Send pdata cookie to cross domain (#1829)

2019-07-04 21:49:09 +02:00 · 2019-07-04 21:49:09 +02:00 · 2016abd2ee
commit 2016abd2ee
parent 81d18516a8
5 changed files with 32 additions and 1 deletions
--- a/lemonldap-ng-common/lemonldap-ng.ini
+++ b/lemonldap-ng-common/lemonldap-ng.ini
@ -292,6 +292,11 @@ languages    = en, fr, vi, it, ar, de, fi
 ; Set to 0 to disable error on XSS attack detection
 ;checkXSS = 0

+; pdata cookie domain
+; pdata cookie could not be sent with cross domains AJAX request
+; Null is default value
+;pdataDomain = example.com
+
 ; CUSTOM PLUGINS
 ; If you want to add custom plugins, set list here (comma separated)
 ; Read Lemonldap::NG::Portal::Main::Plugin(3pm) man page.
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@ -2216,6 +2216,13 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
            'default' => 3,
            'type'    => 'int'
        },
+        'pdataDomain' => {
+            'default' => '',
+            'msgFail' => '__badDomainName__',
+            'test' =>
+qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/,
+            'type' => 'text'
+        },
        'persistentStorage' => {
            'type' => 'PerlModule'
        },
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@ -968,6 +968,14 @@ sub attributes {
            documentation => 'DNS domain',
            flags         => 'hp',
        },
+        pdataDomain => {
+            type          => 'text',
+            test          => qr/^(?:$Regexp::Common::URI::RFC2396::hostname)?$/,
+            msgFail       => '__badDomainName__',
+            default       => '',
+            documentation => 'pdata cookie DNS domain',
+            flags         => 'hp',
+        },
        httpOnly => {
            default       => 1,
            type          => 'bool',
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@ -61,7 +61,16 @@ sub handler {
            name => $self->conf->{cookieName} . 'pdata',
            (
                %{ $req->pdata }
-                ? ( value => uri_escape( JSON::to_json( $req->pdata ) ) )
+                ? ( (
+                        $self->conf->{pdataDomain}
+                        ? (
+                            value => uri_escape( JSON::to_json( $req->pdata ) ),
+                            domain => $self->conf->{pdataDomain},
+                          )
+                        : ( value => uri_escape( JSON::to_json( $req->pdata ) ),
+                        )
+                    )
+                  )
                : (
                    value   => '',
                    expires => 'Wed, 21 Oct 2015 00:00:00 GMT'
--- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect-MultipleSP.t
+++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect-MultipleSP.t
@ -331,6 +331,7 @@ sub issuer {
            ini => {
                logLevel               => $debug,
                domain                 => 'idp.com',
+                pdataDomain            => 'idp.com',
                portal                 => 'http://auth.idp.com',
                authentication         => 'Demo',
                userDB                 => 'Same',
@ -464,6 +465,7 @@ sub sp {
            ini => {
                logLevel                          => $debug,
                domain                            => 'sp.com',
+                pdataDomain                       => 'sp.com',
                portal                            => 'http://auth.sp.com',
                authentication                    => 'SAML',
                userDB                            => 'Same',