mirror of
https://github.com/LDAPAccountManager/lam.git
synced 2025-10-03 09:49:16 +02:00
Compare commits
4 commits
cb94c2a01f
...
dd3330a41b
| Author | SHA1 | Date | |
|---|---|---|---|
|
dd3330a41b | ||
|
|
c7bf812759 | ||
|
|
9c004d2db2 | ||
|
|
fb281a0be6 |
7 changed files with 41 additions and 27 deletions
|
|
@ -14,6 +14,7 @@ use Facile\OpenIDClient\Issuer\IssuerBuilder;
|
||||||
use GuzzleHttp\Psr7\ServerRequest;
|
use GuzzleHttp\Psr7\ServerRequest;
|
||||||
use htmlResponsiveRow;
|
use htmlResponsiveRow;
|
||||||
use LAM\LOGIN\WEBAUTHN\WebauthnManager;
|
use LAM\LOGIN\WEBAUTHN\WebauthnManager;
|
||||||
|
use LAM_INTERFACE;
|
||||||
use SelfServiceLoginHandler;
|
use SelfServiceLoginHandler;
|
||||||
use selfServiceProfile;
|
use selfServiceProfile;
|
||||||
use LAMConfig;
|
use LAMConfig;
|
||||||
|
|
@ -461,7 +462,7 @@ class DuoProvider extends BaseProvider {
|
||||||
* @see BaseProvider::addCustomInput
|
* @see BaseProvider::addCustomInput
|
||||||
*/
|
*/
|
||||||
public function addCustomInput(&$row, $userDn) {
|
public function addCustomInput(&$row, $userDn) {
|
||||||
$pathPrefix = $this->config->isSelfService ? '../' : '';
|
$pathPrefix = ($this->config->interface === LAM_INTERFACE::SELF_SERVICE) ? '../' : '';
|
||||||
$row->add(new htmlImage($pathPrefix . '../graphics/duo.png'));
|
$row->add(new htmlImage($pathPrefix . '../graphics/duo.png'));
|
||||||
if (!empty($_GET['duo_code'])) {
|
if (!empty($_GET['duo_code'])) {
|
||||||
// authentication is verified
|
// authentication is verified
|
||||||
|
|
@ -612,7 +613,7 @@ class OktaProvider extends BaseProvider {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$pathPrefix = $this->config->isSelfService ? '../' : '';
|
$pathPrefix = ($this->config->interface === LAM_INTERFACE::SELF_SERVICE) ? '../' : '';
|
||||||
$row->add(new htmlImage($pathPrefix . '../graphics/okta.png'));
|
$row->add(new htmlImage($pathPrefix . '../graphics/okta.png'));
|
||||||
$_SESSION['okta_state'] = bin2hex(random_bytes(10));
|
$_SESSION['okta_state'] = bin2hex(random_bytes(10));
|
||||||
$_SESSION['okta_code_verifier'] = bin2hex(random_bytes(50));
|
$_SESSION['okta_code_verifier'] = bin2hex(random_bytes(50));
|
||||||
|
|
@ -797,7 +798,7 @@ class OpenIdProvider extends BaseProvider {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
$content = new htmlResponsiveRow();
|
$content = new htmlResponsiveRow();
|
||||||
$pathPrefix = $this->config->isSelfService ? '../' : '';
|
$pathPrefix = ($this->config->interface === LAM_INTERFACE::SELF_SERVICE) ? '../' : '';
|
||||||
$row->add(new htmlImage($pathPrefix . '../graphics/openid.png'));
|
$row->add(new htmlImage($pathPrefix . '../graphics/openid.png'));
|
||||||
include_once __DIR__ . '/3rdParty/composer/autoload.php';
|
include_once __DIR__ . '/3rdParty/composer/autoload.php';
|
||||||
try {
|
try {
|
||||||
|
|
@ -976,8 +977,8 @@ class WebauthnProvider extends BaseProvider {
|
||||||
$row->add(new htmlStatusMessage('INFO', _('Please register a security device.')));
|
$row->add(new htmlStatusMessage('INFO', _('Please register a security device.')));
|
||||||
}
|
}
|
||||||
$row->addVerticalSpacer('2rem');
|
$row->addVerticalSpacer('2rem');
|
||||||
$pathPrefix = $this->config->isSelfService ? '../' : '';
|
$pathPrefix = ($this->config->interface === LAM_INTERFACE::SELF_SERVICE) ? '../' : '';
|
||||||
$selfServiceParam = $this->config->isSelfService ? 'true' : 'false';
|
$selfServiceParam = ($this->config->interface === LAM_INTERFACE::SELF_SERVICE) ? 'selfservice=true' : '';
|
||||||
$row->add(new htmlImage($pathPrefix . '../graphics/webauthn.svg', '50%'));
|
$row->add(new htmlImage($pathPrefix . '../graphics/webauthn.svg', '50%'));
|
||||||
$row->addVerticalSpacer('1rem');
|
$row->addVerticalSpacer('1rem');
|
||||||
$errorMessage = new htmlStatusMessage('ERROR', '', _('This service requires a browser with "WebAuthn" support.'));
|
$errorMessage = new htmlStatusMessage('ERROR', '', _('This service requires a browser with "WebAuthn" support.'));
|
||||||
|
|
@ -995,7 +996,7 @@ class WebauthnProvider extends BaseProvider {
|
||||||
$errorMessageDiv->addDataAttribute('button', _('Ok'));
|
$errorMessageDiv->addDataAttribute('button', _('Ok'));
|
||||||
$errorMessageDiv->addDataAttribute('title', _('WebAuthn failed'));
|
$errorMessageDiv->addDataAttribute('title', _('WebAuthn failed'));
|
||||||
$row->add($errorMessageDiv);
|
$row->add($errorMessageDiv);
|
||||||
$row->add(new htmlJavaScript('window.lam.webauthn.start(\'' . $pathPrefix . '\', ' . $selfServiceParam . ',' .
|
$row->add(new htmlJavaScript('window.lam.webauthn.start(\'' . $pathPrefix . '\', \'' . $selfServiceParam . '\',' .
|
||||||
' \'' . _('Do you want to set a name for this device?') . '\', \'' . _('Name') . '\',' .
|
' \'' . _('Do you want to set a name for this device?') . '\', \'' . _('Name') . '\',' .
|
||||||
' \'' . _('Ok') . '\', \'' . _('Cancel') . '\');'), 0);
|
' \'' . _('Ok') . '\', \'' . _('Cancel') . '\');'), 0);
|
||||||
}
|
}
|
||||||
|
|
@ -1244,7 +1245,7 @@ class TwoFactorProviderService {
|
||||||
*/
|
*/
|
||||||
private function getConfigSelfService(&$profile): TwoFactorConfiguration {
|
private function getConfigSelfService(&$profile): TwoFactorConfiguration {
|
||||||
$tfConfig = new TwoFactorConfiguration();
|
$tfConfig = new TwoFactorConfiguration();
|
||||||
$tfConfig->isSelfService = true;
|
$tfConfig->interface = LAM_INTERFACE::SELF_SERVICE;
|
||||||
$tfConfig->twoFactorAuthentication = $profile->twoFactorAuthentication;
|
$tfConfig->twoFactorAuthentication = $profile->twoFactorAuthentication;
|
||||||
$tfConfig->twoFactorAuthenticationInsecure = $profile->twoFactorAuthenticationInsecure;
|
$tfConfig->twoFactorAuthenticationInsecure = $profile->twoFactorAuthenticationInsecure;
|
||||||
$tfConfig->twoFactorAuthenticationOptional = $profile->twoFactorAuthenticationOptional;
|
$tfConfig->twoFactorAuthenticationOptional = $profile->twoFactorAuthenticationOptional;
|
||||||
|
|
@ -1294,7 +1295,7 @@ class TwoFactorProviderService {
|
||||||
*/
|
*/
|
||||||
private function getConfigAdmin($conf): TwoFactorConfiguration {
|
private function getConfigAdmin($conf): TwoFactorConfiguration {
|
||||||
$tfConfig = new TwoFactorConfiguration();
|
$tfConfig = new TwoFactorConfiguration();
|
||||||
$tfConfig->isSelfService = false;
|
$tfConfig->interface = LAM_INTERFACE::ADMIN;
|
||||||
$tfConfig->twoFactorAuthentication = $conf->getTwoFactorAuthentication();
|
$tfConfig->twoFactorAuthentication = $conf->getTwoFactorAuthentication();
|
||||||
$tfConfig->twoFactorAuthenticationInsecure = $conf->getTwoFactorAuthenticationInsecure();
|
$tfConfig->twoFactorAuthenticationInsecure = $conf->getTwoFactorAuthenticationInsecure();
|
||||||
$tfConfig->twoFactorAuthenticationOptional = $conf->getTwoFactorAuthenticationOptional();
|
$tfConfig->twoFactorAuthenticationOptional = $conf->getTwoFactorAuthenticationOptional();
|
||||||
|
|
@ -1340,10 +1341,8 @@ class TwoFactorProviderService {
|
||||||
*/
|
*/
|
||||||
class TwoFactorConfiguration {
|
class TwoFactorConfiguration {
|
||||||
|
|
||||||
/**
|
/** LAM UI */
|
||||||
* @var bool is self service
|
public LAM_INTERFACE $interface = LAM_INTERFACE::ADMIN;
|
||||||
*/
|
|
||||||
public bool $isSelfService = false;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var ?string provider id
|
* @var ?string provider id
|
||||||
|
|
|
||||||
|
|
@ -39,6 +39,18 @@ use function LAM\TYPES\getScopeFromTypeId;
|
||||||
* @author Thomas Manninger
|
* @author Thomas Manninger
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Defines the possible LAM user interfaces.
|
||||||
|
*/
|
||||||
|
enum LAM_INTERFACE {
|
||||||
|
/** admin pages to manage any type aof entry */
|
||||||
|
case ADMIN;
|
||||||
|
/** user self-service to manage own data */
|
||||||
|
case SELF_SERVICE;
|
||||||
|
/** white-pages to display users */
|
||||||
|
case WHITE_PAGES;
|
||||||
|
}
|
||||||
|
|
||||||
/** persistence */
|
/** persistence */
|
||||||
include_once __DIR__ . '/persistence.inc';
|
include_once __DIR__ . '/persistence.inc';
|
||||||
/** Used to print messages. */
|
/** Used to print messages. */
|
||||||
|
|
|
||||||
|
|
@ -444,7 +444,7 @@ class AddEntryTask implements ImporterTask {
|
||||||
* Constructor
|
* Constructor
|
||||||
*
|
*
|
||||||
* @param string $dn DN
|
* @param string $dn DN
|
||||||
* @param array[string[]] $attributes list of attributes
|
* @param array<string, string[]> $attributes list of attributes
|
||||||
*/
|
*/
|
||||||
public function __construct($dn, $attributes) {
|
public function __construct($dn, $attributes) {
|
||||||
$this->dn = $dn;
|
$this->dn = $dn;
|
||||||
|
|
@ -601,7 +601,7 @@ class AddAttributesTask implements ImporterTask {
|
||||||
* Constructor
|
* Constructor
|
||||||
*
|
*
|
||||||
* @param string $dn DN
|
* @param string $dn DN
|
||||||
* @param array[string[]] $attributes list of attributes
|
* @param array<string, string[]> $attributes list of attributes
|
||||||
*/
|
*/
|
||||||
public function __construct($dn, $attributes) {
|
public function __construct($dn, $attributes) {
|
||||||
$this->dn = $dn;
|
$this->dn = $dn;
|
||||||
|
|
@ -657,7 +657,7 @@ class DeleteAttributesTask implements ImporterTask {
|
||||||
*
|
*
|
||||||
* @param string $dn DN
|
* @param string $dn DN
|
||||||
* @param string $attributeName attribute name
|
* @param string $attributeName attribute name
|
||||||
* @param array[string[]] $attributes list of attributes
|
* @param array<string, string[]> $attributes list of attributes
|
||||||
*/
|
*/
|
||||||
public function __construct($dn, $attributeName, $attributes) {
|
public function __construct($dn, $attributeName, $attributes) {
|
||||||
$this->dn = $dn;
|
$this->dn = $dn;
|
||||||
|
|
@ -726,7 +726,7 @@ class ReplaceAttributesTask implements ImporterTask {
|
||||||
* Constructor
|
* Constructor
|
||||||
*
|
*
|
||||||
* @param string $dn DN
|
* @param string $dn DN
|
||||||
* @param array[string[]] $attributes list of attributes
|
* @param array<string, string[]> $attributes list of attributes
|
||||||
*/
|
*/
|
||||||
public function __construct($dn, $attributes) {
|
public function __construct($dn, $attributes) {
|
||||||
$this->dn = $dn;
|
$this->dn = $dn;
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2017 - 2019 Roland Gruber
|
Copyright (C) 2017 - 2025 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
|
|
||||||
|
|
@ -489,6 +489,10 @@ table.collapse {
|
||||||
white-space: nowrap;
|
white-space: nowrap;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
hr {
|
||||||
|
border: 1px solid var(--lam-border-color);
|
||||||
|
}
|
||||||
|
|
||||||
hr.dotted {
|
hr.dotted {
|
||||||
border-bottom: 1px dotted var(--lam-text-color-default);
|
border-bottom: 1px dotted var(--lam-text-color-default);
|
||||||
border-top: none;
|
border-top: none;
|
||||||
|
|
@ -534,7 +538,7 @@ td.loginRightBox {
|
||||||
}
|
}
|
||||||
|
|
||||||
.roundedShadowBox {
|
.roundedShadowBox {
|
||||||
border: 2px solid #a0a0a4;
|
border: 2px solid #ffffff;
|
||||||
border-radius: 5px;
|
border-radius: 5px;
|
||||||
box-shadow: 2px 2px 5px #a0a0a4;
|
box-shadow: 2px 2px 5px #a0a0a4;
|
||||||
display: inline-block;
|
display: inline-block;
|
||||||
|
|
@ -566,7 +570,7 @@ a.lamLogo span {
|
||||||
}
|
}
|
||||||
|
|
||||||
.lam-header {
|
.lam-header {
|
||||||
box-shadow: 0px 3px 2px -2px grey;
|
box-shadow: 0px 3px 2px -2px #b9b9b9;
|
||||||
}
|
}
|
||||||
|
|
||||||
.module-list {
|
.module-list {
|
||||||
|
|
@ -1151,7 +1155,7 @@ div.tippy-box {
|
||||||
color: var(--lam-text-color-default);
|
color: var(--lam-text-color-default);
|
||||||
background: var(--lam-background-color-default);
|
background: var(--lam-background-color-default);
|
||||||
font-size: 85%;
|
font-size: 85%;
|
||||||
border: 2px solid #a0a0a4;
|
border: 2px solid #ffffff;
|
||||||
border-radius: var(--lam-default-border-radius);
|
border-radius: var(--lam-default-border-radius);
|
||||||
box-shadow: 0px 0px 5px #666666;
|
box-shadow: 0px 0px 5px #666666;
|
||||||
padding: 0 var(--lam-regular-space) var(--lam-regular-space) var(--lam-regular-space);
|
padding: 0 var(--lam-regular-space) var(--lam-regular-space) var(--lam-regular-space);
|
||||||
|
|
|
||||||
|
|
@ -1863,15 +1863,15 @@ window.lam.webauthn.charAt = function (c) {
|
||||||
* Starts the webauthn process.
|
* Starts the webauthn process.
|
||||||
*
|
*
|
||||||
* @param prefix path prefix for Ajax endpoint
|
* @param prefix path prefix for Ajax endpoint
|
||||||
* @param isSelfService runs as part of self service
|
* @param extraParam additional parameter for request (e.g. "selfservice=true")
|
||||||
* @param newDeviceNameTitle title for new device name dialog
|
* @param newDeviceNameTitle title for new device name dialog
|
||||||
* @param newDeviceNameLabel label for new device name
|
* @param newDeviceNameLabel label for new device name
|
||||||
* @param okText text for Ok button
|
* @param okText text for Ok button
|
||||||
* @param cancelText text for cancelButton
|
* @param cancelText text for cancelButton
|
||||||
*/
|
*/
|
||||||
window.lam.webauthn.start = function(prefix, isSelfService, newDeviceNameTitle, newDeviceNameLabel, okText, cancelText) {
|
window.lam.webauthn.start = function(prefix, extraParam, newDeviceNameTitle, newDeviceNameLabel, okText, cancelText) {
|
||||||
document.addEventListener("DOMContentLoaded", function(){
|
document.addEventListener("DOMContentLoaded", function(){
|
||||||
window.lam.webauthn.run(prefix, isSelfService, newDeviceNameTitle, newDeviceNameLabel, okText, cancelText);
|
window.lam.webauthn.run(prefix, extraParam, newDeviceNameTitle, newDeviceNameLabel, okText, cancelText);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1879,13 +1879,13 @@ window.lam.webauthn.start = function(prefix, isSelfService, newDeviceNameTitle,
|
||||||
* Checks if the user is registered and starts login/registration.
|
* Checks if the user is registered and starts login/registration.
|
||||||
*
|
*
|
||||||
* @param prefix path prefix for Ajax endpoint
|
* @param prefix path prefix for Ajax endpoint
|
||||||
* @param isSelfService runs as part of self-service
|
* @param extraParam additional parameter for request (e.g. "selfservice=true")
|
||||||
* @param newDeviceNameTitle title for new device name dialog
|
* @param newDeviceNameTitle title for new device name dialog
|
||||||
* @param newDeviceNameLabel label for new device name
|
* @param newDeviceNameLabel label for new device name
|
||||||
* @param okText text for Ok button
|
* @param okText text for Ok button
|
||||||
* @param cancelText text for cancelButton
|
* @param cancelText text for cancelButton
|
||||||
*/
|
*/
|
||||||
window.lam.webauthn.run = function(prefix, isSelfService, newDeviceNameTitle, newDeviceNameLabel, okText, cancelText) {
|
window.lam.webauthn.run = function(prefix, extraParam, newDeviceNameTitle, newDeviceNameLabel, okText, cancelText) {
|
||||||
const skipButton = document.getElementById('btn_skip_webauthn');
|
const skipButton = document.getElementById('btn_skip_webauthn');
|
||||||
if (skipButton) {
|
if (skipButton) {
|
||||||
skipButton.onclick = function () {
|
skipButton.onclick = function () {
|
||||||
|
|
@ -1908,7 +1908,7 @@ window.lam.webauthn.run = function(prefix, isSelfService, newDeviceNameTitle, ne
|
||||||
let data = new FormData();
|
let data = new FormData();
|
||||||
data.append('sec_token', token);
|
data.append('sec_token', token);
|
||||||
data.append('action', 'status');
|
data.append('action', 'status');
|
||||||
var extraParam = isSelfService ? '&selfservice=true' : '';
|
extraParam = (extraParam) ? '&' + extraParam : '';
|
||||||
fetch(prefix + 'misc/ajax.php?function=webauthn' + extraParam, {
|
fetch(prefix + 'misc/ajax.php?function=webauthn' + extraParam, {
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
body: data
|
body: data
|
||||||
|
|
|
||||||
|
|
@ -44,7 +44,6 @@ parameters:
|
||||||
- lam/lib/plugins/extendedInvalidCredentials/MitKerberosExtraInvalidCredentialsProvider.inc (?)
|
- lam/lib/plugins/extendedInvalidCredentials/MitKerberosExtraInvalidCredentialsProvider.inc (?)
|
||||||
ignoreErrors:
|
ignoreErrors:
|
||||||
- '#Variable \$helpArray might not be defined.#'
|
- '#Variable \$helpArray might not be defined.#'
|
||||||
- '#Offset .SID. on array.*in isset\(\) always exists.*#'
|
|
||||||
- '#Offset .preferred_username. does not exist on.*#'
|
- '#Offset .preferred_username. does not exist on.*#'
|
||||||
- '#Strict comparison using !== between non-empty-list.*will always evaluate to true.*#'
|
- '#Strict comparison using !== between non-empty-list.*will always evaluate to true.*#'
|
||||||
- '#Strict comparison using !== between non-empty-array.*will always evaluate to true.*#'
|
- '#Strict comparison using !== between non-empty-array.*will always evaluate to true.*#'
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue