dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use real authentificationLevel & Improve unit test (#2129)

This commit is contained in:
Christophe Maudoux 2020-04-01 18:38:01 +02:00
parent 2a34d1ae8c
commit 154250e6e7
7 changed files with 64 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fastcgi-server/man/llng-fastcgi-server.8p
View File

@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "llng-fastcgi-server 8"
.TH llng-fastcgi-server 8 "2020-03-02" "perl v5.26.1" "User Contributed Perl Documentation"
.TH llng-fastcgi-server 8 "2020-04-01" "perl v5.26.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

5
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
View File

@ -263,6 +263,7 @@ sub check {
"Compute groups and macros with real and spoofed attributes"
);
$req->sessionInfo($attrs);
delete $req->sessionInfo->{groups};
$req->steps( [ $self->p->groupsAndMacros, 'setLocalGroups' ] );
if ( my $error = $self->p->process($req) ) {
$self->logger->debug("Process returned error: $error");
@ -410,10 +411,10 @@ sub _userData {
# Compute groups & macros again with real authenticationLevel
$req->sessionInfo->{authenticationLevel} = $realAuthLevel;
delete $req->sessionInfo->{groups};
$req->steps( [ $self->p->groupsAndMacros, 'setLocalGroups' ] );
if ( my $error = $self->p->process($req) ) {
$self->logger->debug(
"ContextSwitching: Process returned error: $error");
$self->logger->debug("CheckUser: Process returned error: $error");
return $req->error($error);
}

12
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
View File

@ -230,6 +230,18 @@ sub _userData {
$req->error($error);
}
}
# Compute groups & macros again with real authenticationLevel
$req->sessionInfo->{authenticationLevel} =
$realSession->{real_authenticationLevel};
delete $req->sessionInfo->{groups};
$req->steps( [ $self->p->groupsAndMacros, 'setLocalGroups' ] );
if ( my $error = $self->p->process($req) ) {
$self->logger->debug("Impersonation: Process returned error: $error");
$req->error($error);
}
$self->logger->debug("Return \"$req->{user}\" sessionInfo");
return $req->{sessionInfo};
}

4
lemonldap-ng-portal/t/67-CheckUser.t
View File

@ -212,14 +212,12 @@ ok( $res->[2]->[0] !~ m%_2fDevices</td>%, '_2fDevices NOT Found!' )
ok( $res->[2]->[0] =~ m%<td scope="row">authMode</td>%, 'Found macro authMode' )
or explain( $res->[2]->[0], 'Macro Key authMode' );
ok( $res->[2]->[0] =~ m%<td scope="row">DEMO</td>%, 'Found DEMO' )
or explain( $res->[2]->[0], 'Macro Value DEMO' );
ok( $res->[2]->[0] =~ m%<td scope="row">real_authMode</td>%,
'Found macro real_authMode' )
or explain( $res->[2]->[0], 'Macro Key real_authMode' );
ok( $res->[2]->[0] =~ m%<td scope="row">TOTP</td>%, 'Found TOTP' )
or explain( $res->[2]->[0], 'Macro Value TOTP' );
count(8);
count(7);
$query =~ s/url=/url=http%3A%2F%2Ftest1.example.com/;
ok(

41
lemonldap-ng-portal/t/68-Impersonation-with-TOTP.t
View File

@ -28,6 +28,7 @@ SKIP: {
impersonationMergeSSOgroups => 1,
totp2fSelfRegistration => 1,
totp2fActivation => 1,
totp2fAuthnLevel => 8
}
}
);
@ -233,6 +234,46 @@ m%<div class="alert alert-success"><div class="text-center"><b><span trspan="all
or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
count(12);
ok(
$res = $client->_get(
'/checkuser',
cookie => "lemonldap=$id",
accept => 'text/html'
),
'CheckUser form',
);
( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUserMerged">%,
'Found trspan="checkUserMerged"' )
or explain( $res->[2]->[0], 'trspan="checkUserMerged"' );
count(2);
$query =~ s/user=dwho/user=rtyler/;
ok(
$res = $client->_post(
'/checkuser',
IO::String->new($query),
cookie => "lemonldap=$id",
length => length($query),
accept => 'text/html',
),
'POST checkuser'
);
( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUserComputeSession">%,
'Found trspan="checkUserComputeSession"' )
or explain( $res->[2]->[0], 'trspan="checkUserComputeSession"' );
ok( $res->[2]->[0] =~ m%<td scope="row">authMode</td>%,
'Found macro authMode' )
or explain( $res->[2]->[0], 'Macro Key authMode' );
ok( $res->[2]->[0] =~ m%<td scope="row">TOTP</td>%, 'Found TOTP' )
or explain( $res->[2]->[0], 'Macro Value TOTP' );
count(4);
$client->logout($id);
}
clean_sessions();

4
lemonldap-ng-portal/t/68-Impersonation-with-doubleCookies.t
View File

@ -321,8 +321,8 @@ ok( $res->[2]->[0] =~ m%<td scope="row">rtyler/dwho</td>%, 'Found rtyler/dwo' )
count(15);
my %attributes = map /<td scope="row">(.+)?<\/td>/g, $res->[2]->[0];
ok( scalar keys %attributes == 35, 'Found 35 attributes' )
or print STDERR ( keys %attributes < 35 )
ok( scalar keys %attributes == 34, 'Found 34 attributes' )
or print STDERR ( keys %attributes < 34 )
? "Missing attributes -> " . scalar keys %attributes
: "Too much attributes -> " . scalar keys %attributes;
ok( $attributes{'_auth'} eq 'Demo', '_auth' )

6
lemonldap-ng-portal/t/68-Impersonation.t
View File

@ -323,8 +323,10 @@ ok( $res->[2]->[0] =~ m%<td scope="row">_session_kind</td>%,
count(17);
my %attributes = map /<td scope="row">(.+)?<\/td>/g, $res->[2]->[0];
ok( keys %attributes == 35, 'Found 35 attributes' )
or print STDERR "Missing attributes -> " . scalar %attributes;
ok( keys %attributes == 34, 'Found 34 attributes' )
or print STDERR ( keys %attributes < 34 )
? "Missing attributes -> " . scalar keys %attributes
: "Too much attributes -> " . scalar keys %attributes;
ok( $attributes{'_auth'} eq 'Demo', '_auth' )
or print STDERR Dumper( \%attributes );
ok( $attributes{'uid'}, 'uid' ) or print STDERR Dumper( \%attributes );