Merge branch '2655' into 'v2.0'
Impersonation is the last loaded plugin (#2655) See merge request lemonldap-ng/lemonldap-ng!236
This commit is contained in:
commit
213e58b572
|
@ -274,6 +274,7 @@ site/htdocs/static/common/favicon.ico
|
|||
site/htdocs/static/common/fi.png
|
||||
site/htdocs/static/common/fonts/password.ttf
|
||||
site/htdocs/static/common/fr.png
|
||||
site/htdocs/static/common/he.png
|
||||
site/htdocs/static/common/icons/application_cascade.png
|
||||
site/htdocs/static/common/icons/arrow_refresh.png
|
||||
site/htdocs/static/common/icons/calendar.png
|
||||
|
@ -380,6 +381,7 @@ site/htdocs/static/languages/en.json
|
|||
site/htdocs/static/languages/es.json
|
||||
site/htdocs/static/languages/fi.json
|
||||
site/htdocs/static/languages/fr.json
|
||||
site/htdocs/static/languages/he.json
|
||||
site/htdocs/static/languages/it.json
|
||||
site/htdocs/static/languages/nl.json
|
||||
site/htdocs/static/languages/pl.json
|
||||
|
@ -735,6 +737,7 @@ t/68-FindUser-with-UpgradeSession.t
|
|||
t/68-FindUser-without-attribute.t
|
||||
t/68-FindUser-without-Impersonation.t
|
||||
t/68-Impersonation-with-2F.t
|
||||
t/68-Impersonation-with-Custom-Plugin.t
|
||||
t/68-Impersonation-with-doubleCookies.t
|
||||
t/68-Impersonation-with-filtered-merge.t
|
||||
t/68-Impersonation-with-History.t
|
||||
|
@ -780,6 +783,7 @@ t/91-Handler-cache-cleaned.t
|
|||
t/91-Memory-Leak.t
|
||||
t/99-Dont-load-Dumper.t
|
||||
t/99-pod.t
|
||||
t/AfterDataCustomPlugin.pm
|
||||
t/CasHookPlugin.pm
|
||||
t/gpghome/key.asc
|
||||
t/gpghome/openpgp-revocs.d/9482CEFB055809CBAFE6D71AAB2D5542891D1677.rev
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# into "plugins" list in lemonldap-ng.ini, section "portal"
|
||||
package Lemonldap::NG::Portal::Main::Plugins;
|
||||
|
||||
our $VERSION = '2.0.12';
|
||||
our $VERSION = '2.0.14';
|
||||
|
||||
package Lemonldap::NG::Portal::Main;
|
||||
|
||||
|
@ -29,16 +29,15 @@ our @pList = (
|
|||
portalForceAuthn => '::Plugins::ForceAuthn',
|
||||
checkUser => '::Plugins::CheckUser',
|
||||
checkDevOps => '::Plugins::CheckDevOps',
|
||||
impersonationRule => '::Plugins::Impersonation',
|
||||
contextSwitchingRule => '::Plugins::ContextSwitching',
|
||||
decryptValueRule => '::Plugins::DecryptValue',
|
||||
findUser => '::Plugins::FindUser',
|
||||
newLocationWarning => '::Plugins::NewLocationWarning',
|
||||
adaptativeAuthenticationLevelRules =>
|
||||
adaptativeAuthenticationLevelRules =>
|
||||
'::Plugins::AdaptativeAuthenticationLevel',
|
||||
globalLogoutRule => '::Plugins::GlobalLogout',
|
||||
refreshSessions => '::Plugins::Refresh',
|
||||
crowdsec => '::Plugins::CrowdSec',
|
||||
globalLogoutRule => '::Plugins::GlobalLogout',
|
||||
);
|
||||
|
||||
##@method list enabledPlugins
|
||||
|
@ -82,7 +81,7 @@ sub enabledPlugins {
|
|||
if ( $conf->{soapSessionServer}
|
||||
or $conf->{soapConfigServer} );
|
||||
|
||||
# Add REST (check is done by it)
|
||||
# Add REST (check is done by plugin itself)
|
||||
push @res, '::Plugins::RESTServer';
|
||||
|
||||
# Check if password is enabled
|
||||
|
@ -99,7 +98,14 @@ sub enabledPlugins {
|
|||
$self->logger->debug( 'Custom plugins: ' . $conf->{customPlugins} );
|
||||
push @res, grep ( /\w+/, split( /,\s*/, $conf->{customPlugins} ) );
|
||||
}
|
||||
|
||||
|
||||
# Impersonation overwrites req->step and pops 'afterData' EP.
|
||||
# Static and custom 'afterData' plugins will be never launched
|
||||
# if they are loaded after Impersonation.
|
||||
# This plugin must be the last 'afterData' loaded plugin. Fix #2655
|
||||
push @res, '::Plugins::Impersonation'
|
||||
if $conf->{impersonationRule};
|
||||
|
||||
return @res;
|
||||
}
|
||||
|
||||
|
|
57
lemonldap-ng-portal/t/68-Impersonation-with-Custom-Plugin.t
Normal file
57
lemonldap-ng-portal/t/68-Impersonation-with-Custom-Plugin.t
Normal file
|
@ -0,0 +1,57 @@
|
|||
use Test::More;
|
||||
use strict;
|
||||
use IO::String;
|
||||
use JSON;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(PE_BADCREDENTIALS);
|
||||
|
||||
require 't/test-lib.pm';
|
||||
|
||||
my $res;
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
passwordDB => 'Demo',
|
||||
impersonationRule => 1,
|
||||
customPlugins => 't::AfterDataCustomPlugin',
|
||||
customPluginsParams => { uid => 'rtyler' }
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu' );
|
||||
count(1);
|
||||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
|
||||
|
||||
# Try to authenticate
|
||||
# -------------------
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new('user=dwho&password=dwho'),
|
||||
length => 23
|
||||
),
|
||||
'Auth query'
|
||||
);
|
||||
count(1);
|
||||
expectOK($res);
|
||||
my $id = expectCookie($res);
|
||||
$client->logout($id);
|
||||
|
||||
# Try to authenticate
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new('user=rtyler&password=rtyler'),
|
||||
length => 27
|
||||
),
|
||||
'Auth query'
|
||||
);
|
||||
eval { $res = JSON::from_json( $res->[2]->[0] ) };
|
||||
ok( not($@), 'Content is JSON' )
|
||||
or explain( $res->[2]->[0], 'JSON content' );
|
||||
ok( $res->{error} == PE_BADCREDENTIALS, 'BAD CREDENTIALS' );
|
||||
count(3);
|
||||
|
||||
clean_sessions();
|
||||
done_testing( count() );
|
23
lemonldap-ng-portal/t/AfterDataCustomPlugin.pm
Normal file
23
lemonldap-ng-portal/t/AfterDataCustomPlugin.pm
Normal file
|
@ -0,0 +1,23 @@
|
|||
package t::AfterDataCustomPlugin;
|
||||
|
||||
use strict;
|
||||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_OK
|
||||
PE_BADCREDENTIALS
|
||||
);
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||
|
||||
use constant afterData => 'BadCredentials';
|
||||
|
||||
sub BadCredentials {
|
||||
my ( $self, $req ) = @_;
|
||||
my $uid = $self->conf->{customPluginsParams}->{uid};
|
||||
$self->logger->debug("user=" . $req->user());
|
||||
$self->logger->debug("Bad credentials required for: $uid");
|
||||
|
||||
return $req->user() eq $uid ? PE_BADCREDENTIALS : PE_OK;
|
||||
}
|
||||
|
||||
1;
|
Loading…
Reference in New Issue
Block a user