From ff36b81e730d692bea3f82f878e908dfb68c804d Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Thu, 18 Feb 2021 22:46:18 +0100
Subject: [PATCH] Append accessor to avoid modify conf (#2451)

---
 doc/sources/admin/crowdsec.rst                |  2 +-
 doc/sources/admin/start.rst                   | 38 +++++++++----------
 .../Lemonldap/NG/Portal/Plugins/CrowdSec.pm   | 15 ++++----
 .../site/htdocs/static/common/js/portal.js    |  4 +-
 .../htdocs/static/common/js/portal.min.js     |  2 +-
 lemonldap-ng-portal/t/61-CrowdSec-warn.t      |  2 +-
 lemonldap-ng-portal/t/61-CrowdSec.t           |  2 +-
 7 files changed, 33 insertions(+), 32 deletions(-)

diff --git a/doc/sources/admin/crowdsec.rst b/doc/sources/admin/crowdsec.rst
index 61605b9b1..a9c48d616 100644
--- a/doc/sources/admin/crowdsec.rst
+++ b/doc/sources/admin/crowdsec.rst
@@ -11,7 +11,7 @@ community-powered IP reputation system.
 LL::NG provides a **CrowdSec** bouncer that can reject Crowdsec banned-IP
 requests or just provide an environment variable that can be used in
 another plugin rule. For example, a second factor may be required if user's
-IP is CrowdSec bans it.
+IP is CrowdSec-banned.
 
 Configuration
 -------------
diff --git a/doc/sources/admin/start.rst b/doc/sources/admin/start.rst
index 55be9dcab..c69c43344 100644
--- a/doc/sources/admin/start.rst
+++ b/doc/sources/admin/start.rst
@@ -276,21 +276,21 @@ Name                                                                 Description
 :doc:`Check user<checkuser>`  [6]_ |new|                             Check access rights, transmitted headers and session attibutes for a specific user and URL
 :doc:`Configuration viewer<viewer>` |new|                            Edit WebSSO configuration in Read Only mode
 :doc:`Context switching<contextswitching>`  [7]_\ |new|              Switch context other users
-:doc:`CrowdSec<crowdsec>`  [16]_\ |new|                              CrowdSec bouncer
+:doc:`CrowdSec<crowdsec>`  [8]_\ |new|                               CrowdSec bouncer
 :doc:`Custom<plugincustom>`                                          Write a custom plugin
-:doc:`Decrypt value<decryptvalue>`  [8]_\ |image35|                  Decrypt ciphered values
+:doc:`Decrypt value<decryptvalue>`  [9]_\ |image35|                  Decrypt ciphered values
 :doc:`Display login history<loginhistory>`                           Display Success/Fails logins
 :doc:`Force Authentication<forcereauthn>`                            Force authentication to access to Portal
-:doc:`Global Logout<globallogout>`  [9]_                             Suggest to close all opened sessions at logout
+:doc:`Global Logout<globallogout>`  [10]_                            Suggest to close all opened sessions at logout
 :doc:`Grant Sessions<grantsession>`                                  Rules to apply before allowing a user to open a session
-:doc:`Impersonation<impersonation>`  [10]_\ |new|                     Allow users to use another identity
-:doc:`Find user<finduser>`  [11]_\ |new|                             Search for user account
+:doc:`Impersonation<impersonation>`  [11]_\ |new|                    Allow users to use another identity
+:doc:`Find user<finduser>`  [12]_\ |new|                             Search for user account
 :doc:`Notifications system<notifications>`                           DIsplay a message during log in process 
 :doc:`Portal Status<status>`                                         Experimental portal status page
 :doc:`Public pages<public_pages>`                                    Enable public pages system
-:doc:`Refresh session API<refreshsessionapi>`  [12]_                 Plugin that provides an API to refresh a user session
+:doc:`Refresh session API<refreshsessionapi>`  [13]_                 Plugin that provides an API to refresh a user session
 :doc:`Reset password by mail<resetpassword>`                         Send a mail to reset its password
-:doc:`Reset certificate by mail<resetcertificate>`  [13]_\ |image37| Allow users to reset their certificate
+:doc:`Reset certificate by mail<resetcertificate>`  [14]_\ |image37| Allow users to reset their certificate
 :doc:`REST services<restservices>` |new|                             REST server for :doc:`Proxy<authproxy>`
 :doc:`SOAP services<soapservices>` |deprecated|                      SOAP server for :doc:`Proxy<authproxy>`
 :doc:`Stay connected<stayconnected>` |new|                           Enable persistent connection on same browser
@@ -308,12 +308,12 @@ Handlers are software control agents to be installed on your web servers
 ==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
 Handler type                                                         Apache     LLNG FastCGI/uWSGI server (Nginx, or :doc:`SSOaaS<ssoaas>`)   `Plack servers <https://plackperl.org>`__   Node.js  ( `express apps <http://expressjs.com/>`__\  or :doc:`SSOaaS<ssoaas>`)    :doc:`Self protected apps<selfmadeapplication>`   Comment
 ==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
-Main *(default handler)*                                             ✔          ✔                                                             ✔                                           :doc:`Partial<nodehandler>` ** [14]_ **                                             ✔
+Main *(default handler)*                                             ✔          ✔                                                             ✔                                           :doc:`Partial<nodehandler>` ** [15]_ **                                            ✔
 :doc:`AuthBasic<handlerauthbasic>`                                   ✔          ✔                                                             ✔                                                                                                                              ✔                                               Designed for some server-to-server applications
 :doc:`CDA<cda>`                                                      ✔          ✔                                                             ✔                                                                                                                              ✔                                               For Cross Domain Authentication
 :doc:`DevOps<devopshandler>`  (:doc:`SSOaaS<ssoaas>`)  |new|         ✔          ✔                                                             ✔                                           ✔                                                                                                                                  Allows application developers to define their own rules and headers inside their applications
 :doc:`DevOpsST<devopssthandler>`  (:doc:`SSOaaS<ssoaas>`)  |new|     ✔          ✔                                                             ✔                                           ✔                                                                                                                                  Enables both :doc:`DevOps<devopshandler>` and :doc:`Service Token<servertoserver>`
-:doc:`OAuth2<oauth2handler>`  [15]_\ |new|                           ✔          ✔                                                             ✔                                                                                                                              ✔                                               Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services
+:doc:`OAuth2<oauth2handler>`  [16]_\ |new|                           ✔          ✔                                                             ✔                                                                                                                              ✔                                               Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services
 :doc:`Secure Token<securetoken>`                                     ✔          ✔                                                             ✔                                                                                                                                                                              Designed to secure exchanges between a LLNG reverse-proxy and a remote app
 :doc:`Service Token<servertoserver>` |new| *(Server-to-Server)*      ✔          ✔                                                             ✔                                           ✔                                                                                  ✔                                               Designed to permit underlying requests *(API-Based Infrastructure)*
 :doc:`Zimbra PreAuth<applications/zimbra>`                           ✔          ✔                                                             ✔
@@ -579,38 +579,38 @@ by your language code):
    LLNG ≥ 2.0.6
 
 .. [8]
+   :doc:`CrowdSec bouncer <crowdsec>` is available with LLNG ≥ 2.0.12
+
+.. [9]
    :doc:`Decrypt value plugin<decryptvalue>` is available with LLNG ≥
    2.0.7
 
-.. [9]
+.. [10]
    :doc:`Global Logout plugin<globallogout>` is available with LLNG ≥
    2.0.7
 
-.. [10]
+.. [11]
    :doc:`Impersonation plugin<impersonation>` is available with LLNG ≥
    2.0.3
 
-.. [11]
+.. [12]
    :doc:`Find user plugin<finduser>` is available with LLNG ≥
    2.0.11
 
-.. [12]
+.. [13]
    :doc:`Refresh session API plugin<refreshsessionapi>` is available
    with LLNG ≥ 2.0.7
 
-.. [13]
+.. [14]
    :doc:`Reset certificate by mail plugin<resetcertificate>` is
    available with LLNG ≥ 2.0.7
 
-.. [14]
+.. [15]
    :doc:`Node.js handler<nodehandler>` has not yet reached the same
    level of functionalities
 
-.. [15]
-   :doc:`OAuth2 Handler<oauth2handler>` is available with LLNG ≥ 2.0.4
-
 .. [16]
-   :doc:`CrowdSec bouncer <crowdsec>` is available with LLNG ≥ 2.0.12
+   :doc:`OAuth2 Handler<oauth2handler>` is available with LLNG ≥ 2.0.4
 
 .. |image0| image:: /icons/kthememgr.png
 .. |image1| image:: /icons/warehause.png
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CrowdSec.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CrowdSec.pm
index 80178473b..2ff0b98c5 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CrowdSec.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CrowdSec.pm
@@ -5,12 +5,12 @@ use Mouse;
 use JSON qw(from_json);
 use Lemonldap::NG::Common::UserAgent;
 use Lemonldap::NG::Portal::Main::Constants qw(
-  PE_ERROR
   PE_OK
+  PE_ERROR
   PE_SESSIONNOTGRANTED
 );
 
-our $VERSION = '2.0.10';
+our $VERSION = '2.0.12';
 
 extends 'Lemonldap::NG::Portal::Main::Plugin';
 
@@ -28,18 +28,19 @@ has ua => (
         return $ua;
     }
 );
+has crowdsecUrl => ( is => 'rw' );
 
 sub init {
     my ($self) = @_;
     if ( $self->conf->{crowdsecUrl} ) {
-        $self->conf->{crowdsecUrl} =~ s#/+$##;
+        $self->crowdsecUrl( $self->conf->{crowdsecUrl} =~ s#/+$## );
     }
     else {
         $self->logger->warn(
             "crowdsecUrl isn't set, fallback to http://localhost:8080");
-        $self->conf->{crowdsecUrl} = 'http://localhost:8080';
+        $self->crowdsecUrl('http://localhost:8080');
     }
-    $self->logger->notice( "CrowdSec policy is: "
+    $self->logger->notice( 'CrowdSec policy is: '
           . ( $self->conf->{crowdsecAction} ? 'reject' : 'warn' ) );
     return 1;
 }
@@ -48,12 +49,12 @@ sub check {
     my ( $self, $req ) = @_;
     my $ip   = $req->address;
     my $resp = $self->ua->get(
-        $self->conf->{crowdsecUrl} . "/v1/decisions?ip=$ip",
+        $self->crowdsecUrl . "/v1/decisions?ip=$ip",
         'Accept'    => 'application/json',
         'X-Api-Key' => $self->conf->{crowdsecKey},
     );
     if ( $resp->is_error ) {
-        $self->logger->error( "Bad CrowdSec response: " . $resp->message );
+        $self->logger->error( 'Bad CrowdSec response: ' . $resp->message );
         $self->logger->debug( $resp->content );
         return PE_ERROR;
     }
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
index 283c36599..0f0c7473f 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
@@ -588,11 +588,11 @@ LemonLDAP::NG Portal jQuery scripts
       }
     });
     $('#resetfinduserform').on('click', function() {
-      console.log('Clear form');
+      console.log('Reset form');
       return $('#finduserForm').trigger('reset');
     });
     $('#finduserModal').on('hidden.bs.modal', function() {
-      console.log('Reset modal');
+      console.log('Clear modal');
       return $('#finduserForm').trigger('reset');
     });
     return $('#finduserbutton').on('click', function(event) {
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
index d0cad62cb..c8daecd79 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
@@ -1 +1 @@
-(function(){var G,a,D,R,M,N,U,V,_,e,J,g,F,q,r,H=[].indexOf||function(e){for(var a=0,t=this.length;a<t;a++)if(a in this&&this[a]===e)return a;return-1};r={},q=function(s){return $.getJSON(window.staticPrefix+"languages/"+s+".json",function(e){var a,t,n,o;for(a in r=e,t=window.datas.trOver.all)o=t[a],r[a]=o;if(window.datas.trOver[s])for(a in n=window.datas.trOver[s])o=n[a],r[a]=o;return $("[trspan]").each(function(){var e,a,t,n;for(e=$(this).attr("trspan").split(","),n=F(e.shift()),a=0,t=e.length;a<t;a++)o=e[a],n=n.replace(/%[sd]/,o);return $(this).html(n)}),$("[trmsg]").each(function(){if($(this).html(F("PE"+$(this).attr("trmsg"))),F("PE"+$(this).attr("trmsg")).match(/_hide_/))return $(this).parent().hide()}),$("[trplaceholder]").each(function(){return $(this).attr("placeholder",F($(this).attr("trplaceholder")))}),$("[localtime]").each(function(){var e;return e=new Date(1e3*$(this).attr("localtime")),$(this).text(e.toLocaleString())})})},F=function(e){return r[e]?r[e]:e},window.translate=F,M=function(){var o;return o={},$("script[type='application/init']").each(function(){var a,e,t,n;try{for(e in n=JSON.parse($(this).text()),t=[],n)t.push(o[e]=n[e]);return t}catch(e){return a=e,console.log("Parsing error",a),console.log("JSON",$(this).text())}}),console.log(o),o},R=function(e){var a;return(a=RegExp("[?&]"+e+"=([^&]*)").exec(window.location.search))?decodeURIComponent(a[1].replace(/\+/g," ")):null},g="#appslist",J=function(){return e("_appsListOrder",$(g).sortable("toArray").join())},U=function(e){return a("_oidcConsents",e,function(){return $("[partner='"+e+"']").hide()},function(e,a,t){return alert(a+" "+t)})},e=function(t,n,o,s){return $.ajax({type:"GET",url:G.scriptname+"/mysession/?gettoken",dataType:"json",error:s,success:function(e){var a;return(a={token:e.token})[t]=n,$.ajax({type:"PUT",url:G.scriptname+"/mysession/persistent",dataType:"json",data:a,success:o,error:s})}})},a=function(a,t,n,o){return $.ajax({type:"GET",url:G.scriptname+"/mysession/?gettoken",dataType:"json",error:o,success:function(e){return $.ajax({type:"DELETE",url:G.scriptname+"/mysession/persistent/"+a+"?sub="+t+"&token="+e.token,dataType:"json",success:n,error:o})}})},V=function(){var e,a,t,n,o,s,r,i,l,c,d,p,u;if(null==(l=$(g))||!G.appslistorder)return null;for(e=G.appslistorder.split(","),d=[],s=0,r=(o=l.sortable("toArray")).length;s<r;s++)d[u=o[s]]=u;for(c=0,i=e.length;c<i;c++)d[n=e[c]]&&(t=d[n],a=$(g+".ui-sortable").children("#"+t),p=$(g+".ui-sortable").children("#"+n),a.remove(),$(g+".ui-sortable").filter(":first").append(p));return 1},N=function(){return $.ajax({type:"POST",url:G.scriptname,data:{ping:1},dataType:"json",success:function(e){return null!=e.result&&1===e.result?setTimeout(N,G.pingInterval):location.reload(!0)},error:function(e,a,t){return location.reload(!0)}})},window.ping=N,D=function(e){var a,t,n,o,s;for(e+"=",t=decodeURIComponent(document.cookie).split(";"),s=new RegExp("^ *"+e+"="),n=0,o=t.length;n<o;n++)if((a=t[n]).match(s))return a=a.replace(s,"");return""},_=function(e,a,t){var n;return(n=new Date).setTime(n.getTime()+864e5*t),document.cookie=e+"="+a+"; expires="+n.toUTCString()+"; path=/"},G={},$(window).on("load",function(){var e,a,t,n,o,s,r,i,u,l,c,d,p,g,f,h,w,m,y,v,b,k,x,C,T,O,L,S,j,E,P,z,A,I;if(G=M(),"datas"in window&&"choicetab"in window.datas&&(G.choicetab=window.datas.choicetab),window.datas=G,$("#appslist").sortable({axis:"y",cursor:"move",opacity:.5,revert:!0,items:"> div.category",update:function(){return J()}}),V(),$("div.message").fadeIn("slow"),$("input[name=timezone]").val(-(new Date).getTimezoneOffset()/60),k=$("#menu").tabs({active:0}),(b=$('#menu a[href="#'+G.displaytab+'"]').parent().index())<0&&(b=0),k.tabs("option","active",b),n=$("#authMenu").tabs({active:0}),(t=$('#authMenu a[href="#'+G.displaytab+'"]').parent().index())<0&&(t=0),n.tabs("option","active",t),G.choicetab&&n.tabs("option","active",$('#authMenu a[href="#'+G.choicetab+'"]').parent().index()),G.login?$("input[type=password]:first").focus():0===$("input[autofocus]").length&&$("input[type!=hidden]:first").focus(),G.newwindow&&$("#appslist a").attr("target","_blank"),$("p.removeOther").length&&(e=$("#form").attr("action"),x=$("#form").attr("method"),console.log("method=",x),i="",$("#form input[type=hidden]")&&(console.log("Parse hidden values"),$("#form input[type=hidden]").each(function(e){return console.log(" ->",$(this).attr("name"),$(this).val()),i+="&"+$(this).attr("name")+"="+$(this).val()})),o="",e&&(console.log("action=",e),-1!==e.indexOf("?")?e.substring(0,e.indexOf("?")):o=e+"?",o+=i,i=""),y=$("p.removeOther a").attr("href")+"&method="+x+i,o&&(y+="&url="+btoa(o)),$("p.removeOther a").attr("href",y)),window.location.search&&((S=R("llnglanguage"))&&console.log("Get lang from parameter"),1===(A=R("setCookieLang"))&&console.log("Set lang cookie")),c||(c=D("llnglanguage"))&&!S&&console.log("Get lang from cookie"),c)H.call(window.availableLanguages,c)<0&&(c=window.availableLanguages[0],S||console.log("Lang not available -> Get default lang"));else if(navigator){for(p=[],g=[],O=[navigator.language],navigator.languages&&(O=navigator.languages),l=0,f=(E=window.availableLanguages).length;l<f;l++)a=E[l],d+='<img class="langicon" src="'+window.staticPrefix+"common/"+a+'.png" title="'+a+'" alt="['+a+']"> ';for(v=0,h=O.length;v<h;v++)for(T=O[v],console.log("Navigator lang",T),C=0,w=(P=window.availableLanguages).length;C<w;C++)a=P[C],console.log(" Available lang",a),j=new RegExp("^"+a+"-?"),T.match(j)?(console.log("  Matching lang =",a),p.push(a)):a.substring(0,1)===T.substring(0,1)&&g.push(a);(c=p[0]?p[0]:g[0]?g[0]:window.availableLanguages[0])&&!S&&console.log("Get lang from navigator")}else(c=window.availableLanguages[0])&&!S&&console.log("Get lang from window");for(S?(H.call(window.availableLanguages,S)<0&&(console.log("Lang not available -> Get default lang"),S=window.availableLanguages[0]),console.log("Selected lang ->",S),A&&(console.log("Set cookie lang ->",S),_("llnglanguage",S)),q(S)):(console.log("Selected lang ->",c),_("llnglanguage",c),q(c)),d="",L=0,m=(z=window.availableLanguages).length;L<m;L++)a=z[L],d+='<img class="langicon" src="'+window.staticPrefix+"common/"+a+'.png" title="'+a+'" alt="['+a+']"> ';return $("#languages").html(d),$(".langicon").on("click",function(){return c=$(this).attr("title"),_("llnglanguage",c),q(c)}),u=function(e){var a;return 47<(a=e.charCodeAt(0))&&a<58||64<a&&a<91||96<a&&a<123},s=function(e){var a,t,n,o,s,r,i,l,c,d,p;if(d=!0,0<window.datas.ppolicy.minsize&&(e.length>=window.datas.ppolicy.minsize?($("#ppolicy-minsize-feedback").addClass("fa-check text-success"),$("#ppolicy-minsize-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minsize-feedback").removeClass("fa-check text-success"),$("#ppolicy-minsize-feedback").addClass("fa-times text-danger"),d=!1)),0<window.datas.ppolicy.minupper&&((p=e.match(/[A-Z]/g))&&p.length>=window.datas.ppolicy.minupper?($("#ppolicy-minupper-feedback").addClass("fa-check text-success"),$("#ppolicy-minupper-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minupper-feedback").removeClass("fa-check text-success"),$("#ppolicy-minupper-feedback").addClass("fa-times text-danger"),d=!1)),0<window.datas.ppolicy.minlower&&((s=e.match(/[a-z]/g))&&s.length>=window.datas.ppolicy.minlower?($("#ppolicy-minlower-feedback").addClass("fa-check text-success"),$("#ppolicy-minlower-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minlower-feedback").removeClass("fa-check text-success"),$("#ppolicy-minlower-feedback").addClass("fa-times text-danger"),d=!1)),0<window.datas.ppolicy.mindigit&&((a=e.match(/[0-9]/g))&&a.length>=window.datas.ppolicy.mindigit?($("#ppolicy-mindigit-feedback").addClass("fa-check text-success"),$("#ppolicy-mindigit-feedback").removeClass("fa-times text-danger")):($("#ppolicy-mindigit-feedback").removeClass("fa-check text-success"),$("#ppolicy-mindigit-feedback").addClass("fa-times text-danger"),d=!1)),window.datas.ppolicy.allowedspechar){for(r=window.datas.ppolicy.allowedspechar.replace(/\s/g,""),t=!1,n=0,o=e.length;n<o;)u(e.charAt(n))||r.indexOf(e.charAt(n))<0&&(t=!0),n++;!1===t?($("#ppolicy-allowedspechar-feedback").addClass("fa-check text-success"),$("#ppolicy-allowedspechar-feedback").removeClass("fa-times text-danger")):($("#ppolicy-allowedspechar-feedback").removeClass("fa-check text-success"),$("#ppolicy-allowedspechar-feedback").addClass("fa-times text-danger"),d=!1)}if(0<window.datas.ppolicy.minspechar&&window.datas.ppolicy.allowedspechar){for(i=0,r=window.datas.ppolicy.allowedspechar.replace(/\s/g,""),n=0;n<e.length;)0<=r.indexOf(e.charAt(n))&&i++,n++;i>=window.datas.ppolicy.minspechar?($("#ppolicy-minspechar-feedback").addClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minspechar-feedback").removeClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").addClass("fa-times text-danger"),d=!1)}if(0<window.datas.ppolicy.minspechar&&!window.datas.ppolicy.allowedspechar){for(n=i=0;n<e.length;)u(e.charAt(n))||i++,n++;i>=window.datas.ppolicy.minspechar?($("#ppolicy-minspechar-feedback").addClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minspechar-feedback").removeClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").addClass("fa-times text-danger"),d=!1)}d?($(".ppolicy").removeClass("border-danger").addClass("border-success"),null!=(l=$("#newpassword").get(0))&&l.setCustomValidity("")):($(".ppolicy").removeClass("border-success").addClass("border-danger"),null!=(c=$("#newpassword").get(0))&&c.setCustomValidity(F("PE28")))},null!=window.datas.ppolicy&&$("#newpassword").length&&(s(""),$("#newpassword").keyup(function(e){s(e.target.value)})),I=function(e){var a;return e.target.checked?($("#newpassword").off("keyup"),null!=(a=$("#newpassword").get(0))?a.setCustomValidity(""):void 0):($("#newpassword").keyup(function(e){s(e.target.value)}),s(""))},r=function(){var e,a,t,n;return(null!=(e=$("#confirmpassword").get(0))?e.value:void 0)===(null!=(a=$("#newpassword").get(0))?a.value:void 0)?(null!=(t=$("#confirmpassword").get(0))&&t.setCustomValidity(""),!0):(null!=(n=$("#confirmpassword").get(0))&&n.setCustomValidity(F("PE34")),!1)},$("#newpassword").change(r),$("#confirmpassword").change(r),null!=window.datas.ppolicy&&$("#newpassword").length&&$("#reset").change(I),G.pingInterval&&0<G.pingInterval&&window.setTimeout(N,G.pingInterval),$(".localeDate").each(function(){var e;return e=new Date(1e3*$(this).attr("val")),$(this).text(e.toLocaleString())}),$(".oidcConsent").on("click",function(){return U($(this).attr("partner"))}),$("#show-hide-button").on("click",function(){return"password"===$("#newpassword").attr("type")?(console.log("Show passwords"),$("#newpassword").attr("type","input"),$("#confirmpassword").attr("type","input"),$("#show-hide-icon-button").removeClass("fa-eye"),$("#show-hide-icon-button").addClass("fa-eye-slash")):(console.log("Hide passwords"),$("#newpassword").attr("type","password"),$("#confirmpassword").attr("type","password"),$("#show-hide-icon-button").removeClass("fa-eye-slash"),$("#show-hide-icon-button").addClass("fa-eye"))}),$("#resetfinduserform").on("click",function(){return console.log("Clear form"),$("#finduserForm").trigger("reset")}),$("#finduserModal").on("hidden.bs.modal",function(){return console.log("Reset modal"),$("#finduserForm").trigger("reset")}),$("#finduserbutton").on("click",function(e){var a;return e.preventDefault(),document.body.style.cursor="progress",a=$("#finduserForm").serialize(),console.log("Send findUser request with",a),$.ajax({type:"POST",url:portal+"finduser",dataType:"json",data:a,success:function(e){var a;if(document.body.style.cursor="default",a=e.user,console.log("Suggested spoofId",a),$("#spoofIdfield").attr("value",a),e.captcha&&$("#captcha").attr("src",e.captcha),e.token)return $("#finduserToken").attr("value",e.token),$("#token").attr("value",e.token)},error:function(e,a,t){var n;if(document.body.style.cursor="default",t&&console.log("Error",t),e&&(n=JSON.parse(e.responseText)),n&&n.error)return console.log("Returned error",n)}})})})}).call(this);
\ No newline at end of file
+(function(){var G,a,D,R,M,N,U,V,_,e,J,g,F,q,r,H=[].indexOf||function(e){for(var a=0,t=this.length;a<t;a++)if(a in this&&this[a]===e)return a;return-1};r={},q=function(s){return $.getJSON(window.staticPrefix+"languages/"+s+".json",function(e){var a,t,n,o;for(a in r=e,t=window.datas.trOver.all)o=t[a],r[a]=o;if(window.datas.trOver[s])for(a in n=window.datas.trOver[s])o=n[a],r[a]=o;return $("[trspan]").each(function(){var e,a,t,n;for(e=$(this).attr("trspan").split(","),n=F(e.shift()),a=0,t=e.length;a<t;a++)o=e[a],n=n.replace(/%[sd]/,o);return $(this).html(n)}),$("[trmsg]").each(function(){if($(this).html(F("PE"+$(this).attr("trmsg"))),F("PE"+$(this).attr("trmsg")).match(/_hide_/))return $(this).parent().hide()}),$("[trplaceholder]").each(function(){return $(this).attr("placeholder",F($(this).attr("trplaceholder")))}),$("[localtime]").each(function(){var e;return e=new Date(1e3*$(this).attr("localtime")),$(this).text(e.toLocaleString())})})},F=function(e){return r[e]?r[e]:e},window.translate=F,M=function(){var o;return o={},$("script[type='application/init']").each(function(){var a,e,t,n;try{for(e in n=JSON.parse($(this).text()),t=[],n)t.push(o[e]=n[e]);return t}catch(e){return a=e,console.log("Parsing error",a),console.log("JSON",$(this).text())}}),console.log(o),o},R=function(e){var a;return(a=RegExp("[?&]"+e+"=([^&]*)").exec(window.location.search))?decodeURIComponent(a[1].replace(/\+/g," ")):null},g="#appslist",J=function(){return e("_appsListOrder",$(g).sortable("toArray").join())},U=function(e){return a("_oidcConsents",e,function(){return $("[partner='"+e+"']").hide()},function(e,a,t){return alert(a+" "+t)})},e=function(t,n,o,s){return $.ajax({type:"GET",url:G.scriptname+"/mysession/?gettoken",dataType:"json",error:s,success:function(e){var a;return(a={token:e.token})[t]=n,$.ajax({type:"PUT",url:G.scriptname+"/mysession/persistent",dataType:"json",data:a,success:o,error:s})}})},a=function(a,t,n,o){return $.ajax({type:"GET",url:G.scriptname+"/mysession/?gettoken",dataType:"json",error:o,success:function(e){return $.ajax({type:"DELETE",url:G.scriptname+"/mysession/persistent/"+a+"?sub="+t+"&token="+e.token,dataType:"json",success:n,error:o})}})},V=function(){var e,a,t,n,o,s,r,i,l,c,d,p,u;if(null==(l=$(g))||!G.appslistorder)return null;for(e=G.appslistorder.split(","),d=[],s=0,r=(o=l.sortable("toArray")).length;s<r;s++)d[u=o[s]]=u;for(c=0,i=e.length;c<i;c++)d[n=e[c]]&&(t=d[n],a=$(g+".ui-sortable").children("#"+t),p=$(g+".ui-sortable").children("#"+n),a.remove(),$(g+".ui-sortable").filter(":first").append(p));return 1},N=function(){return $.ajax({type:"POST",url:G.scriptname,data:{ping:1},dataType:"json",success:function(e){return null!=e.result&&1===e.result?setTimeout(N,G.pingInterval):location.reload(!0)},error:function(e,a,t){return location.reload(!0)}})},window.ping=N,D=function(e){var a,t,n,o,s;for(e+"=",t=decodeURIComponent(document.cookie).split(";"),s=new RegExp("^ *"+e+"="),n=0,o=t.length;n<o;n++)if((a=t[n]).match(s))return a=a.replace(s,"");return""},_=function(e,a,t){var n;return(n=new Date).setTime(n.getTime()+864e5*t),document.cookie=e+"="+a+"; expires="+n.toUTCString()+"; path=/"},G={},$(window).on("load",function(){var e,a,t,n,o,s,r,i,u,l,c,d,p,g,f,h,w,m,y,v,b,k,x,C,T,O,L,S,j,E,P,z,A,I;if(G=M(),"datas"in window&&"choicetab"in window.datas&&(G.choicetab=window.datas.choicetab),window.datas=G,$("#appslist").sortable({axis:"y",cursor:"move",opacity:.5,revert:!0,items:"> div.category",update:function(){return J()}}),V(),$("div.message").fadeIn("slow"),$("input[name=timezone]").val(-(new Date).getTimezoneOffset()/60),k=$("#menu").tabs({active:0}),(b=$('#menu a[href="#'+G.displaytab+'"]').parent().index())<0&&(b=0),k.tabs("option","active",b),n=$("#authMenu").tabs({active:0}),(t=$('#authMenu a[href="#'+G.displaytab+'"]').parent().index())<0&&(t=0),n.tabs("option","active",t),G.choicetab&&n.tabs("option","active",$('#authMenu a[href="#'+G.choicetab+'"]').parent().index()),G.login?$("input[type=password]:first").focus():0===$("input[autofocus]").length&&$("input[type!=hidden]:first").focus(),G.newwindow&&$("#appslist a").attr("target","_blank"),$("p.removeOther").length&&(e=$("#form").attr("action"),x=$("#form").attr("method"),console.log("method=",x),i="",$("#form input[type=hidden]")&&(console.log("Parse hidden values"),$("#form input[type=hidden]").each(function(e){return console.log(" ->",$(this).attr("name"),$(this).val()),i+="&"+$(this).attr("name")+"="+$(this).val()})),o="",e&&(console.log("action=",e),-1!==e.indexOf("?")?e.substring(0,e.indexOf("?")):o=e+"?",o+=i,i=""),y=$("p.removeOther a").attr("href")+"&method="+x+i,o&&(y+="&url="+btoa(o)),$("p.removeOther a").attr("href",y)),window.location.search&&((S=R("llnglanguage"))&&console.log("Get lang from parameter"),1===(A=R("setCookieLang"))&&console.log("Set lang cookie")),c||(c=D("llnglanguage"))&&!S&&console.log("Get lang from cookie"),c)H.call(window.availableLanguages,c)<0&&(c=window.availableLanguages[0],S||console.log("Lang not available -> Get default lang"));else if(navigator){for(p=[],g=[],O=[navigator.language],navigator.languages&&(O=navigator.languages),l=0,f=(E=window.availableLanguages).length;l<f;l++)a=E[l],d+='<img class="langicon" src="'+window.staticPrefix+"common/"+a+'.png" title="'+a+'" alt="['+a+']"> ';for(v=0,h=O.length;v<h;v++)for(T=O[v],console.log("Navigator lang",T),C=0,w=(P=window.availableLanguages).length;C<w;C++)a=P[C],console.log(" Available lang",a),j=new RegExp("^"+a+"-?"),T.match(j)?(console.log("  Matching lang =",a),p.push(a)):a.substring(0,1)===T.substring(0,1)&&g.push(a);(c=p[0]?p[0]:g[0]?g[0]:window.availableLanguages[0])&&!S&&console.log("Get lang from navigator")}else(c=window.availableLanguages[0])&&!S&&console.log("Get lang from window");for(S?(H.call(window.availableLanguages,S)<0&&(console.log("Lang not available -> Get default lang"),S=window.availableLanguages[0]),console.log("Selected lang ->",S),A&&(console.log("Set cookie lang ->",S),_("llnglanguage",S)),q(S)):(console.log("Selected lang ->",c),_("llnglanguage",c),q(c)),d="",L=0,m=(z=window.availableLanguages).length;L<m;L++)a=z[L],d+='<img class="langicon" src="'+window.staticPrefix+"common/"+a+'.png" title="'+a+'" alt="['+a+']"> ';return $("#languages").html(d),$(".langicon").on("click",function(){return c=$(this).attr("title"),_("llnglanguage",c),q(c)}),u=function(e){var a;return 47<(a=e.charCodeAt(0))&&a<58||64<a&&a<91||96<a&&a<123},s=function(e){var a,t,n,o,s,r,i,l,c,d,p;if(d=!0,0<window.datas.ppolicy.minsize&&(e.length>=window.datas.ppolicy.minsize?($("#ppolicy-minsize-feedback").addClass("fa-check text-success"),$("#ppolicy-minsize-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minsize-feedback").removeClass("fa-check text-success"),$("#ppolicy-minsize-feedback").addClass("fa-times text-danger"),d=!1)),0<window.datas.ppolicy.minupper&&((p=e.match(/[A-Z]/g))&&p.length>=window.datas.ppolicy.minupper?($("#ppolicy-minupper-feedback").addClass("fa-check text-success"),$("#ppolicy-minupper-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minupper-feedback").removeClass("fa-check text-success"),$("#ppolicy-minupper-feedback").addClass("fa-times text-danger"),d=!1)),0<window.datas.ppolicy.minlower&&((s=e.match(/[a-z]/g))&&s.length>=window.datas.ppolicy.minlower?($("#ppolicy-minlower-feedback").addClass("fa-check text-success"),$("#ppolicy-minlower-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minlower-feedback").removeClass("fa-check text-success"),$("#ppolicy-minlower-feedback").addClass("fa-times text-danger"),d=!1)),0<window.datas.ppolicy.mindigit&&((a=e.match(/[0-9]/g))&&a.length>=window.datas.ppolicy.mindigit?($("#ppolicy-mindigit-feedback").addClass("fa-check text-success"),$("#ppolicy-mindigit-feedback").removeClass("fa-times text-danger")):($("#ppolicy-mindigit-feedback").removeClass("fa-check text-success"),$("#ppolicy-mindigit-feedback").addClass("fa-times text-danger"),d=!1)),window.datas.ppolicy.allowedspechar){for(r=window.datas.ppolicy.allowedspechar.replace(/\s/g,""),t=!1,n=0,o=e.length;n<o;)u(e.charAt(n))||r.indexOf(e.charAt(n))<0&&(t=!0),n++;!1===t?($("#ppolicy-allowedspechar-feedback").addClass("fa-check text-success"),$("#ppolicy-allowedspechar-feedback").removeClass("fa-times text-danger")):($("#ppolicy-allowedspechar-feedback").removeClass("fa-check text-success"),$("#ppolicy-allowedspechar-feedback").addClass("fa-times text-danger"),d=!1)}if(0<window.datas.ppolicy.minspechar&&window.datas.ppolicy.allowedspechar){for(i=0,r=window.datas.ppolicy.allowedspechar.replace(/\s/g,""),n=0;n<e.length;)0<=r.indexOf(e.charAt(n))&&i++,n++;i>=window.datas.ppolicy.minspechar?($("#ppolicy-minspechar-feedback").addClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minspechar-feedback").removeClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").addClass("fa-times text-danger"),d=!1)}if(0<window.datas.ppolicy.minspechar&&!window.datas.ppolicy.allowedspechar){for(n=i=0;n<e.length;)u(e.charAt(n))||i++,n++;i>=window.datas.ppolicy.minspechar?($("#ppolicy-minspechar-feedback").addClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").removeClass("fa-times text-danger")):($("#ppolicy-minspechar-feedback").removeClass("fa-check text-success"),$("#ppolicy-minspechar-feedback").addClass("fa-times text-danger"),d=!1)}d?($(".ppolicy").removeClass("border-danger").addClass("border-success"),null!=(l=$("#newpassword").get(0))&&l.setCustomValidity("")):($(".ppolicy").removeClass("border-success").addClass("border-danger"),null!=(c=$("#newpassword").get(0))&&c.setCustomValidity(F("PE28")))},null!=window.datas.ppolicy&&$("#newpassword").length&&(s(""),$("#newpassword").keyup(function(e){s(e.target.value)})),I=function(e){var a;return e.target.checked?($("#newpassword").off("keyup"),null!=(a=$("#newpassword").get(0))?a.setCustomValidity(""):void 0):($("#newpassword").keyup(function(e){s(e.target.value)}),s(""))},r=function(){var e,a,t,n;return(null!=(e=$("#confirmpassword").get(0))?e.value:void 0)===(null!=(a=$("#newpassword").get(0))?a.value:void 0)?(null!=(t=$("#confirmpassword").get(0))&&t.setCustomValidity(""),!0):(null!=(n=$("#confirmpassword").get(0))&&n.setCustomValidity(F("PE34")),!1)},$("#newpassword").change(r),$("#confirmpassword").change(r),null!=window.datas.ppolicy&&$("#newpassword").length&&$("#reset").change(I),G.pingInterval&&0<G.pingInterval&&window.setTimeout(N,G.pingInterval),$(".localeDate").each(function(){var e;return e=new Date(1e3*$(this).attr("val")),$(this).text(e.toLocaleString())}),$(".oidcConsent").on("click",function(){return U($(this).attr("partner"))}),$("#show-hide-button").on("click",function(){return"password"===$("#newpassword").attr("type")?(console.log("Show passwords"),$("#newpassword").attr("type","input"),$("#confirmpassword").attr("type","input"),$("#show-hide-icon-button").removeClass("fa-eye"),$("#show-hide-icon-button").addClass("fa-eye-slash")):(console.log("Hide passwords"),$("#newpassword").attr("type","password"),$("#confirmpassword").attr("type","password"),$("#show-hide-icon-button").removeClass("fa-eye-slash"),$("#show-hide-icon-button").addClass("fa-eye"))}),$("#resetfinduserform").on("click",function(){return console.log("Reset form"),$("#finduserForm").trigger("reset")}),$("#finduserModal").on("hidden.bs.modal",function(){return console.log("Clear modal"),$("#finduserForm").trigger("reset")}),$("#finduserbutton").on("click",function(e){var a;return e.preventDefault(),document.body.style.cursor="progress",a=$("#finduserForm").serialize(),console.log("Send findUser request with",a),$.ajax({type:"POST",url:portal+"finduser",dataType:"json",data:a,success:function(e){var a;if(document.body.style.cursor="default",a=e.user,console.log("Suggested spoofId",a),$("#spoofIdfield").attr("value",a),e.captcha&&$("#captcha").attr("src",e.captcha),e.token)return $("#finduserToken").attr("value",e.token),$("#token").attr("value",e.token)},error:function(e,a,t){var n;if(document.body.style.cursor="default",t&&console.log("Error",t),e&&(n=JSON.parse(e.responseText)),n&&n.error)return console.log("Returned error",n)}})})})}).call(this);
\ No newline at end of file
diff --git a/lemonldap-ng-portal/t/61-CrowdSec-warn.t b/lemonldap-ng-portal/t/61-CrowdSec-warn.t
index eaa7674c7..f09485453 100644
--- a/lemonldap-ng-portal/t/61-CrowdSec-warn.t
+++ b/lemonldap-ng-portal/t/61-CrowdSec-warn.t
@@ -32,7 +32,7 @@ my $res;
 
 my $client = LLNG::Manager::Test->new( {
         ini => {
-            logLevel       => 'debug',
+            logLevel       => 'error',
             authentication => 'Demo',
             userDB         => 'Same',
             crowdsec       => 1,
diff --git a/lemonldap-ng-portal/t/61-CrowdSec.t b/lemonldap-ng-portal/t/61-CrowdSec.t
index 395b6b86b..8ede7724b 100644
--- a/lemonldap-ng-portal/t/61-CrowdSec.t
+++ b/lemonldap-ng-portal/t/61-CrowdSec.t
@@ -32,7 +32,7 @@ my $res;
 
 my $client = LLNG::Manager::Test->new( {
         ini => {
-            logLevel       => 'debug',
+            logLevel       => 'error',
             authentication => 'Demo',
             userDB         => 'Same',
             crowdsec       => 1,