Lemonldap-NG-Manager
5 results

 view release on metacpan or  search on metacpan

lib/Lemonldap/NG/Manager/Conf/Tests.pm  view on Meta::CPAN 

            return 1;
        },

        # Work around for #1740
        corruptApplicationConfig => sub {
            for my $cat ( keys %{ $conf->{applicationList} || {} } ) {
                if ( ref( $conf->{applicationList}->{$cat} ) eq "HASH" ) {
                    for my $app (
                        keys %{ $conf->{applicationList}->{$cat} || {} } )
                    {
                        if (
                            ref( $conf->{applicationList}->{$cat}->{$app} ) eq
                            "HASH"
                            and
                            $conf->{applicationList}->{$cat}->{$app}->{type} eq
                            "menuApp" )
                        {
                            return ( 0,
                                    'Error saving application list.'
                                  . ' Reload the manager and try again' );
                        }
                    }
                }
            }
            return 1;
        },

# Warn if both oidcRPMetaDataOptionsJwks and oidcRPMetaDataOptionsJwksUri is set
        noJwksDuplication => sub {
            return 1
              unless $conf->{oidcRPMetaDataOptions}
              and ref $conf->{oidcRPMetaDataOptions};
            my @pb;
            for my $rp ( keys %{ $conf->{oidcRPMetaDataOptions} } ) {
                push @pb, $rp
                  if $conf->{oidcRPMetaDataOptions}->{$rp}
                  ->{oidcRPMetaDataOptionsJwks}
                  and $conf->{oidcRPMetaDataOptions}->{$rp}
                  ->{oidcRPMetaDataOptionsJwksUri};
            }
            return 1 unless @pb;
            return ( 1,
                "JWKS URI defined while JWKS document is fixed: "
                  . join( ', ', @pb ) );
        },

# If oidcRPMetaDataOptionsAuthRequiredForAuthorize is set, oidcRPMetaDataOptionsAuthMethod should be compatible
        oidcCompatAuth => sub {
            return 1
              unless $conf->{oidcRPMetaDataOptions}
              and ref $conf->{oidcRPMetaDataOptions};
            my @pb;
            for my $rp ( keys %{ $conf->{oidcRPMetaDataOptions} } ) {
                push @pb, $rp
                  if $conf->{oidcRPMetaDataOptions}->{$rp}
                  ->{oidcRPMetaDataOptionsAuthRequiredForAuthorize}
                  and $conf->{oidcRPMetaDataOptions}->{$rp}
                  ->{oidcRPMetaDataOptionsAuthMethod}
                  and $conf->{oidcRPMetaDataOptions}->{$rp}
                  ->{oidcRPMetaDataOptionsAuthMethod} !~
                  /^(?:client_secret|private_key)_jwt$/;
            }
            return 1 unless @pb;
            return ( 1,
                    'Incompatible required authentication methods in RP '
                  . '(only client_secret_jwt and private_key_jwt are allowed '
                  . 'when authentication is required on authorization endpoint: '
                  . join( ', ', @pb ) );
        },

        # Test password length policy if enabled
        ppMaxSizeGreaterThanMinSize => sub {
            return ( 1,
                'Password maximum size should be greater than minimal size' )
              if ( (
                    $conf->{passwordPolicyMinSize} >=
                    $conf->{passwordPolicyMaxSize}
                )
                and $conf->{passwordPolicyMaxSize}
                and $conf->{passwordPolicyActivation}
              );
            return 1;
        },

        # Test password minimal size policy if enabled
        ppMinSize => sub {
            my $total;
            foreach (qw(Lower Upper Digit SpeChar)) {
                $total += $conf->{"passwordPolicyMin$_"}
                  if $conf->{"passwordPolicyMin$_"} > 0;
            }
            return ( 1,
'Password minimal size should be greater than total of minimal sizes'
              )
              if (  ( $conf->{passwordPolicyMinSize} < $total )
                and $conf->{passwordPolicyMinSize}
                and $conf->{passwordPolicyActivation} );
            return 1;
        },
        accessTokenConsistency => sub {
            return 1
              unless $conf->{issuerDBOpenIDConnectActivation};
            my @pb;
            foreach my $rp ( keys %{ $conf->{oidcRPMetaDataOptions} || {} } ) {
                my $opts = $conf->{oidcRPMetaDataOptions}->{$rp};
                push @pb, $rp
                  if $opts->{oidcRPMetaDataOptionsAccessTokenClaims}
                  and not $opts->{oidcRPMetaDataOptionsAccessTokenJWT};
            }
            return 1 unless @pb;
            return ( 0,
                'access_token cannot be opaque with claims in access_token ('
                  . join( ', ', @pb )
                  . ')' );
        },
        oidcNoneConsistency => sub {
            my @pb;
            return 1 unless $conf->{oidcServiceMetaDataDisallowNoneAlg};
            foreach my $rp ( keys %{ $conf->{oidcRPMetaDataOptions} || {} } ) {
                my $opts = $conf->{oidcRPMetaDataOptions}->{$rp};
                push @pb, $rp
                  if $opts->{oidcRPMetaDataOptionsIDTokenSignAlg} eq 'none'
                  or $opts->{oidcRPMetaDataOptionsUserInfoSignAlg} eq 'none';
            }
            return 1 unless @pb;
            return ( 1,



( run in 2.244 seconds using v1.01-cache-2.11-cpan-98e64b0badf )