Update sessionInfo during auth process to improve handler in-memory sessions security & Improve unit tests
This commit is contained in:
parent
d94f974831
commit
0f591496b4
|
@ -484,6 +484,7 @@ sub store {
|
|||
# Update current request
|
||||
$req->id( $session->id );
|
||||
$req->{sessionInfo}->{_session_id} = $session->{id};
|
||||
$req->{sessionInfo}->{_session_kind} = $session->{kind};
|
||||
|
||||
# Compute unsecured cookie value if needed
|
||||
if ( $self->conf->{securedCookie} == 3 and !$req->refresh ) {
|
||||
|
|
|
@ -26,7 +26,7 @@ my $client = LLNG::Manager::Test->new( {
|
|||
checkUserDisplayPersistentInfo => 0,
|
||||
checkUserDisplayEmptyValues => 0,
|
||||
impersonationMergeSSOgroups => 0,
|
||||
checkUserHiddenAttributes => '_loginHistory hGroups _session_id',
|
||||
checkUserHiddenAttributes => '_loginHistory hGroups _session_id _session_kind',
|
||||
macros => {
|
||||
test_impersonation => '"$testPrefix__user/$_user"',
|
||||
_whatToTrace =>
|
||||
|
|
|
@ -321,10 +321,12 @@ ok( $res->[2]->[0] =~ m%<td scope="row">rtyler/dwho</td>%, 'Found rtyler/dwo' )
|
|||
or explain( $res->[2]->[0], 'Found rtyler/dwo' );
|
||||
ok( $res->[2]->[0] =~ m%<td scope="row">_session_id</td>%, 'Found _session_id' )
|
||||
or explain( $res->[2]->[0], 'Found _session_id' );
|
||||
count(17);
|
||||
ok( $res->[2]->[0] =~ m%<td scope="row">_session_kind</td>%, 'Found _session_id' )
|
||||
or explain( $res->[2]->[0], 'Found _session_kind' );
|
||||
count(18);
|
||||
|
||||
my %attributes = map /<td scope="row">(.+)?<\/td>/g, $res->[2]->[0];
|
||||
ok( keys %attributes == 34, 'Found 34 attributes' )
|
||||
ok( keys %attributes == 35, 'Found 35 attributes' )
|
||||
or print STDERR "Missing attributes -> " . scalar %attributes;
|
||||
ok( $attributes{'_auth'} eq 'Demo', '_auth' )
|
||||
or print STDERR Dumper( \%attributes );
|
||||
|
|
|
@ -25,6 +25,7 @@ SKIP: {
|
|||
totp2fTTL => -1,
|
||||
formTimeout => 120,
|
||||
requireToken => 1,
|
||||
tokenUseGlobalStorage => 1,
|
||||
}
|
||||
}
|
||||
);
|
|
@ -11,7 +11,7 @@ count(1);
|
|||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'debug',
|
||||
logLevel => 'error',
|
||||
mail2fActivation => 1,
|
||||
mail2fCodeRegex => '\d{4}',
|
||||
authentication => 'Demo',
|
||||
|
|
Loading…
Reference in New Issue
Block a user