Append accessor to avoid modify conf (#2451)

4 years ago · ff36b81e73
parent 61c4150cb9
commit ff36b81e73
7 changed files with 33 additions and 32 deletions
--- a/doc/sources/admin/crowdsec.rst
+++ b/doc/sources/admin/crowdsec.rst
@ -11,7 +11,7 @@ community-powered IP reputation system.
 LL::NG provides a **CrowdSec** bouncer that can reject Crowdsec banned-IP
 requests or just provide an environment variable that can be used in
 another plugin rule. For example, a second factor may be required if user's
-IP is CrowdSec bans it.
+IP is CrowdSec-banned.
 Configuration
 -------------
--- a/doc/sources/admin/start.rst
+++ b/doc/sources/admin/start.rst
@ -276,21 +276,21 @@ Name                                                                 Description
 :doc:`Check user<checkuser>`  [6]_ |new|                             Check access rights, transmitted headers and session attibutes for a specific user and URL
 :doc:`Configuration viewer<viewer>` |new|                            Edit WebSSO configuration in Read Only mode
 :doc:`Context switching<contextswitching>`  [7]_\ |new|              Switch context other users
-:doc:`CrowdSec<crowdsec>`  [16]_\ |new|                              CrowdSec bouncer
+:doc:`CrowdSec<crowdsec>`  [8]_\ |new|                               CrowdSec bouncer
 :doc:`Custom<plugincustom>`                                          Write a custom plugin
-:doc:`Decrypt value<decryptvalue>`  [8]_\ |image35|                  Decrypt ciphered values
+:doc:`Decrypt value<decryptvalue>`  [9]_\ |image35|                  Decrypt ciphered values
 :doc:`Display login history<loginhistory>`                           Display Success/Fails logins
 :doc:`Force Authentication<forcereauthn>`                            Force authentication to access to Portal
-:doc:`Global Logout<globallogout>`  [9]_                             Suggest to close all opened sessions at logout
+:doc:`Global Logout<globallogout>`  [10]_                            Suggest to close all opened sessions at logout
 :doc:`Grant Sessions<grantsession>`                                  Rules to apply before allowing a user to open a session
-:doc:`Impersonation<impersonation>`  [10]_\ |new|                     Allow users to use another identity
+:doc:`Impersonation<impersonation>`  [11]_\ |new|                    Allow users to use another identity
-:doc:`Find user<finduser>`  [11]_\ |new|                             Search for user account
+:doc:`Find user<finduser>`  [12]_\ |new|                             Search for user account
 :doc:`Notifications system<notifications>`                           DIsplay a message during log in process 
 :doc:`Portal Status<status>`                                         Experimental portal status page
 :doc:`Public pages<public_pages>`                                    Enable public pages system
-:doc:`Refresh session API<refreshsessionapi>`  [12]_                 Plugin that provides an API to refresh a user session
+:doc:`Refresh session API<refreshsessionapi>`  [13]_                 Plugin that provides an API to refresh a user session
 :doc:`Reset password by mail<resetpassword>`                         Send a mail to reset its password
-:doc:`Reset certificate by mail<resetcertificate>`  [13]_\ |image37| Allow users to reset their certificate
+:doc:`Reset certificate by mail<resetcertificate>`  [14]_\ |image37| Allow users to reset their certificate
 :doc:`REST services<restservices>` |new|                             REST server for :doc:`Proxy<authproxy>`
 :doc:`SOAP services<soapservices>` |deprecated|                      SOAP server for :doc:`Proxy<authproxy>`
 :doc:`Stay connected<stayconnected>` |new|                           Enable persistent connection on same browser
@ -308,12 +308,12 @@ Handlers are software control agents to be installed on your web servers
 ==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
 Handler type                                                         Apache     LLNG FastCGI/uWSGI server (Nginx, or :doc:`SSOaaS<ssoaas>`)   `Plack servers <https://plackperl.org>`__   Node.js  ( `express apps <http://expressjs.com/>`__\  or :doc:`SSOaaS<ssoaas>`)    :doc:`Self protected apps<selfmadeapplication>`   Comment
 ==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
-Main *(default handler)*                                             ✔          ✔                                                             ✔                                           :doc:`Partial<nodehandler>` ** [14]_ **                                             ✔
+Main *(default handler)*                                             ✔          ✔                                                             ✔                                           :doc:`Partial<nodehandler>` ** [15]_ **                                            ✔
 :doc:`AuthBasic<handlerauthbasic>`                                   ✔          ✔                                                             ✔                                                                                                                              ✔                                               Designed for some server-to-server applications
 :doc:`CDA<cda>`                                                      ✔          ✔                                                             ✔                                                                                                                              ✔                                               For Cross Domain Authentication
 :doc:`DevOps<devopshandler>`  (:doc:`SSOaaS<ssoaas>`)  |new|         ✔          ✔                                                             ✔                                           ✔                                                                                                                                  Allows application developers to define their own rules and headers inside their applications
 :doc:`DevOpsST<devopssthandler>`  (:doc:`SSOaaS<ssoaas>`)  |new|     ✔          ✔                                                             ✔                                           ✔                                                                                                                                  Enables both :doc:`DevOps<devopshandler>` and :doc:`Service Token<servertoserver>`
-:doc:`OAuth2<oauth2handler>`  [15]_\ |new|                           ✔          ✔                                                             ✔                                                                                                                              ✔                                               Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services
+:doc:`OAuth2<oauth2handler>`  [16]_\ |new|                           ✔          ✔                                                             ✔                                                                                                                              ✔                                               Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services
 :doc:`Secure Token<securetoken>`                                     ✔          ✔                                                             ✔                                                                                                                                                                              Designed to secure exchanges between a LLNG reverse-proxy and a remote app
 :doc:`Service Token<servertoserver>` |new| *(Server-to-Server)*      ✔          ✔                                                             ✔                                           ✔                                                                                  ✔                                               Designed to permit underlying requests *(API-Based Infrastructure)*
 :doc:`Zimbra PreAuth<applications/zimbra>`                           ✔          ✔                                                             ✔
@ -579,38 +579,38 @@ by your language code):
   LLNG ≥ 2.0.6
 .. [8]
   :doc:`CrowdSec bouncer <crowdsec>` is available with LLNG ≥ 2.0.12
 .. [9]
   :doc:`Decrypt value plugin<decryptvalue>` is available with LLNG ≥
   2.0.7
-.. [9]
+.. [10]
   :doc:`Global Logout plugin<globallogout>` is available with LLNG ≥
   2.0.7
-.. [10]
+.. [11]
   :doc:`Impersonation plugin<impersonation>` is available with LLNG ≥
   2.0.3
-.. [11]
+.. [12]
   :doc:`Find user plugin<finduser>` is available with LLNG ≥
   2.0.11
-.. [12]
+.. [13]
   :doc:`Refresh session API plugin<refreshsessionapi>` is available
   with LLNG ≥ 2.0.7
-.. [13]
+.. [14]
   :doc:`Reset certificate by mail plugin<resetcertificate>` is
   available with LLNG ≥ 2.0.7
-.. [14]
+.. [15]
   :doc:`Node.js handler<nodehandler>` has not yet reached the same
   level of functionalities
 .. [15]
   :doc:`OAuth2 Handler<oauth2handler>` is available with LLNG ≥ 2.0.4
 .. [16]
-   :doc:`CrowdSec bouncer <crowdsec>` is available with LLNG ≥ 2.0.12
+   :doc:`OAuth2 Handler<oauth2handler>` is available with LLNG ≥ 2.0.4
 .. |image0| image:: /icons/kthememgr.png
 .. |image1| image:: /icons/warehause.png
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CrowdSec.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CrowdSec.pm
@ -5,12 +5,12 @@ use Mouse;
 use JSON qw(from_json);
 use Lemonldap::NG::Common::UserAgent;
 use Lemonldap::NG::Portal::Main::Constants qw(
  PE_ERROR
  PE_OK
  PE_ERROR
  PE_SESSIONNOTGRANTED
 );
-our $VERSION = '2.0.10';
+our $VERSION = '2.0.12';
 extends 'Lemonldap::NG::Portal::Main::Plugin';
@ -28,18 +28,19 @@ has ua => (
        return $ua;
    }
 );
 has crowdsecUrl => ( is => 'rw' );
 sub init {
    my ($self) = @_;
    if ( $self->conf->{crowdsecUrl} ) {
-        $self->conf->{crowdsecUrl} =~ s#/+$##;
+        $self->crowdsecUrl( $self->conf->{crowdsecUrl} =~ s#/+$## );
    }
    else {
        $self->logger->warn(
            "crowdsecUrl isn't set, fallback to http://localhost:8080");
-        $self->conf->{crowdsecUrl} = 'http://localhost:8080';
+        $self->crowdsecUrl('http://localhost:8080');
    }
-    $self->logger->notice( "CrowdSec policy is: "
+    $self->logger->notice( 'CrowdSec policy is: '
          . ( $self->conf->{crowdsecAction} ? 'reject' : 'warn' ) );
    return 1;
 }
@ -48,12 +49,12 @@ sub check {
    my ( $self, $req ) = @_;
    my $ip   = $req->address;
    my $resp = $self->ua->get(
-        $self->conf->{crowdsecUrl} . "/v1/decisions?ip=$ip",
+        $self->crowdsecUrl . "/v1/decisions?ip=$ip",
        'Accept'    => 'application/json',
        'X-Api-Key' => $self->conf->{crowdsecKey},
    );
    if ( $resp->is_error ) {
-        $self->logger->error( "Bad CrowdSec response: " . $resp->message );
+        $self->logger->error( 'Bad CrowdSec response: ' . $resp->message );
        $self->logger->debug( $resp->content );
        return PE_ERROR;
    }
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
@ -588,11 +588,11 @@ LemonLDAP::NG Portal jQuery scripts
      }
    });
    $('#resetfinduserform').on('click', function() {
-      console.log('Clear form');
+      console.log('Reset form');
      return $('#finduserForm').trigger('reset');
    });
    $('#finduserModal').on('hidden.bs.modal', function() {
-      console.log('Reset modal');
+      console.log('Clear modal');
      return $('#finduserForm').trigger('reset');
    });
    return $('#finduserbutton').on('click', function(event) {
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
--- a/lemonldap-ng-portal/t/61-CrowdSec-warn.t
+++ b/lemonldap-ng-portal/t/61-CrowdSec-warn.t
@ -32,7 +32,7 @@ my $res;
 my $client = LLNG::Manager::Test->new( {
        ini => {
-            logLevel       => 'debug',
+            logLevel       => 'error',
            authentication => 'Demo',
            userDB         => 'Same',
            crowdsec       => 1,
--- a/lemonldap-ng-portal/t/61-CrowdSec.t
+++ b/lemonldap-ng-portal/t/61-CrowdSec.t
@ -32,7 +32,7 @@ my $res;
 my $client = LLNG::Manager::Test->new( {
        ini => {
-            logLevel       => 'debug',
+            logLevel       => 'error',
            authentication => 'Demo',
            userDB         => 'Same',
            crowdsec       => 1,