mirror of
https://github.com/netzbegruenung/user_saml.git
synced 2024-05-02 09:14:50 +02:00
makes sloWebServerDecode IdP-sensitive as it should be
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This commit is contained in:
Arthur Schiwon
blizzz (Rebase PR Action)
parent
7f0986c387
commit
6548abb0f9
43
js/admin.js
43
js/admin.js
|
|
@ -210,35 +210,34 @@ $(function() {
|
|||
$('.account-list li[data-id="' + providerId + '"]').addClass('active');
|
||||
OCA.User_SAML.Admin.currentConfig = '' + providerId;
|
||||
$.get(OC.generateUrl('/apps/user_saml/settings/providerSettings/' + providerId)).done(function(data) {
|
||||
Object.keys(data).forEach(function(category, index){
|
||||
Object.keys(data).forEach(function(category){
|
||||
var entries = data[category];
|
||||
Object.keys(entries).forEach(function (configKey) {
|
||||
var element = $('#user-saml-settings *[data-key="' + configKey + '"]');
|
||||
if ($('#user-saml-settings #user-saml-' + category + ' #user-saml-' + configKey).length) {
|
||||
element = $('#user-saml-' + category + ' #user-saml-' + configKey);
|
||||
var htmlElement = document.querySelector('#user-saml-settings *[data-key="' + configKey + '"]')
|
||||
|| document.querySelector('#user-saml-' + category + ' #user-saml-' + configKey)
|
||||
|| document.querySelector('#user-saml-' + category + ' [name="' + configKey + '"]');
|
||||
|
||||
if (!htmlElement) {
|
||||
console.log("could not find element for " + configKey);
|
||||
return;
|
||||
}
|
||||
if ($('#user-saml-settings #user-saml-' + category + ' [name="' + configKey + '"]').length) {
|
||||
element = $('#user-saml-' + category + ' [name="' + configKey + '"]');
|
||||
}
|
||||
if(element.is('input') && element.prop('type') === 'text') {
|
||||
element.val(entries[configKey])
|
||||
}
|
||||
else if(element.is('textarea')) {
|
||||
element.val(entries[configKey]);
|
||||
}
|
||||
else if(element.prop('type') === 'checkbox') {
|
||||
var value = entries[configKey] === '1' ? '1' : '0';
|
||||
element.val(value);
|
||||
|
||||
if ((htmlElement.tagName === 'INPUT' && htmlElement.getAttribute('type') === 'text')
|
||||
|| htmlElement.tagName === 'TEXTAREA'
|
||||
) {
|
||||
htmlElement.nodeValue = entries[configKey];
|
||||
} else if (htmlElement.tagName === 'INPUT' && htmlElement.getAttribute('type') === 'checkbox') {
|
||||
htmlElement.checked = entries[configKey] === '1';
|
||||
htmlElement.setAttribute('value', entries[configKey] === '1' ? '1' : '0');
|
||||
} else {
|
||||
console.log('unable to find element for ' + configKey);
|
||||
console.error("Could not handle " + configKey + " Tag is " + htmlElement.tagName + " and type is " + htmlElement.getAttribute("type"));
|
||||
}
|
||||
});
|
||||
});
|
||||
$('input:checkbox[value="1"]').attr('checked', true);
|
||||
$('input:checkbox[value="0"]').prop('checked', false);
|
||||
var xmlDownloadButton = $('#get-metadata');
|
||||
var url = xmlDownloadButton.data('base') + '?idp=' + providerId;
|
||||
xmlDownloadButton.attr('href', url);
|
||||
|
||||
var xmlDownloadButton = document.getElementById('get-metadata');
|
||||
var url = xmlDownloadButton.dataset.base + '?idp=' + providerId;
|
||||
xmlDownloadButton.setAttribute('href', url);
|
||||
});
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -418,7 +418,7 @@ class SAMLController extends Controller {
|
|||
$targetUrl = $auth->processSLO(
|
||||
$keepLocalSession,
|
||||
null,
|
||||
$this->samlSettings->usesSloWebServerDecode(),
|
||||
$this->samlSettings->usesSloWebServerDecode($idp),
|
||||
null,
|
||||
$stay
|
||||
);
|
||||
|
|
@ -432,7 +432,6 @@ class SAMLController extends Controller {
|
|||
}
|
||||
} else {
|
||||
// If request is not from IDP, we send the logout request to the IDP
|
||||
$parameters = [];
|
||||
$nameId = $this->session->get('user_saml.samlNameId');
|
||||
$nameIdFormat = $this->session->get('user_saml.samlNameIdFormat');
|
||||
$nameIdNameQualifier = $this->session->get('user_saml.samlNameIdNameQualifier');
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ class Version5000Date20211025124248 extends SimpleMigrationStep {
|
|||
'security-required',
|
||||
'security-signatureAlgorithm',
|
||||
'security-signMetadata',
|
||||
'security-sloWebServerDecode',
|
||||
'security-wantAssertionsEncrypted',
|
||||
'security-wantAssertionsSigned',
|
||||
'security-wantMessagesSigned',
|
||||
|
|
|
|||
|
|
@ -130,8 +130,9 @@ class SAMLSettings {
|
|||
return ($setting === '1' && $type === 'saml');
|
||||
}
|
||||
|
||||
public function usesSloWebServerDecode(): bool {
|
||||
return $this->config->getAppValue('user_saml', 'security-sloWebServerDecode', '0') === '1';
|
||||
public function usesSloWebServerDecode(int $idp): bool {
|
||||
$config = $this->get($idp);
|
||||
return ($config['security-sloWebServerDecode'] ?? false) === '1';
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -161,6 +162,7 @@ class SAMLSettings {
|
|||
'requestedAuthnContext' => false,
|
||||
'lowercaseUrlencoding' => ($this->configurations[$idp]['security-lowercaseUrlencoding'] ?? '0') === '1',
|
||||
'signatureAlgorithm' => $this->configurations[$idp]['security-signatureAlgorithm'] ?? null,
|
||||
// "sloWebServerDecode" is not expected to be passed to the OneLogin class
|
||||
],
|
||||
'sp' => [
|
||||
'entityId' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.getMetadata'),
|
||||
|
|
|
|||
Loading…
Reference in a new issue