Add exclude field for force login, remove signature.json, fix readme,…

… add changelog entries, raise version to 1.5.2

CHANGELOG.md

@@ -1,6 +1,12 @@
 CHANGELOG
 =========
 
+Version 1.5.2
+-------------
+* Add settings field to exclude specific Ips and/or IP-ranges from force login
+* Nextclouod: Move settings panel to section "Security" (was in "Additional" before)
+* Remove the signature from repo (if you need a signed version, please use one of the release packages or download from ownCloud Market/Nextcloud AppStore)
+
 Version 1.5.1
 -------------
 * Hotfixes wrong links in 403 error page if enforce authentication was on

README.md

@@ -10,7 +10,7 @@ DEPENDENCIES
 -------------------
 
 * ownCloud 10.0.0 to 10.0.7 and Nextcloud 13.0.0 to 13.0.4
-* PHP >= 5.6, PHP 7.0 or 7.1 if possible
+* PHP >= 5.6, PHP 7.0 if possible
 * Optional: [Composer Dependency Manager](https://getcomposer.org/), if you want to install via GIT.
 
 This app does not require a standalone version of jasig’s/apereo’s phpCAS any longer. The library is shipped within composer dependencies, in the archive file you downloaded or the Market/App-Store version if used. Although you can configure to use your own version of jasig’s/apereo’s phpCAS library later on.
@@ -24,7 +24,7 @@ GIT: STEPS
 3. Adjust the settings for the `user_cas` folder according to your webserver setup.
 4. Access the ownCloud web interface with a locally created ownCloud user with admin privileges.
 5. Access the administrations panel => Apps and enable the **CAS user and group backend** app.
-6. Access the administration panel => Authentication (Additional on Nextcloud) and configure the app.
+6. Access the administration panel => Authentication (Security on Nextcloud) and configure the app.
 
 
 CONFIGURATION
@@ -54,6 +54,8 @@ Basic
 
 **Force user login using CAS?**: If checked, users will immediately be redirected to CAS login page, after visiting the ownCloud URL. If checked, **Disable CAS logout** is automatically disabled. Default: off
 
+**Don’t use force login on these client-IPs**: Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if "Force user login" is enabled (e.g. 192.168.1.1/254,192.168.2.5). Default: empty
+
 **Disable CAS logout**: If checked, you will only be logged out from ownCloud and not from your CAS instance. Default: off
 
 **Autocreate user after first CAS login?**: Ich checked, users authenticated against CAS are automatically created. This means, users which did not exist in the database yet, authenticate against CAS and the app will create and store them in the ownCloud database on their first login. Default: off

appinfo/app.php

@@ -65,9 +65,9 @@
         $c->query('UserHooks')->register();
 
         // Check for enforced authentication
-        if ($appService->isEnforceAuthentication() && (!isset($_COOKIE['user_cas_enforce_authentication']) || (isset($_COOKIE['user_cas_enforce_authentication']) && $_COOKIE['user_cas_enforce_authentication'] === '0'))) {
+        if ($appService->isEnforceAuthentication($_SERVER['REMOTE_ADDR']) && (!isset($_COOKIE['user_cas_enforce_authentication']) || (isset($_COOKIE['user_cas_enforce_authentication']) && $_COOKIE['user_cas_enforce_authentication'] === '0'))) {
 
-            $loggingService->write(\OCP\Util::DEBUG, 'Enforce Authentication was: ' . $appService->isEnforceAuthentication());
+            $loggingService->write(\OCP\Util::DEBUG, 'Enforce Authentication was: ' . $appService->isEnforceAuthentication($_SERVER['REMOTE_ADDR']));
             setcookie("user_cas_enforce_authentication", '1', null, '/');
 
             // Initialize app

appinfo/info.xml

@@ -8,7 +8,7 @@
     <screenshot>https://raw.githubusercontent.com/felixrupp/user_cas/master/.github/SCREENSHOTS/splashscreen.png</screenshot>
     <author>Felix Rupp</author>
     <namespace>UserCAS</namespace>
-    <version>1.5.1</version>
+    <version>1.5.2</version>
     <types>
         <prelogin/>
         <authentication/>
@@ -31,7 +31,7 @@
     <dependencies>
         <php min-version="5.6" max-version="7.1.99"/>
 
-        <owncloud min-version="10.0" max-version="10.0.7"/>
+        <owncloud min-version="10.0.0" max-version="10.0.7"/>
         <nextcloud min-version="13.0.0" max-version="13.0.4"/>
     </dependencies>
 

js/settings.dev.js

@@ -9,10 +9,13 @@ $(document).ready(function () {
 
             $("#user_cas #cas_disable_logout").attr("disabled", true);
             $("#user_cas #cas_disable_logout").prop('checked', false);
+
+            $("#user_cas #cas_force_login_exceptions").attr("disabled", false);
         }
         else {
 
             $("#user_cas #cas_disable_logout").attr("disabled", false);
+            $("#user_cas #cas_force_login_exceptions").attr("disabled", true);
         }
     });
 

l10n/de.js

@@ -14,6 +14,8 @@ OC.L10N.register(
         "Certification file path (.crt).": "Pfad zur Zertifikatsdatei (.crt).",
         "Leave empty if you don’t want to validate your CAS server instance": "Nicht ausfüllen, wenn Sie ihren CAS-Server nicht validieren möchten",
         "Force user login using CAS?": "CAS Login erzwingen?",
+        "Don’t use force login on these client-IPs": "Login bei diesen Client-IPs nicht erzwingen",
+        "Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if \"Force user login\" is enabled (e.g. 192.168.1.1/254,192.168.2.5)": "Kommagetrennte Liste an Client-IP-Adressen (oder Adressräumen), die nicht zum Login gezwungen werden, wenn \"CAS Login erzwingen\" aktiviert ist (z.B: 192.168.1.1/254,192.168.2.5)",
         "Disable CAS logout (do only OwnCloud logout)": "CAS Logout deaktivieren (nur bei Owncloud ausloggen)",
         "Logout Servers": "Logout Server",
         "Comma separated list of servers which can send logout requests (leave empty if you do not want to restrict logout to defined servers)": "Kommagetrennte Liste an Servern, die Logout-Requests an ihren CAS-Server senden dürfen (Nicht ausfüllen, wenn Sie Logouts nicht beschränken möchten)",

l10n/de.json

@@ -14,6 +14,8 @@
     "Leave empty if you don’t want to validate your CAS server instance": "Nicht ausfüllen, wenn Sie ihren CAS-Server nicht validieren möchten",
     "Force user login using CAS?": "CAS Login erzwingen?",
     "Disable CAS logout (do only OwnCloud logout)": "CAS Logout deaktivieren (nur bei Owncloud ausloggen)",
+    "Don’t use force login on these client-IPs": "Login bei diesen Client-IPs nicht erzwingen",
+    "Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if \"Force user login\" is enabled (e.g. 192.168.1.1/254,192.168.2.5)": "Kommagetrennte Liste an Client-IP-Adressen (oder Adressräumen), die nicht zum Login gezwungen werden, wenn \"CAS Login erzwingen\" aktiviert ist (z.B: 192.168.1.1/254,192.168.2.5)",
     "Logout Servers": "Logout Server",
     "Comma separated list of servers which can send logout requests (leave empty if you do not want to restrict logout to defined servers)": "Kommagetrennte Liste an Servern, die Logout-Requests an ihren CAS-Server senden dürfen (Nicht ausfüllen, wenn Sie Logouts nicht beschränken möchten)",
     "Autocreate user after first CAS login?": "Benutzer nach erstem CAS Login automatisch erstellen?",

l10n/de/user_cas.po

@@ -68,6 +68,14 @@ msgstr "Nicht ausfüllen, wenn Sie ihren CAS-Server nicht validieren möchten"
 msgid "Force user login using CAS?"
 msgstr "CAS Login erzwingen?"
 
+#: templates/admin.php:58
+msgid "Don’t use force login on these client-IPs"
+msgstr "Login bei diesen Client-IPs nicht erzwingen"
+
+#: templates/admin.php:58
+msgid "Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if \"Force user login\" is enabled (e.g. 192.168.1.1/254,192.168.2.5)"
+msgstr "Kommagetrennte Liste an Client-IP-Adressen (oder Adressräumen), die nicht zum Login gezwungen werden, wenn \"CAS Login erzwingen\" aktiviert ist (z.B: 192.168.1.1/254,192.168.2.5)"
+
 #: templates/admin.php:60
 msgid "Disable CAS logout (do only OwnCloud logout)"
 msgstr "CAS Logout deaktivieren (nur bei Owncloud ausloggen)"

l10n/fr.js

@@ -13,6 +13,9 @@ OC.L10N.register(
         "Service URL": "URL du service",
         "Certification file path (.crt).": "Chemin du fichier de certification (.crt).",
         "Leave empty if you don’t want to validate your CAS server instance": "Laissez vide si vous ne voulez pas valider votre instance de serveur CAS",
+        "Force user login using CAS?": "Forcer la connexion de l'utilisateur en utilisant CAS?",
+        "Don’t use force login on these client-IPs": "N'utilisez pas la connexion forcée sur ces adresses IP client",
+        "Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if \"Force user login\" is enabled (e.g. 192.168.1.1/254,192.168.2.5)": "Liste des adresses IP (ou plages d'adresses) séparées par des virgules, qui ne sera pas obligée de se connecter si \"Forcer la connexion utilisateur\" est activé (par exemple 192.168.1.1/254, 192.168.2.5)",
         "Disable CAS logout (do only OwnCloud logout)": "Désactiver la déconnexion CAS (déconnexion d'Owncloud uniquement)",
         "Logout Servers": "Serveurs de déconnexion",
         "Comma separated list of servers which can send logout requests (leave empty if you do not want to restrict logout to defined servers)": "Liste des serveurs séparés par des virgules pouvant envoyer des demandes de déconnexion (laissez vide si vous ne souhaitez pas limiter la déconnexion aux serveurs définis)",

l10n/fr.json

@@ -12,6 +12,9 @@
     "Service URL": "URL du service",
     "Certification file path (.crt).": "Chemin du fichier de certification (.crt).",
     "Leave empty if you don’t want to validate your CAS server instance": "Laissez vide si vous ne voulez pas valider votre instance de serveur CAS",
+    "Force user login using CAS?": "Forcer la connexion de l'utilisateur en utilisant CAS?",
+    "Don’t use force login on these client-IPs": "N'utilisez pas la connexion forcée sur ces adresses IP client",
+    "Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if \"Force user login\" is enabled (e.g. 192.168.1.1/254,192.168.2.5)": "Liste des adresses IP (ou plages d'adresses) séparées par des virgules, qui ne sera pas obligée de se connecter si \"Forcer la connexion utilisateur\" est activé (par exemple 192.168.1.1/254, 192.168.2.5)",
     "Disable CAS logout (do only OwnCloud logout)": "Désactiver la déconnexion CAS (déconnexion d'Owncloud uniquement)",
     "Logout Servers": "Serveurs de déconnexion",
     "Comma separated list of servers which can send logout requests (leave empty if you do not want to restrict logout to defined servers)": "Liste des serveurs séparés par des virgules pouvant envoyer des demandes de déconnexion (laissez vide si vous ne souhaitez pas limiter la déconnexion aux serveurs définis)",

l10n/fr/user_cas.po

@@ -66,7 +66,15 @@ msgstr "Laissez vide si vous ne voulez pas valider votre instance de serveur CAS
 
 #: templates/admin.php:54
 msgid "Force user login using CAS?"
-msgstr ""
+msgstr "Forcer la connexion de l'utilisateur en utilisant CAS?"
+
+#: templates/admin.php:58
+msgid "Don’t use force login on these client-IPs"
+msgstr "N'utilisez pas la connexion forcée sur ces adresses IP client"
+
+#: templates/admin.php:58
+msgid "Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if \"Force user login\" is enabled (e.g. 192.168.1.1/254,192.168.2.5)"
+msgstr "Liste des adresses IP (ou plages d'adresses) séparées par des virgules, qui ne sera pas obligée de se connecter si \"Forcer la connexion utilisateur\" est activé (par exemple 192.168.1.1/254, 192.168.2.5)"
 
 #: templates/admin.php:60
 msgid "Disable CAS logout (do only OwnCloud logout)"

l10n/templates/user_cas.pot

@@ -69,6 +69,14 @@ msgstr ""
 msgid "Force user login using CAS?"
 msgstr ""
 
+#: templates/admin.php:58
+msgid "Don’t use force login on these client-IPs"
+msgstr ""
+
+#: templates/admin.php:58
+msgid "Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if \"Force user login\" is enabled (e.g. 192.168.1.1/254,192.168.2.5)"
+msgstr ""
+
 #: templates/admin.php:60
 msgid "Disable CAS logout (do only OwnCloud logout)"
 msgstr ""

lib/Controller/SettingsController.php

@@ -94,6 +94,7 @@ public function __construct($appName, IRequest $request, IConfig $config, IL10N
      * @param string $cas_ecas_retrieve_groups
      * @param string $cas_ecas_assurance_level
      * @param string $cas_access_group_quotas
+     * @param string $cas_force_login_exceptions
      * @param string|null $cas_ecas_attributeparserenabled
      * @param string|null $cas_ecas_request_full_userdetails
      * @param string|null $cas_force_login
@@ -105,7 +106,7 @@ public function __construct($appName, IRequest $request, IConfig $config, IL10N
      */
     public function saveSettings($cas_server_version, $cas_server_hostname, $cas_server_port, $cas_server_path, $cas_protected_groups, $cas_default_group,
                                  $cas_email_mapping, $cas_displayName_mapping, $cas_group_mapping, $cas_cert_path, $cas_debug_file, $cas_php_cas_path, $cas_service_url, $cas_handlelogout_servers,
-                                 $cas_access_allow_groups, $cas_ecas_accepted_strengths, $cas_ecas_retrieve_groups, $cas_ecas_assurance_level, $cas_access_group_quotas,
+                                 $cas_access_allow_groups, $cas_ecas_accepted_strengths, $cas_ecas_retrieve_groups, $cas_ecas_assurance_level, $cas_access_group_quotas, $cas_force_login_exceptions,
                                  $cas_ecas_attributeparserenabled = NULL, $cas_ecas_request_full_userdetails = NULL, $cas_force_login = NULL, $cas_autocreate = NULL, $cas_update_user_data = NULL, $cas_link_to_ldap_backend = NULL, $cas_disable_logout = NULL)
     {
 
@@ -116,6 +117,7 @@ public function saveSettings($cas_server_version, $cas_server_hostname, $cas_ser
             $this->config->setAppValue($this->appName, 'cas_server_port', $cas_server_port, '443');
             $this->config->setAppValue($this->appName, 'cas_server_path', $cas_server_path, '/cas');
 
+            $this->config->setAppValue($this->appName, 'cas_force_login_exceptions', $cas_force_login_exceptions);
             $this->config->setAppValue($this->appName, 'cas_protected_groups', $cas_protected_groups);
             $this->config->setAppValue($this->appName, 'cas_default_group', $cas_default_group);
             $this->config->setAppValue($this->appName, 'cas_access_allow_groups', $cas_access_allow_groups);

lib/Panels/Admin.php

@@ -43,7 +43,7 @@ class Admin implements ISettings
     /**
      * @var array
      */
-    private $params = array('cas_server_version', 'cas_server_hostname', 'cas_server_port', 'cas_server_path', 'cas_force_login', 'cas_autocreate',
+    private $params = array('cas_server_version', 'cas_server_hostname', 'cas_server_port', 'cas_server_path', 'cas_force_login', 'cas_force_login_exceptions','cas_autocreate',
         'cas_update_user_data', 'cas_protected_groups', 'cas_default_group', 'cas_ecas_attributeparserenabled', 'cas_email_mapping', 'cas_displayName_mapping', 'cas_group_mapping',
         'cas_cert_path', 'cas_debug_file', 'cas_php_cas_path', 'cas_link_to_ldap_backend', 'cas_disable_logout', 'cas_handlelogout_servers', 'cas_service_url', 'cas_access_allow_groups',
         'cas_access_group_quotas', 'cas_ecas_accepted_strengths', 'cas_ecas_retrieve_groups','cas_ecas_request_full_userdetails', 'cas_ecas_assurance_level');
@@ -72,15 +72,15 @@ public function getSectionID()
     }
 
     /**
-     * @see Nextcloud 12 support
+     * @see Nextcloud 13 support
      *
      * @return string
      *
      * @since 1.5.0
      */
     public function getSection()
     {
-        return 'additional';
+        return 'security';
     }
 
     /**
@@ -112,7 +112,7 @@ public function getPanel()
     }
 
     /**
-     * @see Nextcloud 12 support
+     * @see Nextcloud 13 support
      *
      * @return TemplateResponse
      *