Add portalEnablePasswordDisplay parameter in manager (#2454)

4 years ago · d9556aaa47
parent ab3550761f
commit d9556aaa47
19 changed files with 38 additions and 9 deletions
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
@ -31,7 +31,7 @@ use constant DEFAULTCONFBACKENDOPTIONS => (
 );
 our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|ScopeRule|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
 our $arrayParameters = qr/^mySessionAuthorizedRWKeys$/;
-our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:sS(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|ptcha_(?:register|login|mail)_enabled)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|heck(?:DevOps(?:Download)?|State|User|XSS)|rowdsec|da)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|to(?:tp2fUserCanRemoveKey|kenUseGlobalStorage)|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/;
+our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|E(?:rrorOn(?:ExpiredSession|MailNotFound)|nablePasswordDisplay)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:sS(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|ptcha_(?:register|login|mail)_enabled)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|heck(?:DevOps(?:Download)?|State|User|XSS)|rowdsec|da)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|to(?:tp2fUserCanRemoveKey|kenUseGlobalStorage)|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/;

 our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );

--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@ -2842,6 +2842,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
            'default' => 0,
            'type'    => 'bool'
        },
+        'portalEnablePasswordDisplay' => {
+            'default' => 0,
+            'type'    => 'bool'
+        },
        'portalErrorOnExpiredSession' => {
            'default' => 1,
            'type'    => 'bool'
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@ -1229,6 +1229,11 @@ sub attributes {
            type          => 'bool',
            documentation => 'Display link to refresh the user session',
        },
+        portalEnablePasswordDisplay => {
+            default       => 0,
+            type          => 'bool',
+            documentation => 'Allow to display password in login form',
+        },

        # Cookies
        cookieExpiration => {
@ -3226,7 +3231,7 @@ sub attributes {
        sfRemovedNotifMsg => {
            type => 'text',
            default =>
-              '_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!',
+'_removedSF_ expired second factor(s) has/have been removed (_nameSF_)!',
            help          => 'secondfactor.html',
            documentation => 'Notification message',
        },
@ -4155,8 +4160,14 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
        oidcRPMetaDataOptions => { type => 'subContainer', },

        # OpenID Connect providers
-        oidcOPMetaDataJSON         => { type => 'file', keyTest => sub { 1 } },
-        oidcOPMetaDataJWKS         => { type => 'file', keyTest => sub { 1 } },
+        oidcOPMetaDataJSON => {
+            type    => 'file',
+            keyTest => sub { 1 }
+        },
+        oidcOPMetaDataJWKS => {
+            type    => 'file',
+            keyTest => sub { 1 }
+        },
        oidcOPMetaDataExportedVars => {
            type    => 'keyTextContainer',
            default => {
@ -4248,7 +4259,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
        oidcRPMetaDataOptionsUserInfoSignAlg => {
            type   => 'select',
            select => [
-                { k => '',  v => 'JSON' },
+                { k => '',      v => 'JSON' },
                { k => 'none',  v => 'JWT/None' },
                { k => 'HS256', v => 'JWT/HS256' },
                { k => 'HS384', v => 'JWT/HS384' },
@ -4355,6 +4366,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
            type => 'keyTextContainer',
            help => 'idpopenidconnect.html#scope-rules',
            test => {
+
                # RFC6749
                keyTest    => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/,
                keyMsgFail => '__badMacroName__',
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
@ -79,6 +79,7 @@ sub tree {
                                        'portalRequireOldPassword',
                                        'hideOldPassword',
                                        'mailOnPasswordChange',
+                                        'portalEnablePasswordDisplay',
                                    ]
                                },
                                {
--- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js
--- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map
+++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map
--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@ -786,6 +786,7 @@
 "portalDisplayRefreshMyRights":"Display rights refresh link",
 "portalDisplayRegister":"تسجيل حساب جديد",
 "portalDisplayResetPassword":"إعادة تعيين كلمة المرور",
+"portalEnablePasswordDisplay":"Allow to display password",
 "portalErrorOnExpiredSession":"عرض الخطأ في الجلسة المنتهية صلحيتها",
 "portalErrorOnMailNotFound":"إظهار الخطأ في البريد الغيرالموجود",
 "portalForceAuthn":"فرض إثبات الهوية",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json
@ -786,6 +786,7 @@
 "portalDisplayRefreshMyRights":"Display rights refresh link",
 "portalDisplayRegister":"Register new account",
 "portalDisplayResetPassword":"Reset password",
+"portalEnablePasswordDisplay":"Allow to display password",
 "portalErrorOnExpiredSession":"Show error on expired session",
 "portalErrorOnMailNotFound":"Show error on mail not found",
 "portalForceAuthn":"Force authentication",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@ -786,6 +786,7 @@
 "portalDisplayRefreshMyRights":"Display rights refresh link",
 "portalDisplayRegister":"Register new account",
 "portalDisplayResetPassword":"Reset password",
+"portalEnablePasswordDisplay":"Allow to display password",
 "portalErrorOnExpiredSession":"Show error on expired session",
 "portalErrorOnMailNotFound":"Show error on mail not found",
 "portalForceAuthn":"Force authentication",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/es.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/es.json
@ -786,6 +786,7 @@
 "portalDisplayRefreshMyRights":"Display rights refresh link",
 "portalDisplayRegister":"Registrar nueva cuenta",
 "portalDisplayResetPassword":"Reiniciar contraseña",
+"portalEnablePasswordDisplay":"Allow to display password",
 "portalErrorOnExpiredSession":"Mostrar error en sesión caducada",
 "portalErrorOnMailNotFound":"Mostrar error cuando no se encuentra el email",
 "portalForceAuthn":"Forzar autentificación",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@ -786,6 +786,7 @@
 "portalDisplayRefreshMyRights":"Afficher le lien de rafraichissement des droits",
 "portalDisplayRegister":"Création d'un nouveau compte",
 "portalDisplayResetPassword":"Réinitialisation de mot de passe",
+"portalEnablePasswordDisplay":"Permettre d'afficher le mot de passe",
 "portalErrorOnExpiredSession":"Affiche une erreur si la session est expirée",
 "portalErrorOnMailNotFound":"Affiche une erreur si le mail n'est pas trouvé",
 "portalForceAuthn":"Authentification forcée",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@ -786,6 +786,7 @@
 "portalDisplayRefreshMyRights":"Display rights refresh link",
 "portalDisplayRegister":"Registra nuovo account",
 "portalDisplayResetPassword":"Reimposta password",
+"portalEnablePasswordDisplay":"Allow to display password",
 "portalErrorOnExpiredSession":"Mostra errore nella sessione scaduta",
 "portalErrorOnMailNotFound":"Mostra errore sulla posta non trovata",
 "portalForceAuthn":"Forza l'autenticazione",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
@ -786,6 +786,7 @@
 "portalDisplayRefreshMyRights":"Wyświetl link do odświeżania praw",
 "portalDisplayRegister":"Zarejestruj Nowe Konto",
 "portalDisplayResetPassword":"Zresetuj hasło",
+"portalEnablePasswordDisplay":"Allow to display password",
 "portalErrorOnExpiredSession":"Pokaż błąd w wygasłej sesji",
 "portalErrorOnMailNotFound":"Pokaż błąd w poczcie nie znaleziono",
 "portalForceAuthn":"Wymuś uwierzytelnienie",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
@ -786,6 +786,7 @@
 "portalDisplayRefreshMyRights":"Görüntüleme hakları yenileme bağlantısı",
 "portalDisplayRegister":"Yeni hesap kaydet",
 "portalDisplayResetPassword":"Parolayı sıfırla",
+"portalEnablePasswordDisplay":"Allow to display password",
 "portalErrorOnExpiredSession":"Süresi dolmuş oturumda hatayı göster",
 "portalErrorOnMailNotFound":"E-posta bulunamadığında hatayı göster",
 "portalForceAuthn":"Kimlik doğrulamaya zorla",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@ -786,6 +786,7 @@
 "portalDisplayRefreshMyRights":"Display rights refresh link",
 "portalDisplayRegister":"Đăng ký tài khoản mới",
 "portalDisplayResetPassword":"Đặt lại mật khẩu",
+"portalEnablePasswordDisplay":"Allow to display password",
 "portalErrorOnExpiredSession":"Show error on expired session",
 "portalErrorOnMailNotFound":"Show error on mail not found",
 "portalForceAuthn":"Bắt buộc xác thực",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
@ -786,6 +786,7 @@
 "portalDisplayRefreshMyRights":"Display rights refresh link",
 "portalDisplayRegister":"Register new account",
 "portalDisplayResetPassword":"Reset password",
+"portalEnablePasswordDisplay":"Allow to display password",
 "portalErrorOnExpiredSession":"Show error on expired session",
 "portalErrorOnMailNotFound":"Show error on mail not found",
 "portalForceAuthn":"Force authentication",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json
@ -786,6 +786,7 @@
 "portalDisplayRefreshMyRights":"顯示權限重新整理連結",
 "portalDisplayRegister":"註冊新帳號",
 "portalDisplayResetPassword":"重設密碼",
+"portalEnablePasswordDisplay":"Allow to display password",
 "portalErrorOnExpiredSession":"在過期的工作階段上顯示錯誤",
 "portalErrorOnMailNotFound":"找不到郵件時顯示錯誤",
 "portalForceAuthn":"強制驗證",
--- a/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
+++ b/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
--- a/lemonldap-ng-manager/site/htdocs/static/struct.json
+++ b/lemonldap-ng-manager/site/htdocs/static/struct.json