Force cleaning pdata cookie if redirect url match _url & Improve unit test (#2061)

2020-01-17 22:10:06 +01:00 · 2020-01-17 22:10:06 +01:00 · 138ef363d4
commit 138ef363d4
parent 6f31d98710
2 changed files with 39 additions and 7 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@ -9,7 +9,7 @@
 #
 package Lemonldap::NG::Portal::Main::Run;

-our $VERSION = '2.0.7';
+our $VERSION = '2.0.8';

 package Lemonldap::NG::Portal::Main;

@ -346,6 +346,8 @@ sub autoRedirect {
            $req->data->{redirectFormMethod} = "get";
        }
        else {
+            my $url64 = encode_base64( $req->{urldc}, '' );
+            $req->pdata( {} ) if ( $req->{pdata}->{_url} =~ /$url64/ );
            return [ 302, [ Location => $req->{urldc}, $req->spliceHdrs ], [] ];
        }
    }
--- a/lemonldap-ng-portal/t/24-AuthKerberos.t
+++ b/lemonldap-ng-portal/t/24-AuthKerberos.t
@ -6,7 +6,7 @@ BEGIN {
    eval "use GSSAPI";
 }

-my $maintests = 9;
+my $maintests = 12;
 my $debug     = 'error';

 SKIP: {
@ -43,9 +43,16 @@ SKIP: {
            }
        }
    );
-    ok( $res = $client->_get( '/', accept => 'text/html' ),
-        'First access with JS' );
+    ok(
+        $res = $client->_get(
+            '/',
+            query  => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29tCg==',
+            accept => 'text/html'
+        ),
+        'First access with JS'
+    );

+    my $pdata = expectCookie( $res, "lemonldappdata" );
    expectForm( $res, '#', undef, 'kerberos' );
    ok(
        $res->[2]->[0] =~ m%<input type="hidden" name="kerberos" value="0" />%,
@ -56,22 +63,45 @@ SKIP: {
        $res = $client->_get(
            '/',
            query  => 'kerberos=1',
-            accept => 'application/json'
+            accept => 'application/json',
+            cookie => "lemonldappdata=$pdata"
        ),
        'Ajax access'
    );
    ok( $res->[0] == 401, 'Get 401' ) or explain( $res->[0], 401 );
+    $pdata = expectCookie( $res, "lemonldappdata" );

    ok(
        $res = $client->_get(
            '/',
            query  => 'kerberos=1',
            accept => 'application/json',
-            custom => { HTTP_AUTHORIZATION => 'Negotiate c29tZXRoaW5n' }
+            custom => { HTTP_AUTHORIZATION => 'Negotiate c29tZXRoaW5n' },
+            cookie => "lemonldappdata=$pdata"
        ),
        'Push fake kerberos'
    );
-    expectCookie($res);
+    my $id = expectCookie($res);
+    $pdata = expectCookie( $res, "lemonldappdata" );
+    ok( !$pdata, "Persistent data removed" );
+
+    # Redirect to application
+    ok(
+        $res = $client->_get(
+            '/',
+            query  => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29tCg==&kerberos=0',
+            accept => 'text/html',
+            cookie => "lemonldap=$id"
+        ),
+        'Go to portal after authentication'
+    );
+
+    expectRedirection( $res, qr#http://test1.example.com# );
+    my $cookies = getCookies($res);
+    ok(
+        !defined( $cookies->{lemonldappdata} ),
+        " Make sure no pdata is returned"
+    );

    #print STDERR Dumper($res);
 }