . '" are not exported by OpenID SREG' + . join( ', ', @tmp ) + . '" are not exported by OpenID SREG' : '' ) ); @@ -196,40 +199,39 @@ sub tests { # Try to use Apache::Session module testApacheSession => sub { my ( $id, %h ); - my $gc - = Lemonldap::NG::Handler::Main->tsv->{sessionStorageModule}; + my $gc = Lemonldap::NG::Handler::Main->tsv->{sessionStorageModule}; return 1 - if ( ( $gc and $gc eq $conf->{globalStorage} ) - or $conf->{globalStorage} - =~ /^Lemonldap::NG::Common::Apache::Session::/ ); + if ( ( $gc and $gc eq $conf->{globalStorage} ) + or $conf->{globalStorage} =~ + /^Lemonldap::NG::Common::Apache::Session::/ ); eval "use $conf->{globalStorage}"; return ( -1, "Unknown package $conf->{globalStorage}" ) if ($@); eval { tie %h, 'Lemonldap::NG::Common::Apache::Session', undef, - { + { %{ $conf->{globalStorageOptions} }, backend => $conf->{globalStorage} - }; + }; }; return ( -1, "Unable to create a session ($@)" ) - if ( $@ or not tied(%h) ); + if ( $@ or not tied(%h) ); eval { $h{a} = 1; $id = $h{_session_id} or return ( -1, 'No _session_id' ); untie(%h); tie %h, 'Lemonldap::NG::Common::Apache::Session', $id, - { + { %{ $conf->{globalStorageOptions} }, backend => $conf->{globalStorage} - }; + }; }; return ( -1, "Unable to insert data ($@)" ) if ($@); return ( -1, "Unable to recover data stored" ) - unless ( $h{a} == 1 ); + unless ( $h{a} == 1 ); eval { tied(%h)->delete; }; return ( -1, "Unable to delete session ($@)" ) if ($@); return ( -1, - 'All sessions may be lost and you must restart all your Apache servers' +'All sessions may be lost and you must restart all your Apache servers' ) if ( $gc and $conf->{globalStorage} ne $gc ); return 1; }, @@ -239,8 +241,9 @@ sub tests { my $cn = Lemonldap::NG::Handler::Main->tsv->{cookieName}; return ( 1, - ( $cn - and $cn ne $conf->{cookieName} + ( + $cn + and $cn ne $conf->{cookieName} ? 'Cookie name has changed, you must restart all your web servers' : () ) @@ -251,10 +254,10 @@ sub tests { cookieTTL => sub { return 1 unless ( defined $conf->{cookieExpiration} ); return ( 0, "Cookie TTL must be higher than one minute" ) - unless ( $conf->{cookieExpiration} == 0 + unless ( $conf->{cookieExpiration} == 0 || $conf->{cookieExpiration} > 60 ); return ( 1, "Cookie TTL should be higher or equal than one hour" ) - unless ( $conf->{cookieExpiration} >= 3600 + unless ( $conf->{cookieExpiration} >= 3600 || $conf->{cookieExpiration} == 0 ); # Return @@ -265,7 +268,7 @@ sub tests { sessionTimeout => sub { return 1 unless ( defined $conf->{timeout} ); return ( -1, "Session timeout should be higher than ten minutes" ) - unless ( $conf->{timeout} > 600 + unless ( $conf->{timeout} > 600 || $conf->{timeout} == 0 ); # Return @@ -276,9 +279,9 @@ sub tests { sessionTimeoutActivity => sub { return 1 unless ( defined $conf->{timeoutActivity} ); return ( 0, - "Session activity timeout must be higher or equal than one minute" - ) - unless ( $conf->{timeoutActivity} > 59 +"Session activity timeout must be higher or equal than one minute" + ) + unless ( $conf->{timeoutActivity} > 59 || $conf->{timeoutActivity} == 0 ); # Return @@ -289,11 +292,11 @@ sub tests { timeoutActivityInterval => sub { return 1 unless ( defined $conf->{timeoutActivityInterval} ); return ( 0, - "Activity timeout interval must be lower than session activity timeout" - ) - if ($conf->{timeoutActivity} - and $conf->{timeoutActivity} - <= $conf->{timeoutActivityInterval} ); +"Activity timeout interval must be lower than session activity timeout" + ) + if ( $conf->{timeoutActivity} + and $conf->{timeoutActivity} <= + $conf->{timeoutActivityInterval} ); # Return return 1; @@ -303,7 +306,8 @@ sub tests { managerProtection => sub { return ( 1, - ( $conf->{cfgAuthor} eq 'anonymous' + ( + $conf->{cfgAuthor} eq 'anonymous' ? 'Your manager seems to be unprotected' : '' ) @@ -319,7 +323,7 @@ sub tests { # Use SMTP eval "use Net::SMTP"; return ( 1, "Net::SMTP module is required to use SMTP server" ) - if ($@); + if ($@); # Create SMTP object my $smtp = Net::SMTP->new( @@ -329,15 +333,15 @@ sub tests { ); return ( 1, "SMTP connection to " . $conf->{SMTPServer} . " failed" ) - unless ($smtp); + unless ($smtp); # Skip other tests if no authentication return 1 - unless ( $conf->{SMTPAuthUser} and $conf->{SMTPAuthPass} ); + unless ( $conf->{SMTPAuthUser} and $conf->{SMTPAuthPass} ); # Try authentication return ( 1, "SMTP authentication failed" ) - unless $smtp->auth( $conf->{SMTPAuthUser}, + unless $smtp->auth( $conf->{SMTPAuthUser}, $conf->{SMTPAuthPass} ); # Return @@ -347,14 +351,15 @@ sub tests { # SAML entity ID must be uniq samlIDPEntityIdUniqueness => sub { return 1 - unless ( $conf->{samlIDPMetaDataXML} + unless ( $conf->{samlIDPMetaDataXML} and %{ $conf->{samlIDPMetaDataXML} } ); my @msg; my $res = 1; my %entityIds; foreach my $idpId ( keys %{ $conf->{samlIDPMetaDataXML} } ) { - unless ( $conf->{samlIDPMetaDataXML}->{$idpId} - ->{samlIDPMetaDataXML} =~ /entityID=(['"])(.+?)\1/si ) + unless ( + $conf->{samlIDPMetaDataXML}->{$idpId}->{samlIDPMetaDataXML} + =~ /entityID=(['"])(.+?)\1/si ) { push @msg, "$idpId SAML metadata has no EntityID"; $res = 0; @@ -363,7 +368,7 @@ sub tests { my $eid = $2; if ( defined $entityIds{$eid} ) { push @msg, - "$idpId and $entityIds{$eid} have the same SAML EntityID"; + "$idpId and $entityIds{$eid} have the same SAML EntityID"; $res = 0; next; } @@ -373,15 +378,15 @@ sub tests { }, samlSPEntityIdUniqueness => sub { return 1 - unless ( $conf->{samlSPMetaDataXML} + unless ( $conf->{samlSPMetaDataXML} and %{ $conf->{samlSPMetaDataXML} } ); my @msg; my $res = 1; my %entityIds; foreach my $spId ( keys %{ $conf->{samlSPMetaDataXML} } ) { unless ( - $conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML} - =~ /entityID=(['"])(.+?)\1/si ) + $conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML} =~ + /entityID=(['"])(.+?)\1/si ) { push @msg, "$spId SAML metadata has no EntityID"; $res = 0; @@ -390,7 +395,7 @@ sub tests { my $eid = $2; if ( defined $entityIds{$eid} ) { push @msg, - "$spId and $entityIds{$eid} have the same SAML EntityID"; + "$spId and $entityIds{$eid} have the same SAML EntityID"; $res = 0; next; } @@ -404,7 +409,7 @@ sub tests { return 1 unless ( $conf->{authentication} eq 'Combination' ); require Lemonldap::NG::Common::Combination::Parser; return ( 0, 'No module declared for combination' ) - unless ( $conf->{combModules} and %{ $conf->{combModules} } ); + unless ( $conf->{combModules} and %{ $conf->{combModules} } ); my $moduleList; foreach my $md ( keys %{ $conf->{combModules} } ) { my $entry = $conf->{combModules}->{$md}; @@ -415,8 +420,8 @@ sub tests { ); } eval { - Lemonldap::NG::Common::Combination::Parser->parse( - $moduleList, $conf->{combination} ); + Lemonldap::NG::Common::Combination::Parser->parse( $moduleList, + $conf->{combination} ); }; return ( 0, $@ ) if ($@); @@ -428,9 +433,9 @@ sub tests { combinationParameters => sub { return 1 unless ( $conf->{authentication} eq "Combination" ); return ( 0, "Combination rule must be defined" ) - unless ( $conf->{combination} ); + unless ( $conf->{combination} ); return ( 0, 'userDB must be set to "Same" to enable Combination' ) - unless ( $conf->{userDB} eq "Same" ); + unless ( $conf->{userDB} eq "Same" ); # Return return 1; @@ -453,7 +458,7 @@ sub tests { eval "use Convert::Base32"; return ( 1, "Convert::Base32 module is required to enable TOTP" ) - if ($@); + if ($@); } # Use U2F @@ -462,7 +467,7 @@ sub tests { { eval "use Crypt::U2F::Server::Simple"; return ( 1, - "Crypt::U2F::Server::Simple module is required to enable U2F" +"Crypt::U2F::Server::Simple module is required to enable U2F" ) if ($@); } @@ -470,7 +475,7 @@ sub tests { if ( $conf->{yubikey2fActivation} ) { eval "use Auth::Yubikey_WebClient"; return ( 1, - "Auth::Yubikey_WebClient module is required to enable Yubikey" +"Auth::Yubikey_WebClient module is required to enable Yubikey" ) if ($@); } @@ -484,7 +489,7 @@ sub tests { my $w = ""; foreach ( 'totp', 'u' ) { $w .= uc($_) . "2F is activated twice \n" - if ( $conf->{ $_ . '2fActivation' } eq '1' ); + if ( $conf->{ $_ . '2fActivation' } eq '1' ); } return ( 1, ( $w ? $w : () ) ); }, @@ -495,9 +500,9 @@ sub tests { return 1 unless ( defined $conf->{totp2fDigits} ); return ( 1, - ( - ( $conf->{totp2fDigits} == 6 - or $conf->{totp2fDigits} == 8 + ( ( + $conf->{totp2fDigits} == 6 + or $conf->{totp2fDigits} == 8 ) ? '' : 'TOTP should be 6 or 8 digits long' @@ -509,9 +514,9 @@ sub tests { totp2fParams => sub { return 1 unless ( $conf->{totp2fActivation} ); return ( 0, 'TOTP range must be defined' ) - unless ( $conf->{totp2fRange} ); + unless ( $conf->{totp2fRange} ); return ( 1, "TOTP interval should be higher than 10s" ) - unless ( $conf->{totp2fInterval} > 10 ); + unless ( $conf->{totp2fInterval} > 10 ); # Return return 1; @@ -522,11 +527,12 @@ sub tests { yubikey2fParams => sub { return 1 unless ( $conf->{yubikey2fActivation} ); return ( 0, "Yubikey client ID and secret key must be set" ) - unless ( defined $conf->{yubikey2fSecretKey} + unless ( defined $conf->{yubikey2fSecretKey} && defined $conf->{yubikey2fClientID} ); return ( 1, - ( ( $conf->{yubikey2fPublicIDSize} == 12 ) + ( + ( $conf->{yubikey2fPublicIDSize} == 12 ) ? '' : 'Yubikey public ID size should be 12 digits long' ) @@ -537,7 +543,7 @@ sub tests { rest2fVerifyUrl => sub { return 1 unless ( $conf->{rest2fActivation} ); return ( 0, "REST 2F Verify URL must be set" ) - unless ( defined $conf->{rest2fVerifyUrl} ); + unless ( defined $conf->{rest2fVerifyUrl} ); # Return return 1; @@ -551,16 +557,15 @@ sub tests { my $ok = 0; foreach (qw(u totp yubikey)) { $ok ||= $conf->{ $_ . '2fActivation' } - && $conf->{ $_ . '2fSelfRegistration' }; + && $conf->{ $_ . '2fSelfRegistration' }; last if ($ok); } $ok ||= $conf->{'utotp2fActivation'} - && ( $conf->{'u2fSelfRegistration'} + && ( $conf->{'u2fSelfRegistration'} || $conf->{'totp2fSelfRegistration'} ); - $msg - = "A self registrable module should be enabled to require 2FA" - unless ($ok); + $msg = "A self registrable module should be enabled to require 2FA" + unless ($ok); return ( 1, $msg ); }, @@ -569,10 +574,10 @@ sub tests { ext2fCommands => sub { return 1 unless ( $conf->{ext2fActivation} ); return ( 0, "External 2F Send command must be set" ) - unless ( defined $conf->{ext2FSendCommand} ); + unless ( defined $conf->{ext2FSendCommand} ); unless ( defined $conf->{ext2fCodeActivation} ) { return ( 0, "External 2F Validate command must be set" ) - unless ( defined $conf->{ext2FValidateCommand} ); + unless ( defined $conf->{ext2FValidateCommand} ); } # Return @@ -583,9 +588,9 @@ sub tests { formTimeout => sub { return 1 unless ( defined $conf->{formTimeout} ); return ( 0, "XSRF form token TTL must be higher than 30s" ) - unless ( $conf->{formTimeout} > 30 ); + unless ( $conf->{formTimeout} > 30 ); return ( 1, "XSRF form token TTL should not be higher than 2mn" ) - if ( $conf->{formTimeout} > 120 ); + if ( $conf->{formTimeout} > 120 ); # Return return 1; @@ -594,9 +599,8 @@ sub tests { # Warn if number of password reset retries is null passwordResetRetries => sub { return 1 unless ( $conf->{portalDisplayResetPassword} ); - return ( 1, - "Number of reset password retries should not be null" ) - unless ( $conf->{passwordResetAllowedRetries} ); + return ( 1, "Number of reset password retries should not be null" ) + unless ( $conf->{passwordResetAllowedRetries} ); # Return return 1; @@ -606,10 +610,10 @@ sub tests { bruteForceProtection => sub { return 1 unless ( $conf->{bruteForceProtection} ); return ( 1, - '"History" plugin is required to enable "BruteForceProtection" plugin' +'"History" plugin is required to enable "BruteForceProtection" plugin' ) unless ( $conf->{loginHistoryEnabled} ); return ( 1, - 'Number of failed logins must be higher than 2 to enable "BruteForceProtection" plugin' +'Number of failed logins must be higher than 2 to enable "BruteForceProtection" plugin' ) unless ( $conf->{failedLoginNumber} > 2 ); # Return @@ -620,9 +624,9 @@ sub tests { checkMailResetSecurity => sub { return 1 unless ( $conf->{portalDisplayResetPassword} ); return ( -1, - '"passwordMailReset" plugin is enabled without CSRF Token neither Captcha required !!!' - ) - unless ( $conf->{requireToken} +'"passwordMailReset" plugin is enabled without CSRF Token neither Captcha required !!!' + ) + unless ( $conf->{requireToken} or $conf->{captcha_mail_enabled} ); # Return diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm index c8d04366c..0304098af 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm @@ -4,11 +4,11 @@ use strict; use Mouse; use String::Random; use Lemonldap::NG::Portal::Main::Constants qw( - PE_BADCREDENTIALS - PE_ERROR - PE_FORMEMPTY - PE_OK - PE_SENDRESPONSE + PE_BADCREDENTIALS + PE_ERROR + PE_FORMEMPTY + PE_OK + PE_SENDRESPONSE ); our $VERSION = '2.0.3'; @@ -30,7 +30,7 @@ sub init { } } $self->logo( $self->conf->{ext2fLogo} ) - if ( $self->conf->{ext2fLogo} ); + if ( $self->conf->{ext2fLogo} ); return $self->SUPER::init(); } if ( $self->conf->{ext2fCodeActivation} ) { @@ -40,7 +40,7 @@ sub init { } $self->random( String::Random->new ); $self->logo( $self->conf->{ext2fLogo} ) - if ( $self->conf->{ext2fLogo} ); + if ( $self->conf->{ext2fLogo} ); return $self->SUPER::init(); } return 0; @@ -57,22 +57,22 @@ sub run { # Generate Code to send my $code; if ( $self->conf->{ext2fCodeActivation} ) { - $code - = $self->random->randregex( $self->conf->{ext2fCodeActivation} ); + $code = $self->random->randregex( $self->conf->{ext2fCodeActivation} ); $self->logger->debug("Generated ext2f code : $code"); $self->ott->updateToken( $token, __ext2fcode => $code ); } # Prepare command and launch it $self->logger->debug( 'Launching "Send" external 2F command -> ' - . $self->conf->{ext2FSendCommand} ); - if (my $c = $self->launch( + . $self->conf->{ext2FSendCommand} ); + if ( + my $c = $self->launch( $req->sessionInfo, $self->conf->{ext2FSendCommand}, $code ) - ) + ) { $self->logger->error("External send command failed (code $c)"); - return $self->p->do( $req, [ sub {PE_ERROR} ] ); + return $self->p->do( $req, [ sub { PE_ERROR } ] ); } # Prepare form @@ -104,15 +104,16 @@ sub verify { # Prepare command and launch it $self->logger->debug( 'Launching "Validate" external 2F command -> ' - . $self->conf->{ext2FValidateCommand} ); + . $self->conf->{ext2FValidateCommand} ); $self->logger->debug(" code -> $usercode"); - if (my $c = $self->launch( + if ( + my $c = $self->launch( $session, $self->conf->{ext2FValidateCommand}, $usercode ) - ) + ) { $self->userLogger->warn( 'Second factor failed for ' - . $session->{ $self->conf->{whatToTrace} } ); + . $session->{ $self->conf->{whatToTrace} } ); $self->logger->error("External verify command failed (code $c)"); return PE_BADCREDENTIALS; } @@ -130,7 +131,7 @@ sub verify { return PE_OK if ( $usercode eq $savedcode ); $self->userLogger->warn( 'Second factor failed for ' - . $session->{ $self->conf->{whatToTrace} } ); + . $session->{ $self->conf->{whatToTrace} } ); return PE_BADCREDENTIALS; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Mail2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Mail2F.pm index 3fdfd0ed4..27efa4c77 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Mail2F.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Mail2F.pm @@ -4,18 +4,18 @@ use strict; use Mouse; use String::Random; use Lemonldap::NG::Portal::Main::Constants qw( - PE_BADCREDENTIALS - PE_ERROR - PE_FORMEMPTY - PE_OK - PE_SENDRESPONSE - PE_MUSTHAVEMAIL + PE_BADCREDENTIALS + PE_ERROR + PE_FORMEMPTY + PE_OK + PE_SENDRESPONSE + PE_MUSTHAVEMAIL ); our $VERSION = '2.0.2'; extends 'Lemonldap::NG::Portal::Main::SecondFactor', - 'Lemonldap::NG::Portal::Lib::SMTP'; + 'Lemonldap::NG::Portal::Lib::SMTP'; # INITIALIZATION @@ -31,10 +31,10 @@ has ott => ( is => 'rw', lazy => 1, default => sub { - my $ott = $_[0]->{p} - ->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken'); + my $ott = + $_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken'); $ott->timeout( $_[0]->{conf}->{mail2fTimeout} - || $_[0]->{conf}->{formTimeout} ); + || $_[0]->{conf}->{formTimeout} ); return $ott; } ); @@ -47,7 +47,7 @@ sub init { return 0; } $self->logo( $self->conf->{mail2fLogo} ) - if ( $self->conf->{mail2fLogo} ); + if ( $self->conf->{mail2fLogo} ); return $self->SUPER::init(); } @@ -63,7 +63,7 @@ sub run { my $dest = $req->{sessionInfo}->{ $self->conf->{mailSessionKey} }; unless ($dest) { $self->logger->error( "Could not find mail attribute for login " - . $req->{sessionInfo}->{_user} ); + . $req->{sessionInfo}->{_user} ); return PE_MUSTHAVEMAIL; } @@ -141,7 +141,7 @@ sub verify { return PE_OK if ( $usercode eq $savedcode ); $self->userLogger->warn( 'Second factor failed for ' - . $session->{ $self->conf->{whatToTrace} } ); + . $session->{ $self->conf->{whatToTrace} } ); return PE_BADCREDENTIALS; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm index 484a3d09f..0d629124d 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm @@ -49,7 +49,7 @@ sub authenticate { unless ( $req->data->{password} ) { $self->p->{user} = $req->userData->{_dn} = $req->data->{dn}; - unless($self->p->{_passwordDB}) { + unless ( $self->p->{_passwordDB} ) { $self->logger->error('No password database configured, aborting'); return PE_ERROR; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm index 0de0bb4f2..0ba35e5d3 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm @@ -8,15 +8,15 @@ package Lemonldap::NG::Portal::Auth::_WebForm; use strict; use Mouse; use Lemonldap::NG::Portal::Main::Constants qw( - PE_CAPTCHAEMPTY - PE_CAPTCHAERROR - PE_FIRSTACCESS - PE_FORMEMPTY - PE_NOTOKEN - PE_OK - PE_PASSWORDFORMEMPTY - PE_TOKENEXPIRED - PE_MALFORMEDUSER + PE_CAPTCHAEMPTY + PE_CAPTCHAERROR + PE_FIRSTACCESS + PE_FORMEMPTY + PE_NOTOKEN + PE_OK + PE_PASSWORDFORMEMPTY + PE_TOKENEXPIRED + PE_MALFORMEDUSER ); our $VERSION = '2.0.0'; @@ -53,7 +53,7 @@ sub init { # Read username and password from POST data sub extractFormInfo { my ( $self, $req ) = @_; - + if ( $req->param('user') ) { unless ( $req->param('user') =~ /$self->{conf}->{userControl}/o ) { $self->setSecurity($req); @@ -75,20 +75,18 @@ sub extractFormInfo { # 2. If user and password defined -> login form elsif ( $defUser and $defPassword ) { $res = PE_FORMEMPTY - unless ( ( $req->{user} = $req->param('user') ) + unless ( ( $req->{user} = $req->param('user') ) && ( $req->data->{password} = $req->param('password') ) ); } # 3. If user and oldpassword defined -> password form elsif ( $defUser and $defOldPassword ) { $res = PE_PASSWORDFORMEMPTY - unless ( - ( $req->{user} = $req->param('user') ) + unless ( ( $req->{user} = $req->param('user') ) && ( $req->data->{oldpassword} = $req->param('oldpassword') ) && ( $req->data->{newpassword} = $req->param('newpassword') ) - && ( $req->data->{confirmpassword} - = $req->param('confirmpassword') ) - ); + && ( $req->data->{confirmpassword} = + $req->param('confirmpassword') ) ); } # If form seems empty @@ -148,7 +146,7 @@ sub setAuthSessionInfo { # WARNING: it can be a security hole if ( $self->conf->{storePassword} ) { $req->{sessionInfo}->{'_password'} = $req->data->{'newpassword'} - || $req->data->{'password'}; + || $req->data->{'password'}; } # Store user timezone diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/Get.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/Get.pm index 06b653503..a827c87c3 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/Get.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/Get.pm @@ -4,7 +4,8 @@ use strict; use Mouse; use URI::Escape; use Lemonldap::NG::Common::FormEncode; -use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_BADURL PE_GET_SERVICE_NOT_ALLOWED); +use Lemonldap::NG::Portal::Main::Constants + qw(PE_OK PE_BADURL PE_GET_SERVICE_NOT_ALLOWED); our $VERSION = '2.0.3'; @@ -19,11 +20,9 @@ sub init { # Parse activation rule my $hd = $self->p->HANDLER; - $self->logger->debug( - "GET rule -> " . $self->conf->{issuerDBGetRule} ); + $self->logger->debug( "GET rule -> " . $self->conf->{issuerDBGetRule} ); my $rule = - $hd->buildSub( - $hd->substitute( $self->conf->{issuerDBGetRule} ) ); + $hd->buildSub( $hd->substitute( $self->conf->{issuerDBGetRule} ) ); unless ($rule) { $self->error( "Bad GET rule -> " . $hd->tsv->{jail}->error ); return 0; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm index 90a729223..4a2e57ad6 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm @@ -62,8 +62,7 @@ sub init { $self->logger->debug( "OpenID rule -> " . $self->conf->{issuerDBOpenIDRule} ); my $rule = - $hd->buildSub( - $hd->substitute( $self->conf->{issuerDBOpenIDRule} ) ); + $hd->buildSub( $hd->substitute( $self->conf->{issuerDBOpenIDRule} ) ); unless ($rule) { $self->error( "Bad OpenID rule -> " . $hd->tsv->{jail}->error ); return 0; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm index 089cd7479..017210270 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm @@ -145,11 +145,13 @@ sub init { return 0 unless ( $self->lassoServer( $self->loadService ) ); $self->addUnauthRoute( - ( $self->{path} || 'saml' ) => { 'metadata' => { ':type' => 'metadata' }}, + ( $self->{path} || 'saml' ) => + { 'metadata' => { ':type' => 'metadata' } }, ['GET'] ); $self->addAuthRoute( - ( $self->{path} || 'saml' ) => { 'metadata' => { ':type' => 'metadata' }}, + ( $self->{path} || 'saml' ) => + { 'metadata' => { ':type' => 'metadata' } }, ['GET'] ); return 1; @@ -3075,7 +3077,7 @@ sub metadata { my $type = $req->param('type'); require Lemonldap::NG::Common::Conf::SAML::Metadata; if ( my $metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new() ) { - my $s = $metadata->serviceToXML( $self->conf, $type); + my $s = $metadata->serviceToXML( $self->conf, $type ); return [ 200, [ diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm index c83cc3b0d..d486bc242 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm @@ -10,95 +10,95 @@ use constant { # Portal errors # Developers warning, do not use PE_INFO, it's reserved to autoRedirect. - PE_IDPCHOICE => -5, - PE_SENDRESPONSE => -4, - PE_INFO => -3, - PE_REDIRECT => -2, - PE_DONE => -1, - PE_OK => 0, - PE_SESSIONEXPIRED => 1, - PE_FORMEMPTY => 2, - PE_WRONGMANAGERACCOUNT => 3, - PE_USERNOTFOUND => 4, - PE_BADCREDENTIALS => 5, - PE_LDAPCONNECTFAILED => 6, - PE_LDAPERROR => 7, - PE_APACHESESSIONERROR => 8, - PE_FIRSTACCESS => 9, - PE_BADCERTIFICATE => 10, - PE_PP_ACCOUNT_LOCKED => 21, - PE_PP_PASSWORD_EXPIRED => 22, - PE_CERTIFICATEREQUIRED => 23, - PE_ERROR => 24, - PE_PP_CHANGE_AFTER_RESET => 25, - PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26, - PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27, - PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28, - PE_PP_PASSWORD_TOO_SHORT => 29, - PE_PP_PASSWORD_TOO_YOUNG => 30, - PE_PP_PASSWORD_IN_HISTORY => 31, - PE_PP_GRACE => 32, - PE_PP_EXP_WARNING => 33, - PE_PASSWORD_MISMATCH => 34, - PE_PASSWORD_OK => 35, - PE_NOTIFICATION => 36, - PE_BADURL => 37, - PE_NOSCHEME => 38, - PE_BADOLDPASSWORD => 39, - PE_MALFORMEDUSER => 40, - PE_SESSIONNOTGRANTED => 41, - PE_CONFIRM => 42, - PE_MAILFORMEMPTY => 43, - PE_BADMAILTOKEN => 44, - PE_MAILERROR => 45, - PE_MAILOK => 46, - PE_LOGOUT_OK => 47, - PE_SAML_ERROR => 48, - PE_SAML_LOAD_SERVICE_ERROR => 49, - PE_SAML_LOAD_IDP_ERROR => 50, - PE_SAML_SSO_ERROR => 51, - PE_SAML_UNKNOWN_ENTITY => 52, - PE_SAML_DESTINATION_ERROR => 53, - PE_SAML_CONDITIONS_ERROR => 54, - PE_SAML_IDPSSOINITIATED_NOTALLOWED => 55, - PE_SAML_SLO_ERROR => 56, - PE_SAML_SIGNATURE_ERROR => 57, - PE_SAML_ART_ERROR => 58, - PE_SAML_SESSION_ERROR => 59, - PE_SAML_LOAD_SP_ERROR => 60, - PE_SAML_ATTR_ERROR => 61, - PE_OPENID_EMPTY => 62, - PE_OPENID_BADID => 63, - PE_MISSINGREQATTR => 64, - PE_BADPARTNER => 65, - PE_MAILCONFIRMATION_ALREADY_SENT => 66, - PE_PASSWORDFORMEMPTY => 67, - PE_CAS_SERVICE_NOT_ALLOWED => 68, - PE_MAILFIRSTACCESS => 69, - PE_MAILNOTFOUND => 70, - PE_PASSWORDFIRSTACCESS => 71, - PE_MAILCONFIRMOK => 72, - PE_RADIUSCONNECTFAILED => 73, - PE_MUST_SUPPLY_OLD_PASSWORD => 74, - PE_FORBIDDENIP => 75, - PE_CAPTCHAERROR => 76, - PE_CAPTCHAEMPTY => 77, - PE_REGISTERFIRSTACCESS => 78, - PE_REGISTERFORMEMPTY => 79, - PE_REGISTERALREADYEXISTS => 80, - PE_NOTOKEN => 81, - PE_TOKENEXPIRED => 82, - PE_U2FFAILED => 83, - PE_UNAUTHORIZEDPARTNER => 84, - PE_RENEWSESSION => 85, - PE_WAIT => 86, - PE_MUSTAUTHN => 87, - PE_MUSTHAVEMAIL => 88, - PE_SAML_SERVICE_NOT_ALLOWED => 89, - PE_OIDC_SERVICE_NOT_ALLOWED => 90, - PE_OID_SERVICE_NOT_ALLOWED => 91, - PE_GET_SERVICE_NOT_ALLOWED => 92, - PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93, + PE_IDPCHOICE => -5, + PE_SENDRESPONSE => -4, + PE_INFO => -3, + PE_REDIRECT => -2, + PE_DONE => -1, + PE_OK => 0, + PE_SESSIONEXPIRED => 1, + PE_FORMEMPTY => 2, + PE_WRONGMANAGERACCOUNT => 3, + PE_USERNOTFOUND => 4, + PE_BADCREDENTIALS => 5, + PE_LDAPCONNECTFAILED => 6, + PE_LDAPERROR => 7, + PE_APACHESESSIONERROR => 8, + PE_FIRSTACCESS => 9, + PE_BADCERTIFICATE => 10, + PE_PP_ACCOUNT_LOCKED => 21, + PE_PP_PASSWORD_EXPIRED => 22, + PE_CERTIFICATEREQUIRED => 23, + PE_ERROR => 24, + PE_PP_CHANGE_AFTER_RESET => 25, + PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26, + PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27, + PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28, + PE_PP_PASSWORD_TOO_SHORT => 29, + PE_PP_PASSWORD_TOO_YOUNG => 30, + PE_PP_PASSWORD_IN_HISTORY => 31, + PE_PP_GRACE => 32, + PE_PP_EXP_WARNING => 33, + PE_PASSWORD_MISMATCH => 34, + PE_PASSWORD_OK => 35, + PE_NOTIFICATION => 36, + PE_BADURL => 37, + PE_NOSCHEME => 38, + PE_BADOLDPASSWORD => 39, + PE_MALFORMEDUSER => 40, + PE_SESSIONNOTGRANTED => 41, + PE_CONFIRM => 42, + PE_MAILFORMEMPTY => 43, + PE_BADMAILTOKEN => 44, + PE_MAILERROR => 45, + PE_MAILOK => 46, + PE_LOGOUT_OK => 47, + PE_SAML_ERROR => 48, + PE_SAML_LOAD_SERVICE_ERROR => 49, + PE_SAML_LOAD_IDP_ERROR => 50, + PE_SAML_SSO_ERROR => 51, + PE_SAML_UNKNOWN_ENTITY => 52, + PE_SAML_DESTINATION_ERROR => 53, + PE_SAML_CONDITIONS_ERROR => 54, + PE_SAML_IDPSSOINITIATED_NOTALLOWED => 55, + PE_SAML_SLO_ERROR => 56, + PE_SAML_SIGNATURE_ERROR => 57, + PE_SAML_ART_ERROR => 58, + PE_SAML_SESSION_ERROR => 59, + PE_SAML_LOAD_SP_ERROR => 60, + PE_SAML_ATTR_ERROR => 61, + PE_OPENID_EMPTY => 62, + PE_OPENID_BADID => 63, + PE_MISSINGREQATTR => 64, + PE_BADPARTNER => 65, + PE_MAILCONFIRMATION_ALREADY_SENT => 66, + PE_PASSWORDFORMEMPTY => 67, + PE_CAS_SERVICE_NOT_ALLOWED => 68, + PE_MAILFIRSTACCESS => 69, + PE_MAILNOTFOUND => 70, + PE_PASSWORDFIRSTACCESS => 71, + PE_MAILCONFIRMOK => 72, + PE_RADIUSCONNECTFAILED => 73, + PE_MUST_SUPPLY_OLD_PASSWORD => 74, + PE_FORBIDDENIP => 75, + PE_CAPTCHAERROR => 76, + PE_CAPTCHAEMPTY => 77, + PE_REGISTERFIRSTACCESS => 78, + PE_REGISTERFORMEMPTY => 79, + PE_REGISTERALREADYEXISTS => 80, + PE_NOTOKEN => 81, + PE_TOKENEXPIRED => 82, + PE_U2FFAILED => 83, + PE_UNAUTHORIZEDPARTNER => 84, + PE_RENEWSESSION => 85, + PE_WAIT => 86, + PE_MUSTAUTHN => 87, + PE_MUSTHAVEMAIL => 88, + PE_SAML_SERVICE_NOT_ALLOWED => 89, + PE_OIDC_SERVICE_NOT_ALLOWED => 90, + PE_OID_SERVICE_NOT_ALLOWED => 91, + PE_GET_SERVICE_NOT_ALLOWED => 92, + PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93, }; # EXPORTER PARAMETERS diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm index 7d78995cc..45c58abf0 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm @@ -352,7 +352,7 @@ sub reloadConf { }; my $portal = $self->conf->{portal}; $portal =~ s#^https?://(.*?)(?:/|$)/#$1#; - HANDLER->tsv->{defaultCondition}->{$portal} ||= sub {1}; + HANDLER->tsv->{defaultCondition}->{$portal} ||= sub { 1 }; 1; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugin.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugin.pm index aa78e3ad2..924b2e237 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugin.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugin.pm @@ -39,13 +39,13 @@ sub _addRoute { return sub { shift; return $sub->( $self, @_ ); - } + } } else { return sub { shift; return $self->$sub(@_); - } + } } }; $self->p->$type( $word, $subName, $methods, $transform ); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm index 40057fd0a..d2d7f461d 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm @@ -3,10 +3,10 @@ package Lemonldap::NG::Portal::Plugins::CheckUser; use strict; use Mouse; use Lemonldap::NG::Portal::Main::Constants qw( - PE_BADCREDENTIALS - PE_TOKENEXPIRED - PE_NOTOKEN - PE_MALFORMEDUSER + PE_BADCREDENTIALS + PE_TOKENEXPIRED + PE_NOTOKEN + PE_MALFORMEDUSER ); our $VERSION = '2.0.3'; @@ -19,8 +19,8 @@ has ott => ( is => 'rw', lazy => 1, default => sub { - my $ott = $_[0]->{p} - ->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken'); + my $ott = + $_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken'); $ott->timeout( $_[0]->{conf}->{formTimeout} ); return $ott; } @@ -28,7 +28,7 @@ has ott => ( sub hAttr { $_[0]->{conf}->{checkUserHiddenAttributes} . ' ' - . $_[0]->{conf}->{hiddenAttributes}; + . $_[0]->{conf}->{hiddenAttributes}; } sub init { @@ -66,12 +66,10 @@ sub check { ALERTE => 'alert-warning', TOKEN => $token, }; - return $self->p->sendJSONresponse( $req, $params ) if ($req->wantJSON); - return $self->p->sendHtml( - $req, - 'checkuser', - params => $params, - ) if $msg; + return $self->p->sendJSONresponse( $req, $params ) + if ( $req->wantJSON ); + return $self->p->sendHtml( $req, 'checkuser', params => $params, ) + if $msg; } ## Check user session datas @@ -79,10 +77,11 @@ sub check { my $url = $req->param('url') || ''; my $user = $req->param('user') || ''; - if ($user and $user !~ /$self->{conf}->{userControl}/o ) { + if ( $user and $user !~ /$self->{conf}->{userControl}/o ) { $user = ''; $attrs = {}; - return $self->p->sendError($req, 'Malformed user', 400) if ($req->wantJSON); + return $self->p->sendError( $req, 'Malformed user', 400 ) + if ( $req->wantJSON ); return $self->p->sendHtml( $req, 'checkuser', @@ -105,7 +104,7 @@ sub check { if ( $user eq $req->{user} or !$user ) { $self->userLogger->notice("Retrieve session from Sessions database"); $self->userLogger->warn("Using spoofed SSO groups if exist!!!") - if ( $self->conf->{impersonationRule} ); + if ( $self->conf->{impersonationRule} ); $attrs = $req->userData; } else { @@ -131,7 +130,7 @@ sub check { # Ignore hidden attributes push @$array_attrs, { key => $k, value => $attrs->{$k} } - unless ( $self->hAttr =~ /\b$k\b/ ); + unless ( $self->hAttr =~ /\b$k\b/ ); } } else { @@ -139,7 +138,7 @@ sub check { # Ignore hidden attributes and empty values push @$array_attrs, { key => $k, value => $attrs->{$k} } - unless ( $self->hAttr =~ /\b$k\b/ or !$attrs->{$k} ); + unless ( $self->hAttr =~ /\b$k\b/ or !$attrs->{$k} ); } } @@ -159,8 +158,8 @@ sub check { $auth = $auth ? "allowed" : "forbidden"; $self->userLogger->notice( "checkUser -> $req->{user} is " - . uc($auth) - . " to access: $url" ); + . uc($auth) + . " to access: $url" ); # Return VirtualHost headers $array_hdrs = $self->_headers( $req, $url ); @@ -182,9 +181,8 @@ sub check { MAIN_LOGO => $self->conf->{portalMainLogo}, LANGS => $self->conf->{showLanguages}, MSG => $msg, - ALERTE => - ( $msg eq 'checkUser' ? 'alert-info' : 'alert-warning' ), - LOGIN => ( + ALERTE => ( $msg eq 'checkUser' ? 'alert-info' : 'alert-warning' ), + LOGIN => ( $self->p->checkXSSAttack( 'LOGIN', $req->{user} ) ? "" : $req->{user} ), @@ -204,13 +202,10 @@ sub check { : '' ) }; - return $self->p->sendJSONresponse($req, $params) if ($req->wantJSON); + return $self->p->sendJSONresponse( $req, $params ) if ( $req->wantJSON ); + # Display form - return $self->p->sendHtml( - $req, - 'checkuser', - params => $params, - ); + return $self->p->sendHtml( $req, 'checkuser', params => $params, ); } sub display { @@ -233,12 +228,8 @@ sub display { : '' ) }; - return $self->sendJSONresponse( $req, $params ) if ($req->wantJSON); - return $self->p->sendHtml( - $req, - 'checkuser', - params => $params, - ); + return $self->sendJSONresponse( $req, $params ) if ( $req->wantJSON ); + return $self->p->sendHtml( $req, 'checkuser', params => $params, ); } sub _userDatas { @@ -247,14 +238,13 @@ sub _userDatas { # Search user in database my $steps = [ 'getUser', 'setSessionInfo', 'setMacros', 'setGroups' ]; $self->conf->{checkUserDisplayPersistentInfo} - ? push @$steps, 'setPersistentSessionInfo', 'setLocalGroups' - : push @$steps, 'setLocalGroups'; + ? push @$steps, 'setPersistentSessionInfo', 'setLocalGroups' + : push @$steps, 'setLocalGroups'; $req->steps($steps); if ( my $error = $self->p->process($req) ) { if ( $error == PE_BADCREDENTIALS ) { - $self->userLogger->warn( 'Check requested for an unvalid user (' - . $req->{user} - . ")" ); + $self->userLogger->warn( + 'Check requested for an unvalid user (' . $req->{user} . ")" ); } $self->logger->debug("Process returned error: $error"); return $req->error($error); @@ -277,9 +267,9 @@ sub _authorization { } } return $exist - ? $self->p->HANDLER->grant( $req, $req->{userData}, $appuri, + ? $self->p->HANDLER->grant( $req, $req->{userData}, $appuri, undef, $vhost ) - : -1; + : -1; } sub _headers { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm index d904101b2..e51219a51 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm @@ -3,7 +3,7 @@ package Lemonldap::NG::Portal::Plugins::Impersonation; use strict; use Mouse; use Lemonldap::NG::Portal::Main::Constants - qw( PE_OK PE_BADCREDENTIALS PE_IMPERSONATION_SERVICE_NOT_ALLOWED PE_MALFORMEDUSER ); + qw( PE_OK PE_BADCREDENTIALS PE_IMPERSONATION_SERVICE_NOT_ALLOWED PE_MALFORMEDUSER ); our $VERSION = '2.0.3'; @@ -13,11 +13,11 @@ extends 'Lemonldap::NG::Portal::Main::Plugin'; use constant endAuth => 'run'; -has rule => ( is => 'rw', default => sub {1} ); +has rule => ( is => 'rw', default => sub { 1 } ); sub hAttr { $_[0]->{conf}->{impersonationHiddenAttributes} . ' ' - . $_[0]->{conf}->{hiddenAttributes}; + . $_[0]->{conf}->{hiddenAttributes}; } sub init { @@ -27,12 +27,10 @@ sub init { my $hd = $self->p->HANDLER; $self->logger->debug( "impersonation rule -> " . $self->conf->{impersonationRule} ); - my $rule - = $hd->buildSub( - $hd->substitute( $self->conf->{impersonationRule} ) ); + my $rule = + $hd->buildSub( $hd->substitute( $self->conf->{impersonationRule} ) ); unless ($rule) { - $self->error( - "Bad impersonation rule -> " . $hd->tsv->{jail}->error ); + $self->error( "Bad impersonation rule -> " . $hd->tsv->{jail}->error ); return 0; } $self->{rule} = $rule; @@ -45,7 +43,9 @@ sub run { my ( $self, $req ) = @_; my $spoofId = $req->param('spoofId') || ''; - if ( $spoofId and $req->param('spoofId') !~ /$self->{conf}->{userControl}/o ) { + if ( $spoofId + and $req->param('spoofId') !~ /$self->{conf}->{userControl}/o ) + { return PE_MALFORMEDUSER; } @@ -97,8 +97,8 @@ sub run { $self->logger->debug("Processing hGroups..."); $spoofSession->{hGroups} ||= {}; $realSession->{$sphg} ||= {}; - $spoofSession->{hGroups} - = { %{ $spoofSession->{hGroups} }, %{ $realSession->{$sphg} } }; + $spoofSession->{hGroups} = + { %{ $spoofSession->{hGroups} }, %{ $realSession->{$sphg} } }; } # Create spoofed session @@ -119,8 +119,8 @@ sub _userDatas { $req->{sessionInfo} = {}; # Search user in database - $req->steps( - [ 'getUser', 'setSessionInfo', + $req->steps( [ + 'getUser', 'setSessionInfo', 'setMacros', 'setGroups', 'setLocalGroups' ] @@ -128,9 +128,9 @@ sub _userDatas { if ( my $error = $self->p->process($req) ) { if ( $error == PE_BADCREDENTIALS ) { $self->userLogger->warn( - 'Impersonation requested for an unvalid user (' - . $req->{user} - . ")" ); + 'Impersonation requested for an unvalid user (' + . $req->{user} + . ")" ); } $self->logger->debug("Process returned error: $error"); return $req->error($error); diff --git a/lemonldap-ng-portal/t/02-Password-Demo.t b/lemonldap-ng-portal/t/02-Password-Demo.t index a7f312da6..4bdaf7233 100644 --- a/lemonldap-ng-portal/t/02-Password-Demo.t +++ b/lemonldap-ng-portal/t/02-Password-Demo.t @@ -25,11 +25,9 @@ ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu' ); ok( $res->[2]->[0] !~ m%%, ' No language icon found' ) or print STDERR Dumper( $res->[2]->[0] ); -ok( $res->[2]->[0] =~ m%"trOver"%, - ' trOver found' ) +ok( $res->[2]->[0] =~ m%"trOver"%, ' trOver found' ) or print STDERR Dumper( $res->[2]->[0] ); -ok( $res->[2]->[0] =~ m%"all":\{\}%, - ' all found' ) +ok( $res->[2]->[0] =~ m%"all":\{\}%, ' all found' ) or print STDERR Dumper( $res->[2]->[0] ); ok( $res->[2]->[0] =~ m%"en":\{"PE9":"You are welcome! Please login..."\}%, ' en found' ) @@ -40,15 +38,12 @@ ok( $res->[2]->[0] =~ m%"PE0":"Souriez, vous êtes surveillés !"%, ok( $res->[2]->[0] =~ m%"selectIdP":"Portail de Fédération des Identités"%, ' selectIdP found' ) or print STDERR Dumper( $res->[2]->[0] ); -ok( $res->[2]->[0] =~ m%"fr":\{%, - ' fr found' ) +ok( $res->[2]->[0] =~ m%"fr":\{%, ' fr found' ) or print STDERR Dumper( $res->[2]->[0] ); -ok( $res->[2]->[0] =~ m%"PE85":"From lemonlap-ng.ini"%, - ' PE85 found' ) +ok( $res->[2]->[0] =~ m%"PE85":"From lemonlap-ng.ini"%, ' PE85 found' ) or print STDERR Dumper( $res->[2]->[0] ); count(9); - # Try yo authenticate # ------------------- ok( @@ -60,8 +55,7 @@ ok( ), 'Auth query' ); -ok( $res->[2]->[0] =~ m%%, - ' PE40 found' ) +ok( $res->[2]->[0] =~ m%%, ' PE40 found' ) or print STDERR Dumper( $res->[2]->[0] ); count(2); diff --git a/lemonldap-ng-portal/t/21-Auth-LDAP-Policy.t b/lemonldap-ng-portal/t/21-Auth-LDAP-Policy.t index c0f9f07fa..259f6af9b 100644 --- a/lemonldap-ng-portal/t/21-Auth-LDAP-Policy.t +++ b/lemonldap-ng-portal/t/21-Auth-LDAP-Policy.t @@ -13,8 +13,7 @@ SKIP: { skip( 'LLNGTESTLDAP is not set', $maintests ) unless ( $ENV{LLNGTESTLDAP} ); require 't/test-ldap.pm'; - my $client = LLNG::Manager::Test->new( - { + my $client = LLNG::Manager::Test->new( { ini => { logLevel => 'error', useSafeJail => 1, diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t index 30166313e..b60d4fe1a 100644 --- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t @@ -86,7 +86,8 @@ SKIP: { 'Post authentication' ); ok( $res->[2]->[0] =~ /trmsg="89"/, 'Reject reason is 89' ) - or print STDERR Dumper( $res->[2]->[0] ); + or print STDERR Dumper( $res->[2]->[0] ); + # Simple SP access ok( $res = $sp->_get( diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t index eb64af3e2..65d556110 100644 --- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t +++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t @@ -111,7 +111,7 @@ ok( ); count(1); ok( $res->[2]->[0] =~ /trmsg="68"/, 'Reject reason is 68' ) - or print STDERR Dumper( $res->[2]->[0] ); + or print STDERR Dumper( $res->[2]->[0] ); count(1); # Simple SP access @@ -143,8 +143,7 @@ $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' ); $body = $res->[2]->[0]; $body =~ s/^.*?//s; $body =~ s#.*$##s; -%fields = - ( $body =~ /[2]->[0] ); + or print STDERR Dumper( $res->[2]->[0] ); count(1); # Initialization diff --git a/lemonldap-ng-portal/t/33-Auth-and-issuer-OpenID2.t b/lemonldap-ng-portal/t/33-Auth-and-issuer-OpenID2.t index 7b1818956..d85cc0598 100644 --- a/lemonldap-ng-portal/t/33-Auth-and-issuer-OpenID2.t +++ b/lemonldap-ng-portal/t/33-Auth-and-issuer-OpenID2.t @@ -106,7 +106,7 @@ SKIP: { 'Try to authenticate' ); ok( $res->[2]->[0] =~ /trmsg="91"/, 'Reject reason is 91' ) - or print STDERR Dumper( $res->[2]->[0] ); + or print STDERR Dumper( $res->[2]->[0] ); count(1); # Simple SP access diff --git a/lemonldap-ng-portal/t/50-IssuerGet.t b/lemonldap-ng-portal/t/50-IssuerGet.t index 9f5f37aaf..27b0ff9bd 100644 --- a/lemonldap-ng-portal/t/50-IssuerGet.t +++ b/lemonldap-ng-portal/t/50-IssuerGet.t @@ -45,7 +45,7 @@ ok( ); count(1); ok( $res->[2]->[0] =~ /trmsg="92"/, 'Reject reason is 92' ) - or print STDERR Dumper( $res->[2]->[0] ); + or print STDERR Dumper( $res->[2]->[0] ); count(1); # Try to authenticate with an authorized user diff --git a/lemonldap-ng-portal/t/67-CheckUser-with-token.t b/lemonldap-ng-portal/t/67-CheckUser-with-token.t index 21da8069a..770015b75 100644 --- a/lemonldap-ng-portal/t/67-CheckUser-with-token.t +++ b/lemonldap-ng-portal/t/67-CheckUser-with-token.t @@ -8,34 +8,33 @@ BEGIN { my $res; -my $client = LLNG::Manager::Test->new( - { ini => { - logLevel => 'error', - authentication => 'Demo', - userDB => 'Same', - loginHistoryEnabled => 0, - brutForceProtection => 0, - portalMainLogo => 'common/logos/logo_llng_old.png', - checkUser => 1, - requireToken => 1, - formTimeout => 2, +my $client = LLNG::Manager::Test->new( { + ini => { + logLevel => 'error', + authentication => 'Demo', + userDB => 'Same', + loginHistoryEnabled => 0, + brutForceProtection => 0, + portalMainLogo => 'common/logos/logo_llng_old.png', + checkUser => 1, + requireToken => 1, + formTimeout => 2, checkUserDisplayPersistentInfo => 1, checkUserDisplayEmptyValues => 1, } } ); - ## Try to authenticate -ok( $res = $client->_get( '/', accept => 'text/html' ), - 'Get Menu', ); +ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', ); count(1); my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'user', 'password', 'token' ); $query =~ s/user=/user=dwho/; $query =~ s/password=/password=dwho/; -ok( $res = $client->_post( +ok( + $res = $client->_post( '/', IO::String->new($query), length => length($query), @@ -50,7 +49,8 @@ expectRedirection( $res, 'http://auth.example.com/' ); # CheckUser form # ------------------------ -ok( $res = $client->_get( +ok( + $res = $client->_get( '/checkuser', cookie => "lemonldap=$id", accept => 'text/html' @@ -58,11 +58,10 @@ ok( $res = $client->_get( 'CheckUser form', ); count(1); -( $host, $url, $query ) - = expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' ); -ok( $res->[2]->[0] =~ m%%, - 'Found trspan="checkUser"' ) - or explain( $res->[2]->[0], 'trspan="checkUser"' ); +( $host, $url, $query ) = + expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' ); +ok( $res->[2]->[0] =~ m%%, 'Found trspan="checkUser"' ) + or explain( $res->[2]->[0], 'trspan="checkUser"' ); count(1); # Expired token @@ -70,7 +69,8 @@ sleep 3; $query =~ s/user=dwho/user=rtyler/; $query =~ s/url=/url=http%3A%2F%2Ftest1.example.com/; -ok( $res = $client->_post( +ok( + $res = $client->_post( '/checkuser', IO::String->new($query), cookie => "lemonldap=$id", @@ -79,18 +79,18 @@ ok( $res = $client->_post( ), 'POST checkuser' ); -ok( $res->[2]->[0] =~ m%%, - 'Found PE_TOKENEXPIRED' ) - or explain( $res->[2]->[0], 'trspan="PE82"' ); +ok( $res->[2]->[0] =~ m%%, 'Found PE_TOKENEXPIRED' ) + or explain( $res->[2]->[0], 'trspan="PE82"' ); count(2); -( $host, $url, $query ) - = expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' ); +( $host, $url, $query ) = + expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' ); # Valid token $query =~ s/user=/user=rtyler/; $query =~ s/url=/url=test1.example.com/; -ok( $res = $client->_post( +ok( + $res = $client->_post( '/checkuser', IO::String->new($query), cookie => "lemonldap=$id", @@ -101,45 +101,45 @@ ok( $res = $client->_post( ); count(1); -( $host, $url, $query ) - = expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' ); -ok( $res->[2]->[0] =~ m%%, - 'Found trspan="checkUser"' ) - or explain( $res->[2]->[0], 'trspan="checkUser"' ); -ok( $res->[2]->[0] - =~ m%
%, +( $host, $url, $query ) = + expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' ); +ok( $res->[2]->[0] =~ m%%, 'Found trspan="checkUser"' ) + or explain( $res->[2]->[0], 'trspan="checkUser"' ); +ok( + $res->[2]->[0] =~ +m%
%, 'Found trspan="allowed"' ) or explain( $res->[2]->[0], 'trspan="allowed"' ); ok( $res->[2]->[0] =~ m%%, 'Found trspan="headers"' ) - or explain( $res->[2]->[0], 'trspan="headers"' ); + or explain( $res->[2]->[0], 'trspan="headers"' ); ok( $res->[2]->[0] =~ m%%, 'Found trspan="groups_sso"' ) - or explain( $res->[2]->[0], 'trspan="groups_sso"' ); + or explain( $res->[2]->[0], 'trspan="groups_sso"' ); ok( $res->[2]->[0] =~ m%%, 'Found trspan="macros"' ) - or explain( $res->[2]->[0], 'trspan="macros"' ); + or explain( $res->[2]->[0], 'trspan="macros"' ); ok( $res->[2]->[0] =~ m%%, 'Found trspan="attributes"' ) - or explain( $res->[2]->[0], 'trspan="attributes"' ); + or explain( $res->[2]->[0], 'trspan="attributes"' ); ok( $res->[2]->[0] =~ m%Auth-User%, 'Found Auth-User' ) - or explain( $res->[2]->[0], 'Header Key: Auth-User' ); -ok( $res->[2]->[0] =~ m%rtyler%, - 'Found rtyler' ) - or explain( $res->[2]->[0], 'Header Value: rtyler' ); + or explain( $res->[2]->[0], 'Header Key: Auth-User' ); +ok( $res->[2]->[0] =~ m%rtyler%, 'Found rtyler' ) + or explain( $res->[2]->[0], 'Header Value: rtyler' ); ok( $res->[2]->[0] =~ m%su%, 'Found su' ) - or explain( $res->[2]->[0], 'SSO Groups: su' ); + or explain( $res->[2]->[0], 'SSO Groups: su' ); ok( $res->[2]->[0] =~ m%_whatToTrace%, 'Found _whatToTrace' ) - or explain( $res->[2]->[0], 'Macro Key _whatToTrace' ); + or explain( $res->[2]->[0], 'Macro Key _whatToTrace' ); ok( $res->[2]->[0] =~ m%uid%, 'Found uid' ) - or explain( $res->[2]->[0], 'Attribute Value uid' ); + or explain( $res->[2]->[0], 'Attribute Value uid' ); count(11); $query =~ s/user=dwho/user=msmith/; -$query - =~ s/url=http%3A%2F%2Ftest1.example.com/url=http%3A%2F%2Fmanager.example.com%2Fmanager.html/; +$query =~ +s/url=http%3A%2F%2Ftest1.example.com/url=http%3A%2F%2Fmanager.example.com%2Fmanager.html/; -ok( $res = $client->_post( +ok( + $res = $client->_post( '/checkuser', IO::String->new($query), cookie => "lemonldap=$id", @@ -148,8 +148,9 @@ ok( $res = $client->_post( ), 'POST checkuser' ); -ok( $res->[2]->[0] - =~ m%
%, +ok( + $res->[2]->[0] =~ +m%
%, 'Found trspan="forbidden"' ) or explain( $res->[2]->[0], 'trspan="forbidden"' ); count(2); @@ -157,4 +158,4 @@ count(2); $client->logout($id); clean_sessions(); -done_testing( count() ); \ No newline at end of file +done_testing( count() ); diff --git a/lemonldap-ng-portal/t/68-Impersonation-with-merge.t b/lemonldap-ng-portal/t/68-Impersonation-with-merge.t index 97cb6d64e..63409588a 100644 --- a/lemonldap-ng-portal/t/68-Impersonation-with-merge.t +++ b/lemonldap-ng-portal/t/68-Impersonation-with-merge.t @@ -8,17 +8,17 @@ BEGIN { my $res; -my $client = LLNG::Manager::Test->new( - { ini => { - logLevel => 'error', - authentication => 'Demo', - userDB => 'Same', - loginHistoryEnabled => 0, - brutForceProtection => 0, - portalMainLogo => 'common/logos/logo_llng_old.png', - requireToken => 0, - checkUser => 1, - impersonationRule => 1, +my $client = LLNG::Manager::Test->new( { + ini => { + logLevel => 'error', + authentication => 'Demo', + userDB => 'Same', + loginHistoryEnabled => 0, + brutForceProtection => 0, + portalMainLogo => 'common/logos/logo_llng_old.png', + requireToken => 0, + checkUser => 1, + impersonationRule => 1, checkUserDisplayPersistentInfo => 0, checkUserDisplayEmptyValues => 0, impersonationMergeSSOgroups => 1, @@ -26,10 +26,8 @@ my $client = LLNG::Manager::Test->new( } ); - ## Try to authenticate -ok( $res = $client->_get( '/', accept => 'text/html' ), - 'Get Menu', ); +ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', ); count(1); my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'user', 'password', 'spoofId' ); @@ -37,7 +35,8 @@ my ( $host, $url, $query ) = $query =~ s/user=/user=rtyler/; $query =~ s/password=/password=rtyler/; $query =~ s/spoofId=/spoofId=dwho/; -ok( $res = $client->_post( +ok( + $res = $client->_post( '/', IO::String->new($query), length => length($query), @@ -52,7 +51,8 @@ expectRedirection( $res, 'http://auth.example.com/' ); # CheckUser form # ------------------------ -ok( $res = $client->_get( +ok( + $res = $client->_get( '/checkuser', cookie => "lemonldap=$id", accept => 'text/html' @@ -60,16 +60,16 @@ ok( $res = $client->_get( 'CheckUser form', ); count(1); -( $host, $url, $query ) - = expectForm( $res, undef, '/checkuser', 'user', 'url' ); -ok( $res->[2]->[0] =~ m%%, - 'Found trspan="checkUser"' ) - or explain( $res->[2]->[0], 'trspan="checkUser"' ); +( $host, $url, $query ) = + expectForm( $res, undef, '/checkuser', 'user', 'url' ); +ok( $res->[2]->[0] =~ m%%, 'Found trspan="checkUser"' ) + or explain( $res->[2]->[0], 'trspan="checkUser"' ); count(1); $query =~ s/url=/url=test1.example.com/; -ok( $res = $client->_post( +ok( + $res = $client->_post( '/checkuser', IO::String->new($query), cookie => "lemonldap=$id", @@ -80,45 +80,42 @@ ok( $res = $client->_post( ); count(1); -( $host, $url, $query ) - = expectForm( $res, undef, '/checkuser', 'user', 'url' ); -ok( $res->[2]->[0] =~ m%%, - 'Found trspan="checkUser"' ) - or explain( $res->[2]->[0], 'trspan="checkUser"' ); -ok( $res->[2]->[0] - =~ m%
%, +( $host, $url, $query ) = + expectForm( $res, undef, '/checkuser', 'user', 'url' ); +ok( $res->[2]->[0] =~ m%%, 'Found trspan="checkUser"' ) + or explain( $res->[2]->[0], 'trspan="checkUser"' ); +ok( + $res->[2]->[0] =~ +m%
%, 'Found trspan="allowed"' ) or explain( $res->[2]->[0], 'trspan="allowed"' ); ok( $res->[2]->[0] =~ m%%, 'Found trspan="headers"' ) - or explain( $res->[2]->[0], 'trspan="headers"' ); + or explain( $res->[2]->[0], 'trspan="headers"' ); ok( $res->[2]->[0] =~ m%%, 'Found trspan="groups_sso"' ) - or explain( $res->[2]->[0], 'trspan="groups_sso"' ); + or explain( $res->[2]->[0], 'trspan="groups_sso"' ); ok( $res->[2]->[0] =~ m%%, 'Found trspan="macros"' ) - or explain( $res->[2]->[0], 'trspan="macros"' ); + or explain( $res->[2]->[0], 'trspan="macros"' ); ok( $res->[2]->[0] =~ m%%, 'Found trspan="attributes"' ) - or explain( $res->[2]->[0], 'trspan="attributes"' ); -ok( $res->[2]->[0] =~ m%_userDB%, - 'Found _userDB' ) - or explain( $res->[2]->[0], '_userDB' ); + or explain( $res->[2]->[0], 'trspan="attributes"' ); +ok( $res->[2]->[0] =~ m%_userDB%, 'Found _userDB' ) + or explain( $res->[2]->[0], '_userDB' ); ok( $res->[2]->[0] =~ m%Auth-User%, 'Found Auth-User' ) - or explain( $res->[2]->[0], 'Header Key: Auth-User' ); -ok( $res->[2]->[0] =~ m%dwho%, - 'Found dwho' ) - or explain( $res->[2]->[0], 'Header Value: dwho' ); + or explain( $res->[2]->[0], 'Header Key: Auth-User' ); +ok( $res->[2]->[0] =~ m%dwho%, 'Found dwho' ) + or explain( $res->[2]->[0], 'Header Value: dwho' ); ok( $res->[2]->[0] =~ m%su%, 'Found su' ) - or explain( $res->[2]->[0], 'SSO Groups: su' ); + or explain( $res->[2]->[0], 'SSO Groups: su' ); ok( $res->[2]->[0] =~ m%_whatToTrace%, 'Found _whatToTrace' ) - or explain( $res->[2]->[0], 'Macro Key _whatToTrace' ); + or explain( $res->[2]->[0], 'Macro Key _whatToTrace' ); ok( $res->[2]->[0] =~ m%uid%, 'Found uid' ) - or explain( $res->[2]->[0], 'Attribute Value uid' ); + or explain( $res->[2]->[0], 'Attribute Value uid' ); count(12); - $client->logout($id); clean_sessions(); -done_testing( count() ); \ No newline at end of file +done_testing( count() ); diff --git a/lemonldap-ng-portal/t/68-Impersonation.t b/lemonldap-ng-portal/t/68-Impersonation.t index 1dc59a8e8..a3111b06c 100644 --- a/lemonldap-ng-portal/t/68-Impersonation.t +++ b/lemonldap-ng-portal/t/68-Impersonation.t @@ -8,17 +8,17 @@ BEGIN { my $res; -my $client = LLNG::Manager::Test->new( - { ini => { - logLevel => 'error', - authentication => 'Demo', - userDB => 'Same', - loginHistoryEnabled => 0, - brutForceProtection => 0, - portalMainLogo => 'common/logos/logo_llng_old.png', - requireToken => 0, - checkUser => 1, - impersonationRule => 1, +my $client = LLNG::Manager::Test->new( { + ini => { + logLevel => 'error', + authentication => 'Demo', + userDB => 'Same', + loginHistoryEnabled => 0, + brutForceProtection => 0, + portalMainLogo => 'common/logos/logo_llng_old.png', + requireToken => 0, + checkUser => 1, + impersonationRule => 1, checkUserDisplayPersistentInfo => 0, checkUserDisplayEmptyValues => 0, impersonationMergeSSOgroups => 0, @@ -27,8 +27,7 @@ my $client = LLNG::Manager::Test->new( ); ## Try to authenticate with bad spoofed user -ok( $res = $client->_get( '/', accept => 'text/html' ), - 'Get Menu', ); +ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', ); count(1); my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'user', 'password', 'spoofId' ); @@ -36,7 +35,8 @@ my ( $host, $url, $query ) = $query =~ s/user=/user=rtyler/; $query =~ s/password=/password=rtyler/; $query =~ s/spoofId=/spoofId=dwho*/; -ok( $res = $client->_post( +ok( + $res = $client->_post( '/', IO::String->new($query), length => length($query), @@ -44,8 +44,7 @@ ok( $res = $client->_post( ), 'Auth query' ); -ok( $res->[2]->[0] =~ m%%, - ' PE40 found' ) +ok( $res->[2]->[0] =~ m%%, ' PE40 found' ) or print STDERR Dumper( $res->[2]->[0] ); count(2); @@ -53,8 +52,7 @@ my $id = expectCookie($res); $client->logout($id); ## Try to authenticate -ok( $res = $client->_get( '/', accept => 'text/html' ), - 'Get Menu', ); +ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', ); count(1); my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'user', 'password', 'spoofId' ); @@ -62,7 +60,8 @@ my ( $host, $url, $query ) = $query =~ s/user=/user=rtyler/; $query =~ s/password=/password=rtyler/; $query =~ s/spoofId=/spoofId=dwho/; -ok( $res = $client->_post( +ok( + $res = $client->_post( '/', IO::String->new($query), length => length($query), @@ -77,7 +76,8 @@ expectRedirection( $res, 'http://auth.example.com/' ); # CheckUser form # ------------------------ -ok( $res = $client->_get( +ok( + $res = $client->_get( '/checkuser', cookie => "lemonldap=$id", accept => 'text/html' @@ -85,16 +85,16 @@ ok( $res = $client->_get( 'CheckUser form', ); count(1); -( $host, $url, $query ) - = expectForm( $res, undef, '/checkuser', 'user', 'url' ); -ok( $res->[2]->[0] =~ m%%, - 'Found trspan="checkUser"' ) - or explain( $res->[2]->[0], 'trspan="checkUser"' ); +( $host, $url, $query ) = + expectForm( $res, undef, '/checkuser', 'user', 'url' ); +ok( $res->[2]->[0] =~ m%%, 'Found trspan="checkUser"' ) + or explain( $res->[2]->[0], 'trspan="checkUser"' ); count(1); $query =~ s/url=/url=test1.example.com/; -ok( $res = $client->_post( +ok( + $res = $client->_post( '/checkuser', IO::String->new($query), cookie => "lemonldap=$id", @@ -105,56 +105,50 @@ ok( $res = $client->_post( ); count(1); -( $host, $url, $query ) - = expectForm( $res, undef, '/checkuser', 'user', 'url' ); -ok( $res->[2]->[0] =~ m%%, - 'Found trspan="checkUser"' ) - or explain( $res->[2]->[0], 'trspan="checkUser"' ); -ok( $res->[2]->[0] - =~ m%
%, +( $host, $url, $query ) = + expectForm( $res, undef, '/checkuser', 'user', 'url' ); +ok( $res->[2]->[0] =~ m%%, 'Found trspan="checkUser"' ) + or explain( $res->[2]->[0], 'trspan="checkUser"' ); +ok( + $res->[2]->[0] =~ +m%
%, 'Found trspan="allowed"' ) or explain( $res->[2]->[0], 'trspan="allowed"' ); ok( $res->[2]->[0] =~ m%%, 'Found trspan="headers"' ) - or explain( $res->[2]->[0], 'trspan="headers"' ); + or explain( $res->[2]->[0], 'trspan="headers"' ); ok( $res->[2]->[0] !~ m%%, 'trspan="groups_sso" NOT found' ) - or explain( $res->[2]->[0], 'trspan="groups_sso"' ); + or explain( $res->[2]->[0], 'trspan="groups_sso"' ); ok( $res->[2]->[0] =~ m%%, 'Found trspan="macros"' ) - or explain( $res->[2]->[0], 'trspan="macros"' ); + or explain( $res->[2]->[0], 'trspan="macros"' ); ok( $res->[2]->[0] =~ m%%, 'Found trspan="attributes"' ) - or explain( $res->[2]->[0], 'trspan="attributes"' ); -ok( $res->[2]->[0] =~ m%_userDB%, - 'Found _userDB' ) - or explain( $res->[2]->[0], '_userDB' ); + or explain( $res->[2]->[0], 'trspan="attributes"' ); +ok( $res->[2]->[0] =~ m%_userDB%, 'Found _userDB' ) + or explain( $res->[2]->[0], '_userDB' ); ok( $res->[2]->[0] =~ m%Auth-User%, 'Found Auth-User' ) - or explain( $res->[2]->[0], 'Header Key: Auth-User' ); -ok( $res->[2]->[0] =~ m%dwho%, - 'Found dwho' ) - or explain( $res->[2]->[0], 'Header Value: dwho' ); + or explain( $res->[2]->[0], 'Header Key: Auth-User' ); +ok( $res->[2]->[0] =~ m%dwho%, 'Found dwho' ) + or explain( $res->[2]->[0], 'Header Value: dwho' ); ok( $res->[2]->[0] =~ m%_whatToTrace%, 'Found _whatToTrace' ) - or explain( $res->[2]->[0], 'Macro Key _whatToTrace' ); + or explain( $res->[2]->[0], 'Macro Key _whatToTrace' ); ok( $res->[2]->[0] =~ m%real_groups%, 'Found real_groups' ) - or explain( $res->[2]->[0], 'real_groups' ); -ok( $res->[2]->[0] =~ m%su%, - 'Found su' ) - or explain( $res->[2]->[0], 'su' ); -ok( $res->[2]->[0] =~ m%real_uid%, - 'Found real_uid' ) - or explain( $res->[2]->[0], 'real_groups' ); -ok( $res->[2]->[0] =~ m%rtyler%, - 'Found rtyler' ) - or explain( $res->[2]->[0], 'su' ); + or explain( $res->[2]->[0], 'real_groups' ); +ok( $res->[2]->[0] =~ m%su%, 'Found su' ) + or explain( $res->[2]->[0], 'su' ); +ok( $res->[2]->[0] =~ m%real_uid%, 'Found real_uid' ) + or explain( $res->[2]->[0], 'real_groups' ); +ok( $res->[2]->[0] =~ m%rtyler%, 'Found rtyler' ) + or explain( $res->[2]->[0], 'su' ); count(14); - $client->logout($id); clean_sessions(); -done_testing( count() ); \ No newline at end of file +done_testing( count() ); diff --git a/lemonldap-ng-portal/t/76-2F-Ext-with-CodeActivation.t b/lemonldap-ng-portal/t/76-2F-Ext-with-CodeActivation.t index 72d39f356..1300e9df7 100644 --- a/lemonldap-ng-portal/t/76-2F-Ext-with-CodeActivation.t +++ b/lemonldap-ng-portal/t/76-2F-Ext-with-CodeActivation.t @@ -10,12 +10,12 @@ count(1); my $client = LLNG::Manager::Test->new( { ini => { - logLevel => 'error', - ext2fActivation => 1, - ext2fCodeActivation => 'A1b2C0', - ext2FSendCommand => 't/sendCode.pl -uid $uid -code $code', - authentication => 'Demo', - userDB => 'Same', + logLevel => 'error', + ext2fActivation => 1, + ext2fCodeActivation => 'A1b2C0', + ext2FSendCommand => 't/sendCode.pl -uid $uid -code $code', + authentication => 'Demo', + userDB => 'Same', } } ); diff --git a/lemonldap-ng-portal/t/sendCode.pl b/lemonldap-ng-portal/t/sendCode.pl index cde4307fd..60acc500a 100755 --- a/lemonldap-ng-portal/t/sendCode.pl +++ b/lemonldap-ng-portal/t/sendCode.pl @@ -4,4 +4,7 @@ use warnings; my ( $swt1, $user, $swt2, $code ) = @ARGV; -exit !( $swt1 eq '-uid' && $user eq 'dwho' && $swt2 eq '-code' && defined $code ); +exit !($swt1 eq '-uid' + && $user eq 'dwho' + && $swt2 eq '-code' + && defined $code );