From 891f2623a434ed256ed93d0842946218c90e3812 Mon Sep 17 00:00:00 2001 From: Felix Rupp Date: Sun, 24 Jun 2018 16:29:52 +0200 Subject: [PATCH] Add exclude field for force login, remove signature.json, fix readme, add changelog entries, raise version to 1.5.2 --- CHANGELOG.md | 6 ++ README.md | 6 +- appinfo/app.php | 4 +- appinfo/info.xml | 4 +- appinfo/signature.json | 109 -------------------------- js/settings.dev.js | 3 + js/settings.js | 2 +- l10n/de.js | 2 + l10n/de.json | 2 + l10n/de/user_cas.po | 8 ++ l10n/fr.js | 3 + l10n/fr.json | 3 + l10n/fr/user_cas.po | 10 ++- l10n/templates/user_cas.pot | 8 ++ lib/Controller/SettingsController.php | 4 +- lib/Panels/Admin.php | 8 +- lib/Service/AppService.php | 48 +++++++++++- templates/admin.php | 8 ++ 18 files changed, 112 insertions(+), 126 deletions(-) delete mode 100644 appinfo/signature.json diff --git a/CHANGELOG.md b/CHANGELOG.md index 3b2f486..a24b8eb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ CHANGELOG ========= +Version 1.5.2 +------------- +* Add settings field to exclude specific Ips and/or IP-ranges from force login +* Nextclouod: Move settings panel to section "Security" (was in "Additional" before) +* Remove the signature from repo (if you need a signed version, please use one of the release packages or download from ownCloud Market/Nextcloud AppStore) + Version 1.5.1 ------------- * Hotfixes wrong links in 403 error page if enforce authentication was on diff --git a/README.md b/README.md index 69a6457..3413873 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ DEPENDENCIES ------------------- * ownCloud 10.0.0 to 10.0.7 and Nextcloud 13.0.0 to 13.0.4 -* PHP >= 5.6, PHP 7.0 or 7.1 if possible +* PHP >= 5.6, PHP 7.0 if possible * Optional: [Composer Dependency Manager](https://getcomposer.org/), if you want to install via GIT. This app does not require a standalone version of jasig’s/apereo’s phpCAS any longer. The library is shipped within composer dependencies, in the archive file you downloaded or the Market/App-Store version if used. Although you can configure to use your own version of jasig’s/apereo’s phpCAS library later on. @@ -24,7 +24,7 @@ GIT: STEPS 3. Adjust the settings for the `user_cas` folder according to your webserver setup. 4. Access the ownCloud web interface with a locally created ownCloud user with admin privileges. 5. Access the administrations panel => Apps and enable the **CAS user and group backend** app. -6. Access the administration panel => Authentication (Additional on Nextcloud) and configure the app. +6. Access the administration panel => Authentication (Security on Nextcloud) and configure the app. CONFIGURATION @@ -54,6 +54,8 @@ Basic **Force user login using CAS?**: If checked, users will immediately be redirected to CAS login page, after visiting the ownCloud URL. If checked, **Disable CAS logout** is automatically disabled. Default: off +**Don’t use force login on these client-IPs**: Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if "Force user login" is enabled (e.g. 192.168.1.1/254,192.168.2.5). Default: empty + **Disable CAS logout**: If checked, you will only be logged out from ownCloud and not from your CAS instance. Default: off **Autocreate user after first CAS login?**: Ich checked, users authenticated against CAS are automatically created. This means, users which did not exist in the database yet, authenticate against CAS and the app will create and store them in the ownCloud database on their first login. Default: off diff --git a/appinfo/app.php b/appinfo/app.php index 9654021..d56636b 100644 --- a/appinfo/app.php +++ b/appinfo/app.php @@ -65,9 +65,9 @@ $c->query('UserHooks')->register(); // Check for enforced authentication - if ($appService->isEnforceAuthentication() && (!isset($_COOKIE['user_cas_enforce_authentication']) || (isset($_COOKIE['user_cas_enforce_authentication']) && $_COOKIE['user_cas_enforce_authentication'] === '0'))) { + if ($appService->isEnforceAuthentication($_SERVER['REMOTE_ADDR']) && (!isset($_COOKIE['user_cas_enforce_authentication']) || (isset($_COOKIE['user_cas_enforce_authentication']) && $_COOKIE['user_cas_enforce_authentication'] === '0'))) { - $loggingService->write(\OCP\Util::DEBUG, 'Enforce Authentication was: ' . $appService->isEnforceAuthentication()); + $loggingService->write(\OCP\Util::DEBUG, 'Enforce Authentication was: ' . $appService->isEnforceAuthentication($_SERVER['REMOTE_ADDR'])); setcookie("user_cas_enforce_authentication", '1', null, '/'); // Initialize app diff --git a/appinfo/info.xml b/appinfo/info.xml index 345c2ba..51fa5e9 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -8,7 +8,7 @@ https://raw.githubusercontent.com/felixrupp/user_cas/master/.github/SCREENSHOTS/splashscreen.png Felix Rupp UserCAS - 1.5.1 + 1.5.2 @@ -31,7 +31,7 @@ - + diff --git a/appinfo/signature.json b/appinfo/signature.json deleted file mode 100644 index 658c530..0000000 --- a/appinfo/signature.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "hashes": { - ".gitignore": "604441d4df581dc79c7123a81a10b6006af1cbe16dc19ae6e31891d4c6d097831f081489ce55a896f1ac84ee42079e97d456068a2791ffac7b18a5352d2083f6", - "CHANGELOG.md": "3e9380a1eef38e7b4559456856b7648ccfce5f3199263925e7ea7ac5fe371c44b16df06d51ba9642fd978067d5af8f68f2222a1ef60855fa01ae6122bfc91fc3", - "CONTRIBUTING.md": "cda00ccccafaa76814719e7a6b5d7db1550abf383f51f52d39bdc58cab97a699ef583b475b8a6a21ecb79991b95a001f14a94ac87e707eab44f20e7362543f06", - "README.md": "def9c9529bbaffea2b5605623fb5db4ac8eb42b8f9e256ab0943fa51d15fa313be9cd017e29fb2887ea909e4f2c61560b07fafea2eccf290d45d8d4de057771f", - "appinfo\/app.php": "7f8296ce1885de2aecb5df8d3372e96affb0484c4c43ed5745ff29ba9e28d17d3c57d3a8cafcdb331c8645a44bd40a156b660a2b3de7fa7b4ed501318dddb5ee", - "appinfo\/info.xml": "3a960d389cb28352d3069459e197f8ac4d536c50032a3806be36bb0c0f313b1e369ede7ef1dbea447b9986651fb135aa6e268cb4c6d43f90bb823036f0019845", - "appinfo\/routes.php": "43312cc1573b9e6523c824ff212320efbd9082fce3f433d24457894c4aedb66bcd08d119e54e0d295af779be45578b16da9f8676ce9a8a601f1a368d931801bc", - "composer.json": "e1c2bb8cfde95f18f72a9eaeddc2da9f17f2f337cbb1231f3b76e770de1bb4918070d29cc1431af038dc932c683230d478e6f7c6346ac4bae0efaa39f404e0e0", - "composer.lock": "927652d90d52728946970e64fc425fd2db8fef55631230f863fdeb1ad6596115932f47ac471fad2f675797c85643280b850ca23991563ef75dad32e31cc6fc5f", - "css\/casError.css": "a5c29c308b87a3b2bbc3149dd8c21682f63e39f3df50876c99fe93e5f8114b75dc36705c1252ac5a02645a0024fe7d8bbb49c115821a65fa9d02d1dbdf74ceda", - "css\/casError.dev.css": "3db7f922557e06218a9dff13dc1762ae16039540332cebabb7fb522960ab0a181e3df26fd329ce3b50142a07bccd50446367c6ef9919a62f7a0f0e1bf44a7ed6", - "css\/settings.css": "97667ae83f9b2e004a8c074527cedbb516d5a018e515be5d54ad186b1c88767b99a019fae948a0c6f32efa5ac2c7a986dbfb06d0d67f01f1dea7b908d6c1ae83", - "css\/settings.dev.css": "5d062d47bc4a33479e9ae4f2b43b15630b0bafa6e48cb198a1d6d89cb7d69dbb76c64e444f2af21d4ce028799e219d3fe8f7b65809d9572b8e711961b5f54e7b", - "img\/app.svg": "7bb7514604de3309b4f27b388a71d25f6e92ab8eb592d3e08707d5ab5f0efddf5411fb18fc6d2d2dff8fa36f52377aa749e483656b0bb3f64e7ca71a6e90e69c", - "img\/cas-logo.png": "e7e22ed468cd255152e066e9e5d51734bb6c2f09c6a32e57d48b93b1f490a9ed373b244a0068cdad4d042854d29aa661b2dc5e93db0b99c14b95b40d5b5dfc69", - "js\/settings.dev.js": "7a8c4a02731bef9eb6bcb5b3cd7f0fdb1b3c23460c4eaea781663c9175649e4719d248c3a57c06bd5a7fa70d93ad9bd59e2a0c509972bb296482d1d6006e71e2", - "js\/settings.js": "67434c2f646608b8b2042b10be2a5f6efa8444cf790bdd62d010c6a821add8df20502617e1238cde18a6e65d5770f56ad8b7d0233785e16e4ed441e9554f6f17", - "l10n\/de.js": "02a84d07116ddd89e6951a220fa08e30dd1949ae2aa3e6cabe0f3302630f26778cb3a777bf9d3c901b73d54c6ae108f4c8be2803435256d669d9ab81ddd45429", - "l10n\/de.json": "d6d01301a93061874f8eee601d41eff662a70aa228b977f23becee922aa15444ee8a23157d75c6b068c787a6c570f271a361b6dda747e62d862e72cde3372f4d", - "l10n\/de\/user_cas.po": "a9899ba602fce694e6f4e0c9effd220af15d16d487e5ccb749818d9392627b511d226e2c88c458f6660e8b829ce9f21713adf94c0fd64bb2b56118afcba5f63b", - "l10n\/fr.js": "c75b0fc5feaf4b907cadabe70fdc800e7b617b4b1812b7e7f10266066037ccd6ffc3e3525df9523f68c34761529bc77f01c6dc07d2b287e73b0f52f65869c805", - "l10n\/fr.json": "c5289c6494cdaeb932b4dea1b4ecb9c6645cc23d2efc3aaaebd9744bc4e9b585222afcb3fb89f4b2da33033d24e436142e2e21093e9bfb9b86ed3f9a4473ca27", - "l10n\/fr\/user_cas.po": "8aa46d3d5ba960d64b7614547c9945af8815b1d35e25bafb229f0e7284a5c76f34c2c514f3e1d80f02c63d443fd8f609a341d1322c93e0c5d1b7948dc02d7461", - "l10n\/templates\/user_cas.pot": "5a8c0893ce57b9eca5618919b2766f8074c0eaace49d99f73e4fc76631b6defdb29c42e45c430272cb3e6a439c7e83e001b24b7a8870bd07c315ed7d4e4c1d21", - "lib\/AppInfo\/Application.php": "ea0c22b592bd971b7fa9612f1cfaacdcebdf72f631470d6393f15b910cf2d59a23806a4965d4483c6875e62aa919ff499817b32384fbb00d940e2a94f52b78ec", - "lib\/Controller\/AuthenticationController.php": "1d10fa5474c829af5c46c80490dad587c84f6682dc6c0c62998f6fd7d5b57dd4c0c76b5e30468c812b317399d7e48c151feda0e7de1aae59cd6aa8ddd5abcef1", - "lib\/Controller\/SettingsController.php": "7c6c66a2feebcbabb22b38f01def2cff2859f678008adbcb948cf81f32f6d4a8bf57e56f17ed00a4151c1dc18b4488747e8f22e5feb3b4e74ce1774a8c24018e", - "lib\/Exception\/PhpCas\/PhpUserCasLibraryNotFoundException.php": "4a388df6826b61ecf2fd723dcf2088b1554da1016a5760c6112fa5fc56d7ed72c501103cc63e498b30d1f3b09ac117677d44be7c808e825f2eaa9b1786cc8c6d", - "lib\/Exception\/UserCasException.php": "6c40b8af0e887988c7d752feed217b471e3d873e2671a33fd154ef4899c308747422b5ede4943cd493871ace333de96d7f7aa7cdcc061b9367dccb99be1ac193", - "lib\/Hooks\/UserHooks.php": "0bba8573907cbe29ec0a07b5d3623d750b43fd161d9bc633e0f52be2ae64f34efb70fa61110ddf67b09cd57a62bd3b23bb06d31d5432097f740f788a55c098dc", - "lib\/Panels\/Admin.php": "b83d5e9018cc9e1fa46b3bedebb29aa045d16cd9f0e232285440f04ec2d210ad3fbb997f814ccdc4a4d2cdcc364a8252d0fe6d2e96b5f6656a870d304009bf8d", - "lib\/Service\/AppService.php": "26906bbfc97102f62d9216198f53291a7c7a0ca27c3078c2adb31a9531fbea799bfeded798ae81c7534c6a8fba12e851439fb8ba9ea220e4ab355dd2fd08b1a8", - "lib\/Service\/LoggingService.php": "ed213a72ecfb72b622a5412305cab141ada5bcb6a189ac6ed34aa03a4678f0e2d8e65bbe2af371197de0e8e6d8e4a87a1aa5aba63a43db2f903dad9a19d41c5d", - "lib\/Service\/UserService.php": "36cc053641abfcb8a4213b05797cd560c5100037675b5caaa3668710b030536517a0d0268bbe271d3df1a0443d5b39e9243703804632bbca7b9cfe0a965cf56a", - "lib\/User\/Backend.php": "dad4a96ee60ce45b56c998177b3a27cb06ae60e925768cefa080e04ca69eb5c9bc92d05bb06d6deecd308691a6ae937624b9aa59b1977b00166b8a670fc69a5e", - "templates\/admin.php": "909baf14d3800a5bdc75d6e8a33e82ffd3dc314dc3cb7b060a5a5e0fd9587f4edf8d1a6f94e0abf3574dc4d8e732622ccda855779f3864db6870c31322b8a0fe", - "templates\/cas-error.php": "42bcf4f53a1ad967dc30160541634f2f732cecbb1c3e28ce283ab07042beeb1387896c5c3cc4b7553dda903e0a062a41f69450f219858c81871b6d122741fcd2", - "vendor\/autoload.php": "ebd86aed33b07fdb281190319bbd3c0bae82199965ac10f81d9a4ac51a5072eebfdb96bbdcccc1d69f8f0e5aa8a7606f10ebc92531fe871f688463a367ca2f20", - "vendor\/composer\/ClassLoader.php": "9acadbf32ca0ee18c534f508f20041bcb7629cb8c7c51ef7b3b967ecd93734ecee3afac65d8fc05116c0894ed39bce85cc3eb6bc65a573955291352d84d779fd", - "vendor\/composer\/LICENSE": "f3bb64009f41a425df5a9bbab53490f0eb9b74fa8d6aaa2f57efb928edc4ffff330260666edeaa04a91fed708c3663371cf01b284f3a08d6698aaef7a23f355a", - "vendor\/composer\/autoload_classmap.php": "35c06bea479ba3caa0f5de50d0e0c1be6d7b03a8312fc7e6b7e5232d10880f6a2c82a0274ca7571783ce4d4c4803d5b906b0f4466a54900a4159b8138ca152c3", - "vendor\/composer\/autoload_namespaces.php": "0ac6bde683c053d62b7024686ecced083ca1a326d5346a248b1a058ac74a5af71d515d311ce76df799a518027f734b80b9e7f6e8022a9556c0f24ce90240d822", - "vendor\/composer\/autoload_psr4.php": "5c1173f341abea9b87408b7d83050b3d0e81dd985283d4b5d824fc0009e43218f07eeea875860e3c9d048327dbeaafe953c13f4487dbd1fe6d5d8d8eb373dd41", - "vendor\/composer\/autoload_real.php": "db8831ffb3066de32b677e90fe5eecd904312cae9984d5062c7d70354139402065a07a41f9041c0da95838f350ed24bfa2cde921a331d9154054ecd5a5801dff", - "vendor\/composer\/autoload_static.php": "a28834612e84c29f64343777c45d4941b99f6ad05f296c730b78645b5a0c29126d8d9cc63c23312db679c74d60280c227f1c0cd8c9564c320638948f0d80a577", - "vendor\/composer\/installed.json": "aa68d3b90a4ecc5ebbc57ee5816f35934cca6345d2e452ec62865c30626d0110a4d0ebbb6550c9e91928d398011bebe40e5f99badff175c1afef539513cdbcab", - "vendor\/ec-europa\/ecas-phpcas-parser\/.gitignore": "dfa0370545a75f4621054b5cc9bd5d0f8b6ce7372762325228f94f7d820d49285e8a18bce7d425b4c6556dfd461d516b5613e7f6c43922f87781cf20d9a755e8", - "vendor\/ec-europa\/ecas-phpcas-parser\/README.md": "ecb20d20d2beee038752d9fb0ebd6900cf4bc42ecfaed1b6e528b5d9f2982c381598b12bf50e98bf440c82e844683263e4be91912cffd1d3a53a6711811751e6", - "vendor\/ec-europa\/ecas-phpcas-parser\/composer.json": "273b233c26cccadf22882be7af44ed21a14dd4b41c564eff5c458c3a090638290822c8d3585ea14c024131d04c824dd2749286a3723edb59a7837b829d2a84ea", - "vendor\/ec-europa\/ecas-phpcas-parser\/composer.lock": "d9619358c1e60a63897efa807cc821410089a61fb06ca8ccbeed533363984f47e7a8e086aef10ac9f4e34f884f74b7f5c1693c81e475f48705eafc1295945936", - "vendor\/ec-europa\/ecas-phpcas-parser\/src\/EcasPhpCASParser.php": "93609bcee5f8109327e1609ed1268eaa0c61dd38a8285c97b525215f92904595212c6a4065b20f644ec89db9182273b842fd73cf6fc97ac924d21cda71889962", - "vendor\/jasig\/phpcas\/.gitattributes": "61760e0a6b07bb43955e45e8da61a007ae429821bd6c7ef056a0ea0dc863a24e05520dfff119a636a273a9a32874db6aeb52f5aa4c387d9c3e53871e7da70797", - "vendor\/jasig\/phpcas\/CAS.php": "3f7bf2aeb33fe5b21535432594af7aa81efd2c6b7909aa87850ef3d7577344d665cff92e4612a34e5e1b2475e717b1b7b74f1e2555bd28e84c849548ea3a7722", - "vendor\/jasig\/phpcas\/LICENSE": "dc6b68d13b8cf959644b935f1192b02c71aa7a5cf653bd43b4480fa89eec8d4d3f16a2278ec8c3b40ab1fdb233b3173a78fd83590d6f739e0c9e8ff56c282557", - "vendor\/jasig\/phpcas\/NOTICE": "f56f696230137ec36d69930f611c1cb92947c841e2c3701a8f01079ad093dbad68be15e75a9bd569d7b492db79c6121aa9152d695e29093b054fee4287158283", - "vendor\/jasig\/phpcas\/README.md": "5576f1c5fc25ebdffc7e696a08df520c295c17b81d44d8c07d142adb90224076ae98d2df204e0bdca167db4ce005a96dbfc223fa117fa95ea5074a25c11d2be2", - "vendor\/jasig\/phpcas\/composer.json": "a9b5d60380ba88ce870527c0a512be06624904fe182786ebc627c13bec23b3a300cb3d4ac9985a9b25f13287b3b83d4991532065377813e366048ce8f485a3ad", - "vendor\/jasig\/phpcas\/source\/CAS.php": "1a82184ab6447483864c6a50f079ecb64394ee9b67b7a416b2633484459d49b261acf997266eb572f8675d18aac417d90464998aabb850b5c8d8816b878c63d9", - "vendor\/jasig\/phpcas\/source\/CAS\/AuthenticationException.php": "4b4c0c9d14d650f720ce85ab4336c1c8b62cb9c26af8caeaec9d4f7bbced3a8e70102b56321cf229e8f563cd3f4c9d3cb8448f177e539572d71520e639208505", - "vendor\/jasig\/phpcas\/source\/CAS\/Autoload.php": "81bf1f6425e6efebce4712f6dd415d54395d4e875f34efeefe0a05f030c40ecde9f612a3661640cd3d3bb5f8d93f479168062bbd6443d6236af20467dd224edf", - "vendor\/jasig\/phpcas\/source\/CAS\/Client.php": "ab8936dd533d8f75f49f4161cfdf366091a712f95115a892d985a2796fd2fde0169e7139faaeeaf8456645088d57a89e3a69e9cab140b705ffffa091fc152d14", - "vendor\/jasig\/phpcas\/source\/CAS\/CookieJar.php": "8ebc36d9d4874dd49e3b62592f921d2adb0cbe6f0d56b145fd46016a180c73d6e961b8405b5d2437c26b25635ddc041c3225b801b6b630afbcf5e52a32e6b517", - "vendor\/jasig\/phpcas\/source\/CAS\/Exception.php": "de6023e45802c14c9432e52099edba86f635d12d82bce31b6f6cd4fff5071610b8f4f70c62f7a63b4e458aba1961706b5e1109154fa4f00c35d71205915703d0", - "vendor\/jasig\/phpcas\/source\/CAS\/GracefullTerminationException.php": "f0c3b4d386038a6d261361e805f42fd02085bedc25707e56e53e5d08d3cf438ead58f1560f23f418ed31618b96d3319ff1ecdb3d4cea60b8d71c6817b7ccd8c2", - "vendor\/jasig\/phpcas\/source\/CAS\/InvalidArgumentException.php": "91957ff59f0629f12d196c3e083027885bfe940fd500a6856096067881827f35751c173046411746e4d2c44f5dba7622a46568b35ea964a0aab851e44c107ae9", - "vendor\/jasig\/phpcas\/source\/CAS\/Languages\/Catalan.php": "b6a5cd6033251e55252588d3ab543e10b8600653cc7ab141192b4afc210a6dc5a3d92b8aab10e6bcd1c0eaffa743c138ca6c685425671ed09d5c1a950f13ce3b", - "vendor\/jasig\/phpcas\/source\/CAS\/Languages\/ChineseSimplified.php": "e66ca6b39c0b9879bfd446b3b415be3ac275ca9f067d9b06fe8d9f310a3c49c1d6a1f6da39d0cb4fdbf1fc65624dc99a2220126866f63003b8ea6f57c1f660ef", - "vendor\/jasig\/phpcas\/source\/CAS\/Languages\/English.php": "f37c352d8b8fe6fc37ac84f1ce93981574f3f11de4625c5cf684917fe39d23b7e929815e005de5f7586930d304bccd6d74d9726e91ff4d2baec98937cbd38cd3", - "vendor\/jasig\/phpcas\/source\/CAS\/Languages\/French.php": "3d25ba68f786b2b5dfe3c94db48935f30340b71b1a802237a3a9322ad9a8f11e76d45c32e6ee44898f15fad97836a598a7ea4453ed4190d3e7a96f275d0d9d61", - "vendor\/jasig\/phpcas\/source\/CAS\/Languages\/German.php": "4e1aa574278057160fe32ea9524882a9377fa43a9294798d9812f953d875503cc8fa91dbf1b2d7c8832e70ba1433d4f6838747e2bf8a179aedfdc422f4154fd9", - "vendor\/jasig\/phpcas\/source\/CAS\/Languages\/Greek.php": "7ea0e8ae723d36c50284f8f0a595922427d2deb6bf3ccf0b2b1be6b814d1f08b39690aad4bfda436099d6e76a99c4e1d8c4432072655ffc869ec38a700b5ef3d", - "vendor\/jasig\/phpcas\/source\/CAS\/Languages\/Japanese.php": "82dc8a9576511e18a92c41db92c4b495ee2161f295e8d710c07181a513b0a3c48fb654e85ee2a71d5ec4b3c552f852ab94fc7cdd813aabbe0d522e9394a5e09b", - "vendor\/jasig\/phpcas\/source\/CAS\/Languages\/LanguageInterface.php": "7061b74e0568eb6ef8c6279865401e033a8752b3176c873378f61e51864b8833c4edb51d79aa13ccc53d65d65f794ebcffe75aa52908acc1b1c05b9df0349d02", - "vendor\/jasig\/phpcas\/source\/CAS\/Languages\/Spanish.php": "fbfa11a9193905a5f2066bf8d9c944d4f91e619d92ec1f9083be00810759fd981449110e78634cb72b9fee9c6418599cfd610dbd8bfd1ad726ad319b6fe71657", - "vendor\/jasig\/phpcas\/source\/CAS\/OutOfSequenceBeforeAuthenticationCallException.php": "ccb3e4583671947bda5865583edde91fdd18b78472903a96d6f4cb7d42e77cbff2343fda9e5feda9c90fa005e10a58f047322af749ab308b2b171fa2f32a820b", - "vendor\/jasig\/phpcas\/source\/CAS\/OutOfSequenceBeforeClientException.php": "4276db4a3959c301e0edb1b7cbc03eb5f04a6cf3823d939b49b32a16db2192146b9b7fca045b16d1458ed362c48776bbba9f1ae4482fa8f7b1e26e0542f4403e", - "vendor\/jasig\/phpcas\/source\/CAS\/OutOfSequenceBeforeProxyException.php": "ba46b55fdc033e4f7ea522e3efc8ec371c31411ac60805f1441106eff0407ba839b3f66c40fc84e40a997cc8b090fdf67bd731c47db1126da95051f08c11d988", - "vendor\/jasig\/phpcas\/source\/CAS\/OutOfSequenceException.php": "f0e89f005738ec0f51f24e1f27e62c8fe54a8e9b5a5e593089aa7e32ecfcac8f86b7d8de9d2e1061997c32506f2031c3f17161cf30b0d0ae28fce9e2d953093f", - "vendor\/jasig\/phpcas\/source\/CAS\/PGTStorage\/AbstractStorage.php": "da7291b274c0bac58bb68cf479112e2cc8a75f15444edb74bdd3c1335b944737d1ce04fd61ad8853fd3c6b3031d5358eed144bc511f446fb2133ba56ae8643c4", - "vendor\/jasig\/phpcas\/source\/CAS\/PGTStorage\/Db.php": "38b901f0c2c470f616fda540fee22e8d2b5d687e2f369abf458b1608b7c1ced21a7ef80b659994631f6e8973b556ed09a1a8c6e8405c2071c2e3e477f12c5f76", - "vendor\/jasig\/phpcas\/source\/CAS\/PGTStorage\/File.php": "72dcb67416a5faab8444988b98dde40ff540faafbe4c753bf3863ea634e0017d77520dacd71e5a03576aa782492ca98a76dc67be3d9ce7b34b450d22feb8238f", - "vendor\/jasig\/phpcas\/source\/CAS\/ProxiedService.php": "75e35b1f0d53839251ef76f505d4cabe2c8c71d43c193aff8afcbd6bf560457885491b3e70bd8bd06f5d11b2997cf1dea19e5703930f3011f007d306e2b82ac9", - "vendor\/jasig\/phpcas\/source\/CAS\/ProxiedService\/Abstract.php": "c565f0a59f69df19bd5f63e4569977d2dc00262f33a83a6dac23a034bbb983a2d095a91cb150ce4ffbb614e9e6f4c4c4988796e776a3c780448713c0aaac05d5", - "vendor\/jasig\/phpcas\/source\/CAS\/ProxiedService\/Exception.php": "72a22dce80bef56d8f9d6123c348d97d7e0ce29d1a42ae31ed2f8248ded065e62cc57e4fc6a1686dd437a7085b270d9aab0778b6e62bacc98faa62606121e80d", - "vendor\/jasig\/phpcas\/source\/CAS\/ProxiedService\/Http.php": "e973781aab232bde0fa25a582388fc492eede7fbdcd2bb608dc00f665d74b13311ed9ff7b0223646c9c1b1892af5583692bb697e6cdf3352ddf92d4f0c5a4f00", - "vendor\/jasig\/phpcas\/source\/CAS\/ProxiedService\/Http\/Abstract.php": "2d4deeb8a0e2383448a6fba6ae158bce3ea236c339cb2be0cc94712f6252af4d4a1e3a46679d26e5e04a1e03b0285606d3c589c6c73b1fc3ce508a0e688f918d", - "vendor\/jasig\/phpcas\/source\/CAS\/ProxiedService\/Http\/Get.php": "92313d960dc7dcad8359f56bcf9585de61f69502908d290393f0157c585f46ebe9ced660628aa81a82e0fb597ce43ada95346b628d2b44668ae09da16e2677f8", - "vendor\/jasig\/phpcas\/source\/CAS\/ProxiedService\/Http\/Post.php": "7610edf641b244a602717bf9e3fe38bef5cf88a80fdc40196c72070fe3ec0e100181f3c15b286395da5fa63f9c156f056f7e4a1dabcd9570a6c84388377917fa", - "vendor\/jasig\/phpcas\/source\/CAS\/ProxiedService\/Imap.php": "51c9a4bb1c20713e608674e8633c72eae5c447a380fe22d416d61063a84adb1c287f7680b7ee0e59a92eaf7af5ad48bbadc9032190e71ac5f36086d3c46998f7", - "vendor\/jasig\/phpcas\/source\/CAS\/ProxiedService\/Testable.php": "42f5eb8934aa857ac986bd94046dd02d689c16afb20316aa1aac211dd16765ffba510f239fc53025fbd95927918444ec35d726df915b756f08773cb9f069f0de", - "vendor\/jasig\/phpcas\/source\/CAS\/ProxyChain.php": "8c7eae358c80b8f3ee51c7bd852576f1aecae27e1f2f66803cb1ff2b0d1d8ed4e288b2977bbd21bb2b446e1e27da42b2ff16d7ed15f0bbd8190ac776fb6cbb81", - "vendor\/jasig\/phpcas\/source\/CAS\/ProxyChain\/AllowedList.php": "e1084345d8272462b4afc85cf47c4e8b4bb8d1ccd35bd887cbab4b3106753019fb8fa1fed47dee7e2acff49ee10d3ef593ca8a70e8add8426ab7bdc3cfb5fa67", - "vendor\/jasig\/phpcas\/source\/CAS\/ProxyChain\/Any.php": "ab4204a5ea79d46365da65493795b1b1b196c0cae551f5fd6302f6f9e1b114d96b93dbb49273b2738767feccffe5848549683f9f499e19d2dd2fbc9ab78ee901", - "vendor\/jasig\/phpcas\/source\/CAS\/ProxyChain\/Interface.php": "d6ac7744096f9730e35ced5a54fae764edb685924847ca19adee79d8eed894c1f0fbe4f5c46431f363aff73fc1ac651eaafda4602a903d970cb78935ff584653", - "vendor\/jasig\/phpcas\/source\/CAS\/ProxyChain\/Trusted.php": "0897b47cded191ca231458477826ab6a3ae9a57e4401106546999fdc252e9dd8d254c558ef30eb2faad55bf5fd9440fe3ee685ab68deec4e7387587c17cfc2d3", - "vendor\/jasig\/phpcas\/source\/CAS\/ProxyTicketException.php": "c4b85d2537cf2f43a1bb8e54b8b2b5b5262207e52786fc665d601eb3973409748a07fcbee4e9331d86a486459980d4765bd2b8c6183f92bf53ef085f67423213", - "vendor\/jasig\/phpcas\/source\/CAS\/Request\/AbstractRequest.php": "91426294da016130096439e3bed30669b0931d465669ce1dbeed803d88c8f3d976f03b2398cfe3bc5ff8bbb2ad2fa6af5d3831396f49ad40ddf5655566286565", - "vendor\/jasig\/phpcas\/source\/CAS\/Request\/CurlMultiRequest.php": "447473d8e96b305c46364a94869906d3e616bd0d00ee7afa8bdfbc2b0f42b79797a7641f0d319f59fa36faba8f5e8a4800754c02242c9b65613345a96778f782", - "vendor\/jasig\/phpcas\/source\/CAS\/Request\/CurlRequest.php": "ab6af1bd84bf0a88865a0c7a32270d0d1cdb21cff4b5535a72c508c4ec17690b20bed7ef96ce7358d09ae4724059f362f4caf7deb8c137482461fb6432b1b1e0", - "vendor\/jasig\/phpcas\/source\/CAS\/Request\/Exception.php": "b3ecc041203d7a6d0060bae75989fcbd3ba20b78bb59856bab83a7a3cd16d80f136fae43fd0c6d7992c70eb3e17863d747815faab7da4aff71a413c0891c0fc2", - "vendor\/jasig\/phpcas\/source\/CAS\/Request\/MultiRequestInterface.php": "2e613886337d64c1103acf6a4d462373d15f7c1d09cca5c4d776f59ba095da45694547f289768936814e838299a632afdbf8123234d3b0740201243e84ae45f7", - "vendor\/jasig\/phpcas\/source\/CAS\/Request\/RequestInterface.php": "4af4517889e011e850bb08cd3a0cccf2a98c07660b5e5fb45ceb93b8ff80fb92747734b6a6e84edd18351d52682faa4b9b8338ee1739cdbf79639afeae416b38", - "vendor\/jasig\/phpcas\/source\/CAS\/TypeMismatchException.php": "447fad6f345f69ac5a875f8e201b671c44c7bc3524a51b8518343b8f43151bd8fa1a59740007523b3a8a1063621f002a82044402fa2a685c14050301e2add568" - }, - "signature": "bBz\/MsomZ5MkOks1CmHzPKFF5xJtRQ3mEvm83Pzrj0ZNJqvHpUfYVbHA\/hgj7p5jm0cqfwXfcBPW74Utc7+HTQcYXQ6NH6r\/tx3p8ieWRGQtcIFBPUTpVEabjxrcH317re4f14RpfjkImF1Tj\/cEPV8\/r4vCKqkHBPSvELsLFiqBmtKmDYj8PYuHj8jigtWy7jSQ\/jZEs+s7j2QLUcPN2orl2zkIpvgwrawTZpxNPdGD1+PjNgYjYxhf0SJw8UJucxobnTTapNMliyc7ZZ\/CCmjuJ5YDRML3gkNotQcMz9YlHWthMAazh7z8CSC4eLX1TtgAEI8P5pNsextk2Ocu5UAqoVC1baVO8t7iKKV3ZNjafx\/GELkPZPSy+zcQncDLJCxnlz5JG0cFgaeEswuvbn2lK+LeBGzZ8eM\/Fn7WzQobSUuUj2v7uwyEyRahziRD76EsWbaF3OmzXqxaX+07DnNyZoRwdVO9IFMbgoniRQEZeIHNiuc0ibVl9No9PcQ3SZlcdVe+Hpy1y9eszU38CJsGkUTren2ybkRE0zwmhyvwojbbG70xvJ2AhtJVxC7a5tGue+RUR5ta9n2YRLKJfi\/cLWc8nx3LVeEbuRdpR9STme7dteNoV\/ZTdYGSVAmGrRywz+VsPTKCZleF9KPUChVqSWgEnmhzscMnzn77Ias=", - "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIE9TCCAt0CAhBZMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNVBAYTAlVTMQ8wDQYD\r\nVQQIDAZCb3N0b24xFjAUBgNVBAoMDW93bkNsb3VkIEluYy4xNTAzBgNVBAMMLG93\r\nbkNsb3VkIENvZGUgU2lnbmluZyBJbnRlcm1lZGlhdGUgQXV0aG9yaXR5MB4XDTE4\r\nMDYwODEyNDUzNloXDTI4MDYwNTEyNDUzNlowEzERMA8GA1UEAwwIdXNlcl9jYXMw\r\nggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC\/wajCUcV3W4DTwndDDIG2\r\nxLZJm0cY4TI6MTZrAIw46I9m5vnJfwlL9gcRnJlAG4bFtUj9Q5rONeGfMD0qzjCw\r\n8j0a5i8cVV4FCA6TYr0wEArl1fXkGz5bm9Vtc+2VDUETTH3nMmNYEK8GCl61wh8A\r\nF3cdgvRtRMjKJd6Ec4thMx5tMVqp8p\/Z3uwUZCLDABrH1eB+4VLEW91t1sMfxppt\r\nOXiK0AZO1ie05ghCMk3pGl+miRBYyUjVv8KarE6ko\/M3BfJAJMcYXv3L3yapeUyN\r\nzQSqheNM6kqYG5xK7pGUhuLY30beA+Qteia3byfrZj\/lJzgpMF\/e7SNfDkNDVbPc\r\nAcxWBDxqoIFuoknTCS3ADH9YNQZjJd\/NwLKyskc+8DJcE0K7LTdIxxybdmut6dBZ\r\ntRzoKj7jcxKG1bybJ9cnhsqOOGbjQ2OAuRwdsxMlN9WXUjBKqbojaO1ws9RR9i2D\r\n\/SHxzA4kSPbSotNh8kAUrQiE8cUcj4t8wcUvPt7\/shx1Hs\/idORu08kcXBtByfEx\r\nqF2qOqYaoV2fCzwTOnDYwnV8Ru2+hEoL3Wiwvyxv4PycmX+AjueL5UP10+RCbe5L\r\nITBqNg9K6YvLI11bQRXjj9RaiaPqcpXnmwKJfLxrWSky0eizpOGB4Y3IPozcW9RY\r\nERn4kDq+WIriE8XM5vJMOQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQAAWCpiiBFT\r\nkJ0fTMmSRun9v6ua7FJ8PrRTnOVBeFSsOGX7te\/YMSZXM5db66Gkr3yUyv\/MGF26\r\nPagYIpro\/uTwBcaT+ujQQMr5x\/EqB4QL5z5wYKXVbknC5Xx0hqjjwW6zTAiqVUXl\r\nNdZlLUb+7gO2kj\/3fy0CrIEzAw7Tpu5nJy0XkOWcVt7\/cqG7whixafd7hTXfvTEl\r\n3Jl7YaKZuBaQZAgQrb56fkgaa3OXipqakBDuwOYZ1x6LrY\/BkE9C0TJ5sjr41G3E\r\nL2b5tXa5ULRV8HEWYvreTCQT0Z4hQDtIv+SjABF2VDMaA7CSKeN3VlTECdYXG1wm\r\n+Vz1ls3bnOjlcwZK0bm7UUWVn7XhpuNCqfa59fd7zux4ycA1BGGGpTKc\/seNUJsy\r\nPh4Hr0haNRUvSAnoX81VObLdaR40991XOM89oaNVlvdIGVRXXDWx\/xgUw0f4aH4z\r\nwZPOHHCYZdi2wYodkdD6lmaDqOapup5udzjGnIzYE2Wx98GS88CPs7xcKOxn\/4i0\r\n0atAYrAfjU2t9xsptS8yZ25Uqm1Wv1r4GcvNgeN0Bk3KkTyky3nDc5GnI\/5DGv3c\r\nXb1qSoKtgilIIM2ev4TpzuKX\/fSyuHGNmdvbbSx11mZ4frYjmbeLvth2wGmJzfDB\r\nsX3QVjmT5FOfMLnX7lqJaU51smbk0jV2fA==\r\n-----END CERTIFICATE-----" -} \ No newline at end of file diff --git a/js/settings.dev.js b/js/settings.dev.js index 32e059e..2c01c77 100644 --- a/js/settings.dev.js +++ b/js/settings.dev.js @@ -9,10 +9,13 @@ $(document).ready(function () { $("#user_cas #cas_disable_logout").attr("disabled", true); $("#user_cas #cas_disable_logout").prop('checked', false); + + $("#user_cas #cas_force_login_exceptions").attr("disabled", false); } else { $("#user_cas #cas_disable_logout").attr("disabled", false); + $("#user_cas #cas_force_login_exceptions").attr("disabled", true); } }); diff --git a/js/settings.js b/js/settings.js index 4646700..98239e8 100644 --- a/js/settings.js +++ b/js/settings.js @@ -1 +1 @@ -$(document).ready(function(){$("#user_cas #casSettings").tabs();$("#user_cas #cas_force_login").on("change",function(event){if($(this).is(":checked")){$("#user_cas #cas_disable_logout").attr("disabled",true);$("#user_cas #cas_disable_logout").prop("checked",false);}else{$("#user_cas #cas_disable_logout").attr("disabled",false);}});$("#user_cas #cas_disable_logout").on("change",function(event){if($(this).is(":checked")){$("#user_cas #cas_handlelogout_servers").attr("disabled",true);}else{$("#user_cas #cas_handlelogout_servers").attr("disabled",false);}});$("#user_cas #casSettingsSubmit").on("click",function(event){event.preventDefault();var postData=$("#user_cas").serialize();var method=$("#user_cas").attr("method");var url=OC.generateUrl("/apps/user_cas/settings/save");$.ajax({method:method,url:url,data:postData,success:function(data){var notification=OC.Notification.show(data.message);setTimeout(function(){OC.Notification.hide(notification);},5000);},error:function(data){var notification=OC.Notification.show(data.message);setTimeout(function(){OC.Notification.hide(notification);},5000);}});});}); \ No newline at end of file +$(document).ready(function(){$("#user_cas #casSettings").tabs();$("#user_cas #cas_force_login").on("change",function(event){if($(this).is(":checked")){$("#user_cas #cas_disable_logout").attr("disabled",true);$("#user_cas #cas_disable_logout").prop("checked",false);$("#user_cas #cas_force_login_exceptions").attr("disabled",false);}else{$("#user_cas #cas_disable_logout").attr("disabled",false);$("#user_cas #cas_force_login_exceptions").attr("disabled",true);}});$("#user_cas #cas_disable_logout").on("change",function(event){if($(this).is(":checked")){$("#user_cas #cas_handlelogout_servers").attr("disabled",true);}else{$("#user_cas #cas_handlelogout_servers").attr("disabled",false);}});$("#user_cas #casSettingsSubmit").on("click",function(event){event.preventDefault();var postData=$("#user_cas").serialize();var method=$("#user_cas").attr("method");var url=OC.generateUrl("/apps/user_cas/settings/save");$.ajax({method:method,url:url,data:postData,success:function(data){var notification=OC.Notification.show(data.message);setTimeout(function(){OC.Notification.hide(notification);},5000);},error:function(data){var notification=OC.Notification.show(data.message);setTimeout(function(){OC.Notification.hide(notification);},5000);}});});}); \ No newline at end of file diff --git a/l10n/de.js b/l10n/de.js index eccc976..2076a96 100644 --- a/l10n/de.js +++ b/l10n/de.js @@ -14,6 +14,8 @@ OC.L10N.register( "Certification file path (.crt).": "Pfad zur Zertifikatsdatei (.crt).", "Leave empty if you don’t want to validate your CAS server instance": "Nicht ausfüllen, wenn Sie ihren CAS-Server nicht validieren möchten", "Force user login using CAS?": "CAS Login erzwingen?", + "Don’t use force login on these client-IPs": "Login bei diesen Client-IPs nicht erzwingen", + "Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if \"Force user login\" is enabled (e.g. 192.168.1.1/254,192.168.2.5)": "Kommagetrennte Liste an Client-IP-Adressen (oder Adressräumen), die nicht zum Login gezwungen werden, wenn \"CAS Login erzwingen\" aktiviert ist (z.B: 192.168.1.1/254,192.168.2.5)", "Disable CAS logout (do only OwnCloud logout)": "CAS Logout deaktivieren (nur bei Owncloud ausloggen)", "Logout Servers": "Logout Server", "Comma separated list of servers which can send logout requests (leave empty if you do not want to restrict logout to defined servers)": "Kommagetrennte Liste an Servern, die Logout-Requests an ihren CAS-Server senden dürfen (Nicht ausfüllen, wenn Sie Logouts nicht beschränken möchten)", diff --git a/l10n/de.json b/l10n/de.json index 795ebe9..1c4495f 100644 --- a/l10n/de.json +++ b/l10n/de.json @@ -14,6 +14,8 @@ "Leave empty if you don’t want to validate your CAS server instance": "Nicht ausfüllen, wenn Sie ihren CAS-Server nicht validieren möchten", "Force user login using CAS?": "CAS Login erzwingen?", "Disable CAS logout (do only OwnCloud logout)": "CAS Logout deaktivieren (nur bei Owncloud ausloggen)", + "Don’t use force login on these client-IPs": "Login bei diesen Client-IPs nicht erzwingen", + "Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if \"Force user login\" is enabled (e.g. 192.168.1.1/254,192.168.2.5)": "Kommagetrennte Liste an Client-IP-Adressen (oder Adressräumen), die nicht zum Login gezwungen werden, wenn \"CAS Login erzwingen\" aktiviert ist (z.B: 192.168.1.1/254,192.168.2.5)", "Logout Servers": "Logout Server", "Comma separated list of servers which can send logout requests (leave empty if you do not want to restrict logout to defined servers)": "Kommagetrennte Liste an Servern, die Logout-Requests an ihren CAS-Server senden dürfen (Nicht ausfüllen, wenn Sie Logouts nicht beschränken möchten)", "Autocreate user after first CAS login?": "Benutzer nach erstem CAS Login automatisch erstellen?", diff --git a/l10n/de/user_cas.po b/l10n/de/user_cas.po index b1fde32..2650b12 100644 --- a/l10n/de/user_cas.po +++ b/l10n/de/user_cas.po @@ -68,6 +68,14 @@ msgstr "Nicht ausfüllen, wenn Sie ihren CAS-Server nicht validieren möchten" msgid "Force user login using CAS?" msgstr "CAS Login erzwingen?" +#: templates/admin.php:58 +msgid "Don’t use force login on these client-IPs" +msgstr "Login bei diesen Client-IPs nicht erzwingen" + +#: templates/admin.php:58 +msgid "Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if \"Force user login\" is enabled (e.g. 192.168.1.1/254,192.168.2.5)" +msgstr "Kommagetrennte Liste an Client-IP-Adressen (oder Adressräumen), die nicht zum Login gezwungen werden, wenn \"CAS Login erzwingen\" aktiviert ist (z.B: 192.168.1.1/254,192.168.2.5)" + #: templates/admin.php:60 msgid "Disable CAS logout (do only OwnCloud logout)" msgstr "CAS Logout deaktivieren (nur bei Owncloud ausloggen)" diff --git a/l10n/fr.js b/l10n/fr.js index 153119e..13b9ff1 100644 --- a/l10n/fr.js +++ b/l10n/fr.js @@ -13,6 +13,9 @@ OC.L10N.register( "Service URL": "URL du service", "Certification file path (.crt).": "Chemin du fichier de certification (.crt).", "Leave empty if you don’t want to validate your CAS server instance": "Laissez vide si vous ne voulez pas valider votre instance de serveur CAS", + "Force user login using CAS?": "Forcer la connexion de l'utilisateur en utilisant CAS?", + "Don’t use force login on these client-IPs": "N'utilisez pas la connexion forcée sur ces adresses IP client", + "Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if \"Force user login\" is enabled (e.g. 192.168.1.1/254,192.168.2.5)": "Liste des adresses IP (ou plages d'adresses) séparées par des virgules, qui ne sera pas obligée de se connecter si \"Forcer la connexion utilisateur\" est activé (par exemple 192.168.1.1/254, 192.168.2.5)", "Disable CAS logout (do only OwnCloud logout)": "Désactiver la déconnexion CAS (déconnexion d'Owncloud uniquement)", "Logout Servers": "Serveurs de déconnexion", "Comma separated list of servers which can send logout requests (leave empty if you do not want to restrict logout to defined servers)": "Liste des serveurs séparés par des virgules pouvant envoyer des demandes de déconnexion (laissez vide si vous ne souhaitez pas limiter la déconnexion aux serveurs définis)", diff --git a/l10n/fr.json b/l10n/fr.json index 125fb6a..0d5b092 100644 --- a/l10n/fr.json +++ b/l10n/fr.json @@ -12,6 +12,9 @@ "Service URL": "URL du service", "Certification file path (.crt).": "Chemin du fichier de certification (.crt).", "Leave empty if you don’t want to validate your CAS server instance": "Laissez vide si vous ne voulez pas valider votre instance de serveur CAS", + "Force user login using CAS?": "Forcer la connexion de l'utilisateur en utilisant CAS?", + "Don’t use force login on these client-IPs": "N'utilisez pas la connexion forcée sur ces adresses IP client", + "Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if \"Force user login\" is enabled (e.g. 192.168.1.1/254,192.168.2.5)": "Liste des adresses IP (ou plages d'adresses) séparées par des virgules, qui ne sera pas obligée de se connecter si \"Forcer la connexion utilisateur\" est activé (par exemple 192.168.1.1/254, 192.168.2.5)", "Disable CAS logout (do only OwnCloud logout)": "Désactiver la déconnexion CAS (déconnexion d'Owncloud uniquement)", "Logout Servers": "Serveurs de déconnexion", "Comma separated list of servers which can send logout requests (leave empty if you do not want to restrict logout to defined servers)": "Liste des serveurs séparés par des virgules pouvant envoyer des demandes de déconnexion (laissez vide si vous ne souhaitez pas limiter la déconnexion aux serveurs définis)", diff --git a/l10n/fr/user_cas.po b/l10n/fr/user_cas.po index 8de6601..2b0d982 100644 --- a/l10n/fr/user_cas.po +++ b/l10n/fr/user_cas.po @@ -66,7 +66,15 @@ msgstr "Laissez vide si vous ne voulez pas valider votre instance de serveur CAS #: templates/admin.php:54 msgid "Force user login using CAS?" -msgstr "" +msgstr "Forcer la connexion de l'utilisateur en utilisant CAS?" + +#: templates/admin.php:58 +msgid "Don’t use force login on these client-IPs" +msgstr "N'utilisez pas la connexion forcée sur ces adresses IP client" + +#: templates/admin.php:58 +msgid "Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if \"Force user login\" is enabled (e.g. 192.168.1.1/254,192.168.2.5)" +msgstr "Liste des adresses IP (ou plages d'adresses) séparées par des virgules, qui ne sera pas obligée de se connecter si \"Forcer la connexion utilisateur\" est activé (par exemple 192.168.1.1/254, 192.168.2.5)" #: templates/admin.php:60 msgid "Disable CAS logout (do only OwnCloud logout)" diff --git a/l10n/templates/user_cas.pot b/l10n/templates/user_cas.pot index e0d5d70..960336e 100644 --- a/l10n/templates/user_cas.pot +++ b/l10n/templates/user_cas.pot @@ -69,6 +69,14 @@ msgstr "" msgid "Force user login using CAS?" msgstr "" +#: templates/admin.php:58 +msgid "Don’t use force login on these client-IPs" +msgstr "" + +#: templates/admin.php:58 +msgid "Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if \"Force user login\" is enabled (e.g. 192.168.1.1/254,192.168.2.5)" +msgstr "" + #: templates/admin.php:60 msgid "Disable CAS logout (do only OwnCloud logout)" msgstr "" diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php index 8e6e47d..dff55a2 100644 --- a/lib/Controller/SettingsController.php +++ b/lib/Controller/SettingsController.php @@ -94,6 +94,7 @@ public function __construct($appName, IRequest $request, IConfig $config, IL10N * @param string $cas_ecas_retrieve_groups * @param string $cas_ecas_assurance_level * @param string $cas_access_group_quotas + * @param string $cas_force_login_exceptions * @param string|null $cas_ecas_attributeparserenabled * @param string|null $cas_ecas_request_full_userdetails * @param string|null $cas_force_login @@ -105,7 +106,7 @@ public function __construct($appName, IRequest $request, IConfig $config, IL10N */ public function saveSettings($cas_server_version, $cas_server_hostname, $cas_server_port, $cas_server_path, $cas_protected_groups, $cas_default_group, $cas_email_mapping, $cas_displayName_mapping, $cas_group_mapping, $cas_cert_path, $cas_debug_file, $cas_php_cas_path, $cas_service_url, $cas_handlelogout_servers, - $cas_access_allow_groups, $cas_ecas_accepted_strengths, $cas_ecas_retrieve_groups, $cas_ecas_assurance_level, $cas_access_group_quotas, + $cas_access_allow_groups, $cas_ecas_accepted_strengths, $cas_ecas_retrieve_groups, $cas_ecas_assurance_level, $cas_access_group_quotas, $cas_force_login_exceptions, $cas_ecas_attributeparserenabled = NULL, $cas_ecas_request_full_userdetails = NULL, $cas_force_login = NULL, $cas_autocreate = NULL, $cas_update_user_data = NULL, $cas_link_to_ldap_backend = NULL, $cas_disable_logout = NULL) { @@ -116,6 +117,7 @@ public function saveSettings($cas_server_version, $cas_server_hostname, $cas_ser $this->config->setAppValue($this->appName, 'cas_server_port', $cas_server_port, '443'); $this->config->setAppValue($this->appName, 'cas_server_path', $cas_server_path, '/cas'); + $this->config->setAppValue($this->appName, 'cas_force_login_exceptions', $cas_force_login_exceptions); $this->config->setAppValue($this->appName, 'cas_protected_groups', $cas_protected_groups); $this->config->setAppValue($this->appName, 'cas_default_group', $cas_default_group); $this->config->setAppValue($this->appName, 'cas_access_allow_groups', $cas_access_allow_groups); diff --git a/lib/Panels/Admin.php b/lib/Panels/Admin.php index 67a41fe..32529b2 100644 --- a/lib/Panels/Admin.php +++ b/lib/Panels/Admin.php @@ -43,7 +43,7 @@ class Admin implements ISettings /** * @var array */ - private $params = array('cas_server_version', 'cas_server_hostname', 'cas_server_port', 'cas_server_path', 'cas_force_login', 'cas_autocreate', + private $params = array('cas_server_version', 'cas_server_hostname', 'cas_server_port', 'cas_server_path', 'cas_force_login', 'cas_force_login_exceptions','cas_autocreate', 'cas_update_user_data', 'cas_protected_groups', 'cas_default_group', 'cas_ecas_attributeparserenabled', 'cas_email_mapping', 'cas_displayName_mapping', 'cas_group_mapping', 'cas_cert_path', 'cas_debug_file', 'cas_php_cas_path', 'cas_link_to_ldap_backend', 'cas_disable_logout', 'cas_handlelogout_servers', 'cas_service_url', 'cas_access_allow_groups', 'cas_access_group_quotas', 'cas_ecas_accepted_strengths', 'cas_ecas_retrieve_groups','cas_ecas_request_full_userdetails', 'cas_ecas_assurance_level'); @@ -72,7 +72,7 @@ public function getSectionID() } /** - * @see Nextcloud 12 support + * @see Nextcloud 13 support * * @return string * @@ -80,7 +80,7 @@ public function getSectionID() */ public function getSection() { - return 'additional'; + return 'security'; } /** @@ -112,7 +112,7 @@ public function getPanel() } /** - * @see Nextcloud 12 support + * @see Nextcloud 13 support * * @return TemplateResponse * diff --git a/lib/Service/AppService.php b/lib/Service/AppService.php index 58ca012..d9e7efa 100644 --- a/lib/Service/AppService.php +++ b/lib/Service/AppService.php @@ -428,20 +428,60 @@ public function init() /** * Check if login should be enforced using user_cas. * + * @param $remoteAddress * @return bool TRUE|FALSE */ - public function isEnforceAuthentication() + public function isEnforceAuthentication($remoteAddress) { + $isEnforced = TRUE; + + $forceLoginExceptions = $this->config->getAppValue($this->appName, 'cas_force_login_exceptions', ''); + $forceLoginExceptionsArray = explode(',', $forceLoginExceptions); + + # Enforce off if ($this->config->getAppValue($this->appName, 'cas_force_login') !== '1') { - return FALSE; + + $isEnforced = FALSE; + } else { + + # Check enforce IP ranges + foreach ($forceLoginExceptionsArray as $forceLoginException) { + + $forceLoginExceptionRanges = explode('/', $forceLoginException); + + if (isset($forceLoginExceptionRanges[0])) { + + $baseIp = substr($forceLoginExceptionRanges[0], 0, strrpos($forceLoginExceptionRanges[0], ".")); + + $startingIp = intval(substr($forceLoginExceptionRanges[0], strrpos($forceLoginExceptionRanges[0], ".")+1, strlen($forceLoginExceptionRanges[0]))); + $endingIp = $startingIp; + + if (isset($forceLoginExceptionRanges[1])) { + + $endingIp = intval($forceLoginExceptionRanges[1]); + } + + for ($ip = $startingIp; $ip <= $endingIp; $ip++) { + + if ($remoteAddress === $baseIp . "." . $ip) { + + $isEnforced = FALSE; + + $this->loggingService->write(\OCP\Util::DEBUG, "phpCAS Enforce Login NOT triggered. Base Address: " . $baseIp . " | Starting IP: " . $startingIp . " | Ending IP: " . $endingIp . " | Remote Address: " . $remoteAddress); + } + } + } + } } + # User already logged in if ($this->userSession->isLoggedIn()) { - return FALSE; + + $isEnforced = FALSE; } - return TRUE; + return $isEnforced; } /** diff --git a/templates/admin.php b/templates/admin.php index 2215513..be919d8 100644 --- a/templates/admin.php +++ b/templates/admin.php @@ -79,6 +79,14 @@ class="csh">t('Leave empty if you don’t want to validate your CAS

+

+ /> + t('Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if "Force user login" is enabled (e.g. 192.168.1.1/254,192.168.2.5)')) ?> +

>