worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Please use our .perltidyrc

Browse Source
environments/ppa-mbqj77/deployments/712^2
Xavier Guimard 6 years ago
parent bfc2b7ca19
commit bc2bef4ff4
32 changed files with 637 additions and 634 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 12
      fastcgi-server/man/llng-fastcgi-server.1p
  2. 8
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm
  3. 74
      lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
  4. 1
      lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Try.pm
  5. 70
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm
  6. 3
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
  7. 90
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
  8. 11
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm
  9. 4
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Mail2F.pm
  10. 2
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm
  11. 8
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm
  12. 9
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/Get.pm
  13. 3
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm
  14. 8
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
  15. 2
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
  16. 44
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
  17. 22
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
  18. 16
      lemonldap-ng-portal/t/02-Password-Demo.t
  19. 3
      lemonldap-ng-portal/t/21-Auth-LDAP-Policy.t
  20. 1
      lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t
  21. 3
      lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t
  22. 61
      lemonldap-ng-portal/t/67-CheckUser-with-token.t
  23. 43
      lemonldap-ng-portal/t/68-Impersonation-with-merge.t
  24. 60
      lemonldap-ng-portal/t/68-Impersonation.t
  25. 5
      lemonldap-ng-portal/t/sendCode.pl

12
fastcgi-server/man/llng-fastcgi-server.1p
Unescape View File

@ -1,4 +1,4 @@
.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@ -54,8 +54,10 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.if !\nF .nr F 0
.if \nF>0 \{\
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
@ -63,7 +65,9 @@
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "llng-fastcgi-server 1"
.TH llng-fastcgi-server 1 "2018-08-03" "perl v5.26.2" "User Contributed Perl Documentation"
.TH llng-fastcgi-server 1 "2019-03-05" "perl v5.28.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

8
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SAML/Metadata.pm
Unescape View File

@ -41,12 +41,12 @@ sub serviceToXML {
samlOrganizationURL
);
if ($type and $type eq 'idp') {
$template->param( 'hideSPMetadata', 1);
if ( $type and $type eq 'idp' ) {
$template->param( 'hideSPMetadata', 1 );
}
if ($type and $type eq 'sp') {
$template->param( 'hideIDPMetadata', 1);
if ( $type and $type eq 'sp' ) {
$template->param( 'hideIDPMetadata', 1 );
}
foreach (@param_auto) {

74
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
Unescape View File

@ -44,17 +44,17 @@ sub getStatus {
if ( $ENV{LLNGSTATUSHOST} ) {
require IO::Socket::INET;
foreach ( 64322 .. 64331 ) {
if ( $statusOut
= IO::Socket::INET->new( Proto => 'udp', LocalPort => $_ ) )
if ( $statusOut =
IO::Socket::INET->new( Proto => 'udp', LocalPort => $_ ) )
{
$args = ' host='
. ( $ENV{LLNGSTATUSCLIENT} || 'localhost' ) . ":$_";
$args =
' host=' . ( $ENV{LLNGSTATUSCLIENT} || 'localhost' ) . ":$_";
last;
}
}
return $class->abort( $req,
"$class: status page can not be displayed, unable to open socket"
) unless ($statusOut);
"$class: status page can not be displayed, unable to open socket" )
unless ($statusOut);
}
return $class->abort( $req, "$class: status page can not be displayed" )
unless ( $statusPipe and $statusOut );
@ -243,8 +243,8 @@ sub lmLog {
sub checkMaintenanceMode {
my ( $class, $req ) = @_;
my $vhost = $class->resolveAlias($req);
my $_maintenance
= ( defined $class->tsv->{maintenance}->{$vhost} )
my $_maintenance =
( defined $class->tsv->{maintenance}->{$vhost} )
? $class->tsv->{maintenance}->{$vhost}
: $class->tsv->{maintenance}->{_};
@ -272,8 +272,8 @@ sub grant {
}
}
for (
my $i = 0;
$i < ( $class->tsv->{locationCount}->{$vhost} || 0 );
my $i = 0 ;
$i < ( $class->tsv->{locationCount}->{$vhost} || 0 ) ;
$i++
)
{
@ -405,8 +405,8 @@ sub fetchId {
my $lookForHttpCookie = ( $class->tsv->{securedCookie} =~ /^(2|3)$/
and not $class->_isHttps( $req, $vhost ) );
my $cn = $class->tsv->{cookieName};
my $value
= $lookForHttpCookie
my $value =
$lookForHttpCookie
? ( $t =~ /${cn}http=([^,; ]+)/o ? $1 : 0 )
: ( $t =~ /$cn=([^,; ]+)/o ? $1 : 0 );
@ -446,8 +446,8 @@ sub retrieveSession {
# 2. Get the session from cache or backend
my $session = $req->data->{session} = (
Lemonldap::NG::Common::Session->new(
{ storageModule => $class->tsv->{sessionStorageModule},
Lemonldap::NG::Common::Session->new( {
storageModule => $class->tsv->{sessionStorageModule},
storageModuleOptions => $class->tsv->{sessionStorageOptions},
cacheModule => $class->tsv->{sessionCacheModule},
cacheModuleOptions => $class->tsv->{sessionCacheOptions},
@ -464,12 +464,11 @@ sub retrieveSession {
# Verify that session is valid
$class->logger->error(
"_utime is not defined. This should not happen. Check if it is well transmitted to handler"
"_utime is not defined. This should not happen. Check if it is well transmitted to handler"
) unless $session->data->{_utime};
$class->logger->debug("Check session validity from Handler");
$class->logger->debug(
"Session timeout -> " . $class->tsv->{timeout} );
$class->logger->debug( "Session timeout -> " . $class->tsv->{timeout} );
$class->logger->debug( "Session timeoutActivity -> "
. $class->tsv->{timeoutActivity}
. "s" )
@ -489,7 +488,8 @@ sub retrieveSession {
my $ttl = $class->tsv->{timeout} - $now + $session->data->{_utime};
$class->logger->debug( "Session TTL = " . $ttl );
if ($now - $session->data->{_utime} > $class->tsv->{timeout}
if (
$now - $session->data->{_utime} > $class->tsv->{timeout}
or ( $class->tsv->{timeoutActivity}
and $session->data->{_lastSeen}
and $delta > $class->tsv->{timeoutActivity} )
@ -503,9 +503,10 @@ sub retrieveSession {
}
# Update the session to notify activity, if necessary
if ($class->tsv->{timeoutActivity}
and ( $now - $session->data->{_lastSeen}
> $class->tsv->{timeoutActivityInterval} )
if (
$class->tsv->{timeoutActivity}
and ( $now - $session->data->{_lastSeen} >
$class->tsv->{timeoutActivityInterval} )
)
{
$req->data->{session}->update( { '_lastSeen' => $now } );
@ -611,8 +612,8 @@ sub isUnprotected {
my ( $class, $req, $uri ) = @_;
my $vhost = $class->resolveAlias($req);
for (
my $i = 0;
$i < ( $class->tsv->{locationCount}->{$vhost} || 0 );
my $i = 0 ;
$i < ( $class->tsv->{locationCount}->{$vhost} || 0 ) ;
$i++
)
{
@ -631,8 +632,8 @@ sub sendHeaders {
if ( defined $class->tsv->{forgeHeaders}->{$vhost} ) {
# Log headers in debug mode
my %headers
= $class->tsv->{forgeHeaders}->{$vhost}->( $req, $session );
my %headers =
$class->tsv->{forgeHeaders}->{$vhost}->( $req, $session );
foreach my $h ( sort keys %headers ) {
if ( defined( my $v = $headers{$h} ) ) {
$class->logger->debug("Send header $h with value $v");
@ -655,8 +656,8 @@ sub checkHeaders {
if ( defined $class->tsv->{forgeHeaders}->{$vhost} ) {
# Create array of hashes with headers
my %headers
= $class->tsv->{forgeHeaders}->{$vhost}->( $req, $session );
my %headers =
$class->tsv->{forgeHeaders}->{$vhost}->( $req, $session );
foreach my $h ( sort keys %headers ) {
defined $headers{$h}
? push @$array_headers, { key => $h, value => $headers{$h} }
@ -758,8 +759,8 @@ sub postOutputFilter {
$class->logger->debug("Filling a html form with fake data");
$class->unset_header_in( $req, "Accept-Encoding" );
my %postdata = $class->tsv->{outputPostData}->{$vhost}->{$uri}
->( $req, $session );
my %postdata =
$class->tsv->{outputPostData}->{$vhost}->{$uri}->( $req, $session );
my $formParams = $class->tsv->{postFormParams}->{$vhost}->{$uri};
my $js = $class->postJavascript( $req, \%postdata, $formParams );
$class->addToHtmlHead( $req, $js );
@ -776,8 +777,8 @@ sub postInputFilter {
if ( defined( $class->tsv->{inputPostData}->{$vhost}->{$uri} ) ) {
$class->logger->debug("Replacing fake data with real form data");
my %data = $class->tsv->{inputPostData}->{$vhost}->{$uri}
->( $req, $session );
my %data =
$class->tsv->{inputPostData}->{$vhost}->{$uri}->( $req, $session );
foreach ( keys %data ) {
$data{$_} = uri_escape( $data{$_} );
}
@ -797,19 +798,18 @@ sub postJavascript {
foreach my $name ( keys %$data ) {
use bytes;
my $value = "x" x bytes::length( $data->{$name} );
$filler
.= "form.find('input[name=\"$name\"], select[name=\"$name\"], textarea[name=\"$name\"]').val('$value')\n";
$filler .=
"form.find('input[name=\"$name\"], select[name=\"$name\"], textarea[name=\"$name\"]').val('$value')\n";
}
my $submitter
= $formParams->{buttonSelector} eq "none" ? ""
my $submitter =
$formParams->{buttonSelector} eq "none" ? ""
: $formParams->{buttonSelector}
? "form.find('$formParams->{buttonSelector}').click();\n"
: "form.submit();\n";
my $jqueryUrl = $formParams->{jqueryUrl} || "";
$jqueryUrl
= &{ $class->tsv->{portal} } . "skins/common/js/jquery-1.10.2.js"
$jqueryUrl = &{ $class->tsv->{portal} } . "skins/common/js/jquery-1.10.2.js"
if ( $jqueryUrl eq "default" );
$jqueryUrl = "<script type='text/javascript' src='$jqueryUrl'></script>\n"
if ($jqueryUrl);

1
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Try.pm
Unescape View File

@ -60,6 +60,7 @@ sub _run {
$req->userData( $self->api->data );
}
elsif ( $res->[0] != 403 ) {
# Unset headers (handler adds a Location header)
$self->logger->debug(
"User not authenticated, Try in use, cancel redirection");

70
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm
Unescape View File

@ -22,7 +22,8 @@ sub cTrees {
'locationRules',
'exportedHeaders',
'post',
{ title => 'vhostOptions',
{
title => 'vhostOptions',
help => 'configvhost.html#options',
form => 'simpleInputContainer',
nodes => [
@ -36,7 +37,8 @@ sub cTrees {
'samlIDPMetaDataXML',
'samlIDPMetaDataExportedAttributes',
{ title => "samlIDPMetaDataOptionsSession",
{
title => "samlIDPMetaDataOptionsSession",
form => 'simpleInputContainer',
nodes => [
"samlIDPMetaDataOptionsAdaptSessionUtime",
@ -45,7 +47,8 @@ sub cTrees {
"samlIDPMetaDataOptionsUserAttribute"
]
},
{ title => "samlIDPMetaDataOptionsSignature",
{
title => "samlIDPMetaDataOptionsSignature",
form => 'simpleInputContainer',
nodes => [
"samlIDPMetaDataOptionsSignSSOMessage",
@ -54,14 +57,16 @@ sub cTrees {
"samlIDPMetaDataOptionsCheckSLOMessageSignature"
]
},
{ title => "samlIDPMetaDataOptionsBinding",
{
title => "samlIDPMetaDataOptionsBinding",
form => 'simpleInputContainer',
nodes => [
"samlIDPMetaDataOptionsSSOBinding",
"samlIDPMetaDataOptionsSLOBinding"
]
},
{ title => "samlIDPMetaDataOptionsSecurity",
{
title => "samlIDPMetaDataOptionsSecurity",
form => 'simpleInputContainer',
nodes => [
"samlIDPMetaDataOptionsEncryptionMode",
@ -69,7 +74,8 @@ sub cTrees {
"samlIDPMetaDataOptionsCheckAudience"
]
},
{ title => 'samlIDPMetaDataOptions',
{
title => 'samlIDPMetaDataOptions',
help => 'authsaml.html#options',
form => 'simpleInputContainer',
nodes => [
@ -83,7 +89,8 @@ sub cTrees {
'samlIDPMetaDataOptionsRelayStateURL',
],
},
{ title => "samlIDPMetaDataOptionsDisplay",
{
title => "samlIDPMetaDataOptionsDisplay",
form => 'simpleInputContainer',
nodes => [
"samlIDPMetaDataOptionsDisplayName",
@ -94,10 +101,11 @@ sub cTrees {
samlSPMetaDataNode => [
"samlSPMetaDataXML",
"samlSPMetaDataExportedAttributes",
{ title => "samlSPMetaDataOptions",
{
title => "samlSPMetaDataOptions",
help => 'idpsaml.html#options',
nodes => [
{ title => "samlSPMetaDataOptionsAuthnResponse",
nodes => [ {
title => "samlSPMetaDataOptionsAuthnResponse",
form => 'simpleInputContainer',
nodes => [
"samlSPMetaDataOptionsNameIDFormat",
@ -108,7 +116,8 @@ sub cTrees {
"samlSPMetaDataOptionsForceUTF8"
]
},
{ title => "samlSPMetaDataOptionsSignature",
{
title => "samlSPMetaDataOptionsSignature",
form => 'simpleInputContainer',
nodes => [
"samlSPMetaDataOptionsSignSSOMessage",
@ -117,7 +126,8 @@ sub cTrees {
"samlSPMetaDataOptionsCheckSLOMessageSignature"
]
},
{ title => "samlSPMetaDataOptionsSecurity",
{
title => "samlSPMetaDataOptionsSecurity",
form => 'simpleInputContainer',
nodes => [
"samlSPMetaDataOptionsEncryptionMode",
@ -132,9 +142,10 @@ sub cTrees {
'oidcOPMetaDataJSON',
'oidcOPMetaDataJWKS',
'oidcOPMetaDataExportedVars',
{ title => 'oidcOPMetaDataOptions',
nodes => [
{ title => 'oidcOPMetaDataOptionsConfiguration',
{
title => 'oidcOPMetaDataOptions',
nodes => [ {
title => 'oidcOPMetaDataOptionsConfiguration',
form => 'simpleInputContainer',
nodes => [
'oidcOPMetaDataOptionsConfigurationURI',
@ -144,7 +155,8 @@ sub cTrees {
'oidcOPMetaDataOptionsStoreIDToken'
]
},
{ title => 'oidcOPMetaDataOptionsProtocol',
{
title => 'oidcOPMetaDataOptionsProtocol',
form => 'simpleInputContainer',
nodes => [
'oidcOPMetaDataOptionsScope',
@ -161,7 +173,8 @@ sub cTrees {
},
]
},
{ title => 'oidcOPMetaDataOptionsDisplayParams',
{
title => 'oidcOPMetaDataOptionsDisplayParams',
form => 'simpleInputContainer',
nodes => [
'oidcOPMetaDataOptionsDisplayName',
@ -172,9 +185,10 @@ sub cTrees {
oidcRPMetaDataNode => [
'oidcRPMetaDataExportedVars',
'oidcRPMetaDataOptionsExtraClaims',
{ title => 'oidcRPMetaDataOptions',
nodes => [
{ title => 'oidcRPMetaDataOptionsAuthentication',
{
title => 'oidcRPMetaDataOptions',
nodes => [ {
title => 'oidcRPMetaDataOptionsAuthentication',
form => 'simpleInputContainer',
nodes => [
'oidcRPMetaDataOptionsClientID',
@ -187,7 +201,8 @@ sub cTrees {
'oidcRPMetaDataOptionsAccessTokenExpiration',
'oidcRPMetaDataOptionsRedirectUris',
'oidcRPMetaDataOptionsBypassConsent',
{ title => 'logout',
{
title => 'logout',
form => 'simpleInputContainer',
nodes => [
'oidcRPMetaDataOptionsPostLogoutRedirectUris',
@ -199,7 +214,8 @@ sub cTrees {
'oidcRPMetaDataOptionsRule',
]
},
{ title => 'oidcRPMetaDataOptionsDisplay',
{
title => 'oidcRPMetaDataOptionsDisplay',
form => 'simpleInputContainer',
nodes => [
'oidcRPMetaDataOptionsDisplayName',
@ -210,7 +226,8 @@ sub cTrees {
casSrvMetaDataNode => [
'casSrvMetaDataExportedVars',
'casSrvMetaDataOptionsProxiedServices',
{ title => 'casSrvMetaDataOptions',
{
title => 'casSrvMetaDataOptions',
form => 'simpleInputContainer',
nodes => [
'casSrvMetaDataOptionsUrl',
@ -218,7 +235,8 @@ sub cTrees {
'casSrvMetaDataOptionsGateway',
]
},
{ title => 'casSrvMetaDataOptionsDisplay',
{
title => 'casSrvMetaDataOptionsDisplay',
form => 'simpleInputContainer',
nodes => [
'casSrvMetaDataOptionsDisplayName',
@ -226,8 +244,8 @@ sub cTrees {
]
},
],
casAppMetaDataNode => [
{ title => 'casAppMetaDataOptions',
casAppMetaDataNode => [ {
title => 'casAppMetaDataOptions',
form => 'simpleInputContainer',
nodes => [
'casAppMetaDataOptionsService',

3
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
Unescape View File

@ -498,8 +498,7 @@ sub tree {
title => 'logParams',
help => 'logs.html',
form => 'simpleInputContainer',
nodes =>
[ 'whatToTrace', 'hiddenAttributes' ]
nodes => [ 'whatToTrace', 'hiddenAttributes' ]
},
{
title => 'cookieParams',

90
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
Unescape View File

@ -31,7 +31,8 @@ sub tests {
portalIsInDomain => sub {
return (
1,
( index( $conf->{portal}, $conf->{domain} ) > 0
(
index( $conf->{portal}, $conf->{domain} ) > 0
? ''
: "Portal seems not to be in the domain $conf->{domain}"
)
@ -61,7 +62,8 @@ sub tests {
}
return (
1,
( @pb
(
@pb
? 'Virtual hosts '
. join( ', ', @pb )
. " are not in $conf->{domain} and cross-domain-authentication is not set"
@ -106,9 +108,9 @@ sub tests {
my $type (qw(Facebook Google OpenID OpenIDConnect SAML WebID))
{
return ( 0,
"\"$type\" can not be used as user database without using \"$type\" for authentication"
"\"$type\" can not be used as user database without using \"$type\" for authentication"
)
if ($conf->{userDB} =~ /$type/
if ( $conf->{userDB} =~ /$type/
and $conf->{authentication} !~ /$type/ );
}
return 1;
@ -118,8 +120,8 @@ sub tests {
checkAttrAndMacros => sub {
my @tmp;
foreach my $k ( keys %$conf ) {
if ( $k
=~ /^(?:openIdSreg_(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)|whatToTrace)$/
if ( $k =~
/^(?:openIdSreg_(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)|whatToTrace)$/
)
{
my $v = $conf->{$k};
@ -137,7 +139,8 @@ sub tests {
}
return (
1,
( @tmp
(
@tmp
? 'Values of parameter(s) "'
. join( ', ', @tmp )
. '" are not defined in exported attributes or macros'
@ -152,15 +155,15 @@ sub tests {
if ( $conf->{userDB} =~ /^Google$/ ) {
foreach my $k ( keys %{ $conf->{exportedVars} } ) {
my $v = $conf->{exportedVars}->{$k};
if ( $v !~ Lemonldap::NG::Common::Regexp::GOOGLEAXATTR() )
{
if ( $v !~ Lemonldap::NG::Common::Regexp::GOOGLEAXATTR() ) {
push @tmp, $v;
}
}
}
return (
1,
( @tmp
(
@tmp
? 'Values of parameter(s) "'
. join( ', ', @tmp )
. '" are not exported by Google'
@ -175,8 +178,7 @@ sub tests {
if ( $conf->{userDB} =~ /^OpenID$/ ) {
foreach my $k ( keys %{ $conf->{exportedVars} } ) {
my $v = $conf->{exportedVars}->{$k};
if ( $v
!~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() )
if ( $v !~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() )
{
push @tmp, $v;
}
@ -184,7 +186,8 @@ sub tests {
}
return (
1,
( @tmp
(
@tmp
? 'Values of parameter(s) "'
. join( ', ', @tmp )
. '" are not exported by OpenID SREG'
@ -196,12 +199,11 @@ sub tests {
# Try to use Apache::Session module
testApacheSession => sub {
my ( $id, %h );
my $gc
= Lemonldap::NG::Handler::Main->tsv->{sessionStorageModule};
my $gc = Lemonldap::NG::Handler::Main->tsv->{sessionStorageModule};
return 1
if ( ( $gc and $gc eq $conf->{globalStorage} )
or $conf->{globalStorage}
=~ /^Lemonldap::NG::Common::Apache::Session::/ );
or $conf->{globalStorage} =~
/^Lemonldap::NG::Common::Apache::Session::/ );
eval "use $conf->{globalStorage}";
return ( -1, "Unknown package $conf->{globalStorage}" ) if ($@);
eval {
@ -229,7 +231,7 @@ sub tests {
eval { tied(%h)->delete; };
return ( -1, "Unable to delete session ($@)" ) if ($@);
return ( -1,
'All sessions may be lost and you must restart all your Apache servers'
'All sessions may be lost and you must restart all your Apache servers'
) if ( $gc and $conf->{globalStorage} ne $gc );
return 1;
},
@ -239,7 +241,8 @@ sub tests {
my $cn = Lemonldap::NG::Handler::Main->tsv->{cookieName};
return (
1,
( $cn
(
$cn
and $cn ne $conf->{cookieName}
? 'Cookie name has changed, you must restart all your web servers'
: ()
@ -276,7 +279,7 @@ sub tests {
sessionTimeoutActivity => sub {
return 1 unless ( defined $conf->{timeoutActivity} );
return ( 0,
"Session activity timeout must be higher or equal than one minute"
"Session activity timeout must be higher or equal than one minute"
)
unless ( $conf->{timeoutActivity} > 59
|| $conf->{timeoutActivity} == 0 );
@ -289,11 +292,11 @@ sub tests {
timeoutActivityInterval => sub {
return 1 unless ( defined $conf->{timeoutActivityInterval} );
return ( 0,
"Activity timeout interval must be lower than session activity timeout"
"Activity timeout interval must be lower than session activity timeout"
)
if ($conf->{timeoutActivity}
and $conf->{timeoutActivity}
<= $conf->{timeoutActivityInterval} );
if ( $conf->{timeoutActivity}
and $conf->{timeoutActivity} <=
$conf->{timeoutActivityInterval} );
# Return
return 1;
@ -303,7 +306,8 @@ sub tests {
managerProtection => sub {
return (
1,
( $conf->{cfgAuthor} eq 'anonymous'
(
$conf->{cfgAuthor} eq 'anonymous'
? 'Your manager seems to be unprotected'
: ''
)
@ -353,8 +357,9 @@ sub tests {
my $res = 1;
my %entityIds;
foreach my $idpId ( keys %{ $conf->{samlIDPMetaDataXML} } ) {
unless ( $conf->{samlIDPMetaDataXML}->{$idpId}
->{samlIDPMetaDataXML} =~ /entityID=(['"])(.+?)\1/si )
unless (
$conf->{samlIDPMetaDataXML}->{$idpId}->{samlIDPMetaDataXML}
=~ /entityID=(['"])(.+?)\1/si )
{
push @msg, "$idpId SAML metadata has no EntityID";
$res = 0;
@ -380,8 +385,8 @@ sub tests {
my %entityIds;
foreach my $spId ( keys %{ $conf->{samlSPMetaDataXML} } ) {
unless (
$conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML}
=~ /entityID=(['"])(.+?)\1/si )
$conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML} =~
/entityID=(['"])(.+?)\1/si )
{
push @msg, "$spId SAML metadata has no EntityID";
$res = 0;
@ -415,8 +420,8 @@ sub tests {
);
}
eval {
Lemonldap::NG::Common::Combination::Parser->parse(
$moduleList, $conf->{combination} );
Lemonldap::NG::Common::Combination::Parser->parse( $moduleList,
$conf->{combination} );
};
return ( 0, $@ ) if ($@);
@ -462,7 +467,7 @@ sub tests {
{
eval "use Crypt::U2F::Server::Simple";
return ( 1,
"Crypt::U2F::Server::Simple module is required to enable U2F"
"Crypt::U2F::Server::Simple module is required to enable U2F"
) if ($@);
}
@ -470,7 +475,7 @@ sub tests {
if ( $conf->{yubikey2fActivation} ) {
eval "use Auth::Yubikey_WebClient";
return ( 1,
"Auth::Yubikey_WebClient module is required to enable Yubikey"
"Auth::Yubikey_WebClient module is required to enable Yubikey"
) if ($@);
}
@ -495,8 +500,8 @@ sub tests {
return 1 unless ( defined $conf->{totp2fDigits} );
return (
1,
(
( $conf->{totp2fDigits} == 6
( (
$conf->{totp2fDigits} == 6
or $conf->{totp2fDigits} == 8
)
? ''
@ -526,7 +531,8 @@ sub tests {
&& defined $conf->{yubikey2fClientID} );
return (
1,
( ( $conf->{yubikey2fPublicIDSize} == 12 )
(
( $conf->{yubikey2fPublicIDSize} == 12 )
? ''
: 'Yubikey public ID size should be 12 digits long'
)
@ -558,8 +564,7 @@ sub tests {
$ok ||= $conf->{'utotp2fActivation'}
&& ( $conf->{'u2fSelfRegistration'}
|| $conf->{'totp2fSelfRegistration'} );
$msg
= "A self registrable module should be enabled to require 2FA"
$msg = "A self registrable module should be enabled to require 2FA"
unless ($ok);
return ( 1, $msg );
@ -594,8 +599,7 @@ sub tests {
# Warn if number of password reset retries is null
passwordResetRetries => sub {
return 1 unless ( $conf->{portalDisplayResetPassword} );
return ( 1,
"Number of reset password retries should not be null" )
return ( 1, "Number of reset password retries should not be null" )
unless ( $conf->{passwordResetAllowedRetries} );
# Return
@ -606,10 +610,10 @@ sub tests {
bruteForceProtection => sub {
return 1 unless ( $conf->{bruteForceProtection} );
return ( 1,
'"History" plugin is required to enable "BruteForceProtection" plugin'
'"History" plugin is required to enable "BruteForceProtection" plugin'
) unless ( $conf->{loginHistoryEnabled} );
return ( 1,
'Number of failed logins must be higher than 2 to enable "BruteForceProtection" plugin'
'Number of failed logins must be higher than 2 to enable "BruteForceProtection" plugin'
) unless ( $conf->{failedLoginNumber} > 2 );
# Return
@ -620,7 +624,7 @@ sub tests {
checkMailResetSecurity => sub {
return 1 unless ( $conf->{portalDisplayResetPassword} );
return ( -1,
'"passwordMailReset" plugin is enabled without CSRF Token neither Captcha required !!!'
'"passwordMailReset" plugin is enabled without CSRF Token neither Captcha required !!!'
)
unless ( $conf->{requireToken}
or $conf->{captcha_mail_enabled} );

11
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm
Unescape View File

@ -57,8 +57,7 @@ sub run {
# Generate Code to send
my $code;
if ( $self->conf->{ext2fCodeActivation} ) {
$code
= $self->random->randregex( $self->conf->{ext2fCodeActivation} );
$code = $self->random->randregex( $self->conf->{ext2fCodeActivation} );
$self->logger->debug("Generated ext2f code : $code");
$self->ott->updateToken( $token, __ext2fcode => $code );
}
@ -66,13 +65,14 @@ sub run {
# Prepare command and launch it
$self->logger->debug( 'Launching "Send" external 2F command -> '
. $self->conf->{ext2FSendCommand} );
if (my $c = $self->launch(
if (
my $c = $self->launch(
$req->sessionInfo, $self->conf->{ext2FSendCommand}, $code
)
)
{
$self->logger->error("External send command failed (code $c)");
return $self->p->do( $req, [ sub {PE_ERROR} ] );
return $self->p->do( $req, [ sub { PE_ERROR } ] );
}
# Prepare form
@ -106,7 +106,8 @@ sub verify {
$self->logger->debug( 'Launching "Validate" external 2F command -> '
. $self->conf->{ext2FValidateCommand} );
$self->logger->debug(" code -> $usercode");
if (my $c = $self->launch(
if (
my $c = $self->launch(
$session, $self->conf->{ext2FValidateCommand}, $usercode
)
)

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Mail2F.pm
Unescape View File

@ -31,8 +31,8 @@ has ott => (
is => 'rw',
lazy => 1,
default => sub {
my $ott = $_[0]->{p}
->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
my $ott =
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
$ott->timeout( $_[0]->{conf}->{mail2fTimeout}
|| $_[0]->{conf}->{formTimeout} );
return $ott;

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm
Unescape View File

@ -49,7 +49,7 @@ sub authenticate {
unless ( $req->data->{password} ) {
$self->p->{user} = $req->userData->{_dn} = $req->data->{dn};
unless($self->p->{_passwordDB}) {
unless ( $self->p->{_passwordDB} ) {
$self->logger->error('No password database configured, aborting');
return PE_ERROR;
}

8
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm
Unescape View File

@ -82,13 +82,11 @@ sub extractFormInfo {
# 3. If user and oldpassword defined -> password form
elsif ( $defUser and $defOldPassword ) {
$res = PE_PASSWORDFORMEMPTY
unless (
( $req->{user} = $req->param('user') )
unless ( ( $req->{user} = $req->param('user') )
&& ( $req->data->{oldpassword} = $req->param('oldpassword') )
&& ( $req->data->{newpassword} = $req->param('newpassword') )
&& ( $req->data->{confirmpassword}
= $req->param('confirmpassword') )
);
&& ( $req->data->{confirmpassword} =
$req->param('confirmpassword') ) );
}
# If form seems empty

9
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/Get.pm
Unescape View File

@ -4,7 +4,8 @@ use strict;
use Mouse;
use URI::Escape;
use Lemonldap::NG::Common::FormEncode;
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_BADURL PE_GET_SERVICE_NOT_ALLOWED);
use Lemonldap::NG::Portal::Main::Constants
qw(PE_OK PE_BADURL PE_GET_SERVICE_NOT_ALLOWED);
our $VERSION = '2.0.3';
@ -19,11 +20,9 @@ sub init {
# Parse activation rule
my $hd = $self->p->HANDLER;
$self->logger->debug(
"GET rule -> " . $self->conf->{issuerDBGetRule} );
$self->logger->debug( "GET rule -> " . $self->conf->{issuerDBGetRule} );
my $rule =
$hd->buildSub(
$hd->substitute( $self->conf->{issuerDBGetRule} ) );
$hd->buildSub( $hd->substitute( $self->conf->{issuerDBGetRule} ) );
unless ($rule) {
$self->error( "Bad GET rule -> " . $hd->tsv->{jail}->error );
return 0;

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm
Unescape View File

@ -62,8 +62,7 @@ sub init {
$self->logger->debug(
"OpenID rule -> " . $self->conf->{issuerDBOpenIDRule} );
my $rule =
$hd->buildSub(
$hd->substitute( $self->conf->{issuerDBOpenIDRule} ) );
$hd->buildSub( $hd->substitute( $self->conf->{issuerDBOpenIDRule} ) );
unless ($rule) {
$self->error( "Bad OpenID rule -> " . $hd->tsv->{jail}->error );
return 0;

8
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
Unescape View File

@ -145,11 +145,13 @@ sub init {
return 0 unless ( $self->lassoServer( $self->loadService ) );
$self->addUnauthRoute(
( $self->{path} || 'saml' ) => { 'metadata' => { ':type' => 'metadata' }},
( $self->{path} || 'saml' ) =>
{ 'metadata' => { ':type' => 'metadata' } },
['GET']
);
$self->addAuthRoute(
( $self->{path} || 'saml' ) => { 'metadata' => { ':type' => 'metadata' }},
( $self->{path} || 'saml' ) =>
{ 'metadata' => { ':type' => 'metadata' } },
['GET']
);
return 1;
@ -3075,7 +3077,7 @@ sub metadata {
my $type = $req->param('type');
require Lemonldap::NG::Common::Conf::SAML::Metadata;
if ( my $metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new() ) {
my $s = $metadata->serviceToXML( $self->conf, $type);
my $s = $metadata->serviceToXML( $self->conf, $type );
return [
200,
[

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
Unescape View File

@ -352,7 +352,7 @@ sub reloadConf {
};
my $portal = $self->conf->{portal};
$portal =~ s#^https?://(.*?)(?:/|$)/#$1#;
HANDLER->tsv->{defaultCondition}->{$portal} ||= sub {1};
HANDLER->tsv->{defaultCondition}->{$portal} ||= sub { 1 };
1;
}

44
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
Unescape View File

@ -19,8 +19,8 @@ has ott => (
is => 'rw',
lazy => 1,
default => sub {
my $ott = $_[0]->{p}
->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
my $ott =
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
$ott->timeout( $_[0]->{conf}->{formTimeout} );
return $ott;
}
@ -66,12 +66,10 @@ sub check {
ALERTE => 'alert-warning',
TOKEN => $token,
};
return $self->p->sendJSONresponse( $req, $params ) if ($req->wantJSON);
return $self->p->sendHtml(
$req,
'checkuser',
params => $params,
) if $msg;
return $self->p->sendJSONresponse( $req, $params )
if ( $req->wantJSON );
return $self->p->sendHtml( $req, 'checkuser', params => $params, )
if $msg;
}
## Check user session datas
@ -79,10 +77,11 @@ sub check {
my $url = $req->param('url') || '';
my $user = $req->param('user') || '';
if ($user and $user !~ /$self->{conf}->{userControl}/o ) {
if ( $user and $user !~ /$self->{conf}->{userControl}/o ) {
$user = '';
$attrs = {};
return $self->p->sendError($req, 'Malformed user', 400) if ($req->wantJSON);
return $self->p->sendError( $req, 'Malformed user', 400 )
if ( $req->wantJSON );
return $self->p->sendHtml(
$req,
'checkuser',
@ -182,8 +181,7 @@ sub check {
MAIN_LOGO => $self->conf->{portalMainLogo},
LANGS => $self->conf->{showLanguages},
MSG => $msg,
ALERTE =>
( $msg eq 'checkUser' ? 'alert-info' : 'alert-warning' ),
ALERTE => ( $msg eq 'checkUser' ? 'alert-info' : 'alert-warning' ),
LOGIN => (
$self->p->checkXSSAttack( 'LOGIN', $req->{user} ) ? ""
: $req->{user}
@ -204,13 +202,10 @@ sub check {
: ''
)
};
return $self->p->sendJSONresponse($req, $params) if ($req->wantJSON);
return $self->p->sendJSONresponse( $req, $params ) if ( $req->wantJSON );
# Display form
return $self->p->sendHtml(
$req,
'checkuser',
params => $params,
);
return $self->p->sendHtml( $req, 'checkuser', params => $params, );
}
sub display {
@ -233,12 +228,8 @@ sub display {
: ''
)
};
return $self->sendJSONresponse( $req, $params ) if ($req->wantJSON);
return $self->p->sendHtml(
$req,
'checkuser',
params => $params,
);
return $self->sendJSONresponse( $req, $params ) if ( $req->wantJSON );
return $self->p->sendHtml( $req, 'checkuser', params => $params, );
}
sub _userDatas {
@ -252,9 +243,8 @@ sub _userDatas {
$req->steps($steps);
if ( my $error = $self->p->process($req) ) {
if ( $error == PE_BADCREDENTIALS ) {
$self->userLogger->warn( 'Check requested for an unvalid user ('
. $req->{user}
. ")" );
$self->userLogger->warn(
'Check requested for an unvalid user (' . $req->{user} . ")" );
}
$self->logger->debug("Process returned error: $error");
return $req->error($error);

22
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
Unescape View File

@ -13,7 +13,7 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
use constant endAuth => 'run';
has rule => ( is => 'rw', default => sub {1} );
has rule => ( is => 'rw', default => sub { 1 } );
sub hAttr {
$_[0]->{conf}->{impersonationHiddenAttributes} . ' '
@ -27,12 +27,10 @@ sub init {
my $hd = $self->p->HANDLER;
$self->logger->debug(
"impersonation rule -> " . $self->conf->{impersonationRule} );
my $rule
= $hd->buildSub(
$hd->substitute( $self->conf->{impersonationRule} ) );
my $rule =
$hd->buildSub( $hd->substitute( $self->conf->{impersonationRule} ) );
unless ($rule) {
$self->error(
"Bad impersonation rule -> " . $hd->tsv->{jail}->error );
$self->error( "Bad impersonation rule -> " . $hd->tsv->{jail}->error );
return 0;
}
$self->{rule} = $rule;
@ -45,7 +43,9 @@ sub run {
my ( $self, $req ) = @_;
my $spoofId = $req->param('spoofId') || '';
if ( $spoofId and $req->param('spoofId') !~ /$self->{conf}->{userControl}/o ) {
if ( $spoofId
and $req->param('spoofId') !~ /$self->{conf}->{userControl}/o )
{
return PE_MALFORMEDUSER;
}
@ -97,8 +97,8 @@ sub run {
$self->logger->debug("Processing hGroups...");
$spoofSession->{hGroups} ||= {};
$realSession->{$sphg} ||= {};
$spoofSession->{hGroups}
= { %{ $spoofSession->{hGroups} }, %{ $realSession->{$sphg} } };
$spoofSession->{hGroups} =
{ %{ $spoofSession->{hGroups} }, %{ $realSession->{$sphg} } };
}
# Create spoofed session
@ -119,8 +119,8 @@ sub _userDatas {
$req->{sessionInfo} = {};
# Search user in database
$req->steps(
[ 'getUser', 'setSessionInfo',
$req->steps( [
'getUser', 'setSessionInfo',
'setMacros', 'setGroups',
'setLocalGroups'
]

16
lemonldap-ng-portal/t/02-Password-Demo.t
Unescape View File

@ -25,11 +25,9 @@ ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu' );
ok( $res->[2]->[0] !~ m%<span id="languages"></span>%,
' No language icon found' )
or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%"trOver"%,
' trOver found' )
ok( $res->[2]->[0] =~ m%"trOver"%, ' trOver found' )
or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%"all":\{\}%,
' all found' )
ok( $res->[2]->[0] =~ m%"all":\{\}%, ' all found' )
or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%"en":\{"PE9":"You are welcome! Please login..."\}%,
' en found' )
@ -40,15 +38,12 @@ ok( $res->[2]->[0] =~ m%"PE0":"Souriez, vous êtes surveillés !"%,
ok( $res->[2]->[0] =~ m%"selectIdP":"Portail de Fédération des Identités"%,
' selectIdP found' )
or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%"fr":\{%,
' fr found' )
ok( $res->[2]->[0] =~ m%"fr":\{%, ' fr found' )
or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%"PE85":"From lemonlap-ng.ini"%,
' PE85 found' )
ok( $res->[2]->[0] =~ m%"PE85":"From lemonlap-ng.ini"%, ' PE85 found' )
or print STDERR Dumper( $res->[2]->[0] );
count(9);
# Try yo authenticate
# -------------------
ok(
@ -60,8 +55,7 @@ ok(
),
'Auth query'
);
ok( $res->[2]->[0] =~ m%<span trmsg="40"></span>%,
' PE40 found' )
ok( $res->[2]->[0] =~ m%<span trmsg="40"></span>%, ' PE40 found' )
or print STDERR Dumper( $res->[2]->[0] );
count(2);

3
lemonldap-ng-portal/t/21-Auth-LDAP-Policy.t
Unescape View File

@ -13,8 +13,7 @@ SKIP: {
skip( 'LLNGTESTLDAP is not set', $maintests ) unless ( $ENV{LLNGTESTLDAP} );
require 't/test-ldap.pm';
my $client = LLNG::Manager::Test->new(
{
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
useSafeJail => 1,

1
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t
Unescape View File

@ -87,6 +87,7 @@ SKIP: {
);
ok( $res->[2]->[0] =~ /trmsg="89"/, 'Reject reason is 89' )
or print STDERR Dumper( $res->[2]->[0] );
# Simple SP access
ok(
$res = $sp->_get(

3
lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t
Unescape View File

@ -143,8 +143,7 @@ $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
$body = $res->[2]->[0];
$body =~ s/^.*?<form.*?>//s;
$body =~ s#</form>.*$##s;
%fields =
( $body =~ /<input type="hidden".+?name="(.+?)".+?value="(.*?)"/sg );
%fields = ( $body =~ /<input type="hidden".+?name="(.+?)".+?value="(.*?)"/sg );
$fields{user} = $fields{password} = 'french';
use URI::Escape;
$s = join( '&', map { "$_=" . uri_escape( $fields{$_} ) } keys %fields );

61
lemonldap-ng-portal/t/67-CheckUser-with-token.t
Unescape View File

@ -8,8 +8,8 @@ BEGIN {
my $res;
my $client = LLNG::Manager::Test->new(
{ ini => {
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
@ -25,17 +25,16 @@ my $client = LLNG::Manager::Test->new(
}
);
## Try to authenticate
ok( $res = $client->_get( '/', accept => 'text/html' ),
'Get Menu', );
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
count(1);
my ( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'password', 'token' );
$query =~ s/user=/user=dwho/;
$query =~ s/password=/password=dwho/;
ok( $res = $client->_post(
ok(
$res = $client->_post(
'/',
IO::String->new($query),
length => length($query),
@ -50,7 +49,8 @@ expectRedirection( $res, 'http://auth.example.com/' );
# CheckUser form
# ------------------------
ok( $res = $client->_get(
ok(
$res = $client->_get(
'/checkuser',
cookie => "lemonldap=$id",
accept => 'text/html'
@ -58,10 +58,9 @@ ok( $res = $client->_get(
'CheckUser form',
);
count(1);
( $host, $url, $query )
= expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%,
'Found trspan="checkUser"' )
( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
or explain( $res->[2]->[0], 'trspan="checkUser"' );
count(1);
@ -70,7 +69,8 @@ sleep 3;
$query =~ s/user=dwho/user=rtyler/;
$query =~ s/url=/url=http%3A%2F%2Ftest1.example.com/;
ok( $res = $client->_post(
ok(
$res = $client->_post(
'/checkuser',
IO::String->new($query),
cookie => "lemonldap=$id",
@ -79,18 +79,18 @@ ok( $res = $client->_post(
),
'POST checkuser'
);
ok( $res->[2]->[0] =~ m%<span trspan="PE82"></span>%,
'Found PE_TOKENEXPIRED' )
ok( $res->[2]->[0] =~ m%<span trspan="PE82"></span>%, 'Found PE_TOKENEXPIRED' )
or explain( $res->[2]->[0], 'trspan="PE82"' );
count(2);
( $host, $url, $query )
= expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
# Valid token
$query =~ s/user=/user=rtyler/;
$query =~ s/url=/url=test1.example.com/;
ok( $res = $client->_post(
ok(
$res = $client->_post(
'/checkuser',
IO::String->new($query),
cookie => "lemonldap=$id",
@ -101,13 +101,13 @@ ok( $res = $client->_post(
);
count(1);
( $host, $url, $query )
= expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%,
'Found trspan="checkUser"' )
( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
or explain( $res->[2]->[0], 'trspan="checkUser"' );
ok( $res->[2]->[0]
=~ m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
ok(
$res->[2]->[0] =~
m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
'Found trspan="allowed"'
) or explain( $res->[2]->[0], 'trspan="allowed"' );
ok( $res->[2]->[0] =~ m%<span trspan="headers">%, 'Found trspan="headers"' )
@ -123,8 +123,7 @@ ok( $res->[2]->[0] =~ m%<span trspan="attributes">%,
ok( $res->[2]->[0] =~ m%<td class="align-middle">Auth-User</td>%,
'Found Auth-User' )
or explain( $res->[2]->[0], 'Header Key: Auth-User' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">rtyler</td>%,
'Found rtyler' )
ok( $res->[2]->[0] =~ m%<td class="align-middle">rtyler</td>%, 'Found rtyler' )
or explain( $res->[2]->[0], 'Header Value: rtyler' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">su</td>%, 'Found su' )
or explain( $res->[2]->[0], 'SSO Groups: su' );
@ -136,10 +135,11 @@ ok( $res->[2]->[0] =~ m%<td class="text-left">uid</td>%, 'Found uid' )
count(11);
$query =~ s/user=dwho/user=msmith/;
$query
=~ s/url=http%3A%2F%2Ftest1.example.com/url=http%3A%2F%2Fmanager.example.com%2Fmanager.html/;
$query =~
s/url=http%3A%2F%2Ftest1.example.com/url=http%3A%2F%2Fmanager.example.com%2Fmanager.html/;
ok( $res = $client->_post(
ok(
$res = $client->_post(
'/checkuser',
IO::String->new($query),
cookie => "lemonldap=$id",
@ -148,8 +148,9 @@ ok( $res = $client->_post(
),
'POST checkuser'
);
ok( $res->[2]->[0]
=~ m%<div class="alert alert-danger"><b><span trspan="forbidden"></span></b></div>%,
ok(
$res->[2]->[0] =~
m%<div class="alert alert-danger"><b><span trspan="forbidden"></span></b></div>%,
'Found trspan="forbidden"'
) or explain( $res->[2]->[0], 'trspan="forbidden"' );
count(2);

43
lemonldap-ng-portal/t/68-Impersonation-with-merge.t
Unescape View File

@ -8,8 +8,8 @@ BEGIN {
my $res;
my $client = LLNG::Manager::Test->new(
{ ini => {
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
@ -26,10 +26,8 @@ my $client = LLNG::Manager::Test->new(
}
);
## Try to authenticate
ok( $res = $client->_get( '/', accept => 'text/html' ),
'Get Menu', );
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
count(1);
my ( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
@ -37,7 +35,8 @@ my ( $host, $url, $query ) =
$query =~ s/user=/user=rtyler/;
$query =~ s/password=/password=rtyler/;
$query =~ s/spoofId=/spoofId=dwho/;
ok( $res = $client->_post(
ok(
$res = $client->_post(
'/',
IO::String->new($query),
length => length($query),
@ -52,7 +51,8 @@ expectRedirection( $res, 'http://auth.example.com/' );
# CheckUser form
# ------------------------
ok( $res = $client->_get(
ok(
$res = $client->_get(
'/checkuser',
cookie => "lemonldap=$id",
accept => 'text/html'
@ -60,16 +60,16 @@ ok( $res = $client->_get(
'CheckUser form',
);
count(1);
( $host, $url, $query )
= expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%,
'Found trspan="checkUser"' )
( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
or explain( $res->[2]->[0], 'trspan="checkUser"' );
count(1);
$query =~ s/url=/url=test1.example.com/;
ok( $res = $client->_post(
ok(
$res = $client->_post(
'/checkuser',
IO::String->new($query),
cookie => "lemonldap=$id",
@ -80,13 +80,13 @@ ok( $res = $client->_post(
);
count(1);
( $host, $url, $query )
= expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%,
'Found trspan="checkUser"' )
( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
or explain( $res->[2]->[0], 'trspan="checkUser"' );
ok( $res->[2]->[0]
=~ m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
ok(
$res->[2]->[0] =~
m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
'Found trspan="allowed"'
) or explain( $res->[2]->[0], 'trspan="allowed"' );
ok( $res->[2]->[0] =~ m%<span trspan="headers">%, 'Found trspan="headers"' )
@ -99,14 +99,12 @@ ok( $res->[2]->[0] =~ m%<span trspan="macros">%, 'Found trspan="macros"' )
ok( $res->[2]->[0] =~ m%<span trspan="attributes">%,
'Found trspan="attributes"' )
or explain( $res->[2]->[0], 'trspan="attributes"' );
ok( $res->[2]->[0] =~ m%<td class="text-left">_userDB</td>%,
'Found _userDB' )
ok( $res->[2]->[0] =~ m%<td class="text-left">_userDB</td>%, 'Found _userDB' )
or explain( $res->[2]->[0], '_userDB' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">Auth-User</td>%,
'Found Auth-User' )
or explain( $res->[2]->[0], 'Header Key: Auth-User' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%,
'Found dwho' )
ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%, 'Found dwho' )
or explain( $res->[2]->[0], 'Header Value: dwho' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">su</td>%, 'Found su' )
or explain( $res->[2]->[0], 'SSO Groups: su' );
@ -117,7 +115,6 @@ ok( $res->[2]->[0] =~ m%<td class="text-left">uid</td>%, 'Found uid' )
or explain( $res->[2]->[0], 'Attribute Value uid' );
count(12);
$client->logout($id);
clean_sessions();

60
lemonldap-ng-portal/t/68-Impersonation.t
Unescape View File

@ -8,8 +8,8 @@ BEGIN {
my $res;
my $client = LLNG::Manager::Test->new(
{ ini => {
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
@ -27,8 +27,7 @@ my $client = LLNG::Manager::Test->new(
);
## Try to authenticate with bad spoofed user
ok( $res = $client->_get( '/', accept => 'text/html' ),
'Get Menu', );
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
count(1);
my ( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
@ -36,7 +35,8 @@ my ( $host, $url, $query ) =
$query =~ s/user=/user=rtyler/;
$query =~ s/password=/password=rtyler/;
$query =~ s/spoofId=/spoofId=dwho*/;
ok( $res = $client->_post(
ok(
$res = $client->_post(
'/',
IO::String->new($query),
length => length($query),
@ -44,8 +44,7 @@ ok( $res = $client->_post(
),
'Auth query'
);
ok( $res->[2]->[0] =~ m%<span trmsg="40"></span>%,
' PE40 found' )
ok( $res->[2]->[0] =~ m%<span trmsg="40"></span>%, ' PE40 found' )
or print STDERR Dumper( $res->[2]->[0] );
count(2);
@ -53,8 +52,7 @@ my $id = expectCookie($res);
$client->logout($id);
## Try to authenticate
ok( $res = $client->_get( '/', accept => 'text/html' ),
'Get Menu', );
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
count(1);
my ( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
@ -62,7 +60,8 @@ my ( $host, $url, $query ) =
$query =~ s/user=/user=rtyler/;
$query =~ s/password=/password=rtyler/;
$query =~ s/spoofId=/spoofId=dwho/;
ok( $res = $client->_post(
ok(
$res = $client->_post(
'/',
IO::String->new($query),
length => length($query),
@ -77,7 +76,8 @@ expectRedirection( $res, 'http://auth.example.com/' );
# CheckUser form
# ------------------------
ok( $res = $client->_get(
ok(
$res = $client->_get(
'/checkuser',
cookie => "lemonldap=$id",
accept => 'text/html'
@ -85,16 +85,16 @@ ok( $res = $client->_get(
'CheckUser form',
);
count(1);
( $host, $url, $query )
= expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%,
'Found trspan="checkUser"' )
( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
or explain( $res->[2]->[0], 'trspan="checkUser"' );
count(1);
$query =~ s/url=/url=test1.example.com/;
ok( $res = $client->_post(
ok(
$res = $client->_post(
'/checkuser',
IO::String->new($query),
cookie => "lemonldap=$id",
@ -105,13 +105,13 @@ ok( $res = $client->_post(
);
count(1);
( $host, $url, $query )
= expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%,
'Found trspan="checkUser"' )
( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
or explain( $res->[2]->[0], 'trspan="checkUser"' );
ok( $res->[2]->[0]
=~ m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
ok(
$res->[2]->[0] =~
m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
'Found trspan="allowed"'
) or explain( $res->[2]->[0], 'trspan="allowed"' );
ok( $res->[2]->[0] =~ m%<span trspan="headers">%, 'Found trspan="headers"' )
@ -126,14 +126,12 @@ ok( $res->[2]->[0] =~ m%<span trspan="macros">%, 'Found trspan="macros"' )
ok( $res->[2]->[0] =~ m%<span trspan="attributes">%,
'Found trspan="attributes"' )
or explain( $res->[2]->[0], 'trspan="attributes"' );
ok( $res->[2]->[0] =~ m%<td class="text-left">_userDB</td>%,
'Found _userDB' )
ok( $res->[2]->[0] =~ m%<td class="text-left">_userDB</td>%, 'Found _userDB' )
or explain( $res->[2]->[0], '_userDB' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">Auth-User</td>%,
'Found Auth-User' )
or explain( $res->[2]->[0], 'Header Key: Auth-User' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%,
'Found dwho' )
ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%, 'Found dwho' )
or explain( $res->[2]->[0], 'Header Value: dwho' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">_whatToTrace</td>%,
@ -142,18 +140,14 @@ ok( $res->[2]->[0] =~ m%<td class="align-middle">_whatToTrace</td>%,
ok( $res->[2]->[0] =~ m%<td class="text-left">real_groups</td>%,
'Found real_groups' )
or explain( $res->[2]->[0], 'real_groups' );
ok( $res->[2]->[0] =~ m%<td class="text-left">su</td>%,
'Found su' )
ok( $res->[2]->[0] =~ m%<td class="text-left">su</td>%, 'Found su' )
or explain( $res->[2]->[0], 'su' );
ok( $res->[2]->[0] =~ m%<td class="text-left">real_uid</td>%,
'Found real_uid' )
ok( $res->[2]->[0] =~ m%<td class="text-left">real_uid</td>%, 'Found real_uid' )
or explain( $res->[2]->[0], 'real_groups' );
ok( $res->[2]->[0] =~ m%<td class="text-left">rtyler</td>%,
'Found rtyler' )
ok( $res->[2]->[0] =~ m%<td class="text-left">rtyler</td>%, 'Found rtyler' )
or explain( $res->[2]->[0], 'su' );
count(14);
$client->logout($id);
clean_sessions();

5
lemonldap-ng-portal/t/sendCode.pl
Unescape View File

@ -4,4 +4,7 @@ use warnings;
my ( $swt1, $user, $swt2, $code ) = @ARGV;
exit !( $swt1 eq '-uid' && $user eq 'dwho' && $swt2 eq '-code' && defined $code );
exit !($swt1 eq '-uid'
&& $user eq 'dwho'
&& $swt2 eq '-code'
&& defined $code );

Write Preview
Loading…
Cancel
Save