Fix & improve unit test (#1844)

2019-07-05 22:53:48 +02:00 · 2019-07-05 22:53:48 +02:00 · 2d6c46920e
commit 2d6c46920e
parent 3e08f8bc08
2 changed files with 70 additions and 4 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
@ -64,7 +64,9 @@ sub init {
 sub check {
    my ( $self, $req ) = @_;
    my ( $attrs, $array_attrs, $array_hdrs ) = ( {}, [], [] );
-    my $msg = my $auth = my $compute = '';
+    my $msg       = my $auth = my $compute = '';
+    my $authLevel = $req->userData->{authenticationLevel};
+    my $authMode  = $req->userData->{_auth};

    # Check token
    if ( $self->ottRule->( $req, {} ) ) {
@ -155,7 +157,8 @@ sub check {
        }
        unless ( defined $attrs->{_session_id} ) {
            $req->{user} = $user;
-            $self->userLogger->info("No session found in DB. Compute userData...");
+            $self->userLogger->info(
+                "No session found in DB. Compute userData...");
            $attrs   = $self->_userData($req);
            $compute = 1;
        }
@ -171,7 +174,19 @@ sub check {
          $self->{conf}->{impersonationMergeSSOgroups} eq 1
          ? 'checkUserMerged'
          : 'checkUser';
-        $msg = 'checkUserComputeSession' if $compute;
+        if ($compute) {
+            $msg = 'checkUserComputeSession';
+            $attrs->{authenticationLevel} = $authLevel;
+            $attrs->{_auth}               = $authMode;
+            
+            if ( $self->conf->{impersonationRule} ) {
+                $self->logger->debug("Map real attributes...");
+                my %realAttrs = map {
+                    ( "$self->{conf}->{impersonationPrefix}$_" => $attrs->{$_} )
+                } keys %$attrs;
+                $attrs = { %$attrs, %realAttrs };
+            }
+        }

        # Create an array of hashes for template loop
        $self->logger->debug("Delete hidden or empty attributes");
--- a/lemonldap-ng-portal/t/67-CheckUser.t
+++ b/lemonldap-ng-portal/t/67-CheckUser.t
@ -24,6 +24,7 @@ my $client = LLNG::Manager::Test->new( {
            totp2fSelfRegistration         => 1,
            totp2fActivation               => 1,
            totp2fDigits                   => 6,
+            impersonationRule              => 1,

            #hiddenAttributes               => 'test',
        }
@ -338,7 +339,8 @@ ok( $res->[2]->[0] =~ m%<td scope="row">_whatToTrace</td>%,
 count(11);

 my @c = ( $res->[2]->[0] =~ /<td scope="row">rtyler<\/td>/gs );
-ok( @c == 3, ' -> Three entries found' );
+ok( @c == 6, ' -> Six entries found' )
+  or explain( $res->[2]->[0] );
 count(1);

 # Request with short VH url & user
@ -456,4 +458,53 @@ count(2);
 $client->logout($id);
 clean_sessions();

+## Try to authenticate
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new('user=dwho&password=dwho'),
+        length => 23,
+        accept => 'text/html',
+    ),
+    'Auth query'
+);
+count(1);
+
+$id = expectCookie($res);
+expectRedirection( $res, 'http://auth.example.com/' );
+
+# CheckUser form -> granted
+# ------------------------
+ok(
+    $res = $client->_get(
+        '/checkuser',
+        cookie => "lemonldap=$id",
+        accept => 'text/html'
+    ),
+    'CheckUser form',
+);
+
+( $host, $url, $query ) =
+  expectForm( $res, undef, '/checkuser', 'user', 'url' );
+
+# Request a user without SSO session
+$query =~ s/user=dwho/user=rtyler/;
+ok(
+    $res = $client->_post(
+        '/checkuser',
+        IO::String->new($query),
+        cookie => "lemonldap=$id",
+        length => length($query),
+        accept => 'text/html',
+    ),
+    'POST checkuser'
+);
+ok( $res->[2]->[0] =~ m%<td scope="row">uid</td>%, 'Found uid' )
+  or explain( $res->[2]->[0], 'Attribute Value uid' );
+ok( $res->[2]->[0] =~ m%<td scope="row">real_uid</td>%, 'Found real_uid' )
+  or explain( $res->[2]->[0], 'Attribute Value real_uid' );
+count(4);
+
+$client->logout($id);
+clean_sessions();
 done_testing( count() );