Merge branch 'v2.0' into globalLogout
This commit is contained in:
Christophe Maudoux
commit
297ef8cd8c
|
|
@ -520,9 +520,9 @@ sub buildCookie {
|
|||
);
|
||||
}
|
||||
}
|
||||
my $user_log = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
|
||||
my $user_log = $req->{userData}->{ $self->conf->{whatToTrace} };
|
||||
$self->userLogger->notice(
|
||||
"User $user_log successfully authenticated at level $req->{sessionInfo}->{authenticationLevel}"
|
||||
"User $user_log successfully authenticated at level $req->{userData}->{authenticationLevel}"
|
||||
);
|
||||
PE_OK;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -131,13 +131,14 @@ sub check {
|
|||
if ( $self->ottRule->( $req, {} ) ) {
|
||||
my $token = $req->param('token');
|
||||
unless ($token) {
|
||||
$self->userLogger->warn('checkUser try without token');
|
||||
$self->userLogger->warn('CheckUser called without token');
|
||||
$msg = PE_NOTOKEN;
|
||||
$token = $self->ott->createToken();
|
||||
}
|
||||
|
||||
unless ( $self->ott->getToken($token) ) {
|
||||
$self->userLogger->warn('checkUser try with expired/bad token');
|
||||
$self->userLogger->warn(
|
||||
'CheckUser called with an expired/bad token');
|
||||
$msg = PE_TOKENEXPIRED;
|
||||
$token = $self->ott->createToken();
|
||||
}
|
||||
|
|
@ -203,14 +204,17 @@ sub check {
|
|||
my $moduleOptions = $self->conf->{globalStorageOptions} || {};
|
||||
$moduleOptions->{backend} = $self->conf->{globalStorage};
|
||||
|
||||
my $sessions = {};
|
||||
my $searchAttrs = $self->conf->{checkUserSearchAttributes}
|
||||
|| $self->conf->{whatToTrace};
|
||||
my $sessions = {};
|
||||
my $searchAttrs =
|
||||
$self->conf->{checkUserSearchAttributes}
|
||||
? $self->conf->{whatToTrace} . ' '
|
||||
. $self->conf->{checkUserSearchAttributes}
|
||||
: $self->conf->{whatToTrace};
|
||||
|
||||
foreach ( split /\s+/, $searchAttrs ) {
|
||||
$self->logger->debug("Searching with: $_ = $user");
|
||||
$sessions = $self->module->searchOn( $moduleOptions, $_, $user );
|
||||
last if (keys %$sessions);
|
||||
last if ( keys %$sessions );
|
||||
}
|
||||
|
||||
my $age = '1';
|
||||
|
|
|
|||
|
|
@ -5,14 +5,16 @@ use Mouse;
|
|||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_OK
|
||||
PE_ERROR
|
||||
PE_NOTOKEN
|
||||
PE_REDIRECT
|
||||
PE_TOKENEXPIRED
|
||||
PE_MALFORMEDUSER
|
||||
PE_BADCREDENTIALS
|
||||
PE_SESSIONEXPIRED
|
||||
PE_IMPERSONATION_SERVICE_NOT_ALLOWED
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.6';
|
||||
our $VERSION = '2.0.7';
|
||||
|
||||
extends qw(
|
||||
Lemonldap::NG::Portal::Main::Plugin
|
||||
|
|
@ -94,7 +96,7 @@ sub display {
|
|||
$self->logger->debug('Request to stop ContextSwitching');
|
||||
if ( $self->conf->{contextSwitchingStopWithLogout} ) {
|
||||
$self->userLogger->notice("Stop ContextSwitching for $req->{user}");
|
||||
$self->userLogger->info("Remove real session $realSession");
|
||||
$self->userLogger->info("Remove real session $realSessionId");
|
||||
$realSession->remove;
|
||||
return $self->p->do( $req,
|
||||
[ @{ $self->p->beforeLogout }, 'authLogout', 'deleteSession' ]
|
||||
|
|
@ -135,6 +137,19 @@ sub run {
|
|||
my $realId = $req->{user};
|
||||
my $spoofId = $req->param('spoofId') || ''; # ContextSwitching required ?
|
||||
|
||||
# Check token
|
||||
if ( $self->ottRule->( $req, {} ) ) {
|
||||
my $token = $req->param('token');
|
||||
unless ($token) {
|
||||
$self->userLogger->warn('ContextSwitching called without token');
|
||||
return $self->p->do( $req, [ sub { PE_NOTOKEN } ] );
|
||||
}
|
||||
unless ( $self->ott->getToken($token) ) {
|
||||
$self->userLogger->warn('ContextSwitching called with an expired/bad token');
|
||||
return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] );
|
||||
}
|
||||
}
|
||||
|
||||
# Check activation rule
|
||||
unless ( $self->rule->( $req, $req->userData ) ) {
|
||||
$self->userLogger->warn('ContextSwitching service NOT authorized');
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ my $client = LLNG::Manager::Test->new( {
|
|||
loginHistoryEnabled => 0,
|
||||
brutForceProtection => 0,
|
||||
portalMainLogo => 'common/logos/logo_llng_old.png',
|
||||
requireToken => 0,
|
||||
requireToken => 1,
|
||||
checkUser => 1,
|
||||
impersonationPrefix => 'testPrefix_',
|
||||
securedCookie => 0,
|
||||
|
|
@ -30,13 +30,19 @@ my $client = LLNG::Manager::Test->new( {
|
|||
}
|
||||
);
|
||||
|
||||
##
|
||||
## Try to authenticate
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
|
||||
count(1);
|
||||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'password', 'token' );
|
||||
|
||||
$query =~ s/user=/user=rtyler/;
|
||||
$query =~ s/password=/password=rtyler/;
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new('user=rtyler&password=rtyler'),
|
||||
length => 27,
|
||||
IO::String->new($query),
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
),
|
||||
'Auth query'
|
||||
|
|
@ -69,7 +75,7 @@ ok(
|
|||
) or print STDERR Dumper( $res->[2]->[0] );
|
||||
count(2);
|
||||
|
||||
# ContextSwitching form -> PE_OK
|
||||
# ContextSwitching form
|
||||
# ------------------------
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
|
|
@ -81,12 +87,51 @@ ok(
|
|||
);
|
||||
count(1);
|
||||
|
||||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/switchcontext', 'spoofId' );
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/switchcontext', 'spoofId', 'token' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="contextSwitching_ON">%,
|
||||
'Found trspan="contextSwitching_ON"' )
|
||||
or explain( $res->[2]->[0], 'trspan="contextSwitching_ON"' );
|
||||
$query =~ s/spoofId=/spoofId=dwho/;
|
||||
|
||||
## POST form with an expired token
|
||||
# Waiting
|
||||
Time::Fake->offset("+125s");
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/switchcontext',
|
||||
IO::String->new($query),
|
||||
cookie => "lemonldap=$id",
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
),
|
||||
'POST expired switchcontext'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ m%<div class="message message-negative alert"><span trmsg="82"></span></div>%,
|
||||
'Found "<span trmsg="82">"' )
|
||||
or explain( $res->[2]->[0], '<span trmsg="82">' );
|
||||
count(3);
|
||||
|
||||
# ContextSwitching form
|
||||
# ------------------------
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/switchcontext',
|
||||
cookie => "lemonldap=$id",
|
||||
accept => 'text/html'
|
||||
),
|
||||
'ContextSwitching form',
|
||||
);
|
||||
count(1);
|
||||
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/switchcontext', 'spoofId', 'token' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="contextSwitching_ON">%,
|
||||
'Found trspan="contextSwitching_ON"' )
|
||||
or explain( $res->[2]->[0], 'trspan="contextSwitching_ON"' );
|
||||
|
||||
## POST form with a valid token
|
||||
$query =~ s/spoofId=/spoofId=dwho/;
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/switchcontext',
|
||||
|
|
@ -97,7 +142,11 @@ ok(
|
|||
),
|
||||
'POST switchcontext'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="contextSwitching_OFF">%,
|
||||
'Found trspan="contextSwitching_OFF"' )
|
||||
or explain( $res->[2]->[0], 'trspan="contextSwitching_OFF"' );
|
||||
$id = expectCookie($res);
|
||||
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/',
|
||||
|
|
@ -106,7 +155,7 @@ ok(
|
|||
),
|
||||
'Get Menu',
|
||||
);
|
||||
count(3);
|
||||
count(4);
|
||||
expectAuthenticatedAs( $res, 'dwho' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="contextSwitching_OFF">%,
|
||||
'Found trspan="contextSwitching_OFF"' )
|
||||
|
|
@ -122,7 +171,7 @@ ok(
|
|||
count(2);
|
||||
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
|
||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||
ok( $res->[2]->[0] =~ m%<td scope="row">_user</td>%, 'Found attribute _user' )
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user