worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Append accessor to avoid modify conf (#2451)

Browse Source
reject-browser-part-of-url
Christophe Maudoux 4 years ago committed by Yadd
parent 61c4150cb9
commit ff36b81e73
7 changed files with 33 additions and 32 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      doc/sources/admin/crowdsec.rst
  2. 38
      doc/sources/admin/start.rst
  3. 15
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CrowdSec.pm
  4. 4
      lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
  5. 2
      lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
  6. 2
      lemonldap-ng-portal/t/61-CrowdSec-warn.t
  7. 2
      lemonldap-ng-portal/t/61-CrowdSec.t

2
doc/sources/admin/crowdsec.rst
Unescape View File

@ -11,7 +11,7 @@ community-powered IP reputation system.
LL::NG provides a **CrowdSec** bouncer that can reject Crowdsec banned-IP
requests or just provide an environment variable that can be used in
another plugin rule. For example, a second factor may be required if user's
IP is CrowdSec bans it.
IP is CrowdSec-banned.
Configuration
-------------

38
doc/sources/admin/start.rst
Unescape View File

@ -276,21 +276,21 @@ Name Description
:doc:`Check user<checkuser>` [6]_ |new| Check access rights, transmitted headers and session attibutes for a specific user and URL
:doc:`Configuration viewer<viewer>` |new| Edit WebSSO configuration in Read Only mode
:doc:`Context switching<contextswitching>` [7]_\ |new| Switch context other users
:doc:`CrowdSec<crowdsec>` [16]_\ |new| CrowdSec bouncer
:doc:`CrowdSec<crowdsec>` [8]_\ |new| CrowdSec bouncer
:doc:`Custom<plugincustom>` Write a custom plugin
:doc:`Decrypt value<decryptvalue>` [8]_\ |image35| Decrypt ciphered values
:doc:`Decrypt value<decryptvalue>` [9]_\ |image35| Decrypt ciphered values
:doc:`Display login history<loginhistory>` Display Success/Fails logins
:doc:`Force Authentication<forcereauthn>` Force authentication to access to Portal
:doc:`Global Logout<globallogout>` [9]_ Suggest to close all opened sessions at logout
:doc:`Global Logout<globallogout>` [10]_ Suggest to close all opened sessions at logout
:doc:`Grant Sessions<grantsession>` Rules to apply before allowing a user to open a session
:doc:`Impersonation<impersonation>` [10]_\ |new| Allow users to use another identity
:doc:`Find user<finduser>` [11]_\ |new| Search for user account
:doc:`Impersonation<impersonation>` [11]_\ |new| Allow users to use another identity
:doc:`Find user<finduser>` [12]_\ |new| Search for user account
:doc:`Notifications system<notifications>` DIsplay a message during log in process
:doc:`Portal Status<status>` Experimental portal status page
:doc:`Public pages<public_pages>` Enable public pages system
:doc:`Refresh session API<refreshsessionapi>` [12]_ Plugin that provides an API to refresh a user session
:doc:`Refresh session API<refreshsessionapi>` [13]_ Plugin that provides an API to refresh a user session
:doc:`Reset password by mail<resetpassword>` Send a mail to reset its password
:doc:`Reset certificate by mail<resetcertificate>` [13]_\ |image37| Allow users to reset their certificate
:doc:`Reset certificate by mail<resetcertificate>` [14]_\ |image37| Allow users to reset their certificate
:doc:`REST services<restservices>` |new| REST server for :doc:`Proxy<authproxy>`
:doc:`SOAP services<soapservices>` |deprecated| SOAP server for :doc:`Proxy<authproxy>`
:doc:`Stay connected<stayconnected>` |new| Enable persistent connection on same browser
@ -308,12 +308,12 @@ Handlers are software control agents to be installed on your web servers
==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
Handler type Apache LLNG FastCGI/uWSGI server (Nginx, or :doc:`SSOaaS<ssoaas>`) `Plack servers <https://plackperl.org>`__ Node.js ( `express apps <http://expressjs.com/>`__\ or :doc:`SSOaaS<ssoaas>`) :doc:`Self protected apps<selfmadeapplication>` Comment
==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
Main *(default handler)* ✔ ✔ ✔ :doc:`Partial<nodehandler>` ** [14]_ **
Main *(default handler)* ✔ ✔ ✔ :doc:`Partial<nodehandler>` ** [15]_ **
:doc:`AuthBasic<handlerauthbasic>` ✔ ✔ ✔ ✔ Designed for some server-to-server applications
:doc:`CDA<cda>` ✔ ✔ ✔ ✔ For Cross Domain Authentication
:doc:`DevOps<devopshandler>` (:doc:`SSOaaS<ssoaas>`) |new| ✔ ✔ ✔ ✔ Allows application developers to define their own rules and headers inside their applications
:doc:`DevOpsST<devopssthandler>` (:doc:`SSOaaS<ssoaas>`) |new| ✔ ✔ ✔ ✔ Enables both :doc:`DevOps<devopshandler>` and :doc:`Service Token<servertoserver>`
:doc:`OAuth2<oauth2handler>` [15]_\ |new| ✔ ✔ ✔ ✔ Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services
:doc:`OAuth2<oauth2handler>` [16]_\ |new| ✔ ✔ ✔ ✔ Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services
:doc:`Secure Token<securetoken>` ✔ ✔ ✔ Designed to secure exchanges between a LLNG reverse-proxy and a remote app
:doc:`Service Token<servertoserver>` |new| *(Server-to-Server)* ✔ ✔ ✔ ✔ ✔ Designed to permit underlying requests *(API-Based Infrastructure)*
:doc:`Zimbra PreAuth<applications/zimbra>` ✔ ✔ ✔
@ -579,38 +579,38 @@ by your language code):
LLNG ≥ 2.0.6
.. [8]
:doc:`CrowdSec bouncer <crowdsec>` is available with LLNG ≥ 2.0.12
.. [9]
:doc:`Decrypt value plugin<decryptvalue>` is available with LLNG ≥
2.0.7
.. [9]
.. [10]
:doc:`Global Logout plugin<globallogout>` is available with LLNG ≥
2.0.7
.. [10]
.. [11]
:doc:`Impersonation plugin<impersonation>` is available with LLNG ≥
2.0.3
.. [11]
.. [12]
:doc:`Find user plugin<finduser>` is available with LLNG ≥
2.0.11
.. [12]
.. [13]
:doc:`Refresh session API plugin<refreshsessionapi>` is available
with LLNG ≥ 2.0.7
.. [13]
.. [14]
:doc:`Reset certificate by mail plugin<resetcertificate>` is
available with LLNG ≥ 2.0.7
.. [14]
.. [15]
:doc:`Node.js handler<nodehandler>` has not yet reached the same
level of functionalities
.. [15]
:doc:`OAuth2 Handler<oauth2handler>` is available with LLNG ≥ 2.0.4
.. [16]
:doc:`CrowdSec bouncer <crowdsec>` is available with LLNG ≥ 2.0.12
:doc:`OAuth2 Handler<oauth2handler>` is available with LLNG ≥ 2.0.4
.. |image0| image:: /icons/kthememgr.png
.. |image1| image:: /icons/warehause.png

15
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CrowdSec.pm
Unescape View File

@ -5,12 +5,12 @@ use Mouse;
use JSON qw(from_json);
use Lemonldap::NG::Common::UserAgent;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_ERROR
PE_OK
PE_ERROR
PE_SESSIONNOTGRANTED
);
our $VERSION = '2.0.10';
our $VERSION = '2.0.12';
extends 'Lemonldap::NG::Portal::Main::Plugin';
@ -28,18 +28,19 @@ has ua => (
return $ua;
}
);
has crowdsecUrl => ( is => 'rw' );
sub init {
my ($self) = @_;
if ( $self->conf->{crowdsecUrl} ) {
$self->conf->{crowdsecUrl} =~ s#/+$##;
$self->crowdsecUrl( $self->conf->{crowdsecUrl} =~ s#/+$## );
}
else {
$self->logger->warn(
"crowdsecUrl isn't set, fallback to http://localhost:8080");
$self->conf->{crowdsecUrl} = 'http://localhost:8080';
$self->crowdsecUrl('http://localhost:8080');
}
$self->logger->notice( "CrowdSec policy is: "
$self->logger->notice( 'CrowdSec policy is: '
. ( $self->conf->{crowdsecAction} ? 'reject' : 'warn' ) );
return 1;
}
@ -48,12 +49,12 @@ sub check {
my ( $self, $req ) = @_;
my $ip = $req->address;
my $resp = $self->ua->get(
$self->conf->{crowdsecUrl} . "/v1/decisions?ip=$ip",
$self->crowdsecUrl . "/v1/decisions?ip=$ip",
'Accept' => 'application/json',
'X-Api-Key' => $self->conf->{crowdsecKey},
);
if ( $resp->is_error ) {
$self->logger->error( "Bad CrowdSec response: " . $resp->message );
$self->logger->error( 'Bad CrowdSec response: ' . $resp->message );
$self->logger->debug( $resp->content );
return PE_ERROR;
}

4
lemonldap-ng-portal/site/htdocs/static/common/js/portal.js vendored
Unescape View File

@ -588,11 +588,11 @@ LemonLDAP::NG Portal jQuery scripts
}
});
$('#resetfinduserform').on('click', function() {
console.log('Clear form');
console.log('Reset form');
return $('#finduserForm').trigger('reset');
});
$('#finduserModal').on('hidden.bs.modal', function() {
console.log('Reset modal');
console.log('Clear modal');
return $('#finduserForm').trigger('reset');
});
return $('#finduserbutton').on('click', function(event) {

2
lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js vendored
View File

File diff suppressed because one or more lines are too long

2
lemonldap-ng-portal/t/61-CrowdSec-warn.t
Unescape View File

@ -32,7 +32,7 @@ my $res;
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'debug',
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
crowdsec => 1,

2
lemonldap-ng-portal/t/61-CrowdSec.t
Unescape View File

@ -32,7 +32,7 @@ my $res;
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'debug',
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
crowdsec => 1,

Write Preview
Loading…
Cancel
Save