From 70668580fd3d97f134a12ff44d280c44dee0c7bb Mon Sep 17 00:00:00 2001 From: Luc Didry Date: Mar 19 2022 17:21:47 +0000 Subject: 🔀 Merge branch 'development' --- diff --git a/cpanfile b/cpanfile index ca248b3..ec11257 100644 --- a/cpanfile +++ b/cpanfile @@ -7,7 +7,7 @@ requires 'Mojolicious::Plugin::GzipStatic'; requires 'Mojolicious::Plugin::StaticCache'; requires 'Mojolicious::Plugin::CSPHeader', '>= 0.06'; requires 'Mojolicious::Plugin::FiatTux::Helpers', '== 0.12', url => 'https://framagit.org/fiat-tux/mojolicious/fiat-tux/mojolicious-plugin-fiattux-helpers/-/archive/0.12/mojolicious-plugin-fiattux-helpers-0.12.tar.gz'; -requires 'Mojolicious::Plugin::FiatTux::GrantAccess', '== 0.07', url => 'https://framagit.org/fiat-tux/mojolicious/fiat-tux/mojolicious-plugin-fiattux-grantaccess/-/archive/0.07/mojolicious-plugin-fiattux-grantaccess-0.07.tar.gz'; +requires 'Mojolicious::Plugin::FiatTux::GrantAccess', '== 0.08', url => 'https://framagit.org/fiat-tux/mojolicious/fiat-tux/mojolicious-plugin-fiattux-grantaccess/-/archive/0.08/mojolicious-plugin-fiattux-grantaccess-0.08.tar.gz'; requires 'Mojolicious::Plugin::FiatTux::Themes', '== 0.02', url => 'https://framagit.org/fiat-tux/mojolicious/fiat-tux/mojolicious-plugin-fiattux-themes/-/archive/0.02/mojolicious-plugin-fiattux-themes-0.02.tar.gz'; requires 'Filesys::DiskUsage'; requires 'Switch'; @@ -43,6 +43,9 @@ feature 'htpasswd', 'Htpasswd authentication support' => sub { requires 'Apache::Htpasswd'; requires 'Mojolicious::Plugin::Authentication'; }; +feature 'auth_headers', 'Header authentication support' => sub { + requires 'Mojolicious::Plugin::Authentication'; +}; feature 'postgresql', 'PostgreSQL support' => sub { requires 'Mojo::Pg'; requires 'Mojolicious::Plugin::PgURLHelper'; diff --git a/lib/Lufi.pm b/lib/Lufi.pm index a480979..b8d3c8e 100644 --- a/lib/Lufi.pm +++ b/lib/Lufi.pm @@ -124,7 +124,7 @@ sub startup { ->to('Misc#change_lang') ->name('lang'); - if (defined $self->config('ldap') || defined $self->config('htpasswd')) { + if (defined $self->config('ldap') || defined $self->config('htpasswd') || defined $self->config('auth_headers')) { # Login page $r->get('/login') ->to('Auth#login_page'); @@ -138,7 +138,7 @@ sub startup { ->to('Auth#log_out') ->name('logout'); - if (defined $self->config('ldap') && defined $self->config('invitations')) { + if ((defined $self->config('ldap') || defined $self->config('auth_headers')) && defined $self->config('invitations')) { # Invitation creation page $r->get('/invite') ->name('invite') diff --git a/lib/Lufi/Controller/Auth.pm b/lib/Lufi/Controller/Auth.pm index 9913cad..af602b8 100644 --- a/lib/Lufi/Controller/Auth.pm +++ b/lib/Lufi/Controller/Auth.pm @@ -9,10 +9,21 @@ sub login_page { if ($c->is_user_authenticated) { $c->redirect_to('/'); } else { - $c->render( - template => 'login', - redirect => $redirect - ); + if ($c->config('auth_headers')) { + if($c->authenticate('dummy', 'dummy')) { + if ($redirect eq 'invite') { + return $c->redirect_to('invite'); + } elsif ($redirect eq 'my_invitations') { + return $c->redirect_to('invite_list'); + } + return $c->redirect_to('/'); + } + } else { + $c->render( + template => 'login', + redirect => $redirect + ); + } } } diff --git a/lib/Lufi/Controller/Misc.pm b/lib/Lufi/Controller/Misc.pm index be2b9a1..3a908a3 100644 --- a/lib/Lufi/Controller/Misc.pm +++ b/lib/Lufi/Controller/Misc.pm @@ -8,7 +8,7 @@ use Lufi::DB::File; sub index { my $c = shift; - if ((!defined($c->config('ldap')) && !defined($c->config('htpasswd'))) || $c->is_user_authenticated) { + if ((!defined($c->config('ldap')) && !defined($c->config('htpasswd')) && !defined($c->config('auth_headers'))) || $c->is_user_authenticated) { $c->render(template => 'index'); } else { $c->redirect_to('login'); @@ -56,7 +56,7 @@ sub config_infos { force_burn_after_reading => $c->config('force_burn_after_reading'), keep_ip_during => $c->config('keep_ip_during'), stop_upload => (-f 'stop-upload' || -f 'stop-upload.manual') ? true : false, - need_authentication => (defined($c->config('ldap')) || defined($c->config('htpasswd'))) ? true : false, + need_authentication => (defined($c->config('ldap')) || defined($c->config('htpasswd')) || defined($c->config('auth_headers'))) ? true : false, version => $c->git_version } ); diff --git a/lufi.conf.template b/lufi.conf.template index b7401b4..2b71b03 100644 --- a/lufi.conf.template +++ b/lufi.conf.template @@ -299,6 +299,28 @@ # See 'man htpasswd' to know how to create such file #htpasswd => 'lufi.passwd', + ############################ + # HTTP header authentication + ############################ + + # Set `auth_headers` if you want to use HTTP header auth. + # Typically, these headers are set by a reverse-proxy + # acting as an authentication server. Useful for SSO. + # `auth_headers` should contains the user's username. + # + # /!\ LUFI BLINDLY TRUSTS THESE HEADERS + # /!\ IT'S UP TO YOU TO SANITIZE INCOMING HEADERS TO SECURE YOUR INSTANCE + # + #auth_headers => 'X-AUTH-PREFERRED-USERNAME', + #auth_headers_map_value => { + # # Like ldap_map_attr but for headers + # displayname => 'X-AUTH-DISPLAYNAME', + # firstname => 'X-AUTH-GIVENNAME', + # lastname => 'X-AUTH-LASTNAME', + # mail => 'X-AUTH-EMAIL' + #}, + + ####################### # HTTP Headers settings ####################### diff --git a/themes/default/lib/Lufi/I18N/es.po b/themes/default/lib/Lufi/I18N/es.po index cfde1bd..5f9fd13 100644 --- a/themes/default/lib/Lufi/I18N/es.po +++ b/themes/default/lib/Lufi/I18N/es.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: YEAR-MO-DA HO:MI+ZONE\n" -"PO-Revision-Date: 2021-11-27 06:45+0000\n" +"PO-Revision-Date: 2022-03-04 11:01+0000\n" "Last-Translator: Berto Te \n" "Language-Team: Spanish \n" @@ -16,7 +16,7 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -"X-Generator: Weblate 4.9.1\n" +"X-Generator: Weblate 4.10.1\n" #. ($delay) #. (max_delay) @@ -513,7 +513,7 @@ msgstr "Saludos." #: themes/default/templates/layouts/default.html.ep:31 themes/default/templates/layouts/default.html.ep:64 msgid "Report file" -msgstr "Archivo de informe" +msgstr "Denunciar archivo" #: themes/default/templates/invitations/my_invitations.html.ep:15 msgid "Resend invitation mail" diff --git a/themes/default/templates/layouts/default.html.ep b/themes/default/templates/layouts/default.html.ep index b269f00..3e589de 100644 --- a/themes/default/templates/layouts/default.html.ep +++ b/themes/default/templates/layouts/default.html.ep @@ -29,10 +29,10 @@
  • <%= l('Report file') %>
    • - % if ((!defined(config('ldap')) && !defined(config('htpasswd'))) || is_user_authenticated()) { + % if ((!defined(config('ldap')) && !defined(config('htpasswd')) && !defined(config('auth_headers'))) || is_user_authenticated()) { ><%= l('Upload files') %> ><%= l('My files') %> - % if (defined config('ldap') && defined config('invitations')) { + % if ((defined config('ldap') || defined config('auth_headers')) && defined config('invitations')) { ><%= l('Invite a guest') %> ><%= l('My invitations') %> % } @@ -84,7 +84,7 @@ ><%= l('About') %> - % if ((defined(config('ldap')) || defined(config('htpasswd'))) && is_user_authenticated()) { + % if ((defined(config('ldap')) || defined(config('htpasswd')) || defined(config('auth_headers'))) && is_user_authenticated()) {
  • %= csrf_field