diff --git a/lib/AccountManager/WebRequest.pm b/lib/AccountManager/WebRequest.pm
index 5b2a270078bc28c298bf44f2ad4ace5ef43497e3..35c4e8c7d13db046035d47365b317705c32b7629 100644
--- a/lib/AccountManager/WebRequest.pm
+++ b/lib/AccountManager/WebRequest.pm
@@ -26,7 +26,7 @@ my $domains_regex = '[\w\.\-]+(,[\w\.\-]+)*';
my %format = (
## URL
#'attributeauthority' => $url_regex,
- 'sp_entityid' => $urn_or_url_regex,
+ 'entityid' => $urn_or_url_regex,
);
my %actions = (
@@ -101,10 +101,10 @@ sub run {
# register needed parameters
$self->{in} = {
- email_address => $parameters{email_address},
- style => $parameters{style},
- sp_entityid => $parameters{sp_entityid},
- authentication_token => $parameters{authentication_token}
+ email => $parameters{email},
+ style => $parameters{style},
+ entityid => $parameters{entityid},
+ token => $parameters{token}
};
}
@@ -201,20 +201,20 @@ sub req_account_wizard {
}
## Select a Service Provider and return metadata sctucture for the SP
-## Sample URL : https://dev-edugain.renater.fr/accountmanager?action=select_sp&sp_entityid=http%3A%2F%2Fsp.lat.csc.fi
+## Sample URL : https://dev-edugain.renater.fr/accountmanager?action=select_sp&entityid=http%3A%2F%2Fsp.lat.csc.fi
sub req_select_sp {
my ($self) = @_;
- unless ($self->{in}->{sp_entityid}) {
- push @{ $self->{out}->{errors} }, "missing_sp_entityid";
- $self->{logger}->error("Missing parameter sp_entityid");
+ unless ($self->{in}->{entityid}) {
+ push @{ $self->{out}->{errors} }, "missing_entityid";
+ $self->{logger}->error("Missing parameter entityid");
$self->respond();
}
# Create a persistent service provider object
my $provider = AccountManager::Service->new(
db => $self->{db},
- entityid => $self->{in}->{sp_entityid}
+ entityid => $self->{in}->{entityid}
);
if ($provider->load(speculative => 1)) {
@@ -234,11 +234,11 @@ sub req_select_sp {
$self->respond();
}
- my $sps = $metadata->parse(id => $self->{in}->{sp_entityid});
+ my $sps = $metadata->parse(id => $self->{in}->{entityid});
if (!@$sps) {
push @{ $self->{out}->{errors} }, "no_such_entity";
$self->{logger}->errorf(
- "No such SP '%s' in metadata", $self->{in}->{sp_entityid}
+ "No such SP '%s' in metadata", $self->{in}->{entityid}
);
$self->respond();
}
@@ -258,7 +258,7 @@ sub req_select_sp {
}
# override metadata contacts if needed
- my $entity = $self->{in}->{sp_entityid};
+ my $entity = $self->{in}->{entityid};
my $contacts =
$self->{configuration}->{$entity}->{contacts} ||
$self->{configuration}->{service}->{contacts};
@@ -279,35 +279,35 @@ sub req_select_sp {
}
## Generate an authentication token to validate an email address
-## Sample call : dev-edugain.renater.fr/accountmanager?action=generate_token&style=nobanner&sp_entityid=https%3A%2F%2Fsourcesup.cru.fr%2Fshibboleth&email_address=support%40renater.fr
+## Sample call : dev-edugain.renater.fr/accountmanager?action=generate_token&style=nobanner&entityid=https%3A%2F%2Fsourcesup.cru.fr%2Fshibboleth&email=support%40renater.fr
sub req_generate_token {
my ($self) = @_;
- unless ($self->{in}->{sp_entityid}) {
- push @{ $self->{out}->{errors} }, "missing_sp_entityid";
- $self->{logger}->error("Missing parameter sp_entityid");
+ unless ($self->{in}->{entityid}) {
+ push @{ $self->{out}->{errors} }, "missing_entityid";
+ $self->{logger}->error("Missing parameter entityid");
$self->respond();
}
- unless ($self->{in}->{email_address}) {
- push @{ $self->{out}->{errors} }, "missing_email_address";
- $self->{logger}->error("Missing parameter email_address");
+ unless ($self->{in}->{email}) {
+ push @{ $self->{out}->{errors} }, "missing_email";
+ $self->{logger}->error("Missing parameter email");
$self->respond();
}
my $provider = AccountManager::Service->new(
db => $self->{db},
- entityid => $self->{in}->{sp_entityid},
+ entityid => $self->{in}->{entityid},
);
unless ($provider->load(speculative => 1)) {
push @{ $self->{out}->{errors} }, "no_such_entity";
- $self->{logger}->errorf("No such SP '%s' in database", $self->{in}->{sp_entityid});
+ $self->{logger}->errorf("No such SP '%s' in database", $self->{in}->{entityid});
$self->respond();
}
# override metadata contacts if needed
- my $entity = $self->{in}->{sp_entityid};
+ my $entity = $self->{in}->{entityid};
my $contacts =
$self->{configuration}->{$entity}->{contacts} ||
$self->{configuration}->{service}->{contacts};
@@ -321,14 +321,14 @@ sub req_generate_token {
}
}
- ## Check that email_address is a known contact for this SP
- unless ($provider->is_contact($self->{in}->{email_address}))
+ ## Check that email is a known contact for this SP
+ unless ($provider->is_contact($self->{in}->{email}))
{
push @{ $self->{out}->{errors} }, "internal";
$self->{logger}->errorf(
"Requested a token for %s for an unautorized address '%s'",
- $self->{in}->{sp_entityid},
- $self->{in}->{email_address}
+ $self->{in}->{entityid},
+ $self->{in}->{email}
);
$self->respond();
}
@@ -336,8 +336,8 @@ sub req_generate_token {
# delete any previous token for the same email/service couple
my $old_token = AccountManager::Token->new(
db => $self->{db},
- email_address => $self->{in}->{email_address},
- sp_entityid => $self->{in}->{sp_entityid}
+ email_address => $self->{in}->{email},
+ sp_entityid => $self->{in}->{entityid}
);
if ($old_token->load(speculative => 1)) {
@@ -356,11 +356,11 @@ sub req_generate_token {
$self->{configuration}->{_}->{tokens_validity_period};
my $token = AccountManager::Token->new(
db => $self->{db},
- email_address => $self->{in}->{email_address},
- sp_entityid => $self->{in}->{sp_entityid},
+ email_address => $self->{in}->{email},
+ sp_entityid => $self->{in}->{entityid},
creation_date => DateTime->now(),
expiration_date => DateTime->now()->add(hours => $validity_period),
- token => AccountManager::Tools::generate_token()
+ token => AccountManager::Tools::generate_secret(20)
);
unless ($token->save()) {
@@ -369,12 +369,12 @@ sub req_generate_token {
$self->respond();
}
- $self->{out}->{email_address} = $self->{in}->{email_address};
- $self->{out}->{sp_entityid} = $self->{in}->{sp_entityid};
- $self->{out}->{subtitle} = 'Generate an authentication token';
+ $self->{out}->{email} = $self->{in}->{email};
+ $self->{out}->{entityid} = $self->{in}->{entityid};
+ $self->{out}->{subtitle} = 'Generate an authentication token';
my $sender = $self->{configuration}->{_}->{notice_from};
- my $recipient = $self->{in}->{email_address};
+ my $recipient = $self->{in}->{email};
my $sendmail = $self->{configuration}->{_}->{sendmail_path} ||
'/usr/sbin/sendmail';
@@ -398,10 +398,10 @@ sub req_generate_token {
app_url => $self->{configuration}->{app}->{url},
support_email => $self->{configuration}->{app}->{support_email},
},
- from => $sender,
- to => $recipient,
- sp_entityid => $self->{in}->{sp_entityid},
- authentication_token => $token->token(),
+ from => $sender,
+ to => $recipient,
+ entityid => $self->{in}->{entityid},
+ token => $token->token(),
};
unless ($tt2->process($template, $data, $handle)) {
@@ -413,9 +413,9 @@ sub req_generate_token {
close $handle;
$self->{logger}->infof(
- "Token send to %s for sp_entityid=%s;token=%s",
- $self->{in}->{email_address},
- $self->{in}->{sp_entityid},
+ "Token send to %s for entityid=%s;token=%s",
+ $self->{in}->{email},
+ $self->{in}->{entityid},
$token->token(),
);
@@ -424,43 +424,43 @@ sub req_generate_token {
## Validate an authentication token
## Test accounts get created
-## Sample call : dev-edugain.renater.fr/accountmanager?action=validate_token&style=nobanner&sp_entityid=https%3A%2F%2Fsourcesup.cru.fr%2Fshibboleth&authentication_token=c1cfecb51ea40d39a695
+## Sample call : dev-edugain.renater.fr/accountmanager?action=validate_token&style=nobanner&entityid=https%3A%2F%2Fsourcesup.cru.fr%2Fshibboleth&token=c1cfecb51ea40d39a695
sub req_validate_token {
my ($self) = @_;
- unless ($self->{in}->{sp_entityid}) {
- push @{ $self->{out}->{errors} }, "missing_sp_entityid";
- $self->{logger}->error("Missing parameter sp_entityid");
+ unless ($self->{in}->{entityid}) {
+ push @{ $self->{out}->{errors} }, "missing_entityid";
+ $self->{logger}->error("Missing parameter entityid");
$self->respond();
}
- unless ($self->{in}->{authentication_token}) {
- push @{ $self->{out}->{errors} }, "missing_authentication_token";
- $self->{logger}->error("Missing parameter authentication_token");
+ unless ($self->{in}->{token}) {
+ push @{ $self->{out}->{errors} }, "missing_token";
+ $self->{logger}->error("Missing parameter token");
$self->respond();
}
my $token = AccountManager::Token->new(
db => $self->{db},
- token => $self->{in}->{authentication_token}
+ token => $self->{in}->{token}
);
if (! $token->load(speculative => 1)) {
push @{ $self->{out}->{errors} }, "wrong_token";
$self->{logger}->errorf(
- "Failed to validate authentication token %s for sp_entityid %s",
- $self->{in}->{authentication_token},
- $self->{in}->{sp_entityid}
+ "Failed to validate authentication token %s for entityid %s",
+ $self->{in}->{token},
+ $self->{in}->{entityid}
);
$self->respond();
}
- if (! $token->sp_entityid() eq $self->{in}->{sp_entityid}) {
+ if (! $token->sp_entityid() eq $self->{in}->{entityid}) {
push @{ $self->{out}->{errors} }, "wrong_token_for_sp";
$self->{logger}->errorf(
"Authentication token %s cannot be used for SP with entityid %s",
- $self->{in}->{authentication_token},
- $self->{in}->{sp_entityid}
+ $self->{in}->{token},
+ $self->{in}->{entityid}
);
$self->respond();
}
@@ -469,14 +469,14 @@ sub req_validate_token {
unless ($token->delete()) {
$self->{logger}->errorf(
"Failed to delete authentication token %s",
- $self->{in}->{authentication_token}
+ $self->{in}->{token}
);
}
## create test accounts
my @accounts;
- my $entity = $self->{in}->{sp_entityid};
+ my $entity = $self->{in}->{entityid};
my $profiles =
$self->{configuration}->{$entity}->{account_profiles} ||
$self->{configuration}->{service}->{account_profiles};
@@ -485,7 +485,7 @@ sub req_validate_token {
$self->{configuration}->{service}->{account_validity_period};
foreach my $profile (split(/, */, $profiles)) {
- my $password = AccountManager::Tools::generate_password();
+ my $password = AccountManager::Tools::generate_password(10);
my $account = AccountManager::Account->new(
db => $self->{db},
profile => $profile,
@@ -504,7 +504,7 @@ sub req_validate_token {
push @{ $self->{out}->{errors} }, "accounts_creation_failed";
$self->{logger}->errorf(
"Failed to create test accounts for SP with entityid %s",
- $self->{in}->{sp_entityid}
+ $self->{in}->{entityid}
);
$self->respond();
}
@@ -531,12 +531,12 @@ sub req_validate_token {
}
$self->{logger}->infof(
- "Token validated for sp_entityid=%s;token=%s",
- $self->{in}->{sp_entityid},
- $self->{in}->{authentication_token}
+ "Token validated for entityid=%s;token=%s",
+ $self->{in}->{entityid},
+ $self->{in}->{token}
);
- $self->{out}->{sp_entityid} = $self->{in}->{sp_entityid};
+ $self->{out}->{entityid} = $self->{in}->{entityid};
$self->{out}->{accounts} = \@accounts;
$self->{out}->{subtitle} = 'Complete Email Challenge';
diff --git a/t/account-manager.cgi.t b/t/account-manager.cgi.t
index 8a75704e31a1798e6eb85f6295fe39227eb6bcfa..2e2f1a30cdfc2ff6080824490ae3f42242051ad5 100755
--- a/t/account-manager.cgi.t
+++ b/t/account-manager.cgi.t
@@ -60,7 +60,7 @@ subtest sp_selection_page => sub {
);
like(
$out,
- qr{<select id="sp_entityid" name="sp_entityid" class="required">},
+ qr{<select id="entityid" name="entityid" class="required">},
'selection list'
);
is($err, '', 'empty stderr');
diff --git a/templates/mail/send_authentication_token.tt2.eml b/templates/mail/send_authentication_token.tt2.eml
index 5539015074802170206351c13bee053990ac65cb..644131e9a3198b4dd2eefbbdf7b1befcaae74aae 100644
--- a/templates/mail/send_authentication_token.tt2.eml
+++ b/templates/mail/send_authentication_token.tt2.eml
@@ -3,12 +3,12 @@ To: [% to %]
Subject: [% conf.app_name %] - Test accounts request
Content-type: text/plain; charset=UTF-8; format=flowed
-This is an email challenge automatically sent to you by [% conf.app_name %]. Somebody with IP address [% env.REMOTE_ADDR %] has requested to create test accounts for eduGAIN Service Provider with entityID [% sp_entityid %].
+This is an email challenge automatically sent to you by [% conf.app_name %]. Somebody with IP address [% env.REMOTE_ADDR %] has requested to create test accounts for eduGAIN Service Provider with entityID [% entityid %].
The address [% to %] is mentioned in the eduGAIN metadata as a contact for this Service Provider.
To complete the creation of test accounts, paste the following validation token in the [% conf.app_name %] web form.
-Validation token: [% authentication_token %]
+Validation token: [% token %]
[% conf.app_name %]: [% conf.app_url %]
diff --git a/templates/web/account_wizard.tt2.html b/templates/web/account_wizard.tt2.html
index c0827c5cfc7c24a1d7e1b1b08b643f56527a8bad..849884efb90c15963df01b9a04b9192e1e9399df 100644
--- a/templates/web/account_wizard.tt2.html
+++ b/templates/web/account_wizard.tt2.html
@@ -21,8 +21,8 @@ jQuery(document).ready(function($){
form.steps("insert", 1, {
title: "Send email challenge",
contentMode: "async",
- contentUrl: "[% conf.app_url %]?action=select_sp&style=nobanner&sp_entityid="+
- encodeURIComponent($('#sp_entityid').val())
+ contentUrl: "[% conf.app_url %]?action=select_sp&style=nobanner&entityid="+
+ encodeURIComponent($('#entityid').val())
});
}
@@ -34,8 +34,8 @@ jQuery(document).ready(function($){
form.steps("insert", 2, {
title: "Complete Email Challenge",
contentMode: "async",
- contentUrl: "[% conf.app_url %]?action=generate_token&style=nobanner&sp_entityid="+
- encodeURIComponent($('#sp_entityid').val())+"&email_address="+encodeURIComponent($("input:checked[name='email_address']").val())
+ contentUrl: "[% conf.app_url %]?action=generate_token&style=nobanner&entityid="+
+ encodeURIComponent($('#entityid').val())+"&email="+encodeURIComponent($("input:checked[name='email']").val())
});
}
@@ -43,8 +43,8 @@ jQuery(document).ready(function($){
// Result gets included in the next tab
if (currentIndex === 2 && newIndex === 3)
{
- window.location="[% conf.app_url %]?action=validate_token&sp_entityid="+
- encodeURIComponent($('#sp_entityid').val())+"&authentication_token="+encodeURIComponent($('#authentication_token').val());
+ window.location="[% conf.app_url %]?action=validate_token&entityid="+
+ encodeURIComponent($('#entityid').val())+"&token="+encodeURIComponent($('#token').val());
}
// Allways allow previous action even if the current form is not valid!
@@ -84,7 +84,7 @@ jQuery(document).ready(function($){
});
$(function() {
- $( "#sp_entityid" ).combobox();
+ $( "#entityid" ).combobox();
$( "#toggle" ).click(function() {
$( "#combobox" ).toggle();
});
@@ -106,10 +106,10 @@ the list below. You must be an administrator of that Service Provider to
continue afterwards.
<br/><br/>
-<label for="sp_entityid">Type the SP name or entityID to search for it.</label>
+<label for="entityid">Type the SP name or entityID to search for it.</label>
Note that only Service Providers are in the list which are included in the eduGAIN metadata.<br/>
- <select id="sp_entityid" name="sp_entityid" class="required">
+ <select id="entityid" name="entityid" class="required">
<option value="">Select your Service Provider below</option>
[% FOREACH entity IN metadata.sort('display_name') %]
<option value="[% entity.entityid %]">[% IF entity.display_name %][% entity.display_name %] [% END %]([% entity.entityid %])</option>
diff --git a/templates/web/errors.tt2.html b/templates/web/errors.tt2.html
index 9476727d4c68045302ab17ae4e1b8482a989dba3..41384461db0a28730950fdcc24556855cdd16804 100644
--- a/templates/web/errors.tt2.html
+++ b/templates/web/errors.tt2.html
@@ -14,7 +14,7 @@
the validation token you provided is incorrect or it has already been used
[% ELSIF err == 'wrong_token_for_sp' %]
- the validation token you provided cannot be used to obtain test accounts for this service provider ([% sp_entityid %])
+ the validation token you provided cannot be used to obtain test accounts for this service provider ([% entityid %])
[% ELSIF err == 'accounts_creation_failed' %]
failed to create your test accounts
diff --git a/templates/web/generate_token.tt2.html b/templates/web/generate_token.tt2.html
index 5ff8f616f36fa396c697929102caafb6123a2e36..efad31b52f8e1f3486c6a52c258a81d92fe67b22 100644
--- a/templates/web/generate_token.tt2.html
+++ b/templates/web/generate_token.tt2.html
@@ -1,13 +1,13 @@
<h3>Complete Email Challenge</h3>
<div>
-An email challenge including a validation token has been emailed to you at [% email_address %]. Please copy and paste the validation token in the form below to proof that you are administrator of this service.</div>
+An email challenge including a validation token has been emailed to you at [% email %]. Please copy and paste the validation token in the form below to proof that you are administrator of this service.</div>
<fieldset>
<legend>Validation Token</legend>
- <label for="authentication_token">Please provide the validation token here:</label>
- <input name="authentication_token" value="" id="authentication_token" type="text" class="required error"/>
- <input type="hidden" name="sp_entityid" value="[% sp_entityid %]" id="sp_entityid"/>
- <input type="hidden" name="email_address" value="[% email_address %]" id="email_address"/>
+ <label for="token">Please provide the validation token here:</label>
+ <input name="token" value="" id="token" type="text" class="required error"/>
+ <input type="hidden" name="entityid" value="[% entityid %]" id="entityid"/>
+ <input type="hidden" name="email" value="[% email %]" id="email"/>
</fieldset>
diff --git a/templates/web/select_sp.tt2.html b/templates/web/select_sp.tt2.html
index fe4356b6742fa5398e14e6bc3c8ee858070fb80a..82691b21b5d399e50d3e1a925b21fcfc060d0bce 100644
--- a/templates/web/select_sp.tt2.html
+++ b/templates/web/select_sp.tt2.html
@@ -6,15 +6,15 @@ Before you can create test accounts at this Identity Provider, we need to ensure
<fieldset class="scrollable">
[% IF provider.contacts.defined %]
<legend>Select your email address</legend>
- <label for="sp_entityid">The email addresses below have been extracted from your SP SAML metadata.<br/>Please select the email address where an email challenge
+ <label for="entityid">The email addresses below have been extracted from your SP SAML metadata.<br/>Please select the email address where an email challenge
can be sent to validate your identity</label>
<div class="radio_inline">
[% FOREACH email IN provider.contacts.sort %]
-<input name="email_address" value="[% email %]" type="radio" class="required"/><label for="email_address">[% email %]</label><br/>
+<input name="email" value="[% email %]" type="radio" class="required"/><label for="email">[% email %]</label><br/>
-<input type="hidden" name="sp_entityid" value="[% provider.entityid %]" id="sp_entityid"/>
+<input type="hidden" name="entityid" value="[% provider.entityid %]" id="entityid"/>
[% END %]
</div>
@@ -28,7 +28,7 @@ administrator to add ContactPerson information to the SAML metadata.
<script type="text/javascript">
$(function() {
- $('label[for="email_address"]').on('click', function() {
+ $('label[for="email"]').on('click', function() {
var input = $(this).prev();
input.val([input.attr('value')]);
});
diff --git a/templates/web/validate_token.tt2.html b/templates/web/validate_token.tt2.html
index b58179c88bb4f771fa98bf90f0576e08db08b330..9cd744c0952a449bc4461c1a620f113b03dc8278 100644
--- a/templates/web/validate_token.tt2.html
+++ b/templates/web/validate_token.tt2.html
@@ -2,7 +2,7 @@
<div class="alert-box success radius">
- <strong>Success:</strong> Your identity as administrator of the Service Provider with entityID <strong>[% sp_entityid %]</strong> could successfully be validated!
+ <strong>Success:</strong> Your identity as administrator of the Service Provider with entityID <strong>[% entityid %]</strong> could successfully be validated!
</div>
<h3>The following test accounts with different profiles were created for you:</h3>
@@ -55,10 +55,10 @@
[% END %]
</div>
-<p>Click <a href="[% conf.app_url %]?action=download_accounts&entityid=[% sp_entityid %]&token=[% token %]&key=[% key %]">here</a> to download the details of those accounts in CSV format.</p>
+<p><strong>Please keep a record of the above user names and passwords</strong> because currently there is no mecanism to retrieve the above credentials once you close this page. If you forget the username and passwords, you can however request new test accounts.</p>
<div class="alert-box warning radius">
- <p>Note that these test accounts will automatically expire in [% conf.accounts_validity_period %] days and that they can only be used to test federated login to your eduGAIN-enabled Service Provider with entityID <strong>[% sp_entityid %]</strong>.</p>
+ <p>Note that these test accounts will automatically expire in [% conf.accounts_validity_period %] days and that they can only be used to test federated login to your eduGAIN-enabled Service Provider with entityID <strong>[% entityid %]</strong>.</p>
</div>
<p class="align-center"><Strong>Thank you for using the [% conf.app_name %]</strong></p>