Improve code & append unit test (#2683)

2022-01-15 00:00:45 +01:00 · 2022-01-15 00:00:45 +01:00 · 0b5259ffad
parent 31d3b93a7c
commit 0b5259ffad
4 changed files with 81 additions and 9 deletions
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@ -700,6 +700,7 @@ t/62-UpgradeSession.t
 t/63-History.t
 t/64-StayConnected-with-2F-and-History.t
 t/64-StayConnected-with-History.t
+t/64-StayConnected-with-rule.t
 t/64-StayConnected-without-fingerprint-checking.t
 t/65-AutoSignin.t
 t/65-CheckState.t
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@ -247,11 +247,9 @@ sub display {
            LANGS     => $self->conf->{showLanguages},
            AUTH_USER => $req->{sessionInfo}->{ $self->conf->{portalUserAttr} },
            NEWWINDOW => $self->conf->{portalOpenLinkInNewWindow},
-            LOGOUT_URL     => $self->conf->{portal} . "?logout=1",
-            APPSLIST_ORDER => $req->{sessionInfo}->{'_appsListOrder'},
-            PING           => $self->conf->{portalPingInterval},
-            REQUIRE_OLDPASSWORD =>
-              $self->requireOldPwd->( $req, $req->userData ),
+            LOGOUT_URL          => $self->conf->{portal} . "?logout=1",
+            APPSLIST_ORDER      => $req->{sessionInfo}->{'_appsListOrder'},
+            PING                => $self->conf->{portalPingInterval},
            DONT_STORE_PASSWORD => $self->conf->{browsersDontStorePassword},
            HIDE_OLDPASSWORD    => 0,
            PPOLICY_NOPOLICY    => !$self->isPP(),
@ -261,6 +259,11 @@ sub display {
            PPOLICY_MINUPPER    => $self->conf->{passwordPolicyMinUpper},
            PPOLICY_MINDIGIT    => $self->conf->{passwordPolicyMinDigit},
            PPOLICY_MINSPECHAR  => $self->conf->{passwordPolicyMinSpeChar},
+            (
+                $self->requireOldPwd->( $req, $req->userData )
+                ? ( REQUIRE_OLDPASSWORD => 1 )
+                : ()
+            ),
            (
                $self->conf->{passwordPolicyMinSpeChar} || $self->speChars()
                ? ( PPOLICY_ALLOWEDSPECHAR => $self->speChars() )
@ -398,16 +401,20 @@ sub display {
            MAIL_URL       => $self->conf->{mailUrl},
            REGISTER_URL   => $self->conf->{registerUrl},
            HIDDEN_INPUTS  => $self->buildHiddenForm($req),
-            STAYCONNECTED  => $self->stayConnected->( $req, $req->sessionInfo ),
            IMPERSONATION  => $self->conf->{impersonationRule}
              || $self->conf->{proxyAuthServiceImpersonation},
+            ENABLE_PASSWORD_DISPLAY =>
+              $self->conf->{portalEnablePasswordDisplay},
+            (
+                $self->stayConnected->( $req, $req->sessionInfo )
+                ? ( STAYCONNECTED => 1 )
+                : ()
+            ),
            (
                $req->data->{customScript}
                ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
                : ()
            ),
-            ENABLE_PASSWORD_DISPLAY =>
-              $self->conf->{portalEnablePasswordDisplay},
        );

        # External links
--- a/lemonldap-ng-portal/t/64-StayConnected-with-History.t
+++ b/lemonldap-ng-portal/t/64-StayConnected-with-History.t
@ -10,7 +10,7 @@ my $client = LLNG::Manager::Test->new( {
        ini => {
            logLevel                => 'error',
            useSafeJail             => 1,
-            stayConnected           => 1,
+            stayConnected           => '$env->{REMOTE_ADDR} eq "127.0.0.1"',
            loginHistoryEnabled     => 1,
            securedCookie           => 1,
            stayConnectedTimeout    => 1000,
--- a/lemonldap-ng-portal/t/64-StayConnected-with-rule.t
+++ b/lemonldap-ng-portal/t/64-StayConnected-with-rule.t
@ -0,0 +1,64 @@
+use Test::More;
+use strict;
+use IO::String;
+
+require 't/test-lib.pm';
+
+my $res;
+my $client = LLNG::Manager::Test->new( {
+        ini => {
+            logLevel      => 'error',
+            useSafeJail   => 1,
+            requireToken  => 1,
+            stayConnected => '$env->{REMOTE_ADDR} =~ /^127\.0\.0/'
+        }
+    }
+);
+ok( $res = $client->_get( '/', accept => 'text/html' ), 'Firt access' );
+my ( $host, $url, $query ) =
+  expectForm( $res, undef, undef, 'user', 'password', 'stayconnected',
+    'checkLogins', 'token' );
+ok( $res = $client->_get( '/', ip => '10.10.10.10', accept => 'text/html' ),
+    'Access from external LAN' );
+( $host, $url, $query ) =
+  expectForm( $res, undef, undef, 'user', 'password', 'checkLogins', 'token' );
+count(2);
+
+$query =~ s/user=/user=dwho/;
+$query =~ s/password=/password=dwho/;
+
+# Try to authenticate
+# -------------------
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new($query),
+        ip     => '10.10.10.10',
+        accept => 'text/html',
+        length => length($query)
+    ),
+    'Auth query'
+);
+count(1);
+my $id = expectCookie($res);
+expectRedirection( $res, 'http://auth.example.com/' );
+
+# Try to push fingerprint
+$query =~ s/fg=/fg=aaa/;
+ok(
+    $res = $client->_post(
+        '/registerbrowser',
+        IO::String->new($query),
+        length => length($query),
+        cookie => "lemonldap=$id",
+        accept => 'text/html',
+    ),
+    'Post fingerprint'
+);
+count(1);
+expectRedirection( $res, 'http://auth.example.com/' );
+
+$client->logout($id);
+clean_sessions();
+done_testing( count() );
+