AutoSignin works now (#1318)

TODO: doc
2017-10-27 13:11:30 +00:00 · 2017-10-27 13:11:30 +00:00 · 081699b29e
commit 081699b29e
parent f567d169f2
18 changed files with 83 additions and 23 deletions
--- a/fastcgi-server/man/llng-fastcgi-server.1p
+++ b/fastcgi-server/man/llng-fastcgi-server.1p
@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "llng-fastcgi-server 1"
-.TH llng-fastcgi-server 1 "2017-10-20" "perl v5.26.0" "User Contributed Perl Documentation"
+.TH llng-fastcgi-server 1 "2017-10-26" "perl v5.26.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
@ -23,7 +23,7 @@ use constant HANDLERSECTION  => "handler";
 use constant MANAGERSECTION  => "manager";
 use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
 use constant APPLYSECTION            => "apply";
-our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va))r|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|re(?:moteGlobalStorageOption|loadUrl)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustomAddParam|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:uthChoiceModules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
+our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va))r|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|re(?:moteGlobalStorageOption|loadUrl)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustomAddParam|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;

 our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );

--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
@ -22,7 +22,7 @@ our $specialNodeHash = {
 };

 our $doubleHashKeys = 'issuerDBGetParameters';
-our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustomAddParam|ombModule)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
+our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustomAddParam|ombModule)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
 our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
 our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:Servic|Rul)e|ExportedVars)';
 our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|Gateway|Renew|Icon|Url)|ExportedVars)';
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@ -604,6 +604,9 @@ sub attributes {
        'AuthLDAPFilter' => {
            'type' => 'text'
        },
+        'autoSigninRules' => {
+            'type' => 'keyTextContainer'
+        },
        'captcha_login_enabled' => {
            'default' => 0,
            'type'    => 'bool'
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@ -1108,6 +1108,12 @@ sub attributes {
              'List of attributes to export by SOAP or REST servers',
        },

+        # AutoSignin
+        autoSigninRules => {
+            type          => 'keyTextContainer',
+            documentation => 'List of auto signin rules',
+        },
+
        ## Virtualhosts

        # Fake attribute: used by manager REST API to agglomerate all other
@ -1145,7 +1151,7 @@ sub attributes {
                },
                msgFail => '__badExpression__',
            },
-            keyTest    => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
+            keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
            keyMsgFail => '__badHostname__',
            default    => {
                default => 'deny',
@ -1153,9 +1159,9 @@ sub attributes {
            documentation => 'Virtualhost rules',
        },
        exportedHeaders => {
-            type       => 'keyTextContainer',
-            help       => 'writingrulesand_headers.html#headers',
-            keyTest    => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
+            type    => 'keyTextContainer',
+            help    => 'writingrulesand_headers.html#headers',
+            keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
            keyMsgFail => '__badHostname__',
            test       => {
                keyTest    => qr/^(?=[^\-])[\w\-]+(?<=[^-])$/,
@ -1174,10 +1180,10 @@ sub attributes {
            documentation => 'Virtualhost headers',
        },
        post => {
-            type          => 'postContainer',
-            help          => 'formreplay.html',
-            test          => sub { 1 },
-            keyTest       => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
+            type    => 'postContainer',
+            help    => 'formreplay.html',
+            test    => sub { 1 },
+            keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
            keyMsgFail    => '__badHostname__',
            documentation => 'Virtualhost urls/Datas to post',
        },
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
@ -631,6 +631,11 @@ sub tree {
                            ]
                        },
                        'upgradeSession',
+                        {
+                            title => 'autoSignin',
+                            help  => 'autoSignin.html',
+                            nodes => ['autoSigninRules'],
+                        },
                        {
                            title => 'u2f',
                            help  => 'u2f.html',
--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@ -63,6 +63,8 @@
 "authorizedValues": "القيم المعتمدة",
 "authParams": "معايير إثبات الهوية",
 "auto": "تلقائي",
+"autoSignin": "Auto Signin",
+"autoSigninRules": "Rules",
 "backtoportal": "العودة إلى البوابة",
 "badCasProxyId": "معرف خدمة بروكسي كاس غير صالح",
 "badChoiceKey": "اسم مفتاح سيئ في قائمة الاختيارات",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@ -63,6 +63,8 @@
 "authorizedValues": "Authorized values",
 "authParams": "Authentication parameters",
 "auto": "Automatic",
+"autoSignin": "Auto Signin",
+"autoSigninRules": "Rules",
 "backtoportal": "Back to portal",
 "badCasProxyId": "Bad CAS proxied service identifier",
 "badChoiceKey": "Bad key name in Choice menu",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@ -63,6 +63,8 @@
 "authorizedValues": "Valeurs autorisées",
 "authParams": "Paramètres d'authentification",
 "auto": "Automatique",
+"autoSignin": "Connexion automatique",
+"autoSigninRules": "Règles",
 "backtoportal": "Retour au portail",
 "badCasProxyId": "Mauvais identifiant de service proxy CAS",
 "badChoiceKey": "Mauvais nom de clef dans le menu Choice",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@ -63,6 +63,8 @@
 "authorizedValues": "Valori autorizzati",
 "authParams": "Parametri di autenticazione",
 "auto": "Automatico",
+"autoSignin": "Auto Signin",
+"autoSigninRules": "Rules",
 "backtoportal": "Torna al portale",
 "badCasProxyId": "Identificatore di servizio difettoso CAS proxy",
 "badChoiceKey": "Nome chiave errato nel menu Scelta",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@ -63,6 +63,8 @@
 "authorizedValues": "Các giá trị được ủy quyền",
 "authParams": "Thông số xác thực",
 "auto": "Tự động",
+"autoSignin": "Auto Signin",
+"autoSigninRules": "Rules",
 "backtoportal": "Quay lại cổng thông tin",
 "badCasProxyId": "Dịch vụ định danh đệm bởi CAS không hợp lệ",
 "badChoiceKey": "Tên khoá không hợp lệ trong trình đơn Chọn",
--- a/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
+++ b/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
--- a/lemonldap-ng-manager/site/htdocs/static/struct.json
+++ b/lemonldap-ng-manager/site/htdocs/static/struct.json
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@ -332,6 +332,7 @@ t/23-Auth-and-password-REST.t
 t/24-AuthApache.t
 t/24-AuthKerberos.t
 t/25-AuthSlave.t
+t/25-AutoSignin.t
 t/26-AuthRemote.t
 t/27-AuthProxy.t
 t/28-AuthChoice.t
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm
@ -24,6 +24,7 @@ our @pList = (
    stayConnected              => '::Plugins::StayConnected',
    grantSessionRule           => '::Plugins::GrantSession',
    upgradeSession             => '::Plugins::Upgrade',
+    autoSigninRules            => '::Plugins::AutoSignin',
 );

 ##@method list enabledPlugins
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/AutoSignin.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/AutoSignin.pm
@ -21,17 +21,16 @@ has rules => ( is => 'rw', default => sub { [] } );

 sub init {
    my ($self) = @_;
-    if ( my $rules = $self->conf->{autoLoginRules} ) {
+    if ( my $rules = $self->conf->{autoSigninRules} ) {
        my $safe = Safe->new;
-        foreach my $r ( sort keys %$rules ) {
-            my $sub = $safe->reval("sub{my(\$env)=\@_;return ($r)}");
+        foreach my $id ( sort keys %$rules ) {
+            my $sub = $safe->reval('sub{my($env)=@_;return ('.$rules->{$id}.')}');
            if ($@) {
-                $self->error(qq'Bad Autologin rule "$r": $@');
+                $self->error('Bad Autologin rule "'.$rules->{$id}.': $@');
                return 0;
            }
-            my $name = $rules->{$r};
-            $name =~ s/^\s*([\w\-\@]+)\s*/$1/;
-            push @{ $self->rules }, [ $sub, $name ];
+            $id =~ s/^\s*([\w\-\@]+)\s*/$1/;
+            push @{ $self->rules }, [ $sub, $id ];
        }
    }
    return 1;
@ -44,12 +43,14 @@ sub check {

    foreach ( @{ $self->rules } ) {
        my ( $test, $name ) = @$_;
+        $self->logger->debug("Autosignin: testing user $name");
        if ( $test->( $req->env ) ) {
            $req->user($name);
            my @steps =
              grep { !ref $_ and $_ !~ /^(?:extractFormInfo|authenticate)$/ }
              @{ $req->steps };
            $req->steps( \@steps );
+            $self->userLogger->notice("Autosignin for $name");
            return PE_OK;
        }
    }
--- a/lemonldap-ng-portal/t/25-AutoSignin.t
+++ b/lemonldap-ng-portal/t/25-AutoSignin.t
@ -0,0 +1,31 @@
+use Test::More;
+use strict;
+
+require 't/test-lib.pm';
+
+my $res;
+
+my $client = LLNG::Manager::Test->new(
+    {
+        ini => {
+            logLevel        => 'error',
+            authentication  => 'Demo',
+            userDB          => 'Same',
+            autoSigninRules => {
+                dwho => '$env->{REMOTE_ADDR} =~ /^127/',
+            },
+        }
+    }
+);
+
+ok( $res = $client->_get( '/', ), 'Auth query' );
+count(1);
+expectOK($res);
+my $id = expectCookie($res);
+
+ok( $res = $client->_get( '/', ip => '192.168.1.1' ), 'Bad query' );
+count(1);
+expectReject($res);
+clean_sessions();
+
+done_testing( count() );
--- a/lemonldap-ng-portal/t/test-lib.pm
+++ b/lemonldap-ng-portal/t/test-lib.pm
@ -334,10 +334,12 @@ sub _get {
              'Mozilla/5.0 (VAX-4000; rv:36.0) Gecko/20350101 Firefox',
            'PATH_INFO' => $path,
            ( $args{referer} ? ( REFERER => $args{referer} ) : () ),
-            'REMOTE_ADDR' => '127.0.0.1',
            (
-                $args{remote_user}
-                ? ( 'REMOTE_USER' => $args{remote_user} )
+                $args{ip} ? ( 'REMOTE_ADDR' => $args{ip} )
+                : ( 'REMOTE_ADDR' => '127.0.0.1' )
+            ),
+            (
+                $args{remote_user} ? ( 'REMOTE_USER' => $args{remote_user} )
                : ()
            ),
            'REQUEST_METHOD' => $args{method} || 'GET',